228a033466d0765370b477b13f0675a72fd10d931b39cc3e087f99374c812cf7

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75b6cc22afb9e6a876babc15340aa321_JaffaCakes118.apk
Size

5.5MB
MD5

75b6cc22afb9e6a876babc15340aa321
SHA1

8f6ce10ee45f0989d3b770ea7aa4b79ba1f11ec0
SHA256

228a033466d0765370b477b13f0675a72fd10d931b39cc3e087f99374c812cf7
SHA512

6ea645bb20704e4e80cd6a7b992614890d2c400c7398c3e272c4b891d4011d24aa377e7385d9fb05be5485974eb2d3ddf011a8d69be14ee204a02142ad636bd3
SSDEEP

98304:bNhoZ1RJIDOs+CJV1MPPbFTsOZnQFkNWAdkL1JEAHbba2+Qs3t9vVXr8z:bN+tYlJXWFgOaFko+kL1bXsm

Score

8^/10

banker discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.qihoo.appstore

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks Android system properties for emulator presence. 1 TTPs 13 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootloader	com.qihoo.appstore
Accessed system property	key: ro.bootloader	com.qihoo.appstore:critical
Accessed system property	key: ro.hardware	com.qihoo.appstore:critical
Accessed system property	key: ro.product.model	com.qihoo.appstore:critical
Accessed system property	key: ro.hardware	com.qihoo.daemon
Accessed system property	key: ro.hardware	com.qihoo.appstore
Accessed system property	key: ro.product.device	com.qihoo.appstore:selfupdate
Accessed system property	key: ro.product.device	com.qihoo.daemon
Accessed system property	key: ro.hardware	com.qihoo.appstore:selfupdate
Accessed system property	key: ro.product.device	com.qihoo.appstore
Accessed system property	key: ro.product.device	com.qihoo.appstore:critical
Accessed system property	key: ro.product.name	com.qihoo.appstore:critical
Accessed system property	key: ro.product.model	com.qihoo.appstore

Checks CPU information 2 TTPs 2 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.qihoo.daemon
File opened for read	/proc/cpuinfo	com.qihoo.appstore

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.appstore
/sys/qemu_trace	com.qihoo.appstore
/system/bin/qemu-props	com.qihoo.appstore

Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.qihoo.daemon
Framework service call	android.app.IActivityManager.setServiceForeground	com.qihoo.appstore:selfupdate

Queries information about running processes on the device 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.daemon
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore:selfupdate
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore:critical

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.daemon
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore:selfupdate
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore:critical

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.appstore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.appstore:selfupdate
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.daemon
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.appstore

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.qihoo.daemon

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Checks Android system properties for emulator presence.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4237

com.qihoo.daemon
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269
- /system/bin/sh
  2⤵
  PID:4398

com.qihoo.appstore:selfupdate
1⤵
- Checks Android system properties for emulator presence.
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4322

com.qihoo.appstore
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks known Qemu files.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4376

com.qihoo.appstore:critical
1⤵
- Checks Android system properties for emulator presence.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4412

app_process32 / com.qihoo.appstore.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4458

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/CrashLog/Crash1.log

Filesize
58KB

MD5
eb5700f6cb0d4fd8a88d939436a3ecf5

SHA1
5239565c4c565787c46e0f6254b2e7d81cdf2b8c

SHA256
bbfcf860b1fd6f2d6b243a7992d81946a183e16c4b86e4b86b61dd05f717daa5

SHA512
fa94a8c400f067694f4e2f7c979d1662a6b29219659d37d02742b866f5bece59660e19d339544bc25492320f4c0bd62eecfd3d7d18cd2f26ef982c4399aea4fe

Download Submit
/data/data/com.qihoo.appstore/CrashLog/LastCrash

Filesize
4KB

MD5
c3e5f39dee68a7e6f888f5cb649ac513

SHA1
c5d1b613206b6626959f042528caa31cbb65f093

SHA256
28172ab79c841ed38819671e279a54e7df16bf688ec30587a8a207114fbcb15f

SHA512
f08178f1336fdf4f95c6d4ad60effe998e2f7446bb0fe984a185ca859067d2ce0e4890ecaf2985b549d521602bc43a865f52e4d080ddfa82c7162204c028aaf1

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db

Filesize
32KB

MD5
88b05ffbd3e53b505835170abb602155

SHA1
a6b4ad385164a6baddc783f24a714885c7c51162

SHA256
f849779203cf05c6c2f780fc51621a759e531122267c92d5876a50784b5ae1e2

SHA512
e82d97596c05d0e0c20d19d15d52e926efb52b2d7bf9a13b1c8e993e503113398cc9f60022ee41e6e7fb223b1f05b375d9e9c99fba2b47f996595fc0c03f97b7

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
06cea3ab346ef206ab04e8d491dc2083

SHA1
54d17529c230874d16941c72b964a81c12e02f8d

SHA256
3f5adc3f7a98e1155e1773e77db2a6484bb800ce2b7392c094f1ebe1c694bc5e

SHA512
3ef10f20d57c6606c6b18cd3d86ff3c03e79a70ec57dea11dd14d94b34eee5b89a315ba724dacf38ba761836ea060adff4c56956ea5f6e2368cba0bcb1d0358b

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
16KB

MD5
4118d96ae56f3c407d54d7c3a2e64572

SHA1
dd33d242aec97af0103a4867585746d9e9bd9488

SHA256
e09b83a1d287b3ebd7a61149b30964852e80001c71b4ee51886d98aa44e7083f

SHA512
79d31cfbba88baf016c0bd1e1b8d031b0c702c5b5d48c5981a4184471ff4b2eba48de63133916d9a9ff4ce12cf0bb1cbe7b67670be8f1c63b10cd1ca7869ce51

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
32KB

MD5
b862d09bd80bb1bfb0c46f2f7e83807b

SHA1
4ea8352c904d14aa4ad909e389c305edcefab982

SHA256
c82f927769e590ac7d5434b1a9cf9c6ed1553a1a60174de14be68f6e77ca1e23

SHA512
e006072d347c38681f2569252a017a141ed426de9452cb0573b10e3b9dbdb99147b5b83f294553949b247bc959bb8fbac47ebbfe56c28fa763aded9c3d909255

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
564B

MD5
eec72b6e2aa79d3950b682c2113a1213

SHA1
7baa400c5258334a014a96b3d31c37a967f18814

SHA256
99e823ec0e4376dbb63d6726e8ec1b9ad72aa53db979c1e34647e9e3eb531931

SHA512
46964e7f10975d6f6b2a4f8962fc8c81b5a608128e41de6affeb673b6413a40fc9fc3619093018f7cacb4686d94fe3139ae8d8e9859833c620d417203b94ff72

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
32KB

MD5
7277093d3d55ea9007d07e2c026b769a

SHA1
eafd452b451984e87d2fd51c3c1461585ba4cd83

SHA256
a0dbdaaee54e15237f6b609cd5028180373ecb4bd91bec218b18ae4e8039411a

SHA512
791a1006c2b0c27c4447763e8c5ac6baaba53fd8135be56de81525ad25a1483180b2d2c34668b4c4e083da9438b7ea90b9388b9d038f20b0d2a8c2042aac3497

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

Filesize
20KB

MD5
60e4cf217e77c56efd3707b603797c5b

SHA1
816247b4883d3adb30c4db39fda16d2288e27de0

SHA256
8e2b8343f703045fb8596dee1888f65fc66b64d10304a4a49fd4ad1f63bd67ea

SHA512
22a8cd2974663e8caa220177e7bc64aaf35735dc8abc3870a7e47ea86b02d8b06b041000e5505039b3116290aee67e9645ad2d9c26218749f5b5b2e332712af2

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

Filesize
4KB

MD5
b064ce25180516375f03ea7333ce2915

SHA1
93dfa1a66e89c7966a43bab0ee4e3124b005bf2e

SHA256
9c53fb818e7f5a39e6eeb28a3e6fba95297410e6893db170de2972a53e6dfc50

SHA512
8b02e12e242ab21405e06545a883e0f12486d7043379db67e5e3eeee1f0424274dfb892013d7acf0625560e7a185eba118d1e26cb8cf8c7943162bad220fad73

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-shm

Filesize
572B

MD5
cd90a367aef9a4ed7cff267e5d1ab9e7

SHA1
fdda7f9724c9a222609bd406d525925c933a3743

SHA256
f8d2bfe9f27e2d97aa891473abb3eafa3e10f6f79556aa7768f86dbc9a7debd2

SHA512
e7a8bdbc87e4c0c35f9755dbb583bc076419889dd14fa2c1766ba5b2e18fcf35d952706b353bbcac122aa272ad597ece334c207a2544a3f9acae32ab8fcb4c2a

Download Submit
/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-wal

Filesize
544B

MD5
b12b34d07934f7b06339282d0cde2c2e

SHA1
4713bfc2e4adc9508025a2996e90e366472da3f4

SHA256
1ba59f72280a7254ebfaa761a7959580df1647f5aeff9df36ec5100e7ec26a43

SHA512
38f9a748bfb3eb7afd697c2017d876309d5bd5a674faf2917b43ad5a4c0f7b3a353ec0eb6ae14ea2a8918d299fdb123a71455527c06e114863cf72e3e81bb9f6

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
16KB

MD5
a765efbd53be78de13bd9b9c1499acaf

SHA1
a4088d55932fc041868585ee8e37c0b4c7a407d6

SHA256
6894978a703e626e8e9f811b7664d2bebd56c2d168c4c76d1d4fc41049fa8e22

SHA512
9779cbc93a2fb5ffe7dc39b3fb7241464f8af4b44c7ceb6a2a270dedc7063d23c73aecef01fc17e4adbef11acde51ccd5f255bda7a8b4f4f860b14c15b458d87

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-shm

Filesize
20KB

MD5
7547845b9bc2e3535bbb1ccd3728c6d7

SHA1
3960a0ff86df385269aaac41003bb76366271095

SHA256
7ea688984643a5b9ec6bb67ed74c2ac83c12ea0f24e4ad5eb2f2ee6ceb97d32b

SHA512
b96f35788eed42962e022d30745e4a9e2ea64ff0e4387deae51d0baf67ce6381192e3a1ce1ce66fc177165ebe6a44eaca783874a945cd036f2a624603165428d

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
32KB

MD5
427f6e8e7cc962240ae2808905bc20a0

SHA1
0c20f1ba4cd4627ce08c23d271f13c6847ea33b8

SHA256
4b18ab996717ab83d817c5927b030e080ddb7f4762cf162765ab6713c553aafd

SHA512
4458b54bf0b6bd08df3f1d10abaff0c2a3d6f5aa939fea7746f60124bcfc6bf80a43825cc4a55450958c3f44618af7f0b3a42fafb59bfd57b6d49ea320b04653

Download Submit
/storage/emulated/0/360Download/Logs/LastCrash

Filesize
4KB

MD5
85a30e5eae31fa24759c59d5333205dc

SHA1
bf0485beaa168742c6357b0327581f0f2be59972

SHA256
01097785be42d8b51a0ee67816461c70d678aff335d8fb169e542f1f82ef9acb

SHA512
ff19bd458014f02559a4471be1fc244d79e745e731e978837fd3c5c0c66be6fa4added78c88f9704f902cd2679b0a98f0aa142b7c4cac2770d22af033d591514

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads