Analysis
-
max time kernel
172s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 08:31
Static task
static1
Behavioral task
behavioral1
Sample
a4a44294f14722b5a1b855951393247f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a4a44294f14722b5a1b855951393247f_JaffaCakes118.apk
-
Size
14.0MB
-
MD5
a4a44294f14722b5a1b855951393247f
-
SHA1
e2b7320fc3f541b1ba274cf6b79d575bfc539c77
-
SHA256
c83204ef711047f13cdc971643afdd64de5d74dcb6f1eb19e2bf98655c467e15
-
SHA512
d242b8c716377120c3f32062b5f3c8c8305adcef93173c2d0869c911cf0c0ba64db2ed55c4242353e1d19a1513f78edf51538abd7628db16c22b0b8c66c226ed
-
SSDEEP
196608:j5E7ZE7i9d5N8isXNYczfv1qvrCbbK6MaYSRhtMrZ2ZXPpKXOPiUiAd2zhKH2iIY:9ENbX5CXrrUrXAYS7aEXoXbhKWi8X1By
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channeldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qijin189.huosuapp Framework service call android.app.IActivityManager.getRunningAppProcesses com.qijin189.huosuapp:pushcore Framework service call android.app.IActivityManager.getRunningAppProcesses com.qijin189.huosuapp:channel -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.qijin189.huosuapp:channelcom.qijin189.huosuappcom.qijin189.huosuapp:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qijin189.huosuapp:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qijin189.huosuapp Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qijin189.huosuapp:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channeldescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qijin189.huosuapp Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qijin189.huosuapp:pushcore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qijin189.huosuapp:channel -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.qijin189.huosuappdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qijin189.huosuapp -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channeldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.qijin189.huosuapp Framework service call android.app.IActivityManager.registerReceiver com.qijin189.huosuapp:pushcore Framework service call android.app.IActivityManager.registerReceiver com.qijin189.huosuapp:channel -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.qijin189.huosuapp:channeldescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.qijin189.huosuapp:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channeldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.qijin189.huosuapp Framework API call javax.crypto.Cipher.doFinal com.qijin189.huosuapp:pushcore Framework API call javax.crypto.Cipher.doFinal com.qijin189.huosuapp:channel -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.qijin189.huosuapp1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.qijin189.huosuapp:pushcore1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.qijin189.huosuapp:channel1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.qijin189.huosuapp/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-journalFilesize
512B
MD54e723cdcf77d06b7e98a2a52a5fd811a
SHA1bc26b61150b541a167ec26e5bf2d0b7a0eb24970
SHA2564184f1a6f6199e032d08fe7e126eaaa2da2d7460139828d16620f4d457709a62
SHA512d756f8269a8d2f42e8037a71846b59133255be1d74acc3977073f473cb4ec09bb33a69343e5efdedcbb49de4dd312d959c258608e2c24a377a0ee873e579881a
-
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-walFilesize
48KB
MD5ea65fda460318ad4ceaa52f0f4b831e7
SHA1fa5e5e75f6125322d28ccc79a981a29821febc63
SHA25637cdcf2bebb78eef0df1bf56c5b293b1d8d3291b1035e5973f65a78aa8b4a474
SHA5122624eaa57faeee8906f118834147fa83fc501b6bf14b757709a09e6761ad540aac63ea891771062b50234995755659e1881458c63e5b47064326e51bf13da612
-
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-journalFilesize
32KB
MD56311e8ec39c4a030093d53f98d0e8f56
SHA1ec2f95f04d20b94f9317be23f202db86326e7d40
SHA2564c8486ff9a40ffaba836db42613ad4a52edbe8c310d70ad946fc347c41ad3fec
SHA512f275329023426a1bb8c750849aadee5a18af19ae2deba16480352272e03350065d7e9d7e5b6a5364a983a6f899fc88a7f8b88c58eecd87b1e86cc2b065dfda8c
-
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-shmFilesize
28KB
MD5259bcfed324b4d3fea6e94e15406a399
SHA16f79fbd9e4ca5b5add43051ac6001166ca0b9675
SHA256f3770084e8014288bcf86ea2663e3dcba9d4731ccf12d3d7e6b7ce62ec3e03ef
SHA512ac797d67b0cbb04104f5605e430b86c8143ab527a39b40867441f84516a3d55052cc66ec38da0bdcb44015366e212bd2c4737370c9b7c91bada8162c1f263b3e
-
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-walFilesize
68KB
MD50ac1021aef9819696bfe91f6dce4c963
SHA1651ac0156993295a3e12ddffbaedc12bbfe4fffe
SHA2560fb95b764c0994444b022ca1d6a72ad6fd5393b23fcd9ed755173c2368e9a90e
SHA512afd233b665f2d147ced962ccdd56f7667ffc335b3afab875d22e26121ccbad8ad15900713fa594e66da875fa0498a381a2bd6daab0285c2c6abbca634906d328
-
/data/data/com.qijin189.huosuapp/databases/outdbName.dbFilesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
/data/data/com.qijin189.huosuapp/databases/outdbName.db-shmFilesize
64KB
MD5025d2a0bbddbfe91cf8e21de2030b2d8
SHA1e2c377a7e54dc57f0fe3a6025337a723b0a644c0
SHA256d300fd8873ad4b4698183f385af644fefadeba0114b750d61e57dea32e84570b
SHA51292218e97fac5849fc6ce25cf89833d4b111d21705660dda858af945b6489dc2bad467bb89ce9c74a86e86dd7437823f8d30a1a9ca57411fb913cd2d19b7198d7
-
/data/data/com.qijin189.huosuapp/databases/outdbName.db-walFilesize
64KB
MD569e45159ea754aff385071f6839436a0
SHA1af39e5cc55ed539df219493e40e7c11bd891d7de
SHA256394d116851f845b2a965a9808b63b173ed3efc96f2d760790ef7897bbd3fcf45
SHA512bfce46cd45a98e861f5654a3119fd45075af868fc0af49f33512992003f4135dae8e3befada15c2f5f5cff765ebbcc500005927a57e076b9c39c01ae2d8d17f6
-
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuappFilesize
4KB
MD5eb0f6c28bc3ad3471902e07c82d2c0db
SHA1b6ebc7bc314ac6aa920bf71c0ee717398e101837
SHA2569a806d0f45cddd023f8a05fc69b907a6a5aac0e35e627f12caa053ca6458d581
SHA5126f9720e4e88da91f03fdda7f1862df69177a32b5784e4673a6e64f1704b0683435daf36932e9cbfff4b4580596374787065a4a7b69567707e4939af8dbcfa09c
-
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp-shmFilesize
72KB
MD59987d060852eeb929edd635567dcf56f
SHA16053ade00090e8ea9200444177227d9294a8a326
SHA256af51fbf580dd6e29192e0fe6a0a5464c3d6e32ce7f0b481643bb494f771f09ce
SHA512c82814a72ff8b0a045a437f0f4ecdf674a83f9ce5961b0e26d10721a8cb6d7224dbaaad84012c80c899eb28ab7fcec1e793297666f14971cea159c08db4dd859
-
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp-walFilesize
72KB
MD537d45211c96c0b69b55d8db22b96b502
SHA1a14c2c4e554cdb7726f842d6a481ecc802c0723a
SHA256ed9814061f3fc7675f0d04e809f5e0c173ca9e4aab2e372e10490ef51913d3fa
SHA512a64f8221966b2ca0e628cef9762300677613082cf7a147856e84b254775d0b6ddfe971178ff64b330a0677cea470e7cb9f5477c3040fa12be1c78fc640c14dc4
-
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp:channel-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-journalFilesize
512B
MD581d9fb47dfa5f67e1e81e5e32f76d1a2
SHA18771aaaaa33f74efe8ae11e3a656f203d787d6f8
SHA25691cc067a6b42835d2877bded86eb4e7c38343ab96489eb603620571d33a27a60
SHA512f04df501ef2eda5022bdb9eac8503801f53786e34c09b448e69a226558e8947805e9353910dc35d968cd2c0c660246ba0422e10f97f92ce553010bf92c940d0e
-
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-shmFilesize
28KB
MD5c34b66d4384f39176b17f1b82b446790
SHA19eff61e9c94d23d0e2962b55c8b15adb8d315224
SHA256329e0d3cd6667f9adde4f721972b7c8b191fec411e1d8f48a96690e21416289b
SHA51238c099b2ba5fd3d75627f0eb5e73f9a3f6c633abd0792c2b4c8fe1a8f6060fee5532fc0096ad2a98afa633e727f0ba68bab44485d352db2b5b8093e32ca2b6ff
-
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-walFilesize
72KB
MD56e006447c677701c996a01f58df162ec
SHA12c65847027cd78dadca3332b5bdbaa6f6a963930
SHA2563c55d049e7f719dc7b48d005bd1df8a8f65e423c00cf35c9dc92910aa97f56e9
SHA512a6274fc66752aab0af15dadc9891ca7f9000722cfc566616dfd576708096852d0e054d7165041c13e3c0cd25704f85b2501195515678b6b245ed8edad39119ff
-
/storage/emulated/0/system_hs/189/outdbName.dbFilesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
/storage/emulated/0/system_hs/189/outdbName.dbFilesize
32KB
MD56ccb1b41fa090bcc9c348cb0f25e826c
SHA189c072b876b8eb03f6e4b18e7fce3c8835eacbb4
SHA2563b7526ac18f9a7133934bdfccac237eed07cf5ce48c50f557791af3920320131
SHA51267fb619abe241b723608e3a1c4b85863f5c224fafffec52a9aee61c5d449a2e760b2d0787baaf2adce72daaed5472ceebebece73970a16bb4875aed8ebf2d801
-
/storage/emulated/0/system_hs/189/outdbName.db-shmFilesize
48KB
MD58242d22fcced66f8250722d1b6467bc9
SHA1f6a40e49a208f4c064fa18ed542c1ac2e34e1b39
SHA256fe7460360397c98c47e965522c5e3abc99e2f0cbaaca09c13fc4a841e5679ce7
SHA51259114013c6e4eb4134fd98367e9fd0f1e81c79df49fc65728f53936400fa40ceb77c425e9b5f9779e2e2fe1b33fa31e8a18a006668895ccb07f14118e2dc885a
-
/storage/emulated/0/system_hs/189/outdbName.db-walFilesize
48KB
MD5a3b5e79b7adf4978b5445be69cb1e224
SHA16a07128ff5b44574fb654cc7d79209ffd42120ae
SHA256dd555e3ebd725c8b6e856211e7be23def70f4b676df4e704c5c3bb158f9263fa
SHA51219c24214e85f8bc31c20634670adff882d34f974acdab8199c5a81976f26b91c2d3c29efb9179e86213a2d1eac3fb9d32ed2a7cc7304f5a09adc408e1a7e60a3