Overview

overview

8

Static

static

6

67b172e601...18.apk

android-9-x86

8

67b172e601...18.apk

android-10-x64

8

QMJFQ.apk

android-9-x86

QMJFQ.apk

android-10-x64

QMJFQ.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    190s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    22-05-2024 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67b172e6012f096d10b3da344dfade56_JaffaCakes118.apk

  • Size

    16.8MB

  • MD5

    67b172e6012f096d10b3da344dfade56

  • SHA1

    4e687059cd30da75d655bafbf170051905fa6c77

  • SHA256

    80a1a9da3fdee9a38fc55b58b19bbf769bd808499742744cb94992ad95139b56

  • SHA512

    13902afd5153daf6306db2f1c96dba1c26fbf99658d236528e748755648926b9d83a882a4b7ad74c3af4fa2191aa3795434b22e706f9ccedcb8f4a4bf3bbe077

  • SSDEEP

    393216:BfeClFPcMiYTfb1KSof0R+9nAlm4ZEahkNCNw:BmClFP/iYTD1KZ0RmAfZEN9

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks Android system properties for emulator presence. 1 TTPs 4 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.duocai.caomeitoutiao
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5179
  • com.duocai.caomeitoutiao:pushcore
    1⤵
    • Checks if the Android device is rooted.
    • Checks Android system properties for emulator presence.
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5290

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.duocai.caomeitoutiao/app_crashrecord/1002
    Filesize

    243B

    MD5

    fd60a593242dc77bb5ba33c3f4f3731e

    SHA1

    ab41a132b922b05c333a8d2b8623a174eecc4be0

    SHA256

    62a6e63c4d82ca25ffe47d3316dc73de05e515a3ebb08e27ae6dbdc39c893bf8

    SHA512

    293afeab3ef06e72c7635929b9ade3dc830184bac146ff205988e14a4a2914d3bbe00ce13fa6380e353291211c32eb88d053c3a8d0e01e26a4bf60837c50f4f1

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/app_crashrecord/1002
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/app_crashrecord/1004
    Filesize

    234B

    MD5

    412b4b9c67b8fda4fb24c5af72e459f5

    SHA1

    bd6814ab02a9bff4a902f2cd10a100bc632452b7

    SHA256

    3e6b11be13a33440b09532c3a78b36d8472a53fb40e615a3893378a667b83441

    SHA512

    2ac357863ca812a0603d2dbe6b8996218728565ffd56bec900735c3e379d33a7f9cf078150c6f845f69d522b6592744dc37e4e4c3b8f9f537e89075a2d1dd98c

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/ThrowalbeLog.db
    Filesize

    40KB

    MD5

    f6733880caadd1ce6ed76e66441c3dc0

    SHA1

    f935c20289c09eb32ce99b24882fbabbbc67db3e

    SHA256

    3e8a6da56a773e89bf15dc0c775122ba2da9e9a11551445040743897e9dc7dbc

    SHA512

    9efc280a125012c1ef96d6518f0d95f82906c9d3a80389f5fb6d40ac799511391a9d00c38e5afa3aa0a2d46b338adbb442da8e561486d299d4015380a641a01e

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/ThrowalbeLog.db-journal
    Filesize

    16KB

    MD5

    40f742db7aaaf083df4801bf8ba1418f

    SHA1

    4fa4a0af409afaa3eff0a414a236219f6bfde126

    SHA256

    493996dee3ec97be027fde0d1675e82ee86aef78b31b88b9edd76d4bbb6a0778

    SHA512

    86ee572db9719583555bf3558b88b5dddee408f95205b50711fc3f72090e0a779c986158f3d527c7b233ae5d8cfa104342cc16af4829d0b65b43ca283301ad1f

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/ThrowalbeLog.db-journal
    Filesize

    16KB

    MD5

    35cc50f13a2192cf28947f9db2259288

    SHA1

    1addbe52cd650b5055f66ac724e520fb24a38726

    SHA256

    b93346e9949f36cab8e1197326139957bc919e32d01ef92c1ef7ed63e04f9f63

    SHA512

    e90bc5e8bb6b5edeeb5e8f83c9c1ac3d4db08c6a6764cc7ab11e20d08ec9168315ae2843dd06471a5997a2a12660607db635c67685900ae4247255eb7f0218b3

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/ThrowalbeLog.db-journal
    Filesize

    16KB

    MD5

    bdfec677828fc9b0c9142e32e27048fe

    SHA1

    7b6766ae36720a2096ed82067df0f450f24413c0

    SHA256

    1620e79ed2c44758d165ac0b473aece6f0cbd5543b69bb0bff788fdb7ad09d19

    SHA512

    70e1ea0b86336764aacf04e4f7fdfc9c0c77a9bea05dc157d40b67b262538f26dbf56a085317ee5971087ed246a7bf3fcc2556a519ecb2f294ef7aa8d76833c3

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/bugly_db_
    Filesize

    28KB

    MD5

    d5d30887a22bcf8602322a7243b98181

    SHA1

    396c82404d582d4f4e3dcd3c51cf7946cdc6bdf6

    SHA256

    82c4440de88aa8d65031eb9017bf2607e73a5f970fc84a1b8f553a53102183fc

    SHA512

    868ee391884c281215b6aee63d18db70d1c968ef02b33c29be99fbdefab69073feae6f04a9ab4a8b704a3c1ede2a604331f7cf06a64c4fa3ef87fd352e42db3f

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    d37527810cdb275f054cbe5393833ccf

    SHA1

    ed1105b7e53b979d93926d0e55545bd7596ddf9a

    SHA256

    8f34e2c942d8451e8bb574003c160f23dc950833e6d6bf606b01c416fdc6c7e2

    SHA512

    c1b1ec28a55c25718c419f12a6f4a3cc6fd4d9a9afcd4d92e3919e5e648818ff9efbf04e24e0aaa229658ceca29c0b55abd6ce3f561c9190935288750f6b28b5

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/bugly_db_-journal
    Filesize

    12KB

    MD5

    026d192f0ccafc960a5c60dcac1ac85f

    SHA1

    3448015abee119867244c8dd6c4132b38035fffb

    SHA256

    f4c9a5dbb8d58489e0c8e5d74e5b01033c3d8c868fe81a5fd9e2f9a24febbd87

    SHA512

    a30d23a54d08bae9f7b3cc72a1558993ab944b633a8aa589fdaea2cfc98a5ced0815236cb3dc6f9e574c6241f23e7294883f85bf3f6952684507394259ddd8be

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    77375e3a18789386a07a2b663b6477fb

    SHA1

    73be467d82721900bdf17ddf103a29b48537bd29

    SHA256

    a4258e845eff2e75350a6a43892d3b581ee836154c7f44c469cae0ccba57d4ef

    SHA512

    0ae7a220eef9f9c388498020f0bc57423c04604090bfa957b1f04517e5be6b7e6664e11547cd7fff8e99f96ac6f5065432dbb5762af57e34473bb0579c00b632

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    f6b3d6735119ab9e721a8b2c4e460f65

    SHA1

    8c236700e46b997693065f0657ed4d2814831449

    SHA256

    d2a399896465a129e1107dc21b2b19329415a2d922fed1ca53d15f1b8f5b9017

    SHA512

    ad67b5e4448b1ea406b58563f10aff915d44e794d439f6a043ee4b1be8210d0a023f7eb5dc85a398e25e2c642cc93756b062f900e0cfd25ed7a73942689d2d97

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/jqIqJYOT3JpT
    Filesize

    20KB

    MD5

    aa8cf740d7594640c484d58b6121c2fc

    SHA1

    797e5f48647676ec07ec3c676e9ba9f7bccd4c1b

    SHA256

    c2372ad4c8c046bb454778b7bb1d3e8b313ba1d26cb70497fae36f2d26da1255

    SHA512

    60b9e0c5b5733f0f222884e280fec08695f99346f5af51cce64eb7ec16fb338a548a2422f47e494ebb45b945f4f6a8846eecad6ff8cbd9f01716e9408573bf6c

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/databases/jqIqJYOT3JpT-journal
    Filesize

    12KB

    MD5

    c93360a7e8bc3f29ec78da2e7c5420f8

    SHA1

    2c0999bdb2342e9ca2abecd8055c5674fa0f4603

    SHA256

    35f9977aabfc14ca96c85aff057744e161503a98fe14184ae780460b8ceb9709

    SHA512

    c077ca6162598a309e136ea989d53906267ab88ae11a2a8f172f02a6e57a4470c24fdb82454bbb7619ed301c9dcf76a1edf15737f5995eb25dadca621f352df9

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/files/Mob/mob_commons_1
    Filesize

    2B

    MD5

    99914b932bd37a50b983c5e7c90ae93b

    SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/files/Mob/share_sdk_1
    Filesize

    23B

    MD5

    8e24e79baab91c4d0604eaa9006a0cb3

    SHA1

    e427afc94a4b957a7096f73e395a10ea404c076b

    SHA256

    65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

    SHA512

    45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/files/jpush_stat_cache_history.json
    Filesize

    166B

    MD5

    74986aa3b826211426fa779c00da2c38

    SHA1

    62a4bcefd5577b4d791190cc7d894827a58d9bc7

    SHA256

    13d16b35f9d171731def3e7f647a56fe6747e2c3b9474fd58c04c7617f8a8dc0

    SHA512

    5807369322e17d58b282d440dbb84b98834556eb935f59cf1d950a73c4e9a5ac9a1db25cb41eab21dab5fe0a8172774725cfeec432afccddafebc6505cb44a97

    Download Submit
  • /data/data/com.duocai.caomeitoutiao/files/jpush_stat_cache_history.json
    Filesize

    340B

    MD5

    30ff90078c1f9c4627ef6b52f7dc25b6

    SHA1

    6d5617ae753312f4c0b3cc925b989d6d23a61ac6

    SHA256

    b85f9e7ba9775c4f9959d69aca67e8400a2e66f4e13bdc576128309897de7507

    SHA512

    0982116dce45fc22485e18b128371574528186f0878e1b912e9e720db1c70398db5f0b915b8050a345c0f4208902eee7d9245d276e582ff6d52d6ec296ce3da2

    Download Submit
  • /data/user/0/com.duocai.caomeitoutiao/app_libs/ymdex.jar
    Filesize

    742KB

    MD5

    9daeada774305a8e182827ec87f39946

    SHA1

    e310284ce0990602951ae27527daf9466b77f315

    SHA256

    591486135eb9c5420007a46c8c77f5e125ca838d0bf665b0d79ceda43b090087

    SHA512

    80a10fca88222d0dfc098c5b612ec5309810ce54dd58d7da2a6faf5b8a8ececfc24dc47f9629288f3950c5d58b8836543b431fb03e1c742c96ab286ea49bdc1b

    Download Submit
  • /storage/emulated/0/Mob/.slw
    Filesize

    66B

    MD5

    19402718bfb1c685a726b4e1d846ad98

    SHA1

    02a7e30044a67085f2f1da24e16e4ecfede65b72

    SHA256

    079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

    SHA512

    25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

    Download Submit