Overview
overview
8Static
static
698e98e73d0...18.apk
android-9-x86
898e98e73d0...18.apk
android-13-x64
dmss_v2.apk
android-9-x86
dmss_v2.apk
android-10-x64
dmss_v2.apk
android-11-x64
dump.apk
android-9-x86
1dump.apk
android-10-x64
1dump.apk
android-11-x64
1dynamic.apk
android-9-x86
dynamic.apk
android-10-x64
dynamic.apk
android-11-x64
Analysis
-
max time kernel
179s -
max time network
174s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 18:27
Static task
static1
Behavioral task
behavioral1
Sample
98e98e73d0167e17b329b9e0c67e591b_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98e98e73d0167e17b329b9e0c67e591b_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
Behavioral task
behavioral3
Sample
dmss_v2.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral4
Sample
dmss_v2.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral5
Sample
dmss_v2.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral6
Sample
dump.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral7
Sample
dump.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral8
Sample
dump.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral9
Sample
dynamic.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral10
Sample
dynamic.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral11
Sample
dynamic.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
98e98e73d0167e17b329b9e0c67e591b_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
98e98e73d0167e17b329b9e0c67e591b
-
SHA1
00a73d6968ed34698bb85f79b2c0d4e82afea31d
-
SHA256
728659bf4690a326d6bdd99c42ff72b5a740b30ca917cc5e03cfdb314344dc29
-
SHA512
626819106f111dfd736a631c67f4293b02b1483c491a3243f4f96eca83e557d38eac7c5ea7585a9baa311957639655038328235787cf8e83b6bb4051332f4e18
-
SSDEEP
196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZSO:0Z4kLJlErI6eT3x
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /sbin/su com.qihoo.daemon -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
ioc Process /system/lib/libc_malloc_debug_qemu.so com.qihoo.daemon /sys/qemu_trace com.qihoo.daemon /system/bin/qemu-props com.qihoo.daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qihoo.daemon Framework service call android.app.IActivityManager.getRunningAppProcesses com.qihoo.appstore -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.qihoo.daemon -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo.appstore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo.daemon -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo.appstore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo.daemon -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qihoo.appstore Framework service call android.app.IActivityManager.registerReceiver com.qihoo.daemon Framework service call android.app.IActivityManager.registerReceiver com.qihoo.appstore:critical -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.qihoo.daemon -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.qihoo.appstore Framework API call javax.crypto.Cipher.doFinal com.qihoo.daemon -
Checks CPU information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qihoo.daemon File opened for read /proc/cpuinfo com.qihoo.appstore
Processes
-
com.qihoo.appstore1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4280
-
com.qihoo.daemon1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4312 -
/system/bin/sh2⤵PID:4427
-
-
cat /proc/version2⤵PID:4521
-
-
ps2⤵PID:4569
-
-
com.qihoo.appstore:critical1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4448
-
app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon1⤵PID:4496
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD53315eed535c6206ae8d1e3764c903f3b
SHA1af7c910b475b70f5a249825caee5f0f6df6b97c7
SHA256c6fee17f2c32f1a653a0e4c51954a50fa7ab264b6adbd824e7a60e58ca99cecf
SHA5122f3ac7ec4d1852c95645014ef976da9408368e50fef1e78c08fe3e87218f2f96d7441ba0534722b43b14db5a4a430e846f7e393cc849110cbe2340a575364d49
-
Filesize
20KB
MD5912393d31e79ab32d745e4fbcf7f3be5
SHA14cd32137062661de25defe1291e4d56bbbdebc7b
SHA256043b76ea4b6cbcbc4b5ec38c5e9cfa5ddb97253f5b338f7c2471684a5ecf2bda
SHA5123e271643efbfdec9132bb9d968b1c03ec783f1cf2da387ef92848492b8004acfefa47f84d6b2d032587f1bdc7ebdfb0929e5cc72f7b64a73bb60210444bc0a2b
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5b30e6788f48d74f233e726016028b5b0
SHA129ba3d2aab39aaebd982081b0e610db3401537b3
SHA256a5180f78f78da56bd6db880809fa8f1c29d0b9c9522872c297bb649e764e37f6
SHA5121bd7e3e4fae957caa149266f27588b80b33a3dc8267d42f48944f364b45487133784d49ba31a831089792ec27e1d5c60a4e424d70934250dfd1cd4461261f6a5
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD574e561d4803bcf1e0868fd106762ba49
SHA1d37335bde51b13a0491b7e0819dcbfd773440e16
SHA256f785b09d7ee35ec981bad24444f4739b62e079a14c053859b5e57d64bdc49c68
SHA512e0a5706536b348834c368a84c8346554de6707c6c69b51d4161a5c02a61a81b83627c5ad6fcee6ff7480d634c1bf0f0ab40d6d60b480b7b17569e6311936a9e5
-
Filesize
4KB
MD5a1c2073ba02e3ba919b4af600e12e77f
SHA1ee7a2a4180b52da495675dd52ae54857eab4148a
SHA25665ec7eb11cd12d1c185eeaa0ff31e661f43d8d1ef4af097e29845f95cb36a5ee
SHA51293946ca9696ca8ea32946b697aaa3be4f3f8e72cde310e12618c8ee771f1a0621fba5cc33061881c77012a3cf7641dd822eeff34d6626e6e478f758df46a409c
-
Filesize
540B
MD5065ea5a8b24d75f7ec56b21dd33856fe
SHA13bae7d4a184b155244e73960a90a5d1a7f0191e1
SHA256f7ac559a17b6f7cade3cfcda3ddae958b28b198070d72ffca53a240ed50f8d84
SHA5127b115e700a3db6fddfece7a84e84dedb460bba0348041c8d64677bef2df3414f1d259c28dafa70c50848d050d58c513984ffab0ffbb653e642c6866de50fc856
-
Filesize
32KB
MD56fed1a42c56cea71e82c77d70fee70e7
SHA1acd3d4e7f7f002184251e346de4db378a7ce28b3
SHA256012ec48664f6c66ab86126f563afe544bf371128d700db93d4ea30d63fbbeb20
SHA512444335a9c57ec2d53ee61e8b1d7f4347c48b3285e7c07c7c727d0f570892e9f0600b9d506dd2d5a53ed52b49c37e5d58c9c8ed6bbb3a587c94de54cfa3dc08c6
-
Filesize
32KB
MD5a5b8c4a09dd145af17d1f99b8d722df7
SHA102aa1db82c9b45da6a0b194db30dba0f53bf6721
SHA256927e4e17f259c7f36c54da8f234406fd1c63950cd6fd2905947895c04d39d3e0
SHA51247c70891304f66e5fa11fc6a7629b21b332346da654e9d1e4fed2056d72f0c188ae5e027741cefc433f1823e309b88aee29a5a4b0dec987b4bd3ca98784035b2
-
Filesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
Filesize
512B
MD5e51945448b9a748c3ad009165598159a
SHA1b76bee4e23248500e4c55587a542478ed27734aa
SHA2562f237a7186835d63d7a17dc4a0009caa4ac243efa240fa472cb23684dc5f5582
SHA5121b6665a9562aacd6693ac24abd6b21ec2eaca4019db29ef4f4da5debe82b2e7493568f6ca574a1d967080ee8ff7b72669203d8dca14fa0f49ff95636c1a3a8a7
-
Filesize
16KB
MD57989da6a49e8d1c16a00fbe2217e8e93
SHA1f4fc37002b5091f0a6d49145adac2b25c57203d0
SHA256c43edacb2a969b0592e3e4754b000ab5fbd91f1d17f073de520be45b1443affe
SHA5126b6f6b74c78e661a64b7ced46b2538113054c98355cac6e1fac5b81907517772c52169933f5a6f562a46bdf2023d61cd5b16f40c2fae6c60c517a543094054fe
-
Filesize
1B
MD5c81e728d9d4c2f636f067f89cc14862c
SHA1da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA51240b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114
-
Filesize
624B
MD5e5ce42098b2ee188c1c051f714b37084
SHA17438859f7e52b618b3a0ad216973bb8fb28e372b
SHA256a92e2733a392d0a86080ebf03dafef216713f8a60c12771e1f3c558cede55e3f
SHA512efa88c47ff142b357184710f4c855c85c05eeb4b7bb826c6d15b0b5f2cf41d6e971cedb0ac2231eaf1f36a859dbaf1aef702ce34e7ef4bc3fa18155e3aa83b8f
-
Filesize
520B
MD579afb037a1b1b4b7c7d0d02aea4db750
SHA16430712afb557d69e7d180e832cf67793616c962
SHA2561c021d09dfb3a36f6351c9ade7255663523dff49350807e02b88213bb0f09aab
SHA51257b976acb65508d25d7c0b6b8358765c27278cb4e6fbeb80f495514561261a372ecfad2ab6bccade783dc2b8f73685dd2e0e11cf8221ddf47cb8ba973b7e9a9c
-
Filesize
632B
MD503c7267633c223faf6cd08f82df2a4b2
SHA197c8197cace98e48dbe7f0f2b0a8da48d054b9f0
SHA256db4bae5c16a1c89fd8e96e01bc2ace86c086a992cffa8b23e28a4a5481f78eec
SHA512909e3787b4a2ce61b009641ed3f98c1b34337d92197bca7eae7b766136aa294f0bd29e9661c3dc42c33956929016c8b903085d7b65e9dc1eef875ab28d7ce22a
-
Filesize
77KB
MD5ab95a9cd8697f0480474f080311db2bf
SHA1a9b99f7fb32e0af52f4043b1013a04867ad77f08
SHA2560c1751e788d8cdd0c5a82a0149f843499fcf8b9fdcb37b98d07c2c6488ce085f
SHA51244331e6b8ddcc438658c8e7892ef0b712e5f6c4aeb4713aae72dc63cbf4d14630c35da6852c149d8214bb18dcc368562c0769bdf5ffd04d5e2002e9e9dd5be32
-
Filesize
77KB
MD5c14c8a2f5d3a7c47eb2ca8c1b6e69adb
SHA14e57b3c0f34427aba8a5be40c2e9b627172a89c8
SHA2567d7ada76ea057847b5c47ed0f16a6d0e52cdbebbbdb08c1a9519acf70a1a4107
SHA5122be420b849c0fa84d3c594ab6bc85255eb54915e05aac5fd3d711e8dc93f484c5a2add2c662a858d4c2ce316a716c9e930122e9cb1047be7482c495242d766e4