Analysis

  • max time kernel
    172s
  • max time network
    192s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 18:28

General

  • Target

    562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk

  • Size

    31.1MB

  • MD5

    562ca4d88d0998259deb9466c5ec1783

  • SHA1

    2d6454ab0a012a6b609d1b6fcb23492e7616e3f7

  • SHA256

    911b1397b9b311ecc5b8c62c047a75da765ae2830b8d76e5ae5523a6311ccf54

  • SHA512

    6761d7179b5edbb6a836d1db8b26a0180ad7a5f227dd278e2b37a646d0c05eb8ae152ed0625254b432596e5e0aee045c7411f342e57783fd03fd2ab7695b0ee7

  • SSDEEP

    393216:FsyCNVKpLdZ0Dw+7AgoBg/vm6J94bAGE81665kRJbsfdjuGNwFmnbXB6pBCj:kVKpLdZ0rF/JmbAM6zJbsfx5NNV6Sj

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads the content of photos stored on the user's device. 1 TTPs 3 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.account.book.quanzi
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Reads the content of photos stored on the user's device.
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4393
    • getprop ro.product.cpu.abi
      2⤵
        PID:4472
    • com.account.book.quanzi:pushservice
      1⤵
      • Queries information about running processes on the device
      • Reads the content of photos stored on the user's device.
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Checks if the internet connection is available
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4447
    • com.account.book.quanzi:remind
      1⤵
      • Queries information about running processes on the device
      • Reads the content of photos stored on the user's device.
      • Schedules tasks to execute at a specified time
      PID:4547

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.account.book.quanzi/databases/id.db-journal

            Filesize

            512B

            MD5

            396ebac957f957c8eb433075563e47f2

            SHA1

            5145254a945ef4a33b93d494f0f093b0ae40b5fa

            SHA256

            06c90cf95ea10389eff1d0075edb8026a1e16503c118d715a54349bd75979e21

            SHA512

            f748570e96c70bb9648f1e8c8290b7f1709cd7fb0f2279ec6181e06d78e0bae96780ad91d7e1f2f30a5a8133717d5fb928f5e1f8eb3d33077cb8fcaf020e75b0

          • /data/data/com.account.book.quanzi/databases/id.db-shm

            Filesize

            32KB

            MD5

            6dfac86563c9e0a6675d12212d66bbf1

            SHA1

            b7584ef3f1983e5d12f9ebdba8cfdaea5becb2f0

            SHA256

            7e76d5f545e6b218a624ed0edcec76e6702dbe6cac1ab7415c4e43f591051718

            SHA512

            6b6f3e242e0ee46d05f776ba4c33b1ebbf16c1a54a55db4c45e5b539e59ccfed2b948dbec4cab1e59f6a95b57ea595a17d0dc4b56702babff7bb55401efeca37

          • /data/data/com.account.book.quanzi/databases/id.db-wal

            Filesize

            88KB

            MD5

            1dad7956e5306cd1c40c0e20b25bb107

            SHA1

            2749d32ef80943e16605c0f4b3f0b706d5dbd043

            SHA256

            e081fd55bde2a049cb568cdbf358f5234bc82cfa4b75f6b02dab5f4881f77b51

            SHA512

            a616a1ca4f46cfcd886fe7ca3aa4c8438ebf5d1c8cde4052a1526665c0681c1d3af55516d71ed34b6aa7cc5d215b26a9de7cfc438d2fe304a0ce3ece9748ef6f

          • /data/data/com.account.book.quanzi/databases/pushsdk.db-shm

            Filesize

            32KB

            MD5

            bb7df04e1b0a2570657527a7e108ae23

            SHA1

            5188431849b4613152fd7bdba6a3ff0a4fd6424b

            SHA256

            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

            SHA512

            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          • /data/data/com.account.book.quanzi/databases/sensorsdata-journal

            Filesize

            512B

            MD5

            1ef407bc6ac8eb3d26f75c68753b5b69

            SHA1

            f418b27f562ce369a7231ae333f4bd1b8020b6f1

            SHA256

            7c4127c487c2c5e1b7f428d8819a0d538c11ffc06043d68be3f44936c03dbc1d

            SHA512

            dbe535a6bf09fb3f6d7066d6e4b81237f454d78a60df0db2dd0881fac61c76192a7c3a94493c8009f4b12fcc617d5b5e310c9717faf00319b016c1c34040cadd

          • /data/data/com.account.book.quanzi/databases/sensorsdata-wal

            Filesize

            72KB

            MD5

            f7bb6bb07a9b65b5b5633ef1e79ea0d8

            SHA1

            b95ec24e2f6dbf058817c22b5e96fc1fb48ade01

            SHA256

            603e49e7e756a86f6d4bd139e75d470f89313d42d020e9b98139a2d72ca06fe6

            SHA512

            181f5115058e02e24eb577254d709df50928f84d5e44e7b1b4f28d5d29f35068f853a3d4ce4437d966ce48ac7a9e6358170440710d916bbd82b6d86fe2344b1c

          • /data/data/com.account.book.quanzi/databases/zhuge

            Filesize

            24KB

            MD5

            c99e6ca2d9875f037cd6080523b90ec9

            SHA1

            25c17916f039298804f36e588e68f58c3b0838da

            SHA256

            93885c8dfd161b774d9020442d35f1587eda7610636a593c026dea08742311d9

            SHA512

            c122a32f060a72de59f75622cd55ace12165267962da56a70d32891f306660cb3624a393734a4dcb61e13049ea7f564af8e8f670088c428725bb810b426fc837

          • /data/data/com.account.book.quanzi/databases/zhuge

            Filesize

            24KB

            MD5

            a1f64fa4f66928db3127e318a1eefede

            SHA1

            3df86ac634b955b5cf491c1397f39db1a5bc9e3a

            SHA256

            44e06758bbc55181e782d5c4e3de0cfb0c69cdb7f11db8425ebcebd8090cbcbb

            SHA512

            4cdd82e1ffdf82694e26198ccd16d1bc2ff1471d7964fe3c4c40f9b7fb18af3354f86bb9dcf037fe550bbd8711bb2b09c8f0e2a5e0f0bca04dd1955932aeb321

          • /data/data/com.account.book.quanzi/databases/zhuge

            Filesize

            24KB

            MD5

            e687044341ea9509933bf93c5094448c

            SHA1

            54b6b7c0285fb5829aa22fe328f2b9b7ba04fb60

            SHA256

            e5943d4949d5f672ae9d51a14e6d9c9b9a2b87e5f46e007c88237aad9ec5a418

            SHA512

            3aa6d718738b738ebcd51c9e9e342a856114e5a91cc371ce0f219fa3eb9e3308a51d5070fe15bd3b18f28ad2885a1d2f4077042439a09f200dbbd0f5282c8e0b

          • /data/data/com.account.book.quanzi/databases/zhuge

            Filesize

            24KB

            MD5

            b2ed867703bf640ac96dd430320ef3e0

            SHA1

            d67f5b73bbfacd5a7033e747b92afe5776ce19f6

            SHA256

            3328199f2f19cae3142c07bb7eb47e8f3e85c78e33ad618d979c96685db2de3a

            SHA512

            17183be36dca11a1e5677178c33731da6035c42a58f09c805f7e8dcb1c867fd69c10cb57ecdecbdf3327d1e984ba58e0949c2298ed84e34b19021ebb352266d7

          • /data/data/com.account.book.quanzi/databases/zhuge-journal

            Filesize

            512B

            MD5

            1885aaa376588d9795ca4db6271ea5f5

            SHA1

            0d3d3e088b23b263dd99e5f5f2dd784a5cd81fda

            SHA256

            e04288dfd39dfc93b872cc4b3951bca08759c71bef147c4d63b4386a206942ab

            SHA512

            4a2fc243f2832e40b73c62846a5d5db3c2ed3ac5b7551d26530948920afd545d276fd05b8a7d5ee70f29e4f4fc0e3323d83d44ff0449bc2a6bd72454801d6c0d

          • /data/data/com.account.book.quanzi/databases/zhuge-wal

            Filesize

            36KB

            MD5

            f028401e96f3ecd55d7f657d7a2129c5

            SHA1

            cc57a9702545acd7655cfadc6f97e525b2c167b9

            SHA256

            9ebdf17a2dcfcbc912465e3265b541bc532a0a04d2d054bca48b34ae86c2a6e4

            SHA512

            c4f0e78c3e34bbd631e3386a3b678d37f10d7728c4420d2c7b2345642ce7f44468c00ce522bdb8ac586de2632f7589ba9715729626decb8aad6cf17f1d6e1f55

          • /data/data/com.account.book.quanzi/databases/zhuge-wal

            Filesize

            12KB

            MD5

            f04d343119fc00cc4fe565da32755b44

            SHA1

            578dcd974159221e3c699c5750c4754e54414e6b

            SHA256

            8237733e790a14e62466f8b26b0acec9f46617b431a413d5f6d2f842f6b38812

            SHA512

            470a255e3c157307cbe250d2f831d56c4542a01fd6d21e80dad2b8b97289a8d288556c0d73635f662f63e33e31cb09be5b70fd876ecfc298261c49548edca0d5

          • /data/data/com.account.book.quanzi/databases/zhuge-wal

            Filesize

            12KB

            MD5

            e55a18f93ae8e34cce1e0d34426c83a0

            SHA1

            986f747ae2d11acbe385bfe0926a21ad5754f4e9

            SHA256

            41a881dd60b8cddff2c715bb65b347230bf73ae3bc925022552d4cc11a7dc01b

            SHA512

            4e56e88a0159b127a0e9f96e2d71e6a49eb3a7e6ed2615f5b23fcf58e820d7e6eb9c9414aec0508bebbdf356d9d9d329a0823faf2b125e0ee1544c5843c794ae

          • /data/data/com.account.book.quanzi/databases/zhuge-wal

            Filesize

            12KB

            MD5

            cb6315cc61fddd245097c47e11f422f3

            SHA1

            8536b7e632e8c8da9d0d3b6eca23eb9f3c654554

            SHA256

            990e6b820fda36a8f41207938bf0ecab7848001305f2173fd50cfb47260cc9d7

            SHA512

            c499474952d71b0f462d12f57a8981b69a4a1f7f71eb6372dc6e63e84065b732c7c668b94c68f9f206c6e600f0dc248cfd30579223869ce6bc0d7c4c1b23b9d4

          • /data/data/com.account.book.quanzi/files/.um/um_cache_1716056999516.env

            Filesize

            692B

            MD5

            c466a3e75f88d540d8c5396cd614caa2

            SHA1

            b46b5705e37faa3e5fe986e4034211141320f41a

            SHA256

            7a48fc8df02986649b06d0749c5415a69f0ff1ce7c99f6db9cdd3975f0d608aa

            SHA512

            06b43fe93d695d62078bc6a41ae5f7a45814ecc216764fdec32c7a21440144abd26bd5a8da6ad472954e3263366404f68453d44b40247801777cee66e0fa821b

          • /data/data/com.account.book.quanzi/files/.umeng/exchangeIdentity.json

            Filesize

            162B

            MD5

            9b5d2e0e6e05b094cfd727021bcbaf02

            SHA1

            41586bb0622cd24fe9439b5dd90a936b7b313d00

            SHA256

            c5ff04ccd56a569ded48e2cf0467a386db9ef679bb094b2a3442b78374417bae

            SHA512

            2e91b5129bba47d5aee8d4aa523a58e07c5219cfe59c27ac68d3aca126a6a8a53351d990c4654f0ba02e9a2ce7ab7f91d517dca39e9972c67876000b2824e647

          • /data/data/com.account.book.quanzi/files/init_c1.pid

            Filesize

            14B

            MD5

            6f86ac5b4a17d38c9d27bcc9052360b4

            SHA1

            1c97a9305e2c9da24665b70094c30aa2ddcabcc7

            SHA256

            210ed9c599901d571aea79689061488a483b3dc721474751c561a41305ecac2b

            SHA512

            fcc9a510af7c001280c4be70b9477363d25300e0cd95a103f6adfe5771e6001ee4eac97663e1896d731608c9e6aedb1c947b76e84e72f1fc1255ea36560183ec

          • /data/data/com.account.book.quanzi/files/umeng_it.cache

            Filesize

            415B

            MD5

            8a84908d2f2af5092fe1106d5da77ece

            SHA1

            28f8c307be63df83831eb7f9a3d1838519a4551a

            SHA256

            5533aa28752c9d780eac2759bcc9a34229039febcbcb041548525cf6a19691cc

            SHA512

            40cbadcbecd631533582bd3bc4e265981b01c364a88e71d554bf84a665f70e08767b87decfc3eb8599221b381ed877c32523578287693110a2fd3dc04e729bff

          • /data/data/com.account.book.quanzi/lib-main/dso_deps

            Filesize

            308B

            MD5

            9f214b04b2579361c511d6168b12f55d

            SHA1

            ef4747eccc8f755aea91345b155473a59e5f98b1

            SHA256

            22fb1a885eea047f217c0370906a4a42af5f90a6236b277d68294cc7706f002d

            SHA512

            5a1c5c35c403be5701167f8bc3d5c71b98b23bf5f975a9c226b4a963c7edc61b4c765ceb3fcd8f5b10fe5068ee39ae35ba76936825fc88c4c70983c1082bec16

          • /data/data/com.account.book.quanzi/lib-main/dso_manifest

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/com.account.book.quanzi/lib-main/dso_state

            Filesize

            1B

            MD5

            93b885adfe0da089cdf634904fd59f71

            SHA1

            5ba93c9db0cff93f52b521d7420e43f6eda2784f

            SHA256

            6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

            SHA512

            b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

          • /data/data/com.account.book.quanzi/lib-main/dso_state

            Filesize

            512B

            MD5

            342c6c61aee192a68767b29aeea311b8

            SHA1

            d6947ae4d62e7221ecfdb2bf2312fabc564d23e8

            SHA256

            796c380455ddc141b7fc9be8404695e6afecc679e6fcb24aa5636ba8ac0c4636

            SHA512

            75cb3fa2dc766bae3ae61ad0958c52e70a7890193680df23647477d44bbb1d8671cf058d460f3efa441d0767b00de06eddb42cdb80d5ee78425a33a96cd70492

          • /storage/emulated/0/Android/data/com.account.book.quanzi/files/tbslog/tbslog.txt

            Filesize

            189KB

            MD5

            46bcf66d40438594fc2137f25adb3fae

            SHA1

            dbf407492d6039946127cfe61cb07cc38eb248d3

            SHA256

            5af9dac4d3f9053674a82fc7a13ba550e0c11ee92325b25d1f649ab7e0d2ef38

            SHA512

            9b4978d10ba06d63ffdbf7ffb97d5e93522875d30eb091c8c7747272019e58b3a9df78b58c833f3cb7eb0ae1897ed4f1e5aecb07c5b8ae23979fdfcca726213a

          • /storage/emulated/0/Android/data/com.account.book.quanzi/files/tbslog/tbslog.txt

            Filesize

            13KB

            MD5

            03aefed0df4012b58ad6a870be358a3a

            SHA1

            291dbe672d9292d0109b008497dd28adfc2357b8

            SHA256

            af8b17bf5c544b41df6fa136c787f4c7c11c8e64541330bddb11533447add0de

            SHA512

            02eb47e2fcb8cdba9be4d9e1d13d528ac6ffb56cc755e0e1bbc08f024a4dcb31b351f74ae8c9fc41cc510211dbcd3db6faae798c07503f8803465866f4425cc5