52938f3d4cfb0af78ce6f5b0ea8a6dc255dfe285a4f1cc250c355c4ab11bc6ea

Analysis

max time kernel
132s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
04-06-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93ed240bc5204228ce1614427a76d7e2_JaffaCakes118.apk
Size

16.0MB
MD5

93ed240bc5204228ce1614427a76d7e2
SHA1

b0429ab9a01baf5ba3af66346a2e72a6d32be475
SHA256

52938f3d4cfb0af78ce6f5b0ea8a6dc255dfe285a4f1cc250c355c4ab11bc6ea
SHA512

903c99323b0be22722b4a43d10061ffa37c8f73593275434a908186ee8313aa937390b69f7958a2105ced3035f5a738097f69fc456fe839a80a782d642157699
SSDEEP

393216:8XiHjG6Bx5+jfv9ePKiAe84J/LRMIceroZO+/zMOo:8WTw7kHV/L9QOXOo

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tiku.qh

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tiku.qh

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tiku.qh/.jiagu/classes.dex	4680	com.tiku.qh
/data/user/0/com.tiku.qh/.jiagu/classes.dex!classes2.dex	4680	com.tiku.qh

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tiku.qh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tiku.qh

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tiku.qh

com.tiku.qh
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4680

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tiku.qh/.oabugaij/.fsgkea

Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
/data/user/0/com.tiku.qh/.jiagu/classes.dex

Filesize
6.7MB

MD5
29471edc19a26aabcdff243cba14da7f

SHA1
62eb6a286745b53fd32bc878b2bdf8e0e5cdf7fe

SHA256
26f2ac8c8bcd6db46bcb7b7ccab99a0cd91fd6d8a5e9315880389bf2d7744268

SHA512
4361e64bac75064927acaecd32f06971c7c51472094050bce30fa260c79bc83e92ecaf973905bc5a3ba6f9d5abf979a2722b8d6890a53166393a02a6501cbb30

Download Submit
/data/user/0/com.tiku.qh/.jiagu/classes.dex!classes2.dex

Filesize
4.0MB

MD5
6b697bbbc18310951c8102265b3d3cae

SHA1
3c7602ebf6fc9dfeaed027851ddd08a5bf4a75e4

SHA256
7bdab6c28112da8e20f67e793b372cfb946646f9309c4c38677261ff1133f23e

SHA512
b2cd7a9c57dfea3ab2b01f8d92087b9b7fd4554e4420d1bcb8226a12e5898076b39751993d3279075a6f71ff4746192865ffab713ce307f96464369dd06f99d5

Download Submit
/data/user/0/com.tiku.qh/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/user/0/com.tiku.qh/.jiagu/libjiagu_64.so

Filesize
569KB

MD5
64f0958be2a8e6862b90faacb40129e0

SHA1
389c618137db70dbf84adffcdc3c5d4850a5ff24

SHA256
4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

SHA512
793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

Download Submit
/data/user/0/com.tiku.qh/cache/image_manager_disk_cache/ede2fe18cf05eebdb6e5ee49b7216c1b48e8acba6abb0f6c044226851f1943a6.0.tmp

Filesize
4KB

MD5
c47e6119d26501ebf93b95080710b77c

SHA1
e3d5b15cae9abed8f4c2e3e857825e7253818571

SHA256
fde93bdf3f0fe1441b45348a63ad572bf7cb5d709e15a2bccfc4d9a70f918515

SHA512
a520b227d085929f580cc9280802da634ddef6e12bf91105b358521ae8b9706648ed302e1d66ca7ab1fc27ce8f293b54e7a1917ea25b8220f589fdcc6f4e67e6

Download Submit
/data/user/0/com.tiku.qh/cache/image_manager_disk_cache/journal

Filesize
178B

MD5
5764af6795e32bb3d239500b4d582ef5

SHA1
cb931c78e6989d489337d407a824e18f18c66cf2

SHA256
9098145886eb9b7e0fb935ca105a23036ac9ff4ac715ab592c2ed16dc4efb927

SHA512
5c82ebeae03c8eba39880100a261288c1980c4866bfde1b13da911c64bd765f2e52368565fefc5a10f60ec0b5ac1d03a6a3a8cc7bd71d40df06b5ff1ce183126

Download Submit
/data/user/0/com.tiku.qh/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3

Filesize
4.0MB

MD5
f18f43ad4aab9a1fa0f03a6d8761086d

SHA1
ee3f40507494a1bf45e77764ccabd363edceac5c

SHA256
4e1be191badaa2905bf0b588d97ffc1540a4f29a410bf33e0e6f74545b53a4fd

SHA512
f39d4122a994c5b522f6da004f669cb7e38cad64b19f88a92dfd60a4bf1ef3cd058e88351c80f9b23779dd04929f6e8c431e02c86e5147e8a08f65689c3d000e

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3

Filesize
2.3MB

MD5
0116a1b740fc303f174704f87258b401

SHA1
20bd200278ff1bb5ab31fc44d94c09e8cf6b20e0

SHA256
8d22de4b7e9eb4202e1e31827daa6ab88ba1005e267b09deab3f7bbfae0fc35a

SHA512
d2d6beaf5b2ced1327142e3a953c3a759aaf7270913951e9f2d098fc6922fe564fda1f2f3d6a4cd0b10bab17cffb9d6efbfc08a6b315cccd17db30f37d43f6ec

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3

Filesize
4KB

MD5
b3225da46c49b24489b7ae67b06fba3a

SHA1
b61149019ed51f99fed905623d9778a7f6a7e147

SHA256
14792eb1d0033a385b3e4dc16d5fdbd52db6e23dfbd28f14baf794b3b7dd7c28

SHA512
3054458dd698d932f0f62943ed67131a671f4f7eddc7494feb9f72521b68ee2ed4d25134c9b1e578fa5689c800737c12391efd9b96a0ac77c7876b6c6bca5d3f

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3-journal

Filesize
8KB

MD5
c6e30eed69c48746198120cf6b16113c

SHA1
d35f9eeac08ad62b0e88fa0fa9381f82c69e4a43

SHA256
264f0f1c4574a4c524db75a16434f98880a1b739fa7e45bbdab34ed9e4a5e92d

SHA512
a91b33ceb0e9ddd233211198b5705cd0bf0e839d099a0627350b8228875acf91a8a9ff9356f2c260c2e3bb3947fd031cc09289421ae64ddd3417121e60b25bfc

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3-journal

Filesize
8KB

MD5
be5f89fde6e20671680366121e5d657c

SHA1
27bc9762e765069b94e955cdf229b448de7020fa

SHA256
6303de6c5a288df41eb20f7f098730e942282e988b89196218e792c4c3067655

SHA512
a9a39bba6be8b1f302b90e8e758b3fed856700dec65dde6b125fb6149bf4d91b4f4563dca5e4a996775be677064fbdd9befd343b204aa37605f12c5557d5327a

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3-journal

Filesize
8KB

MD5
15f0a02d3a5f147f4f37fa4109aaee23

SHA1
80d6f7035142019ae6c1a4e8538cb35c3c4eb66b

SHA256
c2e78c80fbf910232e8bf050663835f1819e9f8efa17fa491fb34d1c46ec4cd2

SHA512
5d9a541e2595ccb3fc413620d96b55e143ae283256f2c0f77f948d3cb81ff050f3f5c62f0377ce565d817d82f20834666c182e50051cec0da62e7e40bdee1a7e

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3-journal

Filesize
4KB

MD5
99119b71a33b5de1945882b421c8638c

SHA1
8127ebf2811ad27c1ab7679258712cb6ae5a33d1

SHA256
01ce22e3741c417d44d919810f3b8c1d2815deb47a03f0120a2226267af37e96

SHA512
051a2eda84cd670a50bb9e32bac07480f9b618b2d878c4f127328ba803d820b20262a018940fc71ae26568f577f6def456c80f14e794ad3063ff3350146a415e

Download Submit
/data/user/0/com.tiku.qh/databases/qh.sqlite3-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.ac

Filesize
32B

MD5
31bb5467ad2593ac8959c3b692c55656

SHA1
e47a4e2d312abd9db345d08f4c6d137eaeada263

SHA256
cca670eba23175257e74bc6d19113b052a74a851e8a59ff7c1bc431eaa6505f1

SHA512
dd767c5ca818be5f1aade1e0c3b17da7cdf3e0230ea8938d0f38a7c336d12ea1b5151ab9417d9d672b5fed2e0d65249fc2c42d83c980664e615f8e2270f5071b

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.ic

Filesize
32B

MD5
336e116b8e71f3d097acd49b4dd6b08d

SHA1
f2ccedf5f72a562a4a068e272ebb474b49712f19

SHA256
a619bb352e22f6b33f3802db58dac2de963fb6e680b2f02c586608b05cf6cadc

SHA512
7dd94607c3a7e46080ae8af85eba8215501bb20c638ef76e358c53ad9ce9fec415234971563c8f6f5781d74cef077f8f0191d2b1004bcddf07b983142fd6d8e8

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.pk

Filesize
32B

MD5
6103fd12aa85e2704778dc34659b688c

SHA1
ca283d1735ec1d2ce796793792c483394a94432d

SHA256
137990fee62a812985eb8b9c86dc882d2579f77c3437ad5e23d00ff7eddd23ad

SHA512
3af1727a20ba9bf2292a75e3ab07c0cfdbdd0fdf4bab4b01750a06b29fddc58cac9f6d4a7c77449deb9bc11fa9cb402cdd2c0e9477ccafba132eb2eaca3cc6da

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
0d901e8754ab8a862f8f21018471b4a3

SHA1
20dd9a05f15ab4e451799d789e2f35f27066bf54

SHA256
0c29851458e954860051067e32916c1c342499a9228c85eef8706bd317f40dc5

SHA512
ad67df398c85822573dce6177348c6ae0702dbf61feae29982a66d9e3bf61096c3f0b3b34f19dfd63a92ab1112b40e2ed2f9ba7be41fabd15f471364acaf2c7a

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.rd

Filesize
32B

MD5
eecb0a9a6473dbbbbda181774349d434

SHA1
a6b33a3e601887d8e73a0b56ed57fe4dd86cb8c7

SHA256
d07ec83ed9e9a8fdd86a1b6d1728e6eb5dc71ddd4a8cbecc9c69f56cf44e639b

SHA512
3ed291ce7b3bf1d0cd4a24186dc3cfc963506800e2c8363aa8fa6ce3e2eacb1e9f8d5f523d61fd6931463577521766fdc0a26aedd25cae60e84208959d8d98f4

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.ri

Filesize
307B

MD5
d73e02dd4b3ffb996d04e86f58a70402

SHA1
e736d752a646cd60de654dfcc2c1a3ce1202f050

SHA256
710f7d6a8865a40545cd7669d3b810a554fd67607823d7196fe24fbd6bb14313

SHA512
9b1a5fc3b43893f870d76158b7b0ce020ed2c272588df5339e37955bee2ca13986b6b486802cdf8d44de136ee3e2af87dbfc59a940c496953609f07187fdc43a

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.ri

Filesize
314B

MD5
630756f3104a971509692da86b990806

SHA1
4f48515d486bc8d1cd2f177f1127851c4b473949

SHA256
367ecc235800b673e151ea7c9c6b049080e37b759ddde7e854721c753723511d

SHA512
3b3e12e70961d31fee3bfb4d7b935f8affa8bd1dac17753d257769970d89074abda8c1851ba2cf896c2301b87647c2b62ed49d42856de238ac339328091fd306

Download Submit
/data/user/0/com.tiku.qh/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
a1800b036bfbf7536b8573b8490b2f66

SHA1
18b667154d2cb66b13c73567e16c841bab16f23c

SHA256
dd678ca574504e9490e2da582fab896daa3516c17bcb88760520840570c51621

SHA512
f43d680f40f69a34d53292044337e26451327b15c71230be4304b6792b225b759ed417c5d934137186d0aa71cd51f54c0bd9661204e02e69c0937d3b3344c6bc

Download Submit
/data/user/0/com.tiku.qh/files/.jiagu.lock

Filesize
27B

MD5
fbd7fb3a5d2689beb99c5e269210c96c

SHA1
594dc6fd086d1c80089912cb22091b8d4d949950

SHA256
1e33e7d3fb19ebdfa542d93b1895cdc28de2928ac50747a53d2b5bf8974ef4e7

SHA512
5d6aeed99e1bcff042c3dba65e1c9ea3713a6505c798d8d64103cb44f116749760933550f845e49d69b3cecd992eabfa047d23917e2ee428bcc7e2c5ba5c861e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads