9dd491c7b307356ab2f8261f31bddbba04d924191ea4ae549dc648e9b6ccba70

Analysis

max time kernel
178s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e84dd8c7f2a6262641abe48d71aba4_JaffaCakes118.apk
Size

11.3MB
MD5

67e84dd8c7f2a6262641abe48d71aba4
SHA1

a47dea52dc80790f71455d46ab618fa4fb7f7bb9
SHA256

9dd491c7b307356ab2f8261f31bddbba04d924191ea4ae549dc648e9b6ccba70
SHA512

878cbfb963ba5523ff0a9b483f9029444b67a32616af46687f0cab27b7de375477a537bdebf69dbf1d90195beef56fcb0719bd97e26e265fbf3fdd05fb0653a6
SSDEEP

196608:bgahbthTS63r5kVHzh1eQe4lf0GZhGYpaw/5c4Qksa1kLuSYBMwo9zmM+GPoS:bgahRhOsWOw0Gfac5c4MI8eUI7GPl

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.qy.clztc

ioc process

/system/bin/su com.qy.clztc
/system/xbin/su com.qy.clztc
/sbin/su com.qy.clztc
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.qy.clztc

ioc process

/sys/qemu_trace com.qy.clztc
/system/bin/qemu-props com.qy.clztc
/system/lib/libc_malloc_debug_qemu.so com.qy.clztc
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.qy.clztc

ioc process

/dev/qemu_pipe com.qy.clztc
/dev/socket/qemud com.qy.clztc
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.qy.clztc

description ioc process

File opened for read /proc/meminfo com.qy.clztc
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.qy.clztc

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.qy.clztc
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.qy.clztc

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qy.clztc
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.qy.clztc

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.qy.clztc
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.qy.clztc

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qy.clztc
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.qy.clztc

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qy.clztc

ioc	process
/system/bin/su	com.qy.clztc
/system/xbin/su	com.qy.clztc
/sbin/su	com.qy.clztc

ioc	process
/sys/qemu_trace	com.qy.clztc
/system/bin/qemu-props	com.qy.clztc
/system/lib/libc_malloc_debug_qemu.so	com.qy.clztc

ioc	process
/dev/qemu_pipe	com.qy.clztc
/dev/socket/qemud	com.qy.clztc

description	ioc	process
File opened for read	/proc/meminfo	com.qy.clztc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qy.clztc

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qy.clztc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.qy.clztc

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qy.clztc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qy.clztc

com.qy.clztc
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qy.clztc/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.qy.clztc/app_crashrecord/1004
Filesize
221B

MD5
517073762cea33c0de897e90555bc239

SHA1
09c75d4201cdb7238e6b67f2fef69cfd2d99b81a

SHA256
c11eacf084ad96c96d1621d308f0b251c329b74082044ed506e35b238761b86f

SHA512
94ac09936aa840f3d04c66eeca5459a69ebf0246ca3ed1690655294ce542ac0beadea4bc514a1ecc61f3cc1f3cd9f2f79e22094d71351a948631047497b1ea2a

Download Submit
/data/data/com.qy.clztc/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qy.clztc/databases/bugly_db_-journal
Filesize
512B

MD5
44e4c6db6cc81ee8338c6735bdec3f1a

SHA1
54d14bfff11cc90ba366989a1d8cda3cd2881f6e

SHA256
d81591153a689f6b7cce63792f30c59ee821f1a7e10b9839a8e647feeed5de5f

SHA512
94f6c09ab62b9148879f7860ac1ff43945199c7ef6cc86ed666ea14c388b185b4d4259cba496d1e821f6aba714ec4dcc1b72a59822e4d0f06cdf1959c24a4822

Download Submit
/data/data/com.qy.clztc/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qy.clztc/databases/bugly_db_-wal
Filesize
76KB

MD5
f74723fcc4542a744b3dd106919c5797

SHA1
7330f1a5cbad3e702ce910aba25f6afc44a8bb71

SHA256
208b9be73239ea2f24570387b0a6b5ac32be7c5cb5202315590e7f385a7c6f8d

SHA512
4991b688fc2c5f8850cde8a5db84ca98755d3d0b6f64d35738bc0c8a8271282d361d970cc5cc575fa8b05f903779747b212b4168111dac4278731c55e9aafe06

Download Submit
/data/data/com.qy.clztc/databases/tencent_analysis.db-journal
Filesize
512B

MD5
f8f90d2b9da67ea8c72987a73961a17b

SHA1
435a41e62c1934dc146a7d7a98ec0114d7408097

SHA256
e41ea9eae145dabf7fe4fbacbf257cce614226dbf62f25d4fa2060b4ddbea2f9

SHA512
65a2567c721815639a430b84f11105986a6ec5c506e941f91711397a6f33e184997e762146619113764e7ad82b70f66c44e0cdbf1cb5835f7e9d3126176c7124

Download Submit
/data/data/com.qy.clztc/databases/tencent_analysis.db-wal
Filesize
60KB

MD5
70b561fb167e7c6befe12956f7b9461c

SHA1
52377f8e1188d8fe9597dd7db96c909da65a887f

SHA256
2d45cf4e9c9e58c124aa1fdee1d1758493a87a0ebf8a4dc984187900c4f923e5

SHA512
1de2ae8df11a08beb7debd1a49c4c5b7d159bd5499510fce43c5ecbdea3cb5b3d828ac6bbfb55bf0cc100d56ddea2b9f424dda63a24253a4084df01554ad5bed

Download Submit
/data/data/com.qy.clztc/files/com.tencent.open.config.json.1108944078
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.qy.clztc/files/jpush_stat_history/active_user/nowrap/d4be915a-9fe5-4c13-b579-88c07f1ae225
Filesize
159B

MD5
97b47284eed20b9b9780ad16edcc404f

SHA1
980a2b630499b52cfd8693990f172ece0e7e645e

SHA256
dc4f32ed58d7266c2b532aee155ef5824f0d34c2b90bf8f04639e7f5a6da3e23

SHA512
47b574c3a233fa3700ed01da9ade50851ccdb6f5a5d5956f28133a0d2ad1a39bb104911eb89060e0a1159bd6bfb9665bab29cb4501531976f65e421c12fd9112

Download Submit
/data/data/com.qy.clztc/files/jpush_stat_history/normal/nowrap/01fa3ec6-776b-4584-88e6-11c1ee547ed6
Filesize
202B

MD5
b5c0f5116ffcd9bceba05dcf1c56f09e

SHA1
fc8a5c203ec16c841b724fd42f8f340f2c16de3c

SHA256
8adc369f33c7fac052317428e0724032ff62ac6a5d0de124a90cc7e5ed771a00

SHA512
e173c879e4896d95270980d57e2bafa3adabbe0008b3e1b6ebf00d03053bc3a71bd7ed6a604c391f2593609b28182e0701282726cdc1cebac8d311c4840c8337

Download Submit
/data/data/com.qy.clztc/lib-main/dso_deps
Filesize
264B

MD5
44fe7815c223030a29733756e31b8640

SHA1
ba45c425fbd38c343a9c373e85bbc3f584b63268

SHA256
5c934be130a3c9f21e2e4b7df3068cac2ce2f9553d1358e4ef56711bdc55e843

SHA512
f7ba24129f94e08396fe3a4839d4c594c95e65a69dac7eae5ad3fb03923df27f8abf3c11312b03ac1f873ba07136705651d1e2924da0cf2ae6d4023b874d49f0

Download Submit
/data/data/com.qy.clztc/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.qy.clztc/lib-main/dso_state
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.qy.clztc/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.qy.clztc/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
78ae697fb9d3ed0a53f67722fe74bb77

SHA1
ddf00f599dfc4b9ceea5717b4076f77e36dc1edd

SHA256
0de61c9f629e64d9de2f570b96937105b50392d5cc6f6ab9a75e82c39c021db9

SHA512
8e9921a7d0cd4434a947ea60452af2fcb3703668e8d5c2818ead736fb9182fedb96781d5af6cb64514c20712195cc1a7e356767ffb443aa3fa2a5c45799bd9b7

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
f83545c5d403030974824620a4816723

SHA1
7c2ef8562b2251746f3b7366b8ca6e7d0477fca3

SHA256
529ce67a209a88f0a745c800c23f6e3d32fea9dd0dced618c1db513c8b55dd30

SHA512
dc3a0cb14cba6d67dfb72930b378b17e2dd2fc2cc1b09666bcb9955623127b1eb5f80ca96097712607390d831df42561dc0bd2e36addf2700709260a56237313

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads