Analysis

  • max time kernel
    172s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240514-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
  • submitted
    18/05/2024, 18:28

General

  • Target

    562ca4d88d0998259deb9466c5ec1783_JaffaCakes118.apk

  • Size

    31.1MB

  • MD5

    562ca4d88d0998259deb9466c5ec1783

  • SHA1

    2d6454ab0a012a6b609d1b6fcb23492e7616e3f7

  • SHA256

    911b1397b9b311ecc5b8c62c047a75da765ae2830b8d76e5ae5523a6311ccf54

  • SHA512

    6761d7179b5edbb6a836d1db8b26a0180ad7a5f227dd278e2b37a646d0c05eb8ae152ed0625254b432596e5e0aee045c7411f342e57783fd03fd2ab7695b0ee7

  • SSDEEP

    393216:FsyCNVKpLdZ0Dw+7AgoBg/vm6J94bAGE81665kRJbsfdjuGNwFmnbXB6pBCj:kVKpLdZ0rF/JmbAM6zJbsfx5NNV6Sj

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Reads the content of photos stored on the user's device. 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.account.book.quanzi
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Reads the content of photos stored on the user's device.
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4363
  • com.account.book.quanzi:pushservice
    1⤵
    • Queries information about running processes on the device
    • Reads the content of photos stored on the user's device.
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4431

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.account.book.quanzi/databases/pushsdk.db-journal

          Filesize

          8KB

          MD5

          19019edb823039cd8401d312a0a05d6c

          SHA1

          fa786a7f541f3bb49f6916ec4342e078bdd492da

          SHA256

          83e37e6fdafe8015426c91c9ff2dc6f3c4f3af38c09267867ead2e81e340f0fc

          SHA512

          9328f4d7960c1999443c339fa09cb0f9375c3c7d73ffe0b36aa9397ce61db9fdf973d259688cb0a00ccebe99d03d4e479a49bd632accd71e55221d763cc97eb4

        • /data/user/0/com.account.book.quanzi/databases/pushsdk.db-journal

          Filesize

          4KB

          MD5

          82eeae0b944eb2c3a2b7d7e2f6cd6f52

          SHA1

          9e4deff47bcf2ac52d7bbf37b77a1d06f70e8549

          SHA256

          7016233b880a7965985e7ac650a32e9fa159509b21374beefed0d87a05d07976

          SHA512

          658154e7021a009ba743ed9fe3ae7c9a1a04602871396b337293e68e5954fc0a00787760d69a40817a9e9785965d69ff0365572c6344f40ec4236f64923c9111

        • /data/user/0/com.account.book.quanzi/databases/pushsdk.db-journal

          Filesize

          8KB

          MD5

          628e5f54207063854770c65c29dfbbf8

          SHA1

          365a56bf4806c40d5827d229bded83ff6fd19222

          SHA256

          e94f734233cf511cbdbf99240ae97ac87982efc29ff3f103746e4a46480d9ba3

          SHA512

          567c7af4f1d25fc2afa916042618b55712a2f20ab367f713ad8bf716713769f4c942b64b4d3680c9ddb15601619bdac3c4f79cd8253423ebfe50c047036af0b5

        • /data/user/0/com.account.book.quanzi/databases/pushsdk.db-journal

          Filesize

          8KB

          MD5

          c62271a11d89cbe2d35f57d5c2c1566b

          SHA1

          98977bc047045f9a81ebd4b164bfd5cb8cc2789a

          SHA256

          555ed0e60c23fcf0f028ba5baf5046207a9e83a7ac2e89edb06c5b43edfce8c4

          SHA512

          ae743bba676e83d894c7191c09b454d7fbe2712daabaaba08156b6db4be03cafa3241df9d3b1832b6f0b50fb01bf1a08ebdf9f03f6102c3c05b8c1707bc8bce2

        • /data/user/0/com.account.book.quanzi/files/init_c1.pid

          Filesize

          14B

          MD5

          6dc02d1ed992a4b0ecbe5bc6aaaef8f6

          SHA1

          8c00f9ef24280116bb520ec80493d7f5a688225e

          SHA256

          e4143e979d9f16a104ac34cb22b3efd362b4f20db85dde01ece06361c03e4927

          SHA512

          00cfecfb69e632406a22b34450b4255d779f1bf843dc2a95d1a3ecfd69c357226a7a1daa6deda4b6f67b0056b1b0aa77bb2382134a74ada51708e1f8648bb306

        • /data/user/0/com.account.book.quanzi/lib-main/dso_deps

          Filesize

          424B

          MD5

          18d032b248117a026bda6053fa3c244d

          SHA1

          6b7ac3436a4bdf354467e504384e3a183cbcdeb9

          SHA256

          5793486de98fc0af948b83f6d405f79bc4855fa7f158d69e0d2966ba7d487155

          SHA512

          d3b5e9649746c849bad698012ad5f047310466abe774dbc9cb9cf90c1e2eddde088e1f47b9abce9ea93a64b1fe736808797ff9634c3566f0a4699b2deeb54564

        • /data/user/0/com.account.book.quanzi/lib-main/dso_manifest

          Filesize

          48KB

          MD5

          147d18e634c558a2f8cbf9bc96cbc0c3

          SHA1

          78930eff1d38a67e519b20204e060d855e70f226

          SHA256

          6a939ab2f3229c83cb5f3c82d55347bd9032534a19ed3784f5e7f13bd1ffd430

          SHA512

          f0d098f1ee69649b15b6a1cf6adda43fdd42637f7ef7493120f6bbdbd49a4078f7e93bc46e460805218bf72bfa79183ca8fc9b48a6ff1a512c965c4f6d6ad892

        • /data/user/0/com.account.book.quanzi/lib-main/dso_state

          Filesize

          1B

          MD5

          93b885adfe0da089cdf634904fd59f71

          SHA1

          5ba93c9db0cff93f52b521d7420e43f6eda2784f

          SHA256

          6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

          SHA512

          b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

        • /data/user/0/com.account.book.quanzi/lib-main/dso_state

          Filesize

          512B

          MD5

          564c0be20907ab5b765d59521b910643

          SHA1

          c05f4e4281e7d234cf54ae8691ce043f424eb524

          SHA256

          5bf9facbc241356997c000958b511e108cff33c8d96631555229597a8f69599e

          SHA512

          113bf09d57a0c65d32291c924ad4cef5d14cd655c5a1edbf99358aacd02f5fe6b6f2d60976dc20c5a6de2a0bd4a413b3e5628933667ce7b63a9a53ecbadc6c30

        • /storage/emulated/0/Android/data/com.account.book.quanzi/files/tbslog/tbslog.txt

          Filesize

          11KB

          MD5

          d1849896e7d584d1a4f366df53589110

          SHA1

          42651ec96eb34f94c7388d6334bfc3a0909111b1

          SHA256

          eecd8ff59f8a7f55b7f8c47c902a82382482b67cc212c1292c17e6a6bf2b4336

          SHA512

          531576c01401671fbff4812110f5234cbfd4da6808f19e9f2a271ace005ff5310474661ca2aa4b8add5b8ee946068207b0ad718ac4c3600e29557957ea9df072

        • /storage/emulated/0/Android/data/com.account.book.quanzi/files/tbslog/tbslog.txt (deleted)

          Filesize

          8KB

          MD5

          20baf067a6bcf1492b9150572bcbb371

          SHA1

          15f8c4dc9f01bbf03a67a3d8d9cf7acbcf36756a

          SHA256

          782516d5f087151198d5817d06df8389fbe3ddc157b9f92fbdec1a0c38ab450f

          SHA512

          a16141e883049b47ebd4e18e7da5a10afd813e7998a70973b0143ec1a19df7f161c058dfa01a46ba0c5ed6e2c60f767b50e18d63041b9be5f1a0e3d8c481215d

        • /storage/emulated/0/libs/com.account.book.quanzi.bin

          Filesize

          77B

          MD5

          ebbe8575d106537d8952fa0ee9cec14d

          SHA1

          8d70ff54fe5fd2462815f6ec59fcfa8aadaa656f

          SHA256

          5109200016a719db163fb51e91f730c6b76386a7a7263514af3ad3a4f8678a5a

          SHA512

          1d9a11829290a858e26957c9db956d6c2fadb277b9d0cc6d7f149b294dbb8561bb3c145f6124c53df089427f049f0c87cede2b7a36f5914e0a18366e3e44af1c

        • /storage/emulated/0/libs/com.account.book.quanzi.bin

          Filesize

          77B

          MD5

          c70cf1bf23245424dd15b6a5301b255c

          SHA1

          a0f202a399c5f44eee8c6be19081fe02cd08102a

          SHA256

          a419e24d2815bb383ef5e53fed262357e8c8aa431934fcaa40f03c83654370e6

          SHA512

          94d7e1f65ab9e30a7242f0bff080a3a4ece8f6891958f34e8c07ce8b8c99fc3bcdfb2dd64dbe4d82e394e145018e372f0e3458f7b250f65563bc00ac8451d730