Overview

overview

7

Static

static

6

6b43028fd5...18.apk

android-9-x86

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23/05/2024, 14:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6b43028fd52e9ce8747ad8190ad24211_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    6b43028fd52e9ce8747ad8190ad24211

  • SHA1

    b0351d9335554a06c7290fa50fc6e90ff40682a6

  • SHA256

    f8aeb91afbebe3f93bb55681f00436df9aabac074fd853f1302c2b4d7f2e9f8e

  • SHA512

    dbd37529cde6d668cb221c9621af59b791a551f2be31ccc437232863d58caf1c4229a2e663b495b8e11168ff0860efac0c335c4557dfae5a9743014080fb9f85

  • SSDEEP

    24576:AhjStdO/4Pgl2bq3c8mnGZ7lUu24GqIOLHI040KYXWJnJIyJSVfC:AcLoWcDmnGZ7lUYhIc3lkq6

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.qq.cleaning
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4224
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qq.cleaning/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.qq.cleaning/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4254
  • com.qq.cleaning:bdservice_v1
    1⤵
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4323

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.qq.cleaning/app_push_lib/plugin-deploy.jar
          Filesize

          213KB

          MD5

          e70723b8f6c4c7c09a6019733022cf53

          SHA1

          e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

          SHA256

          32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

          SHA512

          461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

          Download Submit

        • /data/data/com.qq.cleaning/app_push_lib/plugin-deploy.key
          Filesize

          174B

          MD5

          7c5dc7134f901de215e1306bd0e6cfc5

          SHA1

          a7c502c5168f02e6aeca23723ce852388e3317c3

          SHA256

          ec396af5ba0a95b1ee4eaa08eb42292e8a9d763f34bd5b671aa111f8b9ad9c2d

          SHA512

          9163b2ad787f441df14c39b81c75d4c09b06c32defde3e9c718dd3c02b57bcd510334fcb14e86c6b98dbd9ac056735d515060d46a70f6e771efe9ec850ff5a70

          Download Submit

        • /data/data/com.qq.cleaning/files/mobclick_agent_sealed_com.qq.cleaning
          Filesize

          570B

          MD5

          d9d141dfdb0d7aaf61ddadd79ff14e60

          SHA1

          404bf9c23dbec28143a05ba736806dbd76834676

          SHA256

          bab7a73657d0f5d0e376b507500ce4f26415067ad8714b300fcea23dda5740cb

          SHA512

          a645f8d6eb84e4cd2846d05fbf3aad6b8fae6ad3c77ff20c3a0344f40f52071074b14f991e1c7d523249a9ae7ead716e064d4dadf81ef764587b6d4bd6848bef

          Download Submit

        • /data/data/com.qq.cleaning/files/umeng_it.cache
          Filesize

          211B

          MD5

          0283aa3fc9120c38576fc9e6626fcb48

          SHA1

          572ad6bf6211afa0cb8bfbc1a2a3100001d15284

          SHA256

          5c0251c3673b2ca8ce8a40a9528b2cf4a57cf99f65a8d191ba626fbbcb05bd8d

          SHA512

          3bd7f43643a89d4c007b6fb600b315168729703948ec683a971834ddeda8b59c54d20dc03fb8e8f198c59fdcb9e463352c16d31c517f17f1bb986080caa708c2

          Download Submit

        • /data/user/0/com.qq.cleaning/app_push_lib/plugin-deploy.jar
          Filesize

          530KB

          MD5

          5597a541eabd3fb792c581587550dc4a

          SHA1

          6500b0ff20c75717e1cb67dcee76b4641a4e8a35

          SHA256

          473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

          SHA512

          39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

          Download Submit

        • /data/user/0/com.qq.cleaning/app_push_lib/plugin-deploy.jar
          Filesize

          530KB

          MD5

          bdfa71feb08b80b649fddcd7488b03b4

          SHA1

          bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

          SHA256

          f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

          SHA512

          37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

          Download Submit