Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12/06/2024, 19:54

General

  • Target

    a215015ef7eb08f840fa8261b5225824_JaffaCakes118.apk

  • Size

    13.1MB

  • MD5

    a215015ef7eb08f840fa8261b5225824

  • SHA1

    1236de4d71931aa955bfb6caa2fb682b123a89c1

  • SHA256

    1b86289fb7f34be24ac95e43197efbf2b9da841d036ec527340c4c916703c7dc

  • SHA512

    70923cedae8bf2fd41ea135aa3b9df3d21e7f23050eba0a05fc00b95a093ea28ff45ae55e75971a7043b503c40c9867cab4017465a5a08ac44a1f6e013eef1d4

  • SSDEEP

    393216:X7fGjgAli7JEeskYp4vGgbaiT+sdfZK7ezOgtW6e7WE:7GjgAlyEeq4vGg2iT7dfPW6ef

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.qmaple.snapread
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4200
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4244
      • getprop ro.yunos.version
        2⤵
          PID:4244

      Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.qmaple.snapread/databases/RKStorage-journal

              Filesize

              512B

              MD5

              cd202e926707faf139b538961cbd831f

              SHA1

              42b6061ee79ae8280f157feff8962c70c53f482a

              SHA256

              deea8c731f968cfa44f7023269e9508099985787908066efefdad7e69f78563d

              SHA512

              4d3101f939e5b59a24f1ae66c49ce2813e93afd9f6203410ceef5190c88583163126281672ba82f556ec4ed6c58626dac83dc3ff33b0d6b6faa7ad8930709fb9

            • /data/data/com.qmaple.snapread/databases/RKStorage-wal

              Filesize

              56KB

              MD5

              d634abe2be13d724ede736c2877a95a2

              SHA1

              35a3056377e0be7d9a0c68fc5c516fabba4f6d75

              SHA256

              6c798ea152ba05ea943d94c6f2eea8916f2e4f96258c84b73db2b9e4025a7259

              SHA512

              43e24a20b44bf823a7bc2ccff0fe29b8d6524cf4825a26a9a4da270401a12d072054b0f581fa665187edd2c37a1ab4c27f0cee9cca0e11aec51e4360d4a9b945

            • /data/data/com.qmaple.snapread/databases/bugly_db_legu

              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            • /data/data/com.qmaple.snapread/databases/bugly_db_legu-journal

              Filesize

              512B

              MD5

              41cc8f537bfa03107287d8f0f22a9102

              SHA1

              7ecec7061fa27eed0752a8ef557312dd9736e309

              SHA256

              f863bfc0956ee89b64213cff61b5f5815d52ea74217b1fc091e4531db3d264d3

              SHA512

              74a86ba15bf75728afb9460ca2929c3885e506e6dadfd2db96f9fcd4020d3f99b8cf70af545a1c90fc38dd75d3cf1c1d3109dc5d929519709a26eff5f287760f

            • /data/data/com.qmaple.snapread/databases/bugly_db_legu-shm

              Filesize

              32KB

              MD5

              bb7df04e1b0a2570657527a7e108ae23

              SHA1

              5188431849b4613152fd7bdba6a3ff0a4fd6424b

              SHA256

              c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

              SHA512

              768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

            • /data/data/com.qmaple.snapread/databases/bugly_db_legu-wal

              Filesize

              92KB

              MD5

              56f3d43403f5b6abb644f731e248f45a

              SHA1

              a1e26daadc22bceb63891b448a211815dba442bf

              SHA256

              e74b645b07f4b9a8021cf46f058bc21519d57ff9454dc03e29cbefce3bc477d9

              SHA512

              5566c88d829f2d6eb586c66c9d0df94d70f1ba6ae192a415cef8a08a984c8ca72a1b57ac93c31e726889ab3c5813baf9becb86f20ffb17e4cfcf354f8d4746f1

            • /data/data/com.qmaple.snapread/databases/mistat.db-journal

              Filesize

              512B

              MD5

              02201001fe3f51966100dfe599cdae80

              SHA1

              c19d131545853a67541e7be9d053ea8ba317857b

              SHA256

              8211de1cfa18d2d71f0f74c73f49ca348c82848ce36ff7d8f31184263309aec9

              SHA512

              4cbedcdb12907c6e4770dc697e3978746a5d07a4a1df5637ce90540abbda60e975c0c0e27a90a2694fb6d935100810244e426e961bc66c5de0953e6bf383a10f

            • /data/data/com.qmaple.snapread/databases/mistat.db-wal

              Filesize

              116KB

              MD5

              5b2208fb1ce5a030cef6440bd7dde9e0

              SHA1

              3e184851ef3438775d7a2cb5c121516703928ad5

              SHA256

              b30fca5f562d2434bab2745f1ea6877d31bd33025e5771c7f3cb04b3df01b737

              SHA512

              7c3a2ddb094e8b0adb19d30a1cac0bde278e74c58c74ceb51b8c0fd644e37177b0354a12a5ab6a8f79263cc8d4b1866187a79ec26794388e2bf0ada5536d221e

            • /data/data/com.qmaple.snapread/lib-main/dso_deps

              Filesize

              292B

              MD5

              af9ab78c65697460bdc2a24a17cc4911

              SHA1

              9c0919f01594857009a259b652ee2ab2133f918a

              SHA256

              752f352f0b987eac0d705b217ab298168be1b6014600e76ea5edc21daede70ae

              SHA512

              05a55bab930d81915289cecb699d9aea01c2312b1684a560dec3dd021af079fcd633e86350e13e70e31448cfc5fd9e87fe2a3db8d8ebaf919bd6c00088445efb

            • /data/data/com.qmaple.snapread/lib-main/dso_manifest

              Filesize

              107B

              MD5

              0faaa23b4b977673f5a91382d1943da4

              SHA1

              03973df0ac6806cce25f8e5533dde0bd9d5ec0a3

              SHA256

              b489997abc76591455e6982648a366cb20a2f1961440d5dc9db09424bc42380d

              SHA512

              be301ec4c06f9708c2705745ced17864e6d5e539bc6d7156187019e674bb60c077293f65728ad775b5305cf0daf8a9c0be790a763505a9406956798c0bbf0fde

            • /data/data/com.qmaple.snapread/lib-main/dso_state

              Filesize

              1B

              MD5

              93b885adfe0da089cdf634904fd59f71

              SHA1

              5ba93c9db0cff93f52b521d7420e43f6eda2784f

              SHA256

              6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

              SHA512

              b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

            • /data/data/com.qmaple.snapread/lib-main/dso_state

              Filesize

              1B

              MD5

              55a54008ad1ba589aa210d2629c1df41

              SHA1

              bf8b4530d8d246dd74ac53a13471bba17941dff7

              SHA256

              4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

              SHA512

              7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

            • /data/data/com.qmaple.snapread/lib-main/libshella-2.9.1.2.so

              Filesize

              100KB

              MD5

              087700c3f0c53c2283fc04aa93a19e38

              SHA1

              9eb91a9d681f0b8acc355b9a2a65ceecd0cacda9

              SHA256

              0d286a328d7bfeb8263852ed591958b3824393c07b445e2a9016e557969511fe

              SHA512

              b5b4a7aaa50232a5addfa8f9ccd00b297eda106b50f251f38b0b504e8e4552104f1ae79b3333a072db2efd41b21d1dbc85b0cadc29dc7a4dc1668d4472efd599

            • /data/data/com.qmaple.snapread/mix.dex

              Filesize

              292B

              MD5

              63f77f99bd2c2b772a479923bde11974

              SHA1

              c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

              SHA256

              4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

              SHA512

              3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c