6a06ebc5cd14ff586d315504c8a545818566d2acbf51c5a262aac4cf3168e053

Analysis

max time kernel
171s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
25-05-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

723fb1e232be61a0538d0b52ffc15535_JaffaCakes118.apk
Size

6.7MB
MD5

723fb1e232be61a0538d0b52ffc15535
SHA1

5f4609fafb6e2d15aad6ea7d88b3d7b5cc0db5a3
SHA256

6a06ebc5cd14ff586d315504c8a545818566d2acbf51c5a262aac4cf3168e053
SHA512

d03bb0d48c862d32b7c413108843cbe78ea3a346db40df876edde4dad5914069cc9e5bef591c3e7545aa549e4f56aeae7bbe7b7d9d4d770538557235393e0cf0
SSDEEP

196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZS/:0Z4kLJlErI6eT30

Score

8^/10

banker discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.qihoo.daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 2 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.qihoo.appstore
File opened for read	/proc/cpuinfo	com.qihoo.daemon

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.daemon
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.appstore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.daemon

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.daemon
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore:critical

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.daemon
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.appstore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.qihoo.daemon

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore

com.qihoo.appstore
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4325

com.qihoo.daemon
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4355
- /system/bin/sh
  2⤵
  PID:4488
- cat /proc/version
  2⤵
  PID:4609

com.qihoo.appstore:critical
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4510

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4570

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
d1b5545068995a6edb2bc36f85d7fb8e

SHA1
1c23f338a93c44fb23ce7df6120c9a4d2629ff5b

SHA256
965c3968eb6ff11746b0fda574abcfd86344aa5ea3d0f9874a65d3fc9d5f7fcc

SHA512
0255d518958271340e25c897cfb28437547fbd87d4959ca52f1b12478f95eaebd3e819cf446a2a935c990f940cfab3ede112633d3616d9d39a4a3c6cd15ba6b8

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
40836ecf23dd34820c44446d65997696

SHA1
6276ae8540f13ae5bdcf58e9d1104b7b2dce2a94

SHA256
306432f0ca274946019f4adf2b9783cf7bed3718eb18182252bc0e9ff07a7f44

SHA512
c8a471a349183d853cfb37d98d8d5cd6f530fc95464a8f0ffd8348634db3af22063e82c4ea81f27384b448f226357ae04a684626b6a7e0e7f58d3e20be0de2f3

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
5b6bbb86caa02891d0a5cbad4fa451ae

SHA1
32c1aa2901cfdc177392ab4a0dbfa2bffeaee62b

SHA256
be574c2917d4bf8f8392329b639ae1ad9b56fca0ba3da6777061c78e90301220

SHA512
ef95afd3580c9dc2b4372de28b9928494614cb460633918465f77a513d4efcf3ee949b865e69eb6c15d4903984d9b9e8ebbf684bd0c661954e7fa7107da689c6

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
32KB

MD5
b1bc76a5fbd90870e7e99b9181004785

SHA1
9183a61990ceb097b16db9af03759f1d01921c77

SHA256
a93dfa85c71e42135708f52552c94a1a9b79ac25bdcfc1227da9c2f2072da132

SHA512
868e69cbefa5ab32bddd0eae6484f0e034efbe395cfb7c5918f8bb4e8995c3c3f61c89e197467386e5b7e9cb121ca6b8d3ab109b9fdb7e18e6aec7163fc3a2ac

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
71fd5e29b1e35836f588c5a08a5ecc29

SHA1
431d64a05ff0007fb751757434fa472eca22ee70

SHA256
9f6144c9622c0cd7b2109ac72068935b37e7aed8b6a89ecad26f76c2375edcdc

SHA512
586423e98a2bf656acaa02b1b49447a84f9af688229ebd341a59062adfdfe8b5fe84fb5a23eaed292adcd3fdfda593121d4e690e065b485dbfe395016a15cef2

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
536B

MD5
107029401db62feaa164e9f86b882bca

SHA1
053435713ecf96fd5dcb2eaa06bdb13a65c28fad

SHA256
f5a8f8f30c5cc1ecd6b7c845cf7e3361288c125cd59a657536c30efee9f83880

SHA512
e3b5ade7d8527b2f4381d14f05f824617ebd2522d121e056421d76ff84f4b823de4f1d57b0fcdb11dceb027f818b04da1aa2f8e42ccf452e4b92eee0d9f761bf

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
32KB

MD5
9ca6a922e3573df9fde4f7d871caaf07

SHA1
91aa427970330e61eff8d79fd92bfea55dfd781c

SHA256
65692f552d3048a7d4e955e9bee0d7502821aa2d3856c960dd4930376d41e7cc

SHA512
6f4583d67b12f3611267fb7f1ed469ade77d336f42b7920245231d90adde84e9e5437511b21aca3efa1cf1a064f508a9658a8d739e425998197e5c2d7ad157f5

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
32KB

MD5
b401ac89da0cb627cc9f1051793b2f6d

SHA1
e462dc2b2e4faaa898124f450bfbb19e34cd542d

SHA256
90f34ba0cb82ab3c36ca37f101d8816823840b2544609ab0074633a60cdb1db5

SHA512
ac0c89896357358492437bbb6c70ca2ecd5aa4b9038235d0a45ef06c92ed5e1f11f46994bc841ea5dc0afa77655685b3a4bd11261f8466731d1bd6c653e56ee6

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
20KB

MD5
60e4cf217e77c56efd3707b603797c5b

SHA1
816247b4883d3adb30c4db39fda16d2288e27de0

SHA256
8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea

SHA512
22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

Filesize
512B

MD5
b65ed88b43dff4b4cc4d97e5c578021b

SHA1
909634cb54dc3a5d23fe58c2621d28f7cbe0b6a4

SHA256
c9227fd375e07de6c2b065ada5864b1dfac354cfe04162c2a4637cd3f31d691a

SHA512
b3efb3d2940bbd48dd156edfe9b34a17d77565cad2aa17235a151e77542b0f5e424dd30f930e453cccb975ce00921b418d87be2909f1d7a58cc8791568937c2f

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
16KB

MD5
2bf611439fea7860bc59945c3b80ffc3

SHA1
3cb662d8424511d12a8eb7e9cee72b6c64b6d3aa

SHA256
40bf311e206ac6e600b9b7f83156a998b6c005e3e6e6edc6c93f84e5e349dd28

SHA512
a5aa145cf48dc226f8440fe628b551989f5f1e5606aca71253179e084f1d8520118593863bd06aa6887d3de8fb0d14aeb21d1f0331970fa654242a6116a0c74c

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
20KB

MD5
fbe63a445281c0c6be6e416bacbb04f1

SHA1
e89da060ed5b45605116e43234ac6ee5f274d0fc

SHA256
e428affc5d4ae51bdcf2a460b2278d78e3f35be170f8f82f975cf748b2f02d8b

SHA512
36cdfad0577910c4715b147ff32e9120dada4c0e32bf0bcffdc547deb53c64cfcab174a92205f789d1cd9c22d5ffd6694d8a896c0fd4975252783cfd029086a3

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
4KB

MD5
cc9aca9a56a312f09f5e1f4efaaa4ad2

SHA1
5b74c7439c31efd2213411855d159dd08543fe92

SHA256
0e080ffc27674e2917da7bc120aabf6db738aef3de4b424f6a50397761dc7f51

SHA512
435dc02ed6a1cff96e886fb5b87339cee7916074b1e5540cb02e06c02625b7e915bf4513343e026badea5b7467df69a1bc01e436806120b53fb11d43d0e513d9

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
34cc97880b45b397a5ac4016077ec4f1

SHA1
b2cce1203c69bb1c77de4fc21b8f658fdbbc60e5

SHA256
87a916fb9ea11a50f0083528db0a71eb9147f5a6978a3033ce5cc7792d136798

SHA512
902965e2d749f7e2ea43778492ff8774ef16c369aa7cd21d1c792618a8b62f4d699606f8853be2e3e978457acd5e15f731f122e5ba4e0f131667ff3fb3a46b67

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
0014a657652f983c2ce466cca55316bc

SHA1
403e4b6a88a970de4e19d3335d56710f26db865e

SHA256
45a2f3cd46d23395eb11ac5035c470ac60f3870bd92242a627b9e6672cebc4ba

SHA512
ead88c3b5ee8638018b1ef4342d35f39898c359a89db8c033e250b136bad38fb605ff81309a4535e868e77d33cf97b4ba625fe370b7ad294b62f8d710e86852e

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
632B

MD5
b6bc56f55579c2b4bbfd1dce9931339d

SHA1
7901af0beb1f3412239d5757d795755af3fdaf3b

SHA256
700c6c3af1901cdcc8619bc844aa9fd54e3a01ee0656d279622547bbf3168109

SHA512
5b1c82f6f455a51f26888aa548f3d8f6ef90d84b9c4af151063854be4804ae3bb0cc60a2f9423f6745a8503443c6bdf69f3a2936603d871b1915fc11860ce389

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/report/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
620B

MD5
d1d55beb7ea3a70d6c83deb07a1b6465

SHA1
775d850afb3f9c84fa9b1f5feb1c4ec67bb41ad1

SHA256
7f11925c2fde6242d3789e61b4b5d663e5d50dba4b27dbea2c89cdd6d71ca47c

SHA512
4fb7eedf18932a269c59138cf22faf4a49586977f0282150a4a78b9023dbd7fdbf12056cfe780c889c718cefd9aa5141a0165fc617cd4ce168f60ec5cd64d3c2

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4325/finalcore.jar

Filesize
77KB

MD5
6d526c21acfbef37a222b4d1c8913930

SHA1
792e383e1b753a65400ea06f4f1fb7a564812806

SHA256
cafcb6eb4069277d9174fce9e9bd0fdbee5cff12195bc31bbacc89d72a7d2ce3

SHA512
b787bd3cf704977b644dcff364ba10871139dd40988af3bb0d96289c2f83f301bc7048c2dbcf3f67f2e72b5b22f67a833ef3f30cfa0389eb0da0d59531c60151

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads