Analysis
-
max time kernel
172s -
max time network
192s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 18:28
Behavioral task
behavioral1
Sample
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
General
-
Target
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
-
Size
31.1MB
-
MD5
562ca4d88d0998259deb9466c5ec1783
-
SHA1
2d6454ab0a012a6b609d1b6fcb23492e7616e3f7
-
SHA256
911b1397b9b311ecc5b8c62c047a75da765ae2830b8d76e5ae5523a6311ccf54
-
SHA512
6761d7179b5edbb6a836d1db8b26a0180ad7a5f227dd278e2b37a646d0c05eb8ae152ed0625254b432596e5e0aee045c7411f342e57783fd03fd2ab7695b0ee7
-
SSDEEP
393216:FsyCNVKpLdZ0Dw+7AgoBg/vm6J94bAGE81665kRJbsfdjuGNwFmnbXB6pBCj:kVKpLdZ0rF/JmbAM6zJbsfx5NNV6Sj
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.account.book.quanzi -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.account.book.quanzi -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.account.book.quanzi Framework service call android.app.IActivityManager.getRunningAppProcesses com.account.book.quanzi:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.account.book.quanzi:remind -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.account.book.quanzi -
Reads the content of photos stored on the user's device. 1 TTPs 3 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.account.book.quanzi URI accessed for read content://media/external/images/media com.account.book.quanzi:pushservice URI accessed for read content://media/external/images/media com.account.book.quanzi:remind -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.account.book.quanzi:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.account.book.quanzi Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.account.book.quanzi:pushservice -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.account.book.quanzi:remind -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.account.book.quanzi Framework API call javax.crypto.Cipher.doFinal com.account.book.quanzi:pushservice
Processes
-
com.account.book.quanzi1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Reads the content of photos stored on the user's device.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4393 -
getprop ro.product.cpu.abi2⤵PID:4472
-
-
com.account.book.quanzi:pushservice1⤵
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4447
-
com.account.book.quanzi:remind1⤵
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Schedules tasks to execute at a specified time
PID:4547
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5396ebac957f957c8eb433075563e47f2
SHA15145254a945ef4a33b93d494f0f093b0ae40b5fa
SHA25606c90cf95ea10389eff1d0075edb8026a1e16503c118d715a54349bd75979e21
SHA512f748570e96c70bb9648f1e8c8290b7f1709cd7fb0f2279ec6181e06d78e0bae96780ad91d7e1f2f30a5a8133717d5fb928f5e1f8eb3d33077cb8fcaf020e75b0
-
Filesize
32KB
MD56dfac86563c9e0a6675d12212d66bbf1
SHA1b7584ef3f1983e5d12f9ebdba8cfdaea5becb2f0
SHA2567e76d5f545e6b218a624ed0edcec76e6702dbe6cac1ab7415c4e43f591051718
SHA5126b6f3e242e0ee46d05f776ba4c33b1ebbf16c1a54a55db4c45e5b539e59ccfed2b948dbec4cab1e59f6a95b57ea595a17d0dc4b56702babff7bb55401efeca37
-
Filesize
88KB
MD51dad7956e5306cd1c40c0e20b25bb107
SHA12749d32ef80943e16605c0f4b3f0b706d5dbd043
SHA256e081fd55bde2a049cb568cdbf358f5234bc82cfa4b75f6b02dab5f4881f77b51
SHA512a616a1ca4f46cfcd886fe7ca3aa4c8438ebf5d1c8cde4052a1526665c0681c1d3af55516d71ed34b6aa7cc5d215b26a9de7cfc438d2fe304a0ce3ece9748ef6f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
512B
MD51ef407bc6ac8eb3d26f75c68753b5b69
SHA1f418b27f562ce369a7231ae333f4bd1b8020b6f1
SHA2567c4127c487c2c5e1b7f428d8819a0d538c11ffc06043d68be3f44936c03dbc1d
SHA512dbe535a6bf09fb3f6d7066d6e4b81237f454d78a60df0db2dd0881fac61c76192a7c3a94493c8009f4b12fcc617d5b5e310c9717faf00319b016c1c34040cadd
-
Filesize
72KB
MD5f7bb6bb07a9b65b5b5633ef1e79ea0d8
SHA1b95ec24e2f6dbf058817c22b5e96fc1fb48ade01
SHA256603e49e7e756a86f6d4bd139e75d470f89313d42d020e9b98139a2d72ca06fe6
SHA512181f5115058e02e24eb577254d709df50928f84d5e44e7b1b4f28d5d29f35068f853a3d4ce4437d966ce48ac7a9e6358170440710d916bbd82b6d86fe2344b1c
-
Filesize
24KB
MD5c99e6ca2d9875f037cd6080523b90ec9
SHA125c17916f039298804f36e588e68f58c3b0838da
SHA25693885c8dfd161b774d9020442d35f1587eda7610636a593c026dea08742311d9
SHA512c122a32f060a72de59f75622cd55ace12165267962da56a70d32891f306660cb3624a393734a4dcb61e13049ea7f564af8e8f670088c428725bb810b426fc837
-
Filesize
24KB
MD5a1f64fa4f66928db3127e318a1eefede
SHA13df86ac634b955b5cf491c1397f39db1a5bc9e3a
SHA25644e06758bbc55181e782d5c4e3de0cfb0c69cdb7f11db8425ebcebd8090cbcbb
SHA5124cdd82e1ffdf82694e26198ccd16d1bc2ff1471d7964fe3c4c40f9b7fb18af3354f86bb9dcf037fe550bbd8711bb2b09c8f0e2a5e0f0bca04dd1955932aeb321
-
Filesize
24KB
MD5e687044341ea9509933bf93c5094448c
SHA154b6b7c0285fb5829aa22fe328f2b9b7ba04fb60
SHA256e5943d4949d5f672ae9d51a14e6d9c9b9a2b87e5f46e007c88237aad9ec5a418
SHA5123aa6d718738b738ebcd51c9e9e342a856114e5a91cc371ce0f219fa3eb9e3308a51d5070fe15bd3b18f28ad2885a1d2f4077042439a09f200dbbd0f5282c8e0b
-
Filesize
24KB
MD5b2ed867703bf640ac96dd430320ef3e0
SHA1d67f5b73bbfacd5a7033e747b92afe5776ce19f6
SHA2563328199f2f19cae3142c07bb7eb47e8f3e85c78e33ad618d979c96685db2de3a
SHA51217183be36dca11a1e5677178c33731da6035c42a58f09c805f7e8dcb1c867fd69c10cb57ecdecbdf3327d1e984ba58e0949c2298ed84e34b19021ebb352266d7
-
Filesize
512B
MD51885aaa376588d9795ca4db6271ea5f5
SHA10d3d3e088b23b263dd99e5f5f2dd784a5cd81fda
SHA256e04288dfd39dfc93b872cc4b3951bca08759c71bef147c4d63b4386a206942ab
SHA5124a2fc243f2832e40b73c62846a5d5db3c2ed3ac5b7551d26530948920afd545d276fd05b8a7d5ee70f29e4f4fc0e3323d83d44ff0449bc2a6bd72454801d6c0d
-
Filesize
36KB
MD5f028401e96f3ecd55d7f657d7a2129c5
SHA1cc57a9702545acd7655cfadc6f97e525b2c167b9
SHA2569ebdf17a2dcfcbc912465e3265b541bc532a0a04d2d054bca48b34ae86c2a6e4
SHA512c4f0e78c3e34bbd631e3386a3b678d37f10d7728c4420d2c7b2345642ce7f44468c00ce522bdb8ac586de2632f7589ba9715729626decb8aad6cf17f1d6e1f55
-
Filesize
12KB
MD5f04d343119fc00cc4fe565da32755b44
SHA1578dcd974159221e3c699c5750c4754e54414e6b
SHA2568237733e790a14e62466f8b26b0acec9f46617b431a413d5f6d2f842f6b38812
SHA512470a255e3c157307cbe250d2f831d56c4542a01fd6d21e80dad2b8b97289a8d288556c0d73635f662f63e33e31cb09be5b70fd876ecfc298261c49548edca0d5
-
Filesize
12KB
MD5e55a18f93ae8e34cce1e0d34426c83a0
SHA1986f747ae2d11acbe385bfe0926a21ad5754f4e9
SHA25641a881dd60b8cddff2c715bb65b347230bf73ae3bc925022552d4cc11a7dc01b
SHA5124e56e88a0159b127a0e9f96e2d71e6a49eb3a7e6ed2615f5b23fcf58e820d7e6eb9c9414aec0508bebbdf356d9d9d329a0823faf2b125e0ee1544c5843c794ae
-
Filesize
12KB
MD5cb6315cc61fddd245097c47e11f422f3
SHA18536b7e632e8c8da9d0d3b6eca23eb9f3c654554
SHA256990e6b820fda36a8f41207938bf0ecab7848001305f2173fd50cfb47260cc9d7
SHA512c499474952d71b0f462d12f57a8981b69a4a1f7f71eb6372dc6e63e84065b732c7c668b94c68f9f206c6e600f0dc248cfd30579223869ce6bc0d7c4c1b23b9d4
-
Filesize
692B
MD5c466a3e75f88d540d8c5396cd614caa2
SHA1b46b5705e37faa3e5fe986e4034211141320f41a
SHA2567a48fc8df02986649b06d0749c5415a69f0ff1ce7c99f6db9cdd3975f0d608aa
SHA51206b43fe93d695d62078bc6a41ae5f7a45814ecc216764fdec32c7a21440144abd26bd5a8da6ad472954e3263366404f68453d44b40247801777cee66e0fa821b
-
Filesize
162B
MD59b5d2e0e6e05b094cfd727021bcbaf02
SHA141586bb0622cd24fe9439b5dd90a936b7b313d00
SHA256c5ff04ccd56a569ded48e2cf0467a386db9ef679bb094b2a3442b78374417bae
SHA5122e91b5129bba47d5aee8d4aa523a58e07c5219cfe59c27ac68d3aca126a6a8a53351d990c4654f0ba02e9a2ce7ab7f91d517dca39e9972c67876000b2824e647
-
Filesize
14B
MD56f86ac5b4a17d38c9d27bcc9052360b4
SHA11c97a9305e2c9da24665b70094c30aa2ddcabcc7
SHA256210ed9c599901d571aea79689061488a483b3dc721474751c561a41305ecac2b
SHA512fcc9a510af7c001280c4be70b9477363d25300e0cd95a103f6adfe5771e6001ee4eac97663e1896d731608c9e6aedb1c947b76e84e72f1fc1255ea36560183ec
-
Filesize
415B
MD58a84908d2f2af5092fe1106d5da77ece
SHA128f8c307be63df83831eb7f9a3d1838519a4551a
SHA2565533aa28752c9d780eac2759bcc9a34229039febcbcb041548525cf6a19691cc
SHA51240cbadcbecd631533582bd3bc4e265981b01c364a88e71d554bf84a665f70e08767b87decfc3eb8599221b381ed877c32523578287693110a2fd3dc04e729bff
-
Filesize
308B
MD59f214b04b2579361c511d6168b12f55d
SHA1ef4747eccc8f755aea91345b155473a59e5f98b1
SHA25622fb1a885eea047f217c0370906a4a42af5f90a6236b277d68294cc7706f002d
SHA5125a1c5c35c403be5701167f8bc3d5c71b98b23bf5f975a9c226b4a963c7edc61b4c765ceb3fcd8f5b10fe5068ee39ae35ba76936825fc88c4c70983c1082bec16
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
512B
MD5342c6c61aee192a68767b29aeea311b8
SHA1d6947ae4d62e7221ecfdb2bf2312fabc564d23e8
SHA256796c380455ddc141b7fc9be8404695e6afecc679e6fcb24aa5636ba8ac0c4636
SHA51275cb3fa2dc766bae3ae61ad0958c52e70a7890193680df23647477d44bbb1d8671cf058d460f3efa441d0767b00de06eddb42cdb80d5ee78425a33a96cd70492
-
Filesize
189KB
MD546bcf66d40438594fc2137f25adb3fae
SHA1dbf407492d6039946127cfe61cb07cc38eb248d3
SHA2565af9dac4d3f9053674a82fc7a13ba550e0c11ee92325b25d1f649ab7e0d2ef38
SHA5129b4978d10ba06d63ffdbf7ffb97d5e93522875d30eb091c8c7747272019e58b3a9df78b58c833f3cb7eb0ae1897ed4f1e5aecb07c5b8ae23979fdfcca726213a
-
Filesize
13KB
MD503aefed0df4012b58ad6a870be358a3a
SHA1291dbe672d9292d0109b008497dd28adfc2357b8
SHA256af8b17bf5c544b41df6fa136c787f4c7c11c8e64541330bddb11533447add0de
SHA51202eb47e2fcb8cdba9be4d9e1d13d528ac6ffb56cc755e0e1bbc08f024a4dcb31b351f74ae8c9fc41cc510211dbcd3db6faae798c07503f8803465866f4425cc5