06184c619481815b73f5571a27b395ce3c382dd88a6cbd4301b6bfa12c6cf116

Analysis

max time kernel
179s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
11-06-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d277313c29448d3d402af5b3eb9b619_JaffaCakes118.apk
Size

6.7MB
MD5

9d277313c29448d3d402af5b3eb9b619
SHA1

727a80c9784cbf7f6121abc27276ebf6afeef019
SHA256

06184c619481815b73f5571a27b395ce3c382dd88a6cbd4301b6bfa12c6cf116
SHA512

dda043d9e5ef2b100710cdb1020690bc18e8ae8d60ac56b5be6f3cc69624eb0a324a88b4078ba2e119a990cdc9312dca9bf584e8f4aa20a21a0f76125e04e9b8
SSDEEP

196608:W9BZESfl0u+kLJlE5HSSQu0bC5GMCTz7TZS2:0Z4kLJlErI6eT3R

Score

8^/10

banker discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.qihoo.daemon

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.qihoo.daemon
/sys/qemu_trace	com.qihoo.daemon
/system/bin/qemu-props	com.qihoo.daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.appstore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.daemon

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qihoo.daemon

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.appstore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.daemon

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.appstore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.daemon

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.daemon
Framework service call	android.app.IActivityManager.registerReceiver	com.qihoo.appstore:critical

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.qihoo.daemon

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.daemon

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.qihoo.appstore
File opened for read	/proc/cpuinfo	com.qihoo.daemon

com.qihoo.appstore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4274
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4701
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4810
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4844
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4893
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
  2⤵
  PID:4922

com.qihoo.daemon
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4305
- /system/bin/sh
  2⤵
  PID:4433
- cat /proc/version
  2⤵
  PID:4523
- ps
  2⤵
  PID:4562

com.qihoo.appstore:critical
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4451

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon
1⤵
PID:4507

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qihoo.appstore/databases/_ire-journal

Filesize
512B

MD5
a4d227948a4f8b18ee58a81549532a10

SHA1
90e67dd7f62a5711f813bc5c7b5ff480358e3b23

SHA256
0c47dd8b3747ba26a6f24336a537bea2927f095484a644886b38ff0fd2c57025

SHA512
47eec6ab28240c22ec9dc02624d7f138ac31d46eaf40d56609f4cca88e39049e6437ecedc37f852d23649022902aadaf63c87fbfb3aca5a5923054eec3cf36fc

Download Submit
/data/data/com.qihoo.appstore/databases/_ire-wal

Filesize
20KB

MD5
28d6e15a1c1b021dac388f037b441607

SHA1
0d4ab1ba98c98df07364f2c4506ef9a131ab4912

SHA256
966daea963ec40c64e3596631b40859fbdafaa8175d488af6f50fd2bbf67bc3b

SHA512
927c688f2693c42c10e537907d4b9aa9b97d08c599a812fd23b44f5a21d32e426e6e562a0bb6a175482b114d03db3f0578a2908fc2e75c843c6054042613fe84

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-journal

Filesize
512B

MD5
3d62fcbb2ff0f0df2498aa0cc5e440fa

SHA1
3178de825c9d47a3d0269612f9bc35e417e84324

SHA256
1b740201cafe2cab7eb9341b83ce8245f9b3902bcdb19458a2a3c5c8dbe036ec

SHA512
f2971b0ab34263dfe24fe7792370a3ab1053dafe7c838d71497d6f37b357b5996238b202eaa21a8a884326ffb48fdf20879d47d6d2cd08a79602191f70f424b3

Download Submit
/data/data/com.qihoo.appstore/databases/download5.db-wal

Filesize
32KB

MD5
dc51d72fbadb14b5da02bd972a866958

SHA1
c0b9260d429c679c41cd0fd454b7789f3069cf24

SHA256
b2d4d2c83a721ff84f72dd4b4bb2293550628dbff33e0e85ee31d20fd3d76ca5

SHA512
2b5c8546994fb38c674bd2ac0c81fe0a2b93759394b06f0f0ab5f0f55cf8b620da6413f43701ee826cccd552196ee5787c416c7f58f44a0981cb7b42136caf4e

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db

Filesize
4KB

MD5
a2847c1757ded8f69f755e5e2149833f

SHA1
a4ae5a1e79a9a5b4460cc5e676885d0719fc0ad9

SHA256
254d3c06dfff005bb48359b5b1e5815ea0837dad3f41cfc9b8ce0947f0173bc8

SHA512
271a1947c99df11cd4ffb8940fd4e634663fb062f3cb02573aebf99b703fe1f59c6b0d06b1886ec3de4e6a6beb91f8093a55d2901b0a235e87360a2d5d276c35

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-journal

Filesize
624B

MD5
eab7e8b77669fb9b315e34ca21f08513

SHA1
8e26a34f66b22f68624832e7cf06c0ea4a683e0a

SHA256
eb3fb18409242ac313c19f4abb89880b7a1a921673b149c4579880a05e061cf8

SHA512
f1f1ce18d86ae7e00319adc9e8d15bf1732b831fcd0a67144ab01e3b44a6cc42354f71c7bff9e6b26cecb37bc14b28f70055d11991eb924a2bae375012be3e00

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qihoo.appstore/databases/filelist.db-wal

Filesize
32KB

MD5
348c9be7a2629a19d4a47d924afe7214

SHA1
e567875402e97548d5379c1a775dad7808b72f7b

SHA256
4b1cff2ad1cb9db421a5976c4523d1eed6ab36901bbceb3fce79567ad2e3d601

SHA512
657952839aab0cff0b6a35686785f51dbb557561eed198a2b192ae252ff13dfa212038a9377621e2b04ec04d9612ca9747b2fb76cbea4487bf28095dc9214815

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

Filesize
512B

MD5
e6719bcd461a8a9e40400d61e1ff6e0b

SHA1
c82c3b7f54c227803d4f1b8398b11f3a80889277

SHA256
d342f3a595184a330456e970ac4280925541cbc3d767eeb5289d62d849ef87b1

SHA512
d67f8e53a6752f016101aaee4dd8828fa8ef775dfdfd283ba7dd77655e8fab6fcb845d3ab28dacce73914cf1a87c94e71e01e95047f66fa506f1901972434c90

Download Submit
/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

Filesize
16KB

MD5
43f9482385b2ab68f8a42bf097ee971a

SHA1
69408a8551d936f8ee96832d96c2435814296aa9

SHA256
b7fe4c9c05dd6814b0d52d3e782254c2ed54082253648263ac399b0a8507e050

SHA512
62a5cd999fa2b594add2aa0eccd1e734b8214fd8f314eb35838cd46d49ebffb1d8f61d0dbea9afccd57d8cc1ca3096d379c43ab4291d789bb528e2490bcdfb1a

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
540B

MD5
78c199ef6a9de3ad7ddea682bce8f426

SHA1
95351ed7eb12ca7e40f36eb37392c16d7c67c666

SHA256
377417cfc9c4075fe95c53c76a2dcdf68ae8a6bfc64364488fb6aa546d57d106

SHA512
d97161c067dffe6506f20a8a963f486cb15df214d6e90665dacc9698497d9282e346bea0102b88d70b4b0f436dd992bf6e9a96ddf5003bc056949d880275753c

Download Submit
/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

Filesize
520B

MD5
b024b5ef388858eee6a1b7c8ebcf3db8

SHA1
fc4397891f1f7a9ca000252c788305aef5d5b737

SHA256
6771e996f9c5bf2cb60c25f0a7df37b30fa6fa3a48e4b35d3bd8841126e59474

SHA512
6fdc0184d9b10abaa6a2d08d4f9a404ff46f5ab3cec7a0935afa06e0038a4d709349c347775ee45c59f440fc18e7ecbcbd3ea99188f69e121c862b62369df7f4

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4274/finalcore.jar

Filesize
77KB

MD5
ce740cee22645f48b6011ae7c529f43b

SHA1
42dbf3a1fe13106d69b513f27d5292ffe6c020d4

SHA256
a3807ec3259dc0e7d1a0e7a3c9cbe7d6c2cf385df20cfd53b5ce1005958e6b27

SHA512
a6305a8e5c8bd35116a9308be4aff13f600e0fcb1215737fcd0686e555c12d7b57dbe4b92796105de392b667812393b2cc89bff52e37812fc72b46fcb6426587

Download Submit
/data/data/com.qihoo.appstore/files/sllak/opt/4274/finalcore.jar.tmp

Filesize
77KB

MD5
1f9e9b105cd9f9a69ad16c8464bd8ef4

SHA1
1e6a97059dc2e54a5a98e6b79b2d366b9e4ad184

SHA256
c24d782dd3b0c46bda939de198dc21a1965b6cae9472161ddcaa4c61644b28f4

SHA512
3933abbdf5eb0f5d07494eb5c0cb17ee38adf12c5f87d278b18d67af381386fda9fa117ff91e64882feae6e210edb134dadf6a517bc11e667a32fb581c7bfe22

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads