2e7bf227895b212da50b1de980fa3d774686000ec07c8f9c1e98088d1661ddbb

Analysis

max time kernel
146s
max time network
135s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
11/05/2024, 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

365d2fe419034ceb36ed18db42cbd372_JaffaCakes118.apk
Size

29.7MB
MD5

365d2fe419034ceb36ed18db42cbd372
SHA1

ae0ffeb85973b57b2571f4311731ba913ab4295b
SHA256

2e7bf227895b212da50b1de980fa3d774686000ec07c8f9c1e98088d1661ddbb
SHA512

6240baf106796669629da2913be321a764fe0d79c459740a02c8053ebdd31b8467209238391b5f6e7c7cedbe59ac915a00491f6ab097282d1169f8eb26adef4f
SSDEEP

786432:tNpsD9E5lKzjVo9q69wNeOjM56uwYSj/xbXxKdBOjMSoxKCdfaLodOeW+2n:vpsD9E5lKz+93wvjMMYqAYjMZhOew

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qingshu520.chat

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.qingshu520.chat

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qingshu520.chat
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qingshu520.chat:QALSERVICE

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qingshu520.chat
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qingshu520.chat:QALSERVICE

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qingshu520.chat:QALSERVICE
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qingshu520.chat

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.qingshu520.chat
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4957

com.qingshu520.chat:QALSERVICE
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5004

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qingshu520.chat/databases/tls_sdk.db

Filesize
12KB

MD5
2e8d2b7e3b1a8758ee427d301314b7ef

SHA1
32bcf7c03fd4934e1224feaf2114df2ae56d0551

SHA256
67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d

SHA512
2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

Download Submit
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

Filesize
8KB

MD5
f3c110724b4a6503f4e9beaea7068e15

SHA1
520020e7237c4c81df890582f57e9981f0bbcaed

SHA256
118fd18e08f003e8eb1709e19210c94a1bf5199c865610bafcaeeb32485277ec

SHA512
17d41a6686cae57e76e2a2372cae2e4576c0578fc4bcc5c969a97c1f2ad15a5395b5d0d8a8401225d39fd96e7f0979ce8d3a92a4878f189000aed9ff139cce6c

Download Submit
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

Filesize
4KB

MD5
b0562ad51bba5c1d70fa1371d28e1ce9

SHA1
d0a6762636b8513487362d6ec8ef80198b045ec9

SHA256
ac8adc4cb5bab0c42918f0dca0437c33977dcec8b1a601c57a0a89c5916b401c

SHA512
dd098d111347f30ef959483644735f22b779b3c69bbc8f3ba465a9daa6052d86b3e175df8cfcc49d83d65a74db4fdab79473afe0805e1d08d1d426331e6a641a

Download Submit
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

Filesize
512B

MD5
5462d6bdb6bde08cac16be4430f6f10b

SHA1
18679370ad682274bc7d96a01edd3c0f2a5e7f7b

SHA256
624bbc561e502db0bf590e82c57f65a1f0aad73a3a5ca230c3601bd886224bdd

SHA512
8435fa8b05c80373157663163ba342746f719326f4af26154f288509101fcf9058d78f59cea8b7b100d01f8eba885cbcdbf417f80e97470eae8111dd491737cd

Download Submit
/data/user/0/com.qingshu520.chat/files/mobclick_agent_sealed_com.qingshu520.chat

Filesize
528B

MD5
40f8c1c615ce23cf48b433b3acec53c7

SHA1
614c2444dd7bb0224f3b739cbc01ae179a65c5ee

SHA256
60d5f9b6fdab84b10f94a57b3473a98e430370e54008b67ca5e9665822e69e60

SHA512
fdf167b0bdf4b75aa0ab2a25d9762fa46a9fba89554b8230eb786c2d04f637bfdfbfadc70909584787c5dc0d5690c91752aaef6f285b55eaf7769e46c685b87f

Download Submit
/data/user/0/com.qingshu520.chat/files/tls_device.dat

Filesize
94B

MD5
d7d005282e1ebfb2b9238c14a585c76c

SHA1
bf51a4ee969c2ef5811ff8c991cc7f29ebea69e5

SHA256
c0481ce4c25dd7ebcaa2ab385322a0582f857ff0bd254473da04390e87134bb7

SHA512
ed3b186b7308bfbf2732d78b9e26f5d81c39c1d47601379ea9368d0f9f4e1dabc0df7cb1d61559f499d81705c72a291572c2d9497000adbb730101eeda143ec2

Download Submit
/data/user/0/com.qingshu520.chat/files/umeng_it.cache

Filesize
148B

MD5
cce35a625679c9bb2b2921e1ef7a9e2f

SHA1
d6658fe72394bc289b96735b6107cc3d83fed121

SHA256
5b1a5ba8e5c5994414bed7d89ec58964f6ae3b87c059c1086fbc7c0718219fd8

SHA512
5052a299db8cd3c00ddd7451c4714e4d1ff40734c238db15357226c1ad50275725b45b8c3a2d3a096a1a256be9d73ad5f57af4d91ee815d304f1eaa44d6f9f9b

Download Submit
/storage/emulated/0/chat/cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/iapppay/statistics/com.qingshu520.chat/statistics.log

Filesize
116B

MD5
c89c4a2f668fcab2a4726dd2f25dd98f

SHA1
6f1e91a8027492c6d23aafe17029979564acdad7

SHA256
f8de70f8325f111f703850914a91c9eb417095e9344f41cdbf80aaf8baeac570

SHA512
bfd7cc5f9120990fd0809e4e00f0372e65a77528e8574d06464c794e31322e08c8b89237a76d00372523153e3a88537ad577b6a7a00b5aa466007253fa02d4a3

Download Submit
/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/ilivesdk_20240511.log

Filesize
94B

MD5
6c4163da7a3ff95e55adb5c32a8a8d5f

SHA1
35127b65879fa5a1b9a8f5623c9c9ddefb82f4bd

SHA256
02db9de123fefb6e39c48db414adfd2948324b9abf6f01aeb9d97cb26c7ff9f9

SHA512
bf201e8102cd7788ce1bbf33ebf0e1831e9a9e10f047ed10464d09b04f8028c9cba27bb365345b0db277b58f2dbf1b42ab3e1ad0464d80c28eb069cc1618d3df

Download Submit
/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/imsdk_20240511.log

Filesize
1KB

MD5
e623764e2a993d104cdb2b445e62ce0f

SHA1
a36c1c894e2d78455a456cd28223e9f63c2996eb

SHA256
35a0034d38ac0daf1b5071861c1e5f3927cb8dcb269592a51ab77f0bae4f3401

SHA512
3d4d18504f4865ddccee5c688057ebc680f9bfca079747cebecbcdb2ac325ae1c0e37dfcebde3a169e00df660d0d162fb95a95824386a4ba4c7c0c0001325a37

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.05.11.20.log

Filesize
15KB

MD5
53202711a29546f07c6ad2af9758f5f7

SHA1
a0247e44df3bc9401e07f5e28b853f364cbdfa52

SHA256
fd01d526c6ed595c9dcbedc6644f037a01e388c3949d7023021277c83aa0f2a0

SHA512
2981a126f93d4a2b103ccefad0562722b9ba96e69842d88d9e93cfb8191ca02a999427ffd8f13df91e101ececd122081d8705e4171c7110ceda7bfcca48e6fab

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.05.11.20.log

Filesize
8KB

MD5
e31e1d82f3ecd10476d071ea146d7e13

SHA1
0587413bfb6378f74a57411e5543e73441c7c0a0

SHA256
b120634a4e1c1c05f8c890ebf81c0f67164c3a0d77c3a716c77e62fb2b01b6a0

SHA512
ce9b54676ef2c2a6e03275adf717f28afe4b5a81c7c1b177562764520e25677faa09d0f762da78bb1485bac45fccc40c7bb8243319bf77a14523dc17e581854d

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.05.11.20.log

Filesize
4KB

MD5
ec3cd9c92fba0bf39229be781c409c45

SHA1
dbfb38ad794da541b50e18322153653e8e663733

SHA256
fdc08c5d339f5e4f2376c70e9662020d89eb71b6f620fdd60285424b4ff2b8c9

SHA512
b98df9e7968cd0ad2b47a3df1303a53ef4791ae6b8c7fd303e03c482768b03a0308ede9c97efefac0669fce3debe26492de70a3278bef15846e30a742f5f3f79

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.05.11.20.log

Filesize
15KB

MD5
4a63a07b7840f538f84c3f2e3ffd4f80

SHA1
af2ba2fe0ee718e12ac7a7aab9952d1a5fe8d769

SHA256
da6af3c0fffbc456065e766065651b5d1bab0296c4d54ac00a7a9fb41ed9c68c

SHA512
28684ee4d22194b8024b0e424163fb03819bed04bbb7e049d52fe8aefba17ca6e6f8c0ac3de09803ed97d737384397eb2a304b91a9750e934721e4a76ef0dcb4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads