493440904df0809a87cb64465706f1c129c28941cd2fa6e5edbb0da86f62dd62

Analysis

max time kernel
152s
max time network
177s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c70dc97b82f920e61d554b95ce43143_JaffaCakes118.apk
Size

13.0MB
MD5

6c70dc97b82f920e61d554b95ce43143
SHA1

c6de124b628d663565ea6523e24f65a46dc17c71
SHA256

493440904df0809a87cb64465706f1c129c28941cd2fa6e5edbb0da86f62dd62
SHA512

06db9e3f4bee090db21e15b60af1ec4a18dba83116622691a45cf7c11aad67922e7ee6122645445acb9519060eee7aa240d34e31a44a70f28382cf1d6ccd698d
SSDEEP

393216:f/1WdMwkQxh4sISXsTpY/4TF/gUEnwV2Bf8tc608Xbbc:RsIS8TpY/4TKUEno+oG

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zm360.qqtx

description ioc process

File opened for read /proc/cpuinfo com.zm360.qqtx
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zm360.qqtx

description ioc process

File opened for read /proc/meminfo com.zm360.qqtx
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.zm360.qqtx

ioc pid process

/data/user/0/com.zm360.qqtx/files/qihoo_plugin_apk/360sdk_1_2148.zip 4508 com.zm360.qqtx
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.zm360.qqtx

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.zm360.qqtx
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.zm360.qqtx:PushClient

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.zm360.qqtx:PushClient
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.zm360.qqtx

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.zm360.qqtx

description	ioc	process
File opened for read	/proc/cpuinfo	com.zm360.qqtx

description	ioc	process
File opened for read	/proc/meminfo	com.zm360.qqtx

ioc	pid	process
/data/user/0/com.zm360.qqtx/files/qihoo_plugin_apk/360sdk_1_2148.zip	4508	com.zm360.qqtx

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zm360.qqtx

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.zm360.qqtx:PushClient

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zm360.qqtx

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.zm360.qqtxcom.zm360.qqtx:PushClient

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zm360.qqtx
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zm360.qqtx:PushClient

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.zm360.qqtxcom.zm360.qqtx:PushClient

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zm360.qqtx
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zm360.qqtx:PushClient

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.zm360.qqtx:PushClient

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.zm360.qqtx:PushClient

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.zm360.qqtx:PushClient

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.zm360.qqtxcom.zm360.qqtx:PushClient

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zm360.qqtx
Framework API call	javax.crypto.Cipher.doFinal	com.zm360.qqtx:PushClient

com.zm360.qqtx
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4508

com.zm360.qqtx:PushClient
1⤵
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zm360.qqtx/app_tbs/core_private/debug.conf
Filesize
101B

MD5
2314d6bd0b43932f3db70cf329b1a74d

SHA1
a487cc92580eca526343451e9065e8438ab3a40f

SHA256
a0abaf148ba7d3924124810f598644ef75dce6ec92edf60ed2223e5b41d8b142

SHA512
1f0bd48476088c6a23c0e1a06a0c28ba13e6fe7734c1c0beef022a91bdfe854095a6276d3858169e1159c4ecf1e1ff9ae1b26b372e2d08ec88953463e7ce58ca

Download Submit
/data/user/0/com.zm360.qqtx/files/1/2148/libmono.so
Filesize
3.7MB

MD5
f7c2415666cecad5b094d0d0eb7b7b4b

SHA1
4b30500d6e95c875e1b19f04344d747cc40ddbec

SHA256
b2b267ba64f04b939cf12c2479ea7323d6f3bc89beb1de1140a724cabac8516f

SHA512
e8f593dddba296c1627afa2c76c6840d46c158ffe897398880d6f2201721499417a36a5e1a66d704b89156c38bd8294cf7f2cff6f2a177dbf7a8de42df57b3b5

Download Submit
/data/user/0/com.zm360.qqtx/files/360/sdk/persistence/lock/Y29tLnptMzYwLnFxdHg=.tick.lock
Filesize
13B

MD5
7b458eca443dfbecd50cd19efcbe3c28

SHA1
504a70b964e8c64b7be30ffe0414530eb03134a8

SHA256
d57abb86e688e18ef18c51fc3f4b79eab34e412633a4b1d73c0c956c82908585

SHA512
ec3c38060a765bb6a09047606b1580d811f96b626c428c0f9bedbee143188ee15a188a46383a4fcb76bc9606db2a34a817e6fcde37e44892e9ec62e9c1e8ca43

Download Submit
/data/user/0/com.zm360.qqtx/files/frameso
Filesize
9KB

MD5
988f3027beefde574a8d075388a572e5

SHA1
67cb154dabcce284c207a997b4c0d0d4f79f1bd9

SHA256
149e313000adc9ea8cfcec01181771a6937b80f5d874f5ef69e3149a48c7d678

SHA512
9af7a94039af519af9ea488e0131a14b6ffc0bf3a075630a00f5d56df4ac097cfa7181be0fba0ef14546aa0f3c39cadaefe8053f255a0c4f87618f9d9bac5075

Download Submit
/data/user/0/com.zm360.qqtx/files/httpCache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/com.zm360.qqtx/files/qihoo_plugin_apk/360sdk_1_2148.zip
Filesize
5.6MB

MD5
64745c8c063484f37729a866207da1bb

SHA1
ffd49b640d8203f483772b75b8aa9ea373f70c9f

SHA256
180df0a2b5628dff39227ea51ecb8e322373fb00619bead734411d51390619ff

SHA512
fd752dd36feafc2470d3b6d7ec9a146d8eb2ce2ef482261e94b071d74c3e12437eb070333d58368a318c7e57ff9831b674f7ea8e81b067699936945515a7dfe9

Download Submit
/data/user/0/com.zm360.qqtx/files/qihoo_plugin_apk/360sdk_1_2148.zip
Filesize
3.9MB

MD5
70d9988307b9c3f46db0982cae34871e

SHA1
dad7f6a6092b6b37991af36b3af1ac426d7752ab

SHA256
e7335286df20d83cc9f861f14ecb68b88d44029262a59773b0081dce3c7ae6dc

SHA512
3f53c38c44035d4769c715777fa963ddb556e8cd020c91da78f9f6c605bf72e0f196fdfbd6230762fe1ac8bcf460e5acb8a43de748ec168b4961cccff0808ff3

Download Submit
/data/user/0/com.zm360.qqtx/files/qihoo_plugin_apk/360sdk_3_1000.zip
Filesize
1.7MB

MD5
1e9aa09b41624c4ab3dfa530fd1078e9

SHA1
32896aa59fd6f1509f4f46ec4eebb496658f91aa

SHA256
fdd2ac00ca6342d0ad1a684ab5ff6e683b2b56891ae08e6a16578892977e50b7

SHA512
9ec9ffacd3db5ab686eed1f68ea8f466030301cebb510ec3a9f3ffb6dc94277d4afba85a92bf7c3679c3fd6ecedad486fdc07adb152a77ec4ddce9dd943d40f5

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
bf27eba6ff21df01f4cd3437f18bc670

SHA1
f01b5d84aedf3a712d1e7e70afa452b81f04b855

SHA256
cfdbd14c79b8b244ed0601ed06c06b3b220f8b8abc866788562e2165777f9e39

SHA512
9cb8b2a002206d8bac9eebe0fab91768c2b8cd51de9deb53c2e73e681852f89804f612027ee08aad88795b103a6921ab60435cdcf0bbfe6b36601c95f721c564

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
96B

MD5
583be6f7e56a5e07ec3cb731f892035e

SHA1
987416ac3628e4a11293f77d54db78e56051a4a9

SHA256
d4b862353becaddfe2d5e3379487b5c65270c16c11b1dd18e1abbaf6b5afb78a

SHA512
2874e1388f7a6998645042e150efad9c42138c990384cc315488dcce82d7dc16a4995deb004061c870e5bd58a4da4f3771c481b68fc9384496e0b603da1aa883

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
cadb05dc47aa6d2bd76e69dc128b472a

SHA1
b0b2c41af2ecd599db691c983b4e345b2811e8e2

SHA256
2cf7e781c6ce0ec267d253e4223325330dfc3b435aa469bb4e50b4ba5991297d

SHA512
b00ef3a141480844d1f77f54cf89409e6a7a61086e6fcc9ca004660cdb88b612900c89af702dd178da2afd6b6036986afa1709546f4c57ed764946f53522a197

Download Submit
/storage/emulated/0/360/sdk/persistence/4GY
Filesize
1B

MD5
0cc175b9c0f1b6a831c399e269772661

SHA1
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

SHA256
ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

SHA512
1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Download Submit
/storage/emulated/0/360/sdk/persistence/data/Y29tLnptMzYwLnFxdHg=
Filesize
960B

MD5
c149e85e481a06914d2b36d6997f6206

SHA1
51a61262dc8e5eab9f14bb8d98d7d75d5c52c6b1

SHA256
b273cedcba8eb2766bbe7708e506f97a6a2c86dcb919b0d7cf1fecb47776a29e

SHA512
ad746d8230ddaf9db4ce473bf73c085e02aacccbfbc7cabd8d86b9fee76001f718f7dd074ca06ae1dc51e684ab9dd51648ff4af9a13124d83e15793494e0ed97

Download Submit
/storage/emulated/0/Android/data/com.zm360.qqtx/cache/uil-images/journal.tmp (deleted)
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/com.zm360.qqtx/files/tbslog/tbslog.txt (deleted)
Filesize
13KB

MD5
834517332f979d403a99886f5c55f1a2

SHA1
d994ae344bebd5d2c66a79d6ef206c9dd678f6d1

SHA256
3cd68baf0c90fd4eaac3f22973b20d087c9b1b3347c8d0788dc8cba9072dddc2

SHA512
46c1b8e44270bd21986dbbad2ba73a3e9f5d97c67374003ecb4d3e0443a4077693bb755aa6632a8abe19df79e94d0329d06f0fdcde26bed384e2e6c0ce64f14f

Download Submit