49ffc07e74bebd892af0606c56057c3f1d8d6b59c080af1024dfc8faa6853875 | Triage

Sharing

General

Target

3a58e8b55c5a4e9c8aa79ef7e66d2c79_JaffaCakes118
Size

11.8MB
Sample

240512-qrppasbf74
MD5

3a58e8b55c5a4e9c8aa79ef7e66d2c79
SHA1

c5c1849c2a685494b8886d36ab1b964b52e7933f
SHA256

49ffc07e74bebd892af0606c56057c3f1d8d6b59c080af1024dfc8faa6853875
SHA512

181183ac12afe80e4f7c8b890d9b2db9170a096a2a36443e8f5640f9809bd630ea8fd47ad70ca5e2b78a0889058c65f9229fd2b986c1fce98cef5d514c30c694
SSDEEP

196608:qAKnk9+5i4+clqo/2fgHJVgYIPQS0sKeoR0c/FHhtb2FZHJqD4o8M7dT1274a2XW:qgDf2ygpVglP/UR02HLb2/oH8M7h162m

Score

7^/10

android discovery evasion impact persistence

Malware Config

Targets

- Target
  
  3a58e8b55c5a4e9c8aa79ef7e66d2c79_JaffaCakes118
- Size
  
  11.8MB
- MD5
  
  3a58e8b55c5a4e9c8aa79ef7e66d2c79
- SHA1
  
  c5c1849c2a685494b8886d36ab1b964b52e7933f
- SHA256
  
  49ffc07e74bebd892af0606c56057c3f1d8d6b59c080af1024dfc8faa6853875
- SHA512
  
  181183ac12afe80e4f7c8b890d9b2db9170a096a2a36443e8f5640f9809bd630ea8fd47ad70ca5e2b78a0889058c65f9229fd2b986c1fce98cef5d514c30c694
- SSDEEP
  
  196608:qAKnk9+5i4+clqo/2fgHJVgYIPQS0sKeoR0c/FHhtb2FZHJqD4o8M7dT1274a2XW:qgDf2ygpVglP/UR02HLb2/oH8M7h162m
Score

1^/10
behavioral1 behavioral2
- Target
  
  com.qihoo.appstore.pay.lite.apk
- Size
  
  259KB
- MD5
  
  6cf3c462edbb50f818fd6d9a27178aa7
- SHA1
  
  f5d33a6264c40e75be04b012e21723df5a72ffc7
- SHA256
  
  8aacef229ed4ea66355dd1e4a1b250ef0555f0aace334f5f6fd7c929836b89cb
- SHA512
  
  9241af6788aa675143b0e9206c5da426e3214c97451f33c13b83974584f02092a26e21187d3ba6dce94f41a71a5998969dd096e13c266217cd1dc3da24b90771
- SSDEEP
  
  6144:D9SCATHxod+pEwgdNWdU+w4FzTGsdRS3TUa35TUv1:hSCA1od23gdN2xzTGsdRZapoN
Score

7^/10

discovery evasion impact
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
behavioral3 behavioral4
- Target
  
  com.qihoo.haowu.plugin.apk
- Size
  
  677KB
- MD5
  
  7a274226f3c28562b14bc9be7c1867e1
- SHA1
  
  fb3f10fa54c2b47f86300d71ffd501298cf879c9
- SHA256
  
  12c8e0125c7b74ce0b63c61e81a29c0de340b01a8727f2bd2ebb00a6e4471b0f
- SHA512
  
  5c09965d7543320b1a7de966fa0e820011929ad62cce11881f5ea3de5c978ce8865fef8c50ebe6b6a2cc80438ed6207b36edd3a15335c3a19dbb12439560d3d0
- SSDEEP
  
  12288:jDPCwaSa9/Mj0OYTg1XiGE6YQGYQLgRnmi2BA05wOYdPRRKgzV:/mBu0OYTg1Xi54GYWumi2BJOOQB
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  com.qihoo.appstore.haowu.shortcut.apk
- Size
  
  8KB
- MD5
  
  19d37728656080ede33d842a29823538
- SHA1
  
  08e2851c8d902f4446591282c907fcb33241fbdf
- SHA256
  
  79511544bc4bdf2540ec2cc7ea4bb967fe184501fbf69b6ac1519280628ba15a
- SHA512
  
  f6bcfafcf11f73fee8e2b8f43cffa95a6c1e2d18d1df67871d1f1d573496a35507f25c30bbe26de94bdb052a0aa64157b1bdd827adb7b6e531299f2f0db07bdf
- SSDEEP
  
  192:7tZpwR3pOucC5Kbv9lS6mYBbu7q/HaLBoEsxSqed3TyV8:7/ps3pF1Kbv2scweoEeOtTyV8
Score

7^/10

persistence discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral10 behavioral8 behavioral9
- Target
  
  com.qihoo360.mobilesafe.chargescreensvc.apk
- Size
  
  208KB
- MD5
  
  618c28844a233a82c1ffcb53e23bfbba
- SHA1
  
  07c2eef1018aa323e5a16cf0a3ae588fc5100535
- SHA256
  
  880d65f1df94695c132e6828b1fe2b2c0c6735a87e12354bbd2e12db1c16c5ac
- SHA512
  
  1419a4805818039ad0eaa33f0e652d6f0d2610cf2f3ca525f02f30d0ccd1b4469d4f1372b614a1f1d286e58c04fd431617469dd604db1a0468367589ef367eb5
- SSDEEP
  
  3072:KVnxmlH3LRKMTh13mMPKPlHhJThXnVoUzTNBU9ct/gqI1iy7gzolZs6Pal2EG+Rs:inu7vh1TCHLNFlNBuAgX1L7f0GK/y0nY
Score

1^/10
behavioral11 behavioral12 behavioral13
- Target
  
  com.qihoo360.mobilesafe.homepage.apk
- Size
  
  1.1MB
- MD5
  
  9d1401e8c8cdd96001de5f6297b7ad9c
- SHA1
  
  eb7d7ac9c1be9a0a6429ca8bf4a9fc7f8f1144fc
- SHA256
  
  09e7ce3e0e4850d69bb221c7ea74a1e21ff5910e41640b6ae3f089ed87b91db4
- SHA512
  
  83b7841799192a74a9988dda08ff71e1e3d359ba4b6fc1c57064d62fafbabeb5ac5b678f31d78d095946bfffab54703ccdb03c857bd41c66c08f3ff1c84abbf5
- SSDEEP
  
  24576:ceJtmVprUvy8Ml3ld2BK6yx/TQhs48fchiniinXT0nhWskJXwtM3:Tepa6Vd2BK6ydc64uWiniqj0YHAtI
Score

1^/10
behavioral14 behavioral15 behavioral16
- Target
  
  com.qihoo360.mobilesafe.recommend.apk
- Size
  
  1.5MB
- MD5
  
  cac7ae55efc7fbaa18cbf94038dfc6c7
- SHA1
  
  931461be6b40dfe1396f2ed3f2e7ff2f982f609b
- SHA256
  
  a2f40710f5226315c9f3ef010818b0148e8246afd980a31d45599d572209dfe0
- SHA512
  
  ddb148097080c7145863333236c58b9fd576c60a13efc75170cb6a3bf00eb35fe63a12490003da8233b612974c95099de732d12c2e7b24b8aea352b7b2dc002f
- SSDEEP
  
  24576:Zy6o1rUOgnogBMulX+Zw7COn9FEEk7od64b4eaPuko2QCM+j+r:w6o2OgdBM6MyCOn7b2od60+ukhLi
Score

1^/10
behavioral17 behavioral18 behavioral19
- Target
  
  dmss_v2.jar
- Size
  
  126KB
- MD5
  
  aa64c54de3204df266353f78f8f92743
- SHA1
  
  f30391c3c576f3ad05cae309d4b3ed63759f140f
- SHA256
  
  a9d07897e42c42c15f27ac1e3a907072bce90aeed7cf70ad3c52ea020a2bb1ac
- SHA512
  
  a3be909d084d88dc1da4c0b0fd8dfbcc63d3149308f622b094fb1b9b4a47c2e5fe9633fd7354e2ce281d222fffcfdfd3896708cb398c81f12437aa8f0720690c
- SSDEEP
  
  3072:QWDEMmwiLvzgsHGEIqTriwmelZLoALvFchukchKC+8G/ee:pDpmwiJ2Ur7mhAL+kkcPG1
Score

1^/10
behavioral20 behavioral21 behavioral22
- Target
  
  dump.jar
- Size
  
  66KB
- MD5
  
  7a4638dfa1ee16be45d730402fb7b18b
- SHA1
  
  d796407681a4597e336a89b3943260510603edd1
- SHA256
  
  202a7e05f8007b1334ff97a832d9961acd7be0daf465c058bb02c341575f177f
- SHA512
  
  33eb6f295252670f232841e168cf2152a4d3b719b228d486dca24036c0df365cbd061238a17e1ca5ac719b06fc232a9a4ef62613db7b87b39dacf2bc9949d499
- SSDEEP
  
  1536:QY2x5zR/OyGycRgxR+VxhmKnLw+Z2TaRZxf5llP1rL7s2Zf:QY2xT/OxRgGkKnk+Z2TYZ9nJl7ff
Score

1^/10
behavioral23 behavioral24 behavioral25
- Target
  
  tcore.jar
- Size
  
  138KB
- MD5
  
  3d026c692316d5a8bbcd52df53182505
- SHA1
  
  97e247bc9e81b1232a437020ca83e53bddd6e11b
- SHA256
  
  cd0787608efe79f493ee5a3b51b1a20f67d0997439f0a1639566b5e40bbe4b8b
- SHA512
  
  ffdf52b5a304dd8cb8ea03f134983d6d087bc032a0e8e60552f59cf44da78094ba0a586b6351870d585f61de9d6e8ac29a2172dcdce7965864795a0e4f419392
- SSDEEP
  
  3072:3s+9ePSTeFu91zQyD9TeYJM1JMlz/5bgM+64H5L4ZAn:3HkSiFu91zpJM1JM/5bpFCMM
Score

1^/10
behavioral26 behavioral27 behavioral28

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryevasionimpact

behavioral4

discoveryevasionimpact

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

discoverypersistence

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28