Analysis
-
max time kernel
178s -
max time network
175s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 02:26
General
-
Target
65aef2f5f4dc2f9ef5715998349b97c6_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
65aef2f5f4dc2f9ef5715998349b97c6
-
SHA1
1c1126263ebfba8aef885049aab2cf4343c1f567
-
SHA256
850d1fb8e6a4bdfac25ad7201cd87387a6997cc92ddbfc5ebf926eb14a5dc2e9
-
SHA512
b1c1a7cc1b1df73f105e85c28aaae22f4c935061f1429f096f1256d7da26a5a7b37d3433b4b3dbca3e00e97671b16d471f9350a93f9e0f17c348f1d2bf091bbe
-
SSDEEP
196608:kp7fPwVZnfHbH843vHd9pr5rGjN/yVVGCb7Q7uwteyoteyinP6j:QcdbH/Lpr5rGJ/yVvc+iPg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 10 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks known Qemu files. 1 TTPs 2 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.fyjx.qipa1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /sys/block/mmcblk0/device/cid2⤵
-
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.fyjx.qipa/app_libs/update.jar --output-vdex-fd=93 --oat-fd=95 --oat-location=/data/user/0/com.fyjx.qipa/app_libs/oat/x86/update.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
com.snowfish.a.a.bg1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.fyjx.qipa/app_libs/core.jarFilesize
442KB
MD58ffe69e9aeee7b0917c4990dfe3bb49f
SHA1a058f735a46fd9a4424f4d96d31c2bf5d0fa6e9f
SHA256a4f2010123d6cd77170de49c9a6a3d734f9352908a40087d59c888f8923b185e
SHA512648d54f12a903fca0157665e7d50396577eafcff2f26024c44753c2bf3d32a2111c0ea908bab3cc7c0053afb748897b0abb4160a5ff07b4761b7e0ea9204ad34
-
/data/data/com.fyjx.qipa/app_libs/oat/core.jar.cur.profFilesize
166B
MD565dbb537c2cdd301b9338cc79d6b0174
SHA1e3ddd01d357ab2abc1430b84f0447d494299cb5c
SHA25696057628e752bc92b0318126f94b5aa2609070c8c51116c83611e4b6a8aa3dca
SHA512f16b2567ed336f8fe89aff91e72f6ca327de9b6694c30222c0369ddf57e7328490e6d6499aa80bba656c83f5b02acf6c145c70422ebdf703a857e8bf435f2e12
-
/data/data/com.fyjx.qipa/app_libs/update.jarFilesize
6KB
MD53eea0fcda4a513b99cedf31c7452aaf8
SHA1071da147eacf17f1c10fc6362ac43839ee96d5a2
SHA2562a9b79160a4eae5fea2e7fbd3e0498eae8af9d0e8d784b18ac81c3468da6e0a6
SHA51212a20677a8f36778ceeead1e35a9a20dce8ecc9999803db2e3e40312b74847ccc9efbc649b4949dae38520287b7a01bd50c81dbf9fe1db8fb7e9ecd070801880
-
/data/data/com.fyjx.qipa/app_tbs/core_private/debug.confFilesize
101B
MD5e3fc414dc6df13355a5bf46ac55ce6e6
SHA1fd911238c6f41331502c6efdbcfdf6e807709ad6
SHA2567127f44b21dff33ad32964f132d630d44b93ff2f3337034045fbc4543aaf36aa
SHA512107af94a72bc64e202754f88469443a872e3e13de43710d4bd65cd92ea725f95038d9b2c395a6aa2b5617f07596002f026c5cefc36c4dfd7f99a219addbcde89
-
/data/data/com.fyjx.qipa/files/cc/libspeed.soFilesize
29KB
MD5064b3bbb9928d353b389c3e7718f3bc2
SHA1b12282b49a55a0135f11e1f210d93b5ac93ae654
SHA2561ed41b1ce39554e23ed4af12b530a56a6f4ffb1594331c5e23a257666ff9ab9c
SHA51229d775c3256243c9eb621a72a411a18a4b050f1c71c12e58456e16ad35263d8eb5e08c2a694e6fd0242520839c6c227b53ca8d56a7aa619ed5fe8a13965a3bdd
-
/data/data/com.fyjx.qipa/files/cc/libsubstrate.soFilesize
17KB
MD5bdd066a27e56c3b2e852e709f33d8a21
SHA125c03dc837b5cac38ac360bc6538f1e42856e198
SHA256d46bfb8cf6c9beded3a34acbe62ebc91c8dc0f806a366530efdbefd50e91d5df
SHA512b95a831088d5a571a8c767c7ed03ebd8a77509b1021b73e6e0344a84b3d46430e9ae22ec9dd4467ad906597237880e8b7287e5b6b8d17a5247dde4b953f546dd
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD574e1d34c64b9bad8732d774592007ef3
SHA14aea3b100e1675ecee524efc1352f55cd1322b49
SHA2563d89c16e8c4416b3cb66a7cb4adf7d0ff6de03b217ff4c2b266c21c5cc7209da
SHA512da37014da4ffcef7ab392fcd0c274eac0cdc3d9f994c13eeefca0dcd61ace4ed019d6b3c8b4eee334f56bff5805b28790e956533ad55177459f1f9788d37fd41
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD515f3514f7af01e3ad622ffb12432dc29
SHA1f29b7a5cebfea0c30a5ca8cfe943818a62fbf586
SHA2560304530bf3b75c74126f9c07a7923f495edd66c3618cf2c7ec288c47ef91f6a4
SHA512d893f206f6f3d36e90ff8da0f247e62402aba96c9647cd6d99e641a5dfeb23ce1abbc5d5e0ab639eb0e632ba85904699eb166ac501a2d7207be959fc2975d232
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD5f8f21d7d9d607f4a343adddeffea660c
SHA1868156ede33d8ed403f229f735eab9b1ebba3b0b
SHA256abaa11984bf373e370d7cc1f5176f1ae21bbd53cea21c5859d28f38935ceacbb
SHA512b328da06c7374be26571e5e140b3e5c32eef58ea022c176d48b1e58e7a2cc1313d7acff670f6959f3db0e8359f1a68f5d6bfbad193c7d167e53b0ea106ff2e36
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD5c6377b7512efdec3632aed11b2fc3a4d
SHA1a92e105a53f4d40b59f0dbd4a2e3c6f99ece8707
SHA256e59c2530cdba07946c478854a04d18f25bfe4a1f4aaa4757ed3156f1ca8bda1a
SHA5126b9387ed9979563472961952af7bf102b3e64c62c689c7c8fb3edf5464f793dfa18df4f210666de07303297472c746d7ea5c56bca3e349297d475bbf15d6c2b2
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD50335931dc4ed3dc3c74cb129c49c14c6
SHA1cf491fc23569a707bc11d1c76802f21268acd8c8
SHA25639c2da5133363721b2173925a93d8647fce44d4fb6c435f50d03605dae4a5df2
SHA512a168a6518440ce9d1a29dca7ddfa6e20d552d0fb14a1c2b56f697f798ec8a03946baf9800a1aae042be6a9c03652e70f1fafcacfd5f52462fb22432c98599e3b
-
/data/data/com.fyjx.qipa/files/durationFilesize
12B
MD5056fd4f790216e30d80b22a838616b52
SHA16022c5a485c44b94aa15c8db48e7a491ccddb2eb
SHA2562fe425e3deb799da79be85f87dcf2b2bba50d007d6805a5251820f65ad7b8600
SHA512cadb2ea299ef5cb4697d0b546dd8fec5605217dcda5b205e2eb8f3f8e40358908adc2333c27acad648ad67f9eafb6598c58cd48188ddc10c80a89b0999c74a09
-
/data/data/com.fyjx.qipa/files/st_database.dbFilesize
28KB
MD501cda56c171e4a50420f742e9bbbd37a
SHA199eb1fed7ff140e7c285b8c4b14e5fdce8ead9da
SHA2566d4918d2054c272120655f3b94351d2aa92063a4d22a3245201b329b3b31312b
SHA512b1be2b1ca7072afa8b67930e8bb7a5d77b78d1455289f3df6dd9fc7a1c9412bb2e4c535218ae86c96abe4cdcd23cac3c75122ada4970c8303290f95039e9ad03
-
/data/data/com.fyjx.qipa/files/st_database.db-journalFilesize
512B
MD5362b257cde9ed1a6ce7c1cf10e27eb0b
SHA1b7fd74cd0f704010f75371e34a2151d2a4e0e6d3
SHA2568727958f31e934c305e33a54fcdc832ac51d2397ad7f008e946b8f00c20578dd
SHA51257cf190eee620554e61249bd5c9580ad8bf8bb2025aa9a6998e82c037270bfcc929e7d1d594c964d463e3bcdf749b98443d0bc78711cdaff72321f97ecc04c31
-
/data/data/com.fyjx.qipa/files/st_database.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.fyjx.qipa/files/st_database.db-walFilesize
48KB
MD5e82eb51b07f9cc554e19d626e492fbe7
SHA105f8f0fdec528241d76f16427d5d7ee91da471d4
SHA2566b6d218d1a717cf503a46377f397123c222a890d4dbf83422815bc6281cd3c31
SHA5125e3731071a88bbdca36d96b94f3dc277bd752d204aea8e13764854d14f071f995af8d0741b035a1403858dafe287b4fe72464c6b37779df9f310d57d88b62539
-
/data/user/0/com.fyjx.qipa/app_libs/core.jarFilesize
306KB
MD5cd72ab90ef1a729ed243f71fa7c152ab
SHA171e2f42801bb01994c4141a2d18854c0074c57ba
SHA256c7a7c0c4a03860aa847c5c9697e97d1b0c4d77d46d945946af6e87e1e8c16165
SHA5122f41014833273ef7dce8a335179d42f7272f1d7511e85fe058f99d53e234ab9b08b520b6cc764e17d833aecb025a203499ecdb5e15f4eaf35d685cb463ef9bae
-
/data/user/0/com.fyjx.qipa/app_libs/update.jarFilesize
12KB
MD5a052cf31f70cab7dc772b4c59911d43e
SHA108a2a8dd43484ac2adf0eb2681d57c2173360d6f
SHA256f5f594fcb6fe90cad0632fbf30f8fe7fbf9a87f06dca9e00208e6eb85c778747
SHA51280fe152fe391ca50f026b6144b364bfa889d4e85801a836b8641ddfe7e9ffe435796dc40e6314a05da0a1e9df781c09c681a88d32a9b0541e93b4e67f2dbd8a2
-
/storage/emulated/0/Android/data/com.fyjx.qipa/files/tbslog/tbslog.txtFilesize
8KB
MD5cc8f14f0b48e6abdba1a912ea1eabaaf
SHA19fc400216a0ef1465937282c7ec01ab9ba6c86d6
SHA25680ffcf6ae07aacdee133b6b2c254866cd7190b455727d5d78854857ec17ef895
SHA5129ce66f567d6bc3ae8fe2f7e6407f14ad9b67834b98cbde1a844f32b46dd1007bb63356906518f3576e04b4dc8a230dbeabfe559320e3868b76aefff7715b56f6
-
/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66Filesize
93B
MD589d03b9f2f25eb825e14dc7e3b6f0ac7
SHA117f9fd2d96b60f5a570668cce682ae7eaa0bacba
SHA2563689cba0c649182f5e87948a1bc3fb014afdc83b60e3c2bb53e6363386e63771
SHA512d7a6e411ea11a095841c4b686fb2d4c9cfc14db0f840f34691d96e387231dcbdbc5a231827d5b3ae50f18b5c4ec3ee7a359425d8f060ac19aad306aa3ac803b4
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD545842ee343fd899d5a5a04af34e1ec8b
SHA1d4df3f8357b11a044d2c2b8cfc36b51beeac0656
SHA25687301b7078e0b95e1156320480f35f44c66eed68af52e8f9a2eeac2d37c52b89
SHA512edfe1337d18a5186ca54eda377c32bf905282d4d76d15752c957fab9468e253585c50076c1f36c3ea415f7383431aa0fc2f44956432f05926774e2739cdfd591
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD56091a1aa37b02211ddb93e1745b3f29e
SHA183d2fb669b01483061979219f97d6ea899ed664c
SHA256b728b5addc6ff2d3d726af5da9bc81c7b2da6d112804c5efb265f23b9c29e9ac
SHA512a122c695b899e05fba87c85903ed8378f8297c83eb931a023aaa6164d7492ba3ebb389ae87ed3274d66a5ef280e6babfb665f2b1c2ab3871a28ef2db7263792b
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
317B
MD56d8fdbf51bb870a9b1b6b75e956f7cf4
SHA1195c72b6719ca6607a411e467610962148c3d9e0
SHA256e885c7748478c880ae1fb478f06c4b07834e2268e4154355b2f1666be442a4e7
SHA5123dc0478eeaacdb41eed30ab49a7dd4ac18dd9e408cd5b92d77b6ca74350000d10bc963ffdae059eea81bf9470fc004865655a7eafbda95a9c108a71cf4ad1575
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD5a900d2cfa6436bc49144b2a016ceed88
SHA1f785a44aa9d4989f7929e5bc68d23acb7d752da4
SHA2560f028f6772e0a79a57dd6551b7f6f42726860a7a5cec15db32960a1453cc1005
SHA512e074f00d6a93c391376ffbc37166e32b1fed8c9ccd567f283b4f6b20907124b2bd7b57a3fa90fe248c974acd7b57e3ff3a2d6f3594edd059fdb83befbc07737e
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD5e537b48adcfe268c8d8864449d5a65a4
SHA1f271f2185e5fa10fde2e43e4cbaf8dadeee3bdaa
SHA25624f8829dd2623fa6dfa049fc0dffffb3cbe5cbe926f5af6cf5785660c93e1354
SHA5125a6cb7aecb4fc036363373b30f429d9a312cd44af41dbe3c932add292551e5defd65d6b8d661d2bca98010b26341c176ea1da8349f7a8c4120d1ce5b327be61c
-
/storage/emulated/0/Sonnenblume/kb_sn.iniFilesize
40B
MD5cb3331349071e83991055cb329d2f241
SHA1fd7752eb0c1e72ad91464292312759a62b276ca3
SHA256232fae9742df1f7e75e1deb1987ba61d6eed1c232f50273476ac610110586cb1
SHA5121b327bf4b5481b82fc8e715e96e667862a9cb03446fd47d1afc5720e46033e109f417637ae7653e373b3345a21a17522d111dd975f267ef61bd5af21bf5b3c7d
-
/storage/emulated/0/Sonnenblume/res.apkFilesize
433KB
MD52639a7fafd82266d6313f59ac1c927cd
SHA11a0d135ed060c236ec35aedf25ae2b481e0c226f
SHA256e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2
SHA512e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e
-
/storage/emulated/0/Sonnenblume/res.apk.uFilesize
205KB
MD531427eb2b18460d88d0d5c2d779921af
SHA105cb1f41ceae9e4198a1d8651eb217b362524096
SHA25634f49f8a001f371b34b052ccf5ebc3dcf564d5280d1cc156605345366bd14fe2
SHA5120bbede990157ee68d33632da310ce1221a7c7dc587d888d84b1e67615bb2332723b4e39da982260540ee7f46f794d67e6e19848d6f8b5efb57abd5ff7988d54a