Analysis
-
max time kernel
172s -
max time network
189s -
platform
android_x64 -
resource
android-33-x64-arm64-20240514-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system -
submitted
18/05/2024, 18:28
Behavioral task
behavioral1
Sample
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
General
-
Target
562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk
-
Size
31.1MB
-
MD5
562ca4d88d0998259deb9466c5ec1783
-
SHA1
2d6454ab0a012a6b609d1b6fcb23492e7616e3f7
-
SHA256
911b1397b9b311ecc5b8c62c047a75da765ae2830b8d76e5ae5523a6311ccf54
-
SHA512
6761d7179b5edbb6a836d1db8b26a0180ad7a5f227dd278e2b37a646d0c05eb8ae152ed0625254b432596e5e0aee045c7411f342e57783fd03fd2ab7695b0ee7
-
SSDEEP
393216:FsyCNVKpLdZ0Dw+7AgoBg/vm6J94bAGE81665kRJbsfdjuGNwFmnbXB6pBCj:kVKpLdZ0rF/JmbAM6zJbsfx5NNV6Sj
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.account.book.quanzi -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.account.book.quanzi Framework service call android.app.IActivityManager.getRunningAppProcesses com.account.book.quanzi:pushservice -
Reads the content of photos stored on the user's device. 1 TTPs 2 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.account.book.quanzi URI accessed for read content://media/external/images/media com.account.book.quanzi:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.account.book.quanzi Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.account.book.quanzi:pushservice -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.account.book.quanzi Framework API call javax.crypto.Cipher.doFinal com.account.book.quanzi:pushservice
Processes
-
com.account.book.quanzi1⤵
- Requests cell location
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4363
-
com.account.book.quanzi:pushservice1⤵
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4431
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD519019edb823039cd8401d312a0a05d6c
SHA1fa786a7f541f3bb49f6916ec4342e078bdd492da
SHA25683e37e6fdafe8015426c91c9ff2dc6f3c4f3af38c09267867ead2e81e340f0fc
SHA5129328f4d7960c1999443c339fa09cb0f9375c3c7d73ffe0b36aa9397ce61db9fdf973d259688cb0a00ccebe99d03d4e479a49bd632accd71e55221d763cc97eb4
-
Filesize
4KB
MD582eeae0b944eb2c3a2b7d7e2f6cd6f52
SHA19e4deff47bcf2ac52d7bbf37b77a1d06f70e8549
SHA2567016233b880a7965985e7ac650a32e9fa159509b21374beefed0d87a05d07976
SHA512658154e7021a009ba743ed9fe3ae7c9a1a04602871396b337293e68e5954fc0a00787760d69a40817a9e9785965d69ff0365572c6344f40ec4236f64923c9111
-
Filesize
8KB
MD5628e5f54207063854770c65c29dfbbf8
SHA1365a56bf4806c40d5827d229bded83ff6fd19222
SHA256e94f734233cf511cbdbf99240ae97ac87982efc29ff3f103746e4a46480d9ba3
SHA512567c7af4f1d25fc2afa916042618b55712a2f20ab367f713ad8bf716713769f4c942b64b4d3680c9ddb15601619bdac3c4f79cd8253423ebfe50c047036af0b5
-
Filesize
8KB
MD5c62271a11d89cbe2d35f57d5c2c1566b
SHA198977bc047045f9a81ebd4b164bfd5cb8cc2789a
SHA256555ed0e60c23fcf0f028ba5baf5046207a9e83a7ac2e89edb06c5b43edfce8c4
SHA512ae743bba676e83d894c7191c09b454d7fbe2712daabaaba08156b6db4be03cafa3241df9d3b1832b6f0b50fb01bf1a08ebdf9f03f6102c3c05b8c1707bc8bce2
-
Filesize
14B
MD56dc02d1ed992a4b0ecbe5bc6aaaef8f6
SHA18c00f9ef24280116bb520ec80493d7f5a688225e
SHA256e4143e979d9f16a104ac34cb22b3efd362b4f20db85dde01ece06361c03e4927
SHA51200cfecfb69e632406a22b34450b4255d779f1bf843dc2a95d1a3ecfd69c357226a7a1daa6deda4b6f67b0056b1b0aa77bb2382134a74ada51708e1f8648bb306
-
Filesize
424B
MD518d032b248117a026bda6053fa3c244d
SHA16b7ac3436a4bdf354467e504384e3a183cbcdeb9
SHA2565793486de98fc0af948b83f6d405f79bc4855fa7f158d69e0d2966ba7d487155
SHA512d3b5e9649746c849bad698012ad5f047310466abe774dbc9cb9cf90c1e2eddde088e1f47b9abce9ea93a64b1fe736808797ff9634c3566f0a4699b2deeb54564
-
Filesize
48KB
MD5147d18e634c558a2f8cbf9bc96cbc0c3
SHA178930eff1d38a67e519b20204e060d855e70f226
SHA2566a939ab2f3229c83cb5f3c82d55347bd9032534a19ed3784f5e7f13bd1ffd430
SHA512f0d098f1ee69649b15b6a1cf6adda43fdd42637f7ef7493120f6bbdbd49a4078f7e93bc46e460805218bf72bfa79183ca8fc9b48a6ff1a512c965c4f6d6ad892
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
512B
MD5564c0be20907ab5b765d59521b910643
SHA1c05f4e4281e7d234cf54ae8691ce043f424eb524
SHA2565bf9facbc241356997c000958b511e108cff33c8d96631555229597a8f69599e
SHA512113bf09d57a0c65d32291c924ad4cef5d14cd655c5a1edbf99358aacd02f5fe6b6f2d60976dc20c5a6de2a0bd4a413b3e5628933667ce7b63a9a53ecbadc6c30
-
Filesize
11KB
MD5d1849896e7d584d1a4f366df53589110
SHA142651ec96eb34f94c7388d6334bfc3a0909111b1
SHA256eecd8ff59f8a7f55b7f8c47c902a82382482b67cc212c1292c17e6a6bf2b4336
SHA512531576c01401671fbff4812110f5234cbfd4da6808f19e9f2a271ace005ff5310474661ca2aa4b8add5b8ee946068207b0ad718ac4c3600e29557957ea9df072
-
Filesize
8KB
MD520baf067a6bcf1492b9150572bcbb371
SHA115f8c4dc9f01bbf03a67a3d8d9cf7acbcf36756a
SHA256782516d5f087151198d5817d06df8389fbe3ddc157b9f92fbdec1a0c38ab450f
SHA512a16141e883049b47ebd4e18e7da5a10afd813e7998a70973b0143ec1a19df7f161c058dfa01a46ba0c5ed6e2c60f767b50e18d63041b9be5f1a0e3d8c481215d
-
Filesize
77B
MD5ebbe8575d106537d8952fa0ee9cec14d
SHA18d70ff54fe5fd2462815f6ec59fcfa8aadaa656f
SHA2565109200016a719db163fb51e91f730c6b76386a7a7263514af3ad3a4f8678a5a
SHA5121d9a11829290a858e26957c9db956d6c2fadb277b9d0cc6d7f149b294dbb8561bb3c145f6124c53df089427f049f0c87cede2b7a36f5914e0a18366e3e44af1c
-
Filesize
77B
MD5c70cf1bf23245424dd15b6a5301b255c
SHA1a0f202a399c5f44eee8c6be19081fe02cd08102a
SHA256a419e24d2815bb383ef5e53fed262357e8c8aa431934fcaa40f03c83654370e6
SHA51294d7e1f65ab9e30a7242f0bff080a3a4ece8f6891958f34e8c07ce8b8c99fc3bcdfb2dd64dbe4d82e394e145018e372f0e3458f7b250f65563bc00ac8451d730