Analysis

  • max time kernel
    156s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 17:38

General

  • Target

    98cae89ec80bddb72d245fd330ee539c_JaffaCakes118.apk

  • Size

    9.1MB

  • MD5

    98cae89ec80bddb72d245fd330ee539c

  • SHA1

    af0c5986c57aa4f9088581230e2fd03aee353e89

  • SHA256

    052f6523fd87e0b889b50d16390bac3c322d816494566dda077c640a66fe1067

  • SHA512

    22c99623a9d469783231a6f4cd83e6aa03ec602cb797e1f078bc273a1e6ba3e4b1cc4d33e0c558fba7f661a25b9290964d04b7d1aaa4219d42313fd8222ac536

  • SSDEEP

    196608:1QPybAOSUXdwyhAbbnOTAgx7QrtoVk+e4lf0whQE1P95a1quSYBMwoc/Y:eK0MrAbbnOTD7Y/Pw04QiIqeUc/Y

Malware Config

Signatures

Processes

  • com.qmdk.fqgj
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4266
    • chmod 755 /data/user/0/com.qmdk.fqgj/.jiagu/libjiagu.so
      2⤵
        PID:4297
      • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.qmdk.fqgj/.jiagu/classes.dex --dex-file=/data/data/com.qmdk.fqgj/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.qmdk.fqgj/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
        2⤵
          PID:4445
        • sh -c ps
          2⤵
            PID:4469
          • ps
            2⤵
              PID:4469

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.qmdk.fqgj/.jiagu/classes.dex

            Filesize

            3.3MB

            MD5

            884d4a76c074f77baa27307dfff82392

            SHA1

            ff03cc10ab162c3b1850d3841382919778c407b4

            SHA256

            a9cda39251842b275e24898a13c5f073ce0705e424b8a927ef7bc4057db808c6

            SHA512

            af62c6dc4c668e04f1733badc17d3abb88eef0f5a3feb86b53fdac8f7f7eca526191765dd22adab4a13adc0aa584347deeb64636a2e3d7d63737d05df6f6a838

          • /data/data/com.qmdk.fqgj/.jiagu/classes.dex

            Filesize

            6.1MB

            MD5

            756fdecbbcb8b33a8632e16ded65c18c

            SHA1

            24239d58376911e4dcedfa22b16ed7b837d6c1ca

            SHA256

            14d530c01cab67093973c73d99d858f0f1fea3e2164a88fdca9aaf0cad2274af

            SHA512

            3a6491f04fdd8be2cd46b86dfcaa6485a54fcae477b93c6b2329a7481ff3be81ef743a255d5973f8c5fb706146a593917fc0b27bbdc49e700b3cab8f8c6c401e

          • /data/data/com.qmdk.fqgj/.jiagu/classes.dex!classes2.dex

            Filesize

            83KB

            MD5

            c4111cfaca162b46042310b11ea9a8cd

            SHA1

            1ec963a64a2561f02811fd8ec18f4503b0ae4dfa

            SHA256

            247553a455dd3464a4620badddd20cf62de48c52fa59b4902a45b84a92ddff80

            SHA512

            07ed4d5b2f05e9dbcb9035d2406053aa8aa8521d9e159afcbda94f1a6418d8ef665603e9f40e4fb71b86bc26e149b5a8760b344be79386fff63ae280b14fcd07

          • /data/data/com.qmdk.fqgj/.jiagu/libjiagu.so

            Filesize

            363KB

            MD5

            f7f5e960db0c8a6f3b5b8d1a0427a042

            SHA1

            a8b623f9f87a6e785508befe07314da2fa903bfa

            SHA256

            17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

            SHA512

            ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

          • /data/data/com.qmdk.fqgj/cache/Analysis/avoscloud-analysis

            Filesize

            448B

            MD5

            71466861646b617eacafde345141f770

            SHA1

            ad1d03571b3578ca7ab9096e09204a54670a4f28

            SHA256

            5a2c87ec66b464a71bbd52828d55172954ed47d6be703a88c8af1f133fbb0657

            SHA512

            214bf8bf8fb101e2e613047598addcee0e1b3faf41f520800444815795585895b24704c6501240e6fdd3983c05f52427e00ac825493b5373d31325a982c13988

          • /data/data/com.qmdk.fqgj/cache/CommandCache/a221f94dfbaeeeebd4aeae0c3d6ab347

            Filesize

            959B

            MD5

            545fb8bbed93d214b6a61a03245936b4

            SHA1

            d85ca31c6021ec6b2bd0de5794c057b9f7684b84

            SHA256

            38f6b23d35ee2358210d7061a48c91867cad603e81d49ee3e55a77e4c0d59c6e

            SHA512

            9617ff71328bdf9fe846812817bb789e0829a0ab5a46a64c86bbcea2a76449c93549a9f8af88891af8ed7ee66e98984e69197dcd46ff735d7ee72f09be49dd44

          • /data/data/com.qmdk.fqgj/cache/CommandCache/feaebe3233781579d301893b1f207885

            Filesize

            1KB

            MD5

            a1e2da023f1d37b77153e9422091359d

            SHA1

            c3eb961fd7d7f79ce832d547a75a311cc2d5cf51

            SHA256

            1180f5af2d1967f20235f7167f7341f9da8e2633c1c3fc6c5bf2d6627e8b4b88

            SHA512

            b6947cd41855fd271c57023edb9f38945776281b35610c32f52cfb1d29a9cf1a5b24411b8f4f8bc4628e34465e3c3e1fd8d5b378e3bb1e0048cdce7dcab3f5ea

          • /data/data/com.qmdk.fqgj/databases/RKStorage

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/com.qmdk.fqgj/databases/RKStorage-journal

            Filesize

            512B

            MD5

            80797c667f4b3470835284680f85b787

            SHA1

            c7d0c67accc4d97fc185dca410cee05e7d51a66a

            SHA256

            43dfa776b262d34a5f79357c8e4764c5d9d639935e162c268065586a9613f062

            SHA512

            c98a19ac9f371e7f1572453f506f9a822f3d2ad64094868f8914f21115657feeddecf80f68f4811c486772ed31bf97b1aff056c444daffda3f06cd18d4a298c6

          • /data/data/com.qmdk.fqgj/databases/RKStorage-shm

            Filesize

            32KB

            MD5

            bb7df04e1b0a2570657527a7e108ae23

            SHA1

            5188431849b4613152fd7bdba6a3ff0a4fd6424b

            SHA256

            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

            SHA512

            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          • /data/data/com.qmdk.fqgj/databases/RKStorage-wal

            Filesize

            40KB

            MD5

            1bf733e7d3f77cc913923cd15dafcfaf

            SHA1

            a797030f1c77f9681de915c6918406f050b9de10

            SHA256

            0e71c67a27e525a2ee27e3fd6f05788c9207694d8cbf3025e8f3fc9fbae301c4

            SHA512

            17d1a2f5612a9dad0011f2935d63d8e7d946ad88349fa39ba1c72370b8fa56257b4c337922cf471cb3aed7d2adb3973ff55aa5e938e9f166eddec95393019074

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.ac

            Filesize

            40B

            MD5

            002a38d2bbf96a643aaecc21a2a4e347

            SHA1

            7edcf11771f999ec4d3d4707f8b4654c1b29418f

            SHA256

            bd8c80511e6c9bcea670c66042e0b4f0878b833e04328e9545387199d51bc885

            SHA512

            e0c11a118b734d302af74f1073cac1fdd4438deec7f83d8015ecc0a9ae14bd2d18a303bbbd0a7c43916eae383f6d216d02e137833c2000b921a2f445821496dd

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.ac

            Filesize

            40B

            MD5

            fb646c85c9abb88a289cfa977a9e9aa3

            SHA1

            f7600d7204adf7ce2a996034bebcda0550242b0c

            SHA256

            d673e78ef450a1cea44667118b9d7e9a93d82a232cca78c20caf7fca1c8d552c

            SHA512

            ca4e7059a8201b9dbceb50e3d346c2f46064a0cdb45bc2ae0ffdc35a816ad06c9a06caea7298801fa2391f80dac3636aa26ce967ef87d7f4a50b46cad2a9fbe5

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.di

            Filesize

            340B

            MD5

            8dd87529e7eb81879ee2a896bfd29600

            SHA1

            4e71012af9fd33391ec1962c6c7165847f075413

            SHA256

            ec95733e466fc56528c4d611fade67ec81bd89a15ed24c82ea8f2294564b83a8

            SHA512

            37a972df58f2edd8d600a5ffa413a4f5d56441e62ba92f69f94d443c02328e75dca06e1210dfb107347c83d3f0d1a4645b13dc5c5c7f8cf9b764afb8f232ea5f

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.di

            Filesize

            340B

            MD5

            8c2b4780ce928355457d1d5a67e1ae96

            SHA1

            21b13ecac11b1990139a1a2e3d47241efb303494

            SHA256

            2b14497707352a5e72f96752bc7f17dad13995d9e0b5568d967b5d8c6e5e7b44

            SHA512

            f4693a12474f11fbdef8aa1d3565038a1bdf3c18df99f5e59850078f0c1481cfb816db695666dbb078a499e114376e952f1f25a63b9848b41ba5540233dc84cc

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.ic

            Filesize

            40B

            MD5

            71a1ccd95c88ff3da04a927b7cf15ca4

            SHA1

            daa7780ca9237a05d4a5011c8cf659e672bf5458

            SHA256

            3114a87d80b7c6dc5edbdb91332c3d4e9d02352c8a0d726aed07b009b147d93b

            SHA512

            9e16f36f6d3972e4078e8eae05f79c0b4d5de370709a509589f8050d9b72ace01669d93a9f09e6c4fbc38c76c2de70f194d650dda77fab83ab782decd8607ad7

          • /data/data/com.qmdk.fqgj/files/.jglogs/.jg.ri

            Filesize

            314B

            MD5

            ad3921efd9896f24065fc7484f8b8384

            SHA1

            aae1b3fb8efaf388a2c763cd2ca195850c25848e

            SHA256

            837516a98c7cf44d10d4a5c76c30aac87f4a8b32822419e63bc8a0adbf305d8e

            SHA512

            0ca1156135f6ee6951001d3fec7f5534c1e3103e6722c90391699dbb17f8c64ab0f558a064646392e9a870c81d78722d9bdb8b2d08ef9153711d8d7647b2ba56

          • /data/data/com.qmdk.fqgj/files/.jiagu.lock

            Filesize

            27B

            MD5

            893d6e8aa45bd6b51caf9ff08362ba50

            SHA1

            abcf47953ab79de69ca2ccee46145ff73f94a6df

            SHA256

            7361c28fa45b7ff5f96ea109fc3b566228dead44e96ebc2f637382e45c454350

            SHA512

            495f59f611926c203493cb68b727774940c5672a8d3b47b9c983d45d65f40ca9ccebaa7319d89eb00c8066209d7187599a613f2c3323ff8365d49250e99d6bad

          • /data/data/com.qmdk.fqgj/lib-main/dso_deps

            Filesize

            132B

            MD5

            63507b65b722048bdd68dcf0af03fde8

            SHA1

            d072108896d4c3c8b35ee32646b52141c5bfa164

            SHA256

            60efce0a2b0acc96c04fdf2778b1ec553d9bb29286cf8e39036b0101fe89323c

            SHA512

            8c1c9f98c3f602685f65dcd57ff2fb300ffc329723716174e1bab778279de2ebba967206fb3d3c90c5b65f16023b4029a02b5017ee1e97d0a85610ef1b6668eb

          • /data/data/com.qmdk.fqgj/lib-main/dso_manifest

            Filesize

            5B

            MD5

            c06857e9ea338f3f3a24bb78f8fbdf6f

            SHA1

            c5a0a2529d2deb60fec041b4fbd722a2ebe31702

            SHA256

            957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

            SHA512

            29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

          • /data/data/com.qmdk.fqgj/lib-main/dso_state

            Filesize

            1B

            MD5

            93b885adfe0da089cdf634904fd59f71

            SHA1

            5ba93c9db0cff93f52b521d7420e43f6eda2784f

            SHA256

            6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

            SHA512

            b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

          • /data/data/com.qmdk.fqgj/lib-main/dso_state

            Filesize

            1B

            MD5

            55a54008ad1ba589aa210d2629c1df41

            SHA1

            bf8b4530d8d246dd74ac53a13471bba17941dff7

            SHA256

            4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

            SHA512

            7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

          • /storage/emulated/0/360/.deviceId

            Filesize

            48B

            MD5

            1d8d16c4e3b19ebf18988530d9b9a757

            SHA1

            bc94c1cce05cd848a53271ecb9c5311e27ffebf5

            SHA256

            abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

            SHA512

            4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

          • /storage/emulated/0/360/.iddata

            Filesize

            32B

            MD5

            73f9fceeb41eaaca4c93a2db7eade5d0

            SHA1

            555b794a6a082c11d76df76b09826325a6196cee

            SHA256

            b4af43264b96d5dc103a0c4712d31bb44bc226865e1cfd0bca7dab9943d19fe9

            SHA512

            56625ba4dca96bfd4082ab9b245d55566e9736ccbe6250fcc9d48f4de7525e1538628c9bf2fdfde3405139c92bbaaaf8d872ac4697b06da71f5fa79dbc2c295e

          • /storage/emulated/0/Android/data/com.qmdk.fqgj/files/tbslog/tbslog.txt

            Filesize

            1KB

            MD5

            992080ab6049850de20261fc95d43a40

            SHA1

            e348ab6536cad2fdf01e58b68b0531f12ad906dc

            SHA256

            342de70b9642715786f1b2735064771192c8663d8896f277f73459278801efa0

            SHA512

            9eb2f97b82a5ff9cafb35ad67e2d2ec5f8c0461a484c4e60bb6b9619f755cb98c86365f0638add48e8c888a3eb75354123828c21a6f779fc80adc60ada9dee75