Overview

overview

7

Static

static

6

758cef3f07...18.apk

android-9-x86

7

758cef3f07...18.apk

android-11-x64

7

Analysis

  • max time kernel
    178s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    26/05/2024, 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    758cef3f07cb3512bf8eb4c0caf3ee13_JaffaCakes118.apk

  • Size

    8.6MB

  • MD5

    758cef3f07cb3512bf8eb4c0caf3ee13

  • SHA1

    abc5379df552e767757f836a65d260a88e6cf0e1

  • SHA256

    133e7cd7385ccd219c10e98aca101cf0bb04c859553b90a949c59c3c2a95c7ed

  • SHA512

    7112cf7d4992dba44152f825fc27da08f5088720e16fb9e6eefb8d3ef5f507101a011c343bb2a9c203193d6522d23d1a511705d6e20efa8321743c6a6b0e6b50

  • SSDEEP

    196608:aDTPReiMNo0lMQG1t4PgJiNYobKNnbYBEeTiktRyK0iiBy72wu:85WNlPGxJWIN8nTiktRyzRB0Q

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.shenl.qinqinmh2
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4283
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shenl.qinqinmh2/app_libs/ymdex.jar --output-vdex-fd=116 --oat-fd=117 --oat-location=/data/user/0/com.shenl.qinqinmh2/app_libs/oat/x86/ymdex.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4554
  • com.shenl.qinqinmh2:pushcore
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4364

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.shenl.qinqinmh2/.jiagu/classes.dex
    Filesize

    5.3MB

    MD5

    314d9e3034c841a5b6f4670a0be2ab98

    SHA1

    ed386a8648c6afd7ebfe80d2464721ec1ddb8bb6

    SHA256

    0a7814e092fb6b071f4aee882eb6eb404be043b4f3ba03bf54ab4987f96a5944

    SHA512

    fcc5c9be1e933dda89a8e306b99c6502ba329c3930bdfdd56122816da926f37b18d0ad005e93b8e499daf08320cb625c2bda7e8e665411efdf42ff0838eea1e9

    Download Submit

  • /data/data/com.shenl.qinqinmh2/.jiagu/classes.dex!classes2.dex
    Filesize

    3.4MB

    MD5

    717e766c9d76e7acccc56a8a26e89cbb

    SHA1

    78cff23a66c896dc594259965c090372df2ecae2

    SHA256

    ce1cf6d8c9b5e3743f111c1288594c2718d7590be0cf58eb3f6c993b886da827

    SHA512

    01f40072e9b37139fabc9b9e03393e0bb995275f1c652b96ba9a48983f4ea6b21b51d4c4eb147a76fafbf10bffa960cb89201b51d635f2a9365cc2fb4d5725dc

    Download Submit

  • /data/data/com.shenl.qinqinmh2/.jiagu/libjiagu.so
    Filesize

    485KB

    MD5

    1da618896802fdb4b6f17c92703424f4

    SHA1

    b48aa81ac014a5a7f6e95e618e4f951ee12d34c3

    SHA256

    2cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f

    SHA512

    620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6

    Download Submit

  • /data/data/com.shenl.qinqinmh2/app_libs/ymdex.jar
    Filesize

    368KB

    MD5

    7b2035e3c2512abd3e2e70ad7cf0eddb

    SHA1

    30f27d22b4249127c9cf55c0548e3bd2cb5ad766

    SHA256

    098ea5016db2c3fe7ce0566b156b15e71231de356f80f91b51980cb3aed5fe34

    SHA512

    fae0963158c7bd5b541877f05e65b08a3c9526917432e25419f26cd958f83362fe439f91ec971028d8cf9523be1dcf2858e9b0b96741f2f2a1703ff5ece567e2

    Download Submit

  • /data/data/com.shenl.qinqinmh2/databases/qinqinmh
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.shenl.qinqinmh2/databases/qinqinmh-journal
    Filesize

    512B

    MD5

    b460c7806444e890f224f64c97265395

    SHA1

    f0cae953796102900b4827af0a747ca9a00180d4

    SHA256

    622fb05086066593b958c64152f30d239e4e423eea86b1abd5cb68e40d308fbf

    SHA512

    3f7db82767db36ab1fab6a5d4f2cc6fc1293bdecbac81815599dfb410dc957c4778375a4b9c2dae8fd5e49e12eaabcaa565b8a51fc237cf9944e961ddd57ed99

    Download Submit

  • /data/data/com.shenl.qinqinmh2/databases/qinqinmh-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.shenl.qinqinmh2/databases/qinqinmh-wal
    Filesize

    16KB

    MD5

    abed62b22a3d8c6e6055dc709dee8b44

    SHA1

    090d6ab7f7b522b15cb88b9aeb89017b96684f9d

    SHA256

    214769a87d0bebab9a9f1fa68dad6c81c00d7e7773d57286738b757d774ef765

    SHA512

    67b4467d6efe02189d9eebda2fec5c701c12d04cb4c6e24ed5fb55f66e837656b28e5cf31f2ae67ee1c812562eac1e2fcae959ac0b5be9730b584ad341ad6600

    Download Submit

  • /data/data/com.shenl.qinqinmh2/databases/qinqinmh-wal
    Filesize

    44KB

    MD5

    c524fd5fd52b5c16a8dad61da00ed3a6

    SHA1

    33d8b97823e2370aa85481a7e88b63c97a4dbb4a

    SHA256

    22af7615178a2b0ba53fd6b9cf7b40bb6d54c9059b0feff3765db997c1bfb945

    SHA512

    23cf7516973c77fab9a695c3a98c6a889bb6eb187ede3241618bd6ff67bf1e036dc525560742dabbf312b4b251ae48dfc39b5b1f6721dc41c1fb37d6d3be7deb

    Download Submit

  • /data/data/com.shenl.qinqinmh2/files/jpush_stat_history/active_user/nowrap/bd9b0837-841c-443c-969a-c4dd61336b8b
    Filesize

    159B

    MD5

    6c1b722762c16303331ebe21f7b14512

    SHA1

    d8b65f1b9b78c937f20190dbeaf683467caaf76d

    SHA256

    081c4d4b880bf0cd8e7c3b4f8531c6f43016acf95e7131bb39478c9537724a5f

    SHA512

    d2d1272ea2cb2964f47885333d69ff31e5a2e59f6327d5a479b80a83c9b7d58b095e279aa00eb1fc00a3a57741f856bb6eff941cb17942e0486358291df65a43

    Download Submit

  • /data/data/com.shenl.qinqinmh2/files/jpush_stat_history_pushcore/normal/nowrap/7bc0cd0f-275c-4e58-a611-a62e60573e44
    Filesize

    187B

    MD5

    88cb4c56e0e9098d36f633fb28dbdef9

    SHA1

    9753081dee5321e0650a25fba44172dcb0974575

    SHA256

    b95f01ff9f4ddf92aebdd63a5793fc9b1b3c6f861539f40eb13faaec08e10330

    SHA512

    540e894f3c27ce537f14de0f9606cb052fbdca4ad6c44eef319446da7ef4944a09478781611f1197bb3b4045e09bd6b706a416a4d5590ab9f4c6ed0ade8785ca

    Download Submit

  • /data/user/0/com.shenl.qinqinmh2/app_libs/ymdex.jar
    Filesize

    861KB

    MD5

    dea185a22b9bcfdaf3eb10d4275dc113

    SHA1

    e86beb16603de22c1a784e082769043b282cafca

    SHA256

    80b988b5a6a8fb7a47109f8d5dcfd8e219ce3f4c3382f39f593ed1a053a2c8f9

    SHA512

    51d3f23e3945fa0ba02562b731f4f7e9612305162acaf8bbc799bff06ce69a773dd117a75aaa11e53c7f0f5e715b9fdb976e8c4918c56303d55306bd190c5186

    Download Submit

  • /data/user/0/com.shenl.qinqinmh2/app_libs/ymdex.jar
    Filesize

    861KB

    MD5

    b247ba7a2590ddf4ecf7e2529bb37820

    SHA1

    4264312f3842f779ed306750ac210b951da6245e

    SHA256

    cc4c24907036ce4ea90606f31d1eca86832036e01a90c2a84fc480e31afba0fc

    SHA512

    8c36fbd4d3ba0c44a8bbdedff93c973012c2481a3e6fa503957a9e37d1852d66885642799d0ca464f39a668b70b7561c8f053a37b34d9d9fa86b11600b7b24b9

    Download Submit

  • /storage/emulated/0/Android/data/com.shenl.qinqinmh2/cache/CopyCache/journal.tmp
    Filesize

    36B

    MD5

    b6153f286dae2274fe3510aebb5f70a6

    SHA1

    0e85c481dfcdeb3ac248c38b19fd1182d180c529

    SHA256

    a0b727f2383ed6c764069a1d1fdbc8911beea2db5c38955a7466ea5c64fd21e7

    SHA512

    c38f2db24c8e3fcdee5f4907ea7cccb8b2b96c72443acf76152e083506a8ce2440c977f67887191fb997688719df0a073eadc0066648ae6c227b103813389c37

    Download Submit

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    3256d4a142bc6d5bba8c68219a003380

    SHA1

    46bcc50cb02ece04320ff4bb39df16bc59c14166

    SHA256

    5a984a728aeffb3e582b453bd16fc95a32744c727bbb98343d9d6ab82d83a380

    SHA512

    cd025ceb2d9418f742cc7b401e61e406640cd78b59a5eb4e0aa792a7402f32e15e00c99b48831322bcc047e1eb51c4dbb03496ab392077c0492383e006d3e1ac

    Download Submit