Analysis
-
max time kernel
149s -
max time network
179s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
-
submitted
13-06-2024 07:44
General
-
Target
a47b5895669345bde99cf7870c890fbd_JaffaCakes118.apk
-
Size
31.4MB
-
MD5
a47b5895669345bde99cf7870c890fbd
-
SHA1
3a12607d32df048fc69cc3be2ec5f81bae5f6f54
-
SHA256
f7271d10cdebd6d732aa9a457d9c40776fa2a00e202e2754fb1c7b8104808a1d
-
SHA512
c58ad5fbd81dc93a446267ac86f061f793b788b526e4cc3891fb1022c2411717a31cec86b815a01a612be2c0dd7510d2a11d92113b5cb33b5370eea4becc024c
-
SSDEEP
786432:wNILP+UhARe7zcRyFAghX2F5BmS6FF4Rvd1JEDtzsEI:PP+USE7zcRNK2/BmPFaVipzRI
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Loads dropped Dex/Jar 1 TTPs 12 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about active data network 1 TTPs 3 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
-
Checks memory information 2 TTPs 3 IoCs
Processes
-
com.qianbao.qianbaobusiness1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
sh -c getprop ro.yunos.version2⤵
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.yunos.version2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
getprop ro.product.cpu.abi2⤵
-
com.qianbao.qianbaobusiness:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
sh -c getprop ro.yunos.version2⤵
-
getprop ro.yunos.version2⤵
-
com.qianbao.qianbaobusiness:watch1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.qianbao.qianbaobusiness:watch1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
sh -c getprop ro.yunos.version2⤵
-
getprop ro.yunos.version2⤵
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.qianbao.qianbaobusiness/app_crashrecord/1004Filesize
236B
MD513f31b59741bdd5b1e8eaa6902a95e30
SHA1bd6abaa9d21e3870c9e80606788bf449f223b7d6
SHA256b507dc85345d3170f5577fdac51b627ce595431dc3efe8d4d287b7dbfdcffcd2
SHA5123ed0e56f9e4b6c37cbf2caa9b6e5711fbe1fc1f86e50c5b9a4484f983b91bb392283e61e229064f025a5e797ded3b54f82a26a4b90ac1f19aec5833efd83e65c
-
/data/data/com.qianbao.qianbaobusiness/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_Filesize
4KB
MD5aa99281ce0cd69a9302f8b64b918ad75
SHA1ccafc0e5fb16198e466b209a888301f4100fafe8
SHA256a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431
SHA512a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_-journalFilesize
512B
MD52d5290e6d06f11d3425cc308c36c9c96
SHA18e1fa706e3bf1926eeb6d324fe12d5a754989782
SHA256e47e8031793a1587c0b49e27ac019c2e0a89ff1f63073b9bb2d036d4c1f97b4d
SHA51276a16a316385bb9fd53b82fa0d4b709bc09c9c18d5aa78bde8799aff0e282b58fcfa03f1a551c493387e4cd5514a18fbbcc8d0be66a364dab10a8cc5f9d6b2ab
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_-walFilesize
92KB
MD515605fc031d3d9ee57edb29dc39883d3
SHA1be0e997671ff96701e917f940f9895d8dc479239
SHA256aad40f7d9edbb80478a955b8b8ead49e4f258275641d19f5fbec950d513056b0
SHA512750985c9547e996523b76f2b4a0743c57695c09e1b269d07333f1ca505cb3f9ef282a7050f2c5bf2e89619acc460bde5f9cae831bc5169a45e0b32d11261e7ff
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_-walFilesize
76KB
MD59f1e216b1cb31c3b0b915748730e518e
SHA15422d91214221d0ed6acb810c8cb0e7670c36cc9
SHA2562b14079b09363e591263baec1c888a306a9ca87e63ea486c77edc5cf0ce0d0f4
SHA512a044e33db0f4d51726c5ff64c7b309e45d258877c85b4eab30c048ee862dc786ec2e9bba01345d9d732024fa1b447ced26666fc8d1c7347e3d10cb08a52b8a52
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_-walFilesize
16KB
MD586eeeaa8e45355b39a0d21ff7e05385f
SHA1c1cab02b4b643696e0770076a7771e5e5837a4e4
SHA256d6ea0b1d627bc666b7a0b5b110ecc1d487eba4af66b11e7514735c911df276f1
SHA51281c83cc5684243cb373d19e0b20897a0bb1f647d7fd5c7e7e6b0c196447b9bec0da349d74b1212faa5c71ff748671f17baf682beb869ba88285c12e238d348f5
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_leguFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_legu-journalFilesize
289KB
MD56c15adfc62f66a26bb59b810ec8af2cc
SHA1b3737b5417ae47a68c086af3948de2de6e72f47c
SHA256ef290fb966eef26dadfeb9b6123478562512294221b85ba6cc8cec8a4bc65b90
SHA5122a6fa19b0060ab8d944195e38dd3937c270d3204d81bf9ba15a006fe41c0e12bfa135acba1af5e99a6cdbdb411d1e99931ad8302fcf84881bf3b1e6e44798ce7
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_legu-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.qianbao.qianbaobusiness/databases/bugly_db_legu-walFilesize
92KB
MD523cc5154a4934cbf753f12d978b39798
SHA16790a74decaea786d8a28d9c44efd5cb5e0360de
SHA256f5ed07108950987103aa1aeda122ea1e4b568ea646655eb91ecb4611091797ce
SHA5121b917ec9464f3b1e38f9160b5086f696a17b75e13cab075a7ff22eae9ad93df977c783a8176bd88ba68733f80dcd1094a50b10041969f79821377cc8e024fcd3
-
/data/data/com.qianbao.qianbaobusiness/databases/tencent_analysis.db_com.qianbao.qianbaobusiness-journalFilesize
512B
MD59b7448efe03dc39740170fa4c33dca1d
SHA102e33ff26509bba77c914cf1850dfcfe13306993
SHA256e28c776da4216adf12f5c8e2044aa5c3e0f244d4930f47316f8b819a5921726c
SHA51275bd4a0483cf01c50f2f111a0a426a5cf10ed6b4f4c1f5dd0f704414cc424f853ee6430066d8de1f6ff82c4e1cbc53e252c83a95c83071dc688e336577827f81
-
/data/data/com.qianbao.qianbaobusiness/databases/tencent_analysis.db_com.qianbao.qianbaobusiness-walFilesize
16KB
MD580716f315527a7efe0219b2d08ce2394
SHA17f84649860a22c95251511a192770b530641fd8d
SHA256364114c115c7e089541ae01c619b8377786682c64aa66fb3451abd502d74465c
SHA51294df1c7b1396115ea41d6c93ee6c7e705dd80bf57c5f9ccfd8335d13a63ec7d30207d03f577e8d27ee9eddab9c8e32016243a095ef0b03d06d224cf895e09d89
-
/data/data/com.qianbao.qianbaobusiness/mix.dexFilesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
245B
MD5724144a71031e7cc8b4df4f2d7854316
SHA1f7cb81c562e4dad3e8d346330652497ba2bd414e
SHA2568ee8e88c186191cf8441cecfea9c87b99d2a998c6bee98cff420269cec6ade3b
SHA5128a2da37adafe96710deb649c02fb58eca270837b822aa5d00291506fff1e010c719f8b657dfafbb1ed6e9b650763386f2d8863612f10bea78104da9e5e747c5c
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD55d54e11ee39c97466d4caf0f0ff6e876
SHA16564f55db2607e28dc78c3989a1e30acad5eae31
SHA2560b53d91eca713c2f70f820fd5e381b3aa1ec5da6f56fcc692828329b2c848e9a
SHA512ceb1343cafb847980f27164967f56f6961e4689e5dc6d1da24f8306bdcf4e7149ed537c4b1ecb923ad884931987b21a36ca0cf849f84912c88e75de52207f828
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
242B
MD56e0d38737f080e0ceb2694fb44eb2ac4
SHA1b66fb2b32ea19ec13d6902eaa52da23b93292d12
SHA2560b46e64e2ec3080f255ac8c277f0969f8a5e8335869d11f99b263fd01eb5e569
SHA51264f912b7baca4c7483cd5135e796149a1b2b248028bac8942e3b702a108ddad0d12e1eec5fff0ac864f10915251dea89ba86e4786ef85796df96630fe7f4491d
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD592f0bd59bd85e4e6cd876e045c82066f
SHA1ee832d63f9386c9903c1f97054bf3768c5cae213
SHA2567545e0bf4f55ca7bc283229c4866a55c9c403dad15930038b67850000a70c223
SHA512988751d9bf664da8843c901cd4f480ccefbafd56267c455bcf90f3877a86d6793fa6704a5fbba4c6c16e6657650badfc3545b4f0a3cd98d70511125bf6c4d4fb
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5091d1319dc73bc8de28152bc61a64c24
SHA1bf92c90665d31f214eaa8a085c1aae1e1fdd6a38
SHA25692a0c947dfad5cf00fa4dff59363bd39d1a300ecb808f38146d2bcc909b1bb08
SHA51204256a3e2c3bb0797a55403336c0942bd7084ba0a5ea2ed91fbf62e0bf796c796ca8b9360009b839a9bd52bbfd1f83454dfe40b8df965ca27ee24a5e64c228b2
-
/storage/emulated/0/Android/data/com.qianbao.qianbaobusiness/cache/storage/emulated/0/Android/data/com.qianbao.qianbaobusiness/cache/okhttp-cache/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/storage/emulated/0/Android/data/com.qianbao.qianbaobusiness/files/tbslog/tbslog.txtFilesize
16KB
MD5009f6857f62944695dcd1a302255d8c2
SHA1ef3f0a94229a0b1e39d4d42baae744d080552071
SHA25637271c86f1d8212fa01d88c1de47f23b7863b1cb780bfbe03bb7e355a69510f3
SHA512de1e6224b245bc45994d547261861b30899afd88ca7dd6873596c527eab88980dfdcfae55f7b238bfcf916b6c17049a6912a316071fbb1462acaf8e074612fcf
-
/storage/emulated/0/Android/data/com.qianbao.qianbaobusiness/files/tbslog/tbslog.txtFilesize
5KB
MD5fc735fe8ee41fe1296b6226bbcf53fa7
SHA12379dd0ce7e66f782d4fe298e5bdf2801b81e0b1
SHA2569aea6a03abf46fb91732293897abb611d76e7bd9903712091cb118f8cf2a35f6
SHA512e419e63546f7c97edd9c967875735871d1646269045a1803f5cbfc641a59cbd8490034a2982eeb8a8e2c0967c2d3a0d8eab824315f73c95e45f8ec59c156af8f