fe4a0bf6fb18ccca17d3e1b51707e5adefbf2e0d6ff4cc0cb2123a1e58752432

Analysis

max time kernel
179s
max time network
184s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

687896184707a4d61e86818e5776018d_JaffaCakes118.apk
Size

3.4MB
MD5

687896184707a4d61e86818e5776018d
SHA1

2d793e0b1d895ce3ca53f310c231f808314ef6a2
SHA256

fe4a0bf6fb18ccca17d3e1b51707e5adefbf2e0d6ff4cc0cb2123a1e58752432
SHA512

55f0fd6d68d86d084e51c7e328dd2474924a96555c6c8cc5201e8d215ce78fefcdd7b90964191be8fde9ed04a8e68a47812ca46a6763bbd7a9a272bed177b2cc
SSDEEP

98304:WibSOz+wjLneiV2MFzLNASDKeO5MKLwdSzdUo:WCSWh8Fv7SKLMSL

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.qiyi.gameload:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.qiyi.gameload:remote
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.qiyi.gameload

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qiyi.gameload
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.qiyi.gameload:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.qiyi.gameload:remote
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.qiyi.gameload:remote

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.qiyi.gameload:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qiyi.gameload:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qiyi.gameload

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.qiyi.gameload:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.qiyi.gameload:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.qiyi.gameloadcom.qiyi.gameload:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qiyi.gameload
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qiyi.gameload:remote

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

com.qiyi.gameload
1⤵
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5128

com.qiyi.gameload:remote
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5179

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/baidu/tempdata/ls.db
Filesize
20KB

MD5
ada4bb502d28f75c6c5627b82f6b836a

SHA1
03f6827885f29b782095f475dde67b2a391b4e57

SHA256
9a53dd56f32b4abce786e8af6397d9a5b9319f204f03669e4c68016b0ac55f5f

SHA512
78daa788a5b8f9111692026f8f4ee57ee3efee61130ec5ebf8a3543090a0a661ef45159f11b9207cac1f04ca0d70f66e9d4ce941ab3facdbfc7afd27314fb477

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
512B

MD5
4ba70272a38f3f473695d546785107ae

SHA1
3d288ea57c2ff77d37a2edaa7b8282190640d854

SHA256
c2460ed2aa7e74a42e875393e6c79e6c6c0ac75ed6a1b538d29785367360c69a

SHA512
b26af0f9ed212f46e1f7d033428032883a97161dc443a9856b7e7b42debe1cc320202f21044983c5b56db85e8f4eceaa61733f496105da109da6a3f724701138

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
40f5c652ded3466f3135f974cbc7357f

SHA1
9e508ce389143d6f83d7f6fa5ac36f4f0f592cd1

SHA256
d8d1df461cc133ad319d597bc12dae4c1980a0cbd7a1490114827a13a8871482

SHA512
fd415842b24b4732f318696d4abe14e36f8746561014699bf5729311b941d63723415ccdc8b30848d73d363303dea7bdcd6a32889ab0a434bd403c5834e09fc7

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
3b6a8665d684e4064a784dbbae64f282

SHA1
1b321848ae1967c589981868221da61e1f9781c6

SHA256
74ec2d4d63dd7dccf207d45ec25ff81b95ec9699b6f53c220fc031947931e4db

SHA512
7ad12c8342bdba111fddd1c3bddf2cf968b80de2fe24ab4d3467a60551a7e7c7932f751a3d16add1e99f50633b610a5eb18d2275b78bc7de1c9266cfb995d1fb

Download Submit