Overview
overview
8Static
static
656463b4de5...18.apk
android-9-x86
8appmgr.apk
android-9-x86
appmgr.apk
android-10-x64
appmgr.apk
android-11-x64
authguide.apk
android-9-x86
7authguide.apk
android-10-x64
7authguide.apk
android-11-x64
1business.apk
android-9-x86
7chargescreen.apk
android-9-x86
7chargescreen.apk
android-10-x64
7chargescreen.apk
android-11-x64
7deviceinfo.apk
android-9-x86
1deviceinfo.apk
android-10-x64
1floatwindow.apk
android-9-x86
7floatwindow.apk
android-10-x64
7floatwindow.apk
android-11-x64
7global.apk
android-9-x86
1global.apk
android-10-x64
1global.apk
android-11-x64
1lockscreen.apk
android-9-x86
1p-n-lssvc.apk
android-9-x86
p-n-lssvc.apk
android-10-x64
p-n-lssvc.apk
android-11-x64
lsscv.apk
android-9-x86
1lsscv.apk
android-10-x64
1lsscv.apk
android-11-x64
1news.apk
android-9-x86
8gdtadv2.apk
android-9-x86
tcore.apk
android-9-x86
tcore.apk
android-10-x64
tcore.apk
android-11-x64
oclt_v3.apk
android-9-x86
Analysis
-
max time kernel
6s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 18:50
Static task
static1
Behavioral task
behavioral1
Sample
56463b4de5c0ef91f5459c33e2784120_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
appmgr.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
appmgr.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
appmgr.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral5
Sample
authguide.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
authguide.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
authguide.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral8
Sample
business.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral9
Sample
chargescreen.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
chargescreen.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
chargescreen.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
deviceinfo.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
deviceinfo.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
floatwindow.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral15
Sample
floatwindow.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral16
Sample
floatwindow.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral17
Sample
global.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral18
Sample
global.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral19
Sample
global.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral20
Sample
lockscreen.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral21
Sample
p-n-lssvc.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral22
Sample
p-n-lssvc.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral23
Sample
p-n-lssvc.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral24
Sample
lsscv.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral25
Sample
lsscv.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral26
Sample
lsscv.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral27
Sample
news.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral28
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral29
Sample
tcore.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral30
Sample
tcore.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral31
Sample
tcore.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral32
Sample
oclt_v3.apk
Resource
android-x86-arm-20240514-en
General
-
Target
news.apk
-
Size
5.2MB
-
MD5
80133a5470044f3c4889455ccbe6aea5
-
SHA1
eef4ab6ab93e70e2efae0cad47f145adcdb4056d
-
SHA256
fe6176dce68ed7612137ab07c24aa1afc2f12b2eee6a1f30ffc29e28462a0623
-
SHA512
21ac64015992cff8a9ef5e23ccf4b7fdea2e019b1ecf2d23b622682bbb945b219f8632073e2055469b5197d01b4bae202124e1dfe5530f4a5e95fc7f12adeb52
-
SSDEEP
98304:TFUmjo5okFlMHfqPqDP6OB+cdqsCw6RHwh60/vmpd0HUxDcZAG44:+lCSPqDPjsXw6RHwjv4xwZdB
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.qihoo360.mobilesafe.news /system/bin/su com.qihoo360.mobilesafe.news -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qihoo360.mobilesafe.news -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo360.mobilesafe.news -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.qihoo360.mobilesafe.news -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qihoo360.mobilesafe.news -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo360.mobilesafe.news -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.qihoo360.mobilesafe.news -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.qihoo360.mobilesafe.news
Processes
-
com.qihoo360.mobilesafe.news1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275 -
getprop ro.build.version.emui2⤵PID:4357
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56610c101fc96cba8df1313d8d5a215d9
SHA1657b901b679f1be4a47bd82467f7b060bee35beb
SHA2568e21b8aacc7c5cc525dc397214afafa95ede5ca6ead74ec8188d9cc300097a70
SHA5125882b0cec427609800f9cbe3587ec70b22f0c8f38ae13b4c9ccd3da2205aa360205908380131f4ddb01e3db067ad0f5fc0a3462ac2ee874512f2e66b4fc3718e
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
32KB
MD54cf72fd1087a1db1d6fa4257cf2221e1
SHA10f1093ebed720e1d0701a5a2d068dcefc3cc7bc1
SHA2566d07138c64a4cf9452190716a8af8c1b5645a95c5f16f19299c81295baab955c
SHA51272940dc284ab1c9ad8e16f201c2d631dd800440abe5b357817497b49b328a66f9df440724bd637c5fe1ae1f0ea0c6caa2b555e5ac5c53e44f599dcfee21ba016
-
Filesize
119KB
MD5688f586243bed0d1621b4a0bfb030664
SHA1fa019a8988220b23398355a59ba205962d7fb5b7
SHA256180ef79eae604bb46a1bef906a5da9cbc182f77840fdc7fec254a7a4b8e18c66
SHA51205a17249cadf3b5df59fd328cd419a6e2607dddca5c22e1be1629e672ab28b0a4111ae291442d77b96806efc726a73af5d81145218dc8283bdefb67aaac26a5c
-
Filesize
36B
MD5f4061881df4a152235fadb2b6d86138e
SHA1f121c707f774caadf519d0ee8e70cabe4d235d33
SHA2562454e42a39dd14e4fd0a3720139f8fbc4b2c51a2e385638f3c9b66cb06039ee1
SHA512b898ce2bba82685358428c9240cc75f24ab000c4771bbbef1d19beb799ba351c466807800aa93ac741f4101c588a915bc9574f8cd94b5dda750f69a5469073a6