Analysis
-
max time kernel
156s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 17:38
Static task
static1
Behavioral task
behavioral1
Sample
98cae89ec80bddb72d245fd330ee539c_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98cae89ec80bddb72d245fd330ee539c_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
General
-
Target
98cae89ec80bddb72d245fd330ee539c_JaffaCakes118.apk
-
Size
9.1MB
-
MD5
98cae89ec80bddb72d245fd330ee539c
-
SHA1
af0c5986c57aa4f9088581230e2fd03aee353e89
-
SHA256
052f6523fd87e0b889b50d16390bac3c322d816494566dda077c640a66fe1067
-
SHA512
22c99623a9d469783231a6f4cd83e6aa03ec602cb797e1f078bc273a1e6ba3e4b1cc4d33e0c558fba7f661a25b9290964d04b7d1aaa4219d42313fd8222ac536
-
SSDEEP
196608:1QPybAOSUXdwyhAbbnOTAgx7QrtoVk+e4lf0whQE1P95a1quSYBMwoc/Y:eK0MrAbbnOTD7Y/Pw04QiIqeUc/Y
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.qmdk.fqgj /system/xbin/su com.qmdk.fqgj -
Checks known Qemu files. 1 TTPs 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.
ioc Process /sys/qemu_trace com.qmdk.fqgj -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.qmdk.fqgj/.jiagu/classes.dex 4266 com.qmdk.fqgj /data/data/com.qmdk.fqgj/.jiagu/classes.dex!classes2.dex 4266 com.qmdk.fqgj -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 22 s.appjiagu.com 33 b.appjiagu.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qmdk.fqgj -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qmdk.fqgj -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qmdk.fqgj -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.qmdk.fqgj -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qmdk.fqgj -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.qmdk.fqgj
Processes
-
com.qmdk.fqgj1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4266 -
chmod 755 /data/user/0/com.qmdk.fqgj/.jiagu/libjiagu.so2⤵PID:4297
-
-
/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.qmdk.fqgj/.jiagu/classes.dex --dex-file=/data/data/com.qmdk.fqgj/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.qmdk.fqgj/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed2⤵PID:4445
-
-
sh -c ps2⤵PID:4469
-
-
ps2⤵PID:4469
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.3MB
MD5884d4a76c074f77baa27307dfff82392
SHA1ff03cc10ab162c3b1850d3841382919778c407b4
SHA256a9cda39251842b275e24898a13c5f073ce0705e424b8a927ef7bc4057db808c6
SHA512af62c6dc4c668e04f1733badc17d3abb88eef0f5a3feb86b53fdac8f7f7eca526191765dd22adab4a13adc0aa584347deeb64636a2e3d7d63737d05df6f6a838
-
Filesize
6.1MB
MD5756fdecbbcb8b33a8632e16ded65c18c
SHA124239d58376911e4dcedfa22b16ed7b837d6c1ca
SHA25614d530c01cab67093973c73d99d858f0f1fea3e2164a88fdca9aaf0cad2274af
SHA5123a6491f04fdd8be2cd46b86dfcaa6485a54fcae477b93c6b2329a7481ff3be81ef743a255d5973f8c5fb706146a593917fc0b27bbdc49e700b3cab8f8c6c401e
-
Filesize
83KB
MD5c4111cfaca162b46042310b11ea9a8cd
SHA11ec963a64a2561f02811fd8ec18f4503b0ae4dfa
SHA256247553a455dd3464a4620badddd20cf62de48c52fa59b4902a45b84a92ddff80
SHA51207ed4d5b2f05e9dbcb9035d2406053aa8aa8521d9e159afcbda94f1a6418d8ef665603e9f40e4fb71b86bc26e149b5a8760b344be79386fff63ae280b14fcd07
-
Filesize
363KB
MD5f7f5e960db0c8a6f3b5b8d1a0427a042
SHA1a8b623f9f87a6e785508befe07314da2fa903bfa
SHA25617ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c
SHA512ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba
-
Filesize
448B
MD571466861646b617eacafde345141f770
SHA1ad1d03571b3578ca7ab9096e09204a54670a4f28
SHA2565a2c87ec66b464a71bbd52828d55172954ed47d6be703a88c8af1f133fbb0657
SHA512214bf8bf8fb101e2e613047598addcee0e1b3faf41f520800444815795585895b24704c6501240e6fdd3983c05f52427e00ac825493b5373d31325a982c13988
-
Filesize
959B
MD5545fb8bbed93d214b6a61a03245936b4
SHA1d85ca31c6021ec6b2bd0de5794c057b9f7684b84
SHA25638f6b23d35ee2358210d7061a48c91867cad603e81d49ee3e55a77e4c0d59c6e
SHA5129617ff71328bdf9fe846812817bb789e0829a0ab5a46a64c86bbcea2a76449c93549a9f8af88891af8ed7ee66e98984e69197dcd46ff735d7ee72f09be49dd44
-
Filesize
1KB
MD5a1e2da023f1d37b77153e9422091359d
SHA1c3eb961fd7d7f79ce832d547a75a311cc2d5cf51
SHA2561180f5af2d1967f20235f7167f7341f9da8e2633c1c3fc6c5bf2d6627e8b4b88
SHA512b6947cd41855fd271c57023edb9f38945776281b35610c32f52cfb1d29a9cf1a5b24411b8f4f8bc4628e34465e3c3e1fd8d5b378e3bb1e0048cdce7dcab3f5ea
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD580797c667f4b3470835284680f85b787
SHA1c7d0c67accc4d97fc185dca410cee05e7d51a66a
SHA25643dfa776b262d34a5f79357c8e4764c5d9d639935e162c268065586a9613f062
SHA512c98a19ac9f371e7f1572453f506f9a822f3d2ad64094868f8914f21115657feeddecf80f68f4811c486772ed31bf97b1aff056c444daffda3f06cd18d4a298c6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
40KB
MD51bf733e7d3f77cc913923cd15dafcfaf
SHA1a797030f1c77f9681de915c6918406f050b9de10
SHA2560e71c67a27e525a2ee27e3fd6f05788c9207694d8cbf3025e8f3fc9fbae301c4
SHA51217d1a2f5612a9dad0011f2935d63d8e7d946ad88349fa39ba1c72370b8fa56257b4c337922cf471cb3aed7d2adb3973ff55aa5e938e9f166eddec95393019074
-
Filesize
40B
MD5002a38d2bbf96a643aaecc21a2a4e347
SHA17edcf11771f999ec4d3d4707f8b4654c1b29418f
SHA256bd8c80511e6c9bcea670c66042e0b4f0878b833e04328e9545387199d51bc885
SHA512e0c11a118b734d302af74f1073cac1fdd4438deec7f83d8015ecc0a9ae14bd2d18a303bbbd0a7c43916eae383f6d216d02e137833c2000b921a2f445821496dd
-
Filesize
40B
MD5fb646c85c9abb88a289cfa977a9e9aa3
SHA1f7600d7204adf7ce2a996034bebcda0550242b0c
SHA256d673e78ef450a1cea44667118b9d7e9a93d82a232cca78c20caf7fca1c8d552c
SHA512ca4e7059a8201b9dbceb50e3d346c2f46064a0cdb45bc2ae0ffdc35a816ad06c9a06caea7298801fa2391f80dac3636aa26ce967ef87d7f4a50b46cad2a9fbe5
-
Filesize
340B
MD58dd87529e7eb81879ee2a896bfd29600
SHA14e71012af9fd33391ec1962c6c7165847f075413
SHA256ec95733e466fc56528c4d611fade67ec81bd89a15ed24c82ea8f2294564b83a8
SHA51237a972df58f2edd8d600a5ffa413a4f5d56441e62ba92f69f94d443c02328e75dca06e1210dfb107347c83d3f0d1a4645b13dc5c5c7f8cf9b764afb8f232ea5f
-
Filesize
340B
MD58c2b4780ce928355457d1d5a67e1ae96
SHA121b13ecac11b1990139a1a2e3d47241efb303494
SHA2562b14497707352a5e72f96752bc7f17dad13995d9e0b5568d967b5d8c6e5e7b44
SHA512f4693a12474f11fbdef8aa1d3565038a1bdf3c18df99f5e59850078f0c1481cfb816db695666dbb078a499e114376e952f1f25a63b9848b41ba5540233dc84cc
-
Filesize
40B
MD571a1ccd95c88ff3da04a927b7cf15ca4
SHA1daa7780ca9237a05d4a5011c8cf659e672bf5458
SHA2563114a87d80b7c6dc5edbdb91332c3d4e9d02352c8a0d726aed07b009b147d93b
SHA5129e16f36f6d3972e4078e8eae05f79c0b4d5de370709a509589f8050d9b72ace01669d93a9f09e6c4fbc38c76c2de70f194d650dda77fab83ab782decd8607ad7
-
Filesize
314B
MD5ad3921efd9896f24065fc7484f8b8384
SHA1aae1b3fb8efaf388a2c763cd2ca195850c25848e
SHA256837516a98c7cf44d10d4a5c76c30aac87f4a8b32822419e63bc8a0adbf305d8e
SHA5120ca1156135f6ee6951001d3fec7f5534c1e3103e6722c90391699dbb17f8c64ab0f558a064646392e9a870c81d78722d9bdb8b2d08ef9153711d8d7647b2ba56
-
Filesize
27B
MD5893d6e8aa45bd6b51caf9ff08362ba50
SHA1abcf47953ab79de69ca2ccee46145ff73f94a6df
SHA2567361c28fa45b7ff5f96ea109fc3b566228dead44e96ebc2f637382e45c454350
SHA512495f59f611926c203493cb68b727774940c5672a8d3b47b9c983d45d65f40ca9ccebaa7319d89eb00c8066209d7187599a613f2c3323ff8365d49250e99d6bad
-
Filesize
132B
MD563507b65b722048bdd68dcf0af03fde8
SHA1d072108896d4c3c8b35ee32646b52141c5bfa164
SHA25660efce0a2b0acc96c04fdf2778b1ec553d9bb29286cf8e39036b0101fe89323c
SHA5128c1c9f98c3f602685f65dcd57ff2fb300ffc329723716174e1bab778279de2ebba967206fb3d3c90c5b65f16023b4029a02b5017ee1e97d0a85610ef1b6668eb
-
Filesize
5B
MD5c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA51229f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD573f9fceeb41eaaca4c93a2db7eade5d0
SHA1555b794a6a082c11d76df76b09826325a6196cee
SHA256b4af43264b96d5dc103a0c4712d31bb44bc226865e1cfd0bca7dab9943d19fe9
SHA51256625ba4dca96bfd4082ab9b245d55566e9736ccbe6250fcc9d48f4de7525e1538628c9bf2fdfde3405139c92bbaaaf8d872ac4697b06da71f5fa79dbc2c295e
-
Filesize
1KB
MD5992080ab6049850de20261fc95d43a40
SHA1e348ab6536cad2fdf01e58b68b0531f12ad906dc
SHA256342de70b9642715786f1b2735064771192c8663d8896f277f73459278801efa0
SHA5129eb2f97b82a5ff9cafb35ad67e2d2ec5f8c0461a484c4e60bb6b9619f755cb98c86365f0638add48e8c888a3eb75354123828c21a6f779fc80adc60ada9dee75