Analysis
-
max time kernel
7s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
10-06-2024 14:09
Static task
static1
Behavioral task
behavioral1
Sample
9aedaa2e6f115e628a1b79f694b58b7b_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
qihoo_plugin_novel.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral3
Sample
qihoo_plugin_novel.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral4
Sample
qihoo_plugin_novel.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral5
Sample
qihoo_plugin_safebarcode.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral6
Sample
qihoo_plugin_safebarcode.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral7
Sample
qihoo_plugin_safebarcode.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
9aedaa2e6f115e628a1b79f694b58b7b_JaffaCakes118.apk
-
Size
7.2MB
-
MD5
9aedaa2e6f115e628a1b79f694b58b7b
-
SHA1
b86a431177e24f6b7661b388e5ba2bf951929b10
-
SHA256
938970b64e5d6bc572348a5ae870452f72142246db40596de311f666c7b8bcfe
-
SHA512
39d57a8d3aa3a128759ea955417692bdca0a5460dab6f37329cf47cc48b49efae49609323216a2b6db60ab1463f149c1777999e3265df07e050388e970f0f727
-
SSDEEP
196608:PNCgGS7lQDm16ClKScEwlLBiHgkafwsBrwgnln8gNDZz:IGlQa1olLIHgkaf3Br/nhZz
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qihoo.haosou -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qihoo.haosou -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.qihoo.haosou
Processes
-
com.qihoo.haosou1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4248 -
chmod 755 /data/user/0/com.qihoo.haosou/app_MyLibs/watcher2⤵PID:4282
-
-
/system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.qihoo.haosou/app_MyLibs/watcher /data/user/0/com.qihoo.haosou/app_MyLibs/watcher /data/user/0/com.qihoo.haosou http://info.so.com/?product=Msearchuninstall&src=soapp&userid=1e18fbffea292e6cee5e2ff2ebd0e2d0&version_name=2.0.2.2010&code_version=300&configuration=-1&channel=baixin_3&phone_type=Pixel2&network_type=LTE&ram=2.0&screen=320*592&ut=1718028603 http://s.360.cn/mso_app/uni.htm?userid=1e18fbffea292e6cee5e2ff2ebd0e2d0&version_name=2.0.2.2010&code_version=300&configuration=-1&channel=baixin_3&phone_type=Pixel2&network_type=LTE&ram=2.0&screen=320*592&ut=1718028603 0 /storage/emulated/0/360search/watcher/work com.google.android.setupwizard com.google.android.setupwizard.util.WebDialogActivity2⤵PID:4306
-
sh -c ps3⤵PID:4323
-
-
ps3⤵PID:4323
-
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5cae1c35b1470a81350c709d8c616ea9f
SHA1b18e5167a762d24622e0d0af86f0faaf4d2a433c
SHA256144df6b0c51dbabba0a4428e396f8c8e0348d1831f99f5d65f97bbb4b5a10aee
SHA512a4945e01959e1628da5094978ccf18803e0f7bc7d10637fc14fdea11e42001313ff5e541ba495aab72aca0a21db5ce57b9faa703c2f60ee6fc04e8a6af692468
-
Filesize
4B
MD5b035d6563a2adac9f822940c145263ce
SHA1d476dba25e14e22aa801a0aa1be0c81806d5602b
SHA2560d4a81d212f55a147b93d76d087644f05c9ccd15d7e39bcad9197cae707be224
SHA51222b55ad1ca2c035349a1b2daed7efe058dad05ad77cfcd537323213c567395070f2f35ecbc214215c7848a64bf410d9d2ef809af1e4bd543c1f4e83ee99ab756