d5882e5b97182f1ccf0feaa1b1a6f5247ed47aa3d703c7cce766604e75878216

Analysis

max time kernel
10s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb4fb3a3b4dff348b8d7c0fd2a0c844_JaffaCakes118.apk
Size

30.1MB
MD5

6cb4fb3a3b4dff348b8d7c0fd2a0c844
SHA1

42dd9d38eaf3d959ee56741b2cc54d06977b5ee1
SHA256

d5882e5b97182f1ccf0feaa1b1a6f5247ed47aa3d703c7cce766604e75878216
SHA512

a597100ac3ab8950dffa54390e8bca74af1322b3cfacc4bf9161a149d24fbcc2011703a4caf42bbaa26d5c2ff5e9c8ba2a74a2ee58efa10d56d2ff31c360e4d2
SSDEEP

786432:INWgq1gRBjZn4SBrn4SvhAAgI2+KHyaUQuV:EWgq8RZn4+rn46oNydQuV

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.stockemotion.app

ioc process

/system/xbin/su com.stockemotion.app
/system/app/Superuser.apk com.stockemotion.app
/system/bin/su com.stockemotion.app

ioc	process
/system/xbin/su	com.stockemotion.app
/system/app/Superuser.apk	com.stockemotion.app
/system/bin/su	com.stockemotion.app

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.stockemotion.appcom.stockemotion.app:QALSERVICEcom.stockemotion.app:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.stockemotion.app
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.stockemotion.app:QALSERVICE
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.stockemotion.app:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.stockemotion.appcom.stockemotion.app:QALSERVICE

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.stockemotion.app
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.stockemotion.app:QALSERVICE

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

com.stockemotion.appcom.stockemotion.app:QALSERVICEcom.stockemotion.app:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.stockemotion.app
Framework service call	android.app.IActivityManager.registerReceiver	com.stockemotion.app:QALSERVICE
Framework service call	android.app.IActivityManager.registerReceiver	com.stockemotion.app:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.stockemotion.appcom.stockemotion.app:QALSERVICEcom.stockemotion.app:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.stockemotion.app
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.stockemotion.app:QALSERVICE
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.stockemotion.app:pushservice

Reads information about phone network operator. 1 TTPs
discovery

T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.stockemotion.app:QALSERVICEcom.stockemotion.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.stockemotion.app:QALSERVICE
Framework API call	javax.crypto.Cipher.doFinal	com.stockemotion.app

com.stockemotion.app
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285

/system/bin/sh -c getprop
2⤵
PID:4408

getprop
2⤵
PID:4408

com.stockemotion.app:QALSERVICE
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4350

com.stockemotion.app:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4438

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.stockemotion.app/app_crashrecord/1004
Filesize
230B

MD5
11dfb8b56440988d250f7ee133e59cd8

SHA1
45853845bee933b4af26d9c2c70e7c70093653c4

SHA256
66d1daffe88675013caaa782c2188c7d4c1977f66e35c2c117cd1f27ddb9cdcc

SHA512
c9a7d12faffe9156d3e0b8f2cf3f8bd927b1c99288629bc0d7552103640e1bf25215c79c68ab2b55c2b0e5c474a6940dfe60bd8b73921af0102a8aab87d6795d

Download Submit
/data/data/com.stockemotion.app/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.stockemotion.app/databases/beacon_db-journal
Filesize
512B

MD5
c79e9fdc1febd26e76e49576afafa8b6

SHA1
9f4889bfd8cd3b068c1902d3ac5904711ce83386

SHA256
258d0ea5d8cdaf80c927f909d30627bafa5ce331cf4048aefa964f8dfa94e063

SHA512
e7b63172b6925b3e03d5c1214c6740b460bef38df7f44eb3890242afae0057a60325893a82fe19abb9c06ba361ec71410ce12854a1b18d79f0b126b041e51cea

Download Submit
/data/data/com.stockemotion.app/databases/beacon_db-wal
Filesize
92KB

MD5
2dd3835ba4b68c311b3a064106176d07

SHA1
ee044c0d5f4ac3ebc99accb3c9e13b83ea312dfd

SHA256
54268092f7f56f245239d8b990cd40f4fbcb96a5677fa24a47c4c5dd1254cbb3

SHA512
4b62f5f49ffedb1bae97b43b562b55a14153173f014469b83ed012a93fc08077c56431eee5d92df4c4f7d0aa6e5b89e9070112beaeb852732dfea5f7d9e0e5ff

Download Submit
/data/data/com.stockemotion.app/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.stockemotion.app/databases/bugly_db_-journal
Filesize
512B

MD5
998f3be2c2e8d7061f6d352f5f240cd1

SHA1
ced5c1a59694ec12731cd7ad152ab4d0ce71b080

SHA256
78ef26fddd9510c4e39bb7b5303b1777d39c2ea3dbf50d2288a0fa1992044d77

SHA512
694b4618a7a67a47d87a52eb7e68967cefff90cb2c92e3dfa09eafc2baee9f302b4bc1f874dea40b2cabc2d62689c9034e4faf05bc96405ddaceb49fd72e0290

Download Submit
/data/data/com.stockemotion.app/databases/bugly_db_-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.stockemotion.app/databases/bugly_db_-wal
Filesize
76KB

MD5
c4e5cadb3be71273b143cf6bfc893215

SHA1
5480c275bc86fec5f345a0a1567781987dec9d87

SHA256
7b65ff84a53477819d79ba3bb54993f4c4036e6760320e0eea5cc58a88bc9244

SHA512
042604b873e0c037cbfa5a4ba51d0e61d4eb5175165d82db9898efa380431c09f1e1f354d54a6b0a6ce27cd316cb18a9231c2934c35c19aae588ea02ba475134

Download Submit
/data/data/com.stockemotion.app/databases/geofencing.db-journal
Filesize
512B

MD5
ceac2ef95675c9e86b16224023fde937

SHA1
28f1f183622604d43713891b16aecd27c678c3cb

SHA256
a5afc56fe437754f21bcb9bc35976ea938e883d3c432641d84fc831babc07aa6

SHA512
300fd5d49560be209d4ec421722b08b636482162c35f67fa5abf0ba5bea7239bf2ae6abdbada5d51531e83710b5a2e54656df7bc061aa9c8563839961065b7cd

Download Submit
/data/data/com.stockemotion.app/files/report_v5.msgstore
Filesize
3KB

MD5
ad817c22f546400929c735ef637cdf06

SHA1
f4d0dbf56bff1103b9cfef736ef19c087e2e915f

SHA256
c19d6cbf2ff24750dd2eb67a686838d4e85d0d81050da3abbe08d3c3fe2b231e

SHA512
43e40df4c530c8bce47604b6087c40983bf5a39718646e8a0c62924385d542436c5805cb4ef5c53fee45ce2773c0a5187a3611cf5cb29868d9888466487ec1e4

Download Submit
/data/data/com.stockemotion.app/files/report_v5.msgstore-journal
Filesize
512B

MD5
ff05ec71b471ac7c2e2ffe4ba9bf2e77

SHA1
264b59decfea2f4eb12188a77d09ea70edaedd00

SHA256
6040648f19bcc5de74d714955dd2a4a8493158b6dd06eb9ae351ff2733eb5826

SHA512
45462c8b665aa0a718c6c0c33dbecc523204fab9ea5a3e4716f17cc04d9b1e5c5e15f512593e7764bf1059c256d5fbe7ddb4fec16cdf37763ea10dc699a6a901

Download Submit
/data/data/com.stockemotion.app/files/report_v5.msgstore-journal
Filesize
1KB

MD5
a12ff72f3755c4350e120358fcef21e5

SHA1
3a95896fc766d633ad04391cc49a9040ffd64ebe

SHA256
61a3a796d6b47f6db4e2cd41a316faea1fa92d85a3b1b7d37fe5b773e4e8d172

SHA512
b0105285a975230bef6373e4bb08dda201782d6fbd55f88c6b802ce9c1c13636f201e4c781a2775c149d0624e6f2a9734c9bd69b27fcd47c01dfe46cab28c536

Download Submit
/data/data/com.stockemotion.app/files/tencent/qalsdk/qalimid_v2
Filesize
101B

MD5
82b1196c1ff74ae88028130039f17861

SHA1
3eb2899e8dc3d9070d09762d41f135a858efb2e3

SHA256
2d619073883920f57c58a87ad2bfe2a45813e910dce4bdd45385644f1c825762

SHA512
b2a223b0cf407cdfccbfe95fb699db87cb08068d6f66aec93e58c8cedc0f657181df3ac4c38b931c73abbbc871822d61fa0132c091002310214d1a2b00fe4caa

Download Submit
/data/data/com.stockemotion.app/files/tls_device.dat
Filesize
56B

MD5
2134c3a656bb88ae97c91c03f05cd366

SHA1
21adbaf908fafcdb1233478c49c613cbc53797da

SHA256
a0c11b557fcbc1ecab6477d7c180b433082155bfa1f0f2db3c7d2db5ae627116

SHA512
b65f0835d44f104ca2b976ab68f2a52913de13f917756839e33006eb547dfbbed8e12813f24ec2abdd7809ca6f11101db88dff4ea489733f0f2d7b376d5f7a39

Download Submit
/data/data/com.stockemotion.app/files/wlogin_device.dat
Filesize
40KB

MD5
afe5a203ac196e31ec6e87370e8d0bdb

SHA1
496c032a9b1b2f5c3bb26e4d6357bca7e2a7516f

SHA256
dfb0008893026b429c4cb8878ba48aad7b59ad82ee8e3a9106f63f3a10270b33

SHA512
ab3050c7f312de096b4378bba1a81fb7691ac0e94e45fecc015a5d2e74fac489354ca785102c19de71d0d9850b839eb2ff64ce3141a6d4dfb956e3849c5f525c

Download Submit
/storage/emulated/0/tencent/imsdklogs/com/stockemotion/app/imsdk_20240523.log
Filesize
28KB

MD5
1deb6b895a2280f63ea2f3783f0a5ebd

SHA1
c01eee51a200d2007d3972b551e2515fc8f96d95

SHA256
c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d

SHA512
269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

Download Submit
/storage/emulated/0/tencent/qalsdklogs/com/stockemotion/app/sdk/sdk.24.05.23.23.log
Filesize
32KB

MD5
7bb7c5a6919be7d944c67bbfa992a4f3

SHA1
8c247c280bc19dbe1f2ef716e0a892933704a601

SHA256
60f8d5b3d240fd2efc6b2af08c6d7f60646621d314e1e9045a202a018cb1d816

SHA512
74c264043465a5571b31ea2a5dbfe4056101274ceafbce265e9d3b4499eaeb6546109db9aed415e6c6fc91b7768b1b1b6b7cf63957471f1afaf49ce17c726213

Download Submit