c83204ef711047f13cdc971643afdd64de5d74dcb6f1eb19e2bf98655c467e15

Analysis

max time kernel
172s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4a44294f14722b5a1b855951393247f_JaffaCakes118.apk
Size

14.0MB
MD5

a4a44294f14722b5a1b855951393247f
SHA1

e2b7320fc3f541b1ba274cf6b79d575bfc539c77
SHA256

c83204ef711047f13cdc971643afdd64de5d74dcb6f1eb19e2bf98655c467e15
SHA512

d242b8c716377120c3f32062b5f3c8c8305adcef93173c2d0869c911cf0c0ba64db2ed55c4242353e1d19a1513f78edf51538abd7628db16c22b0b8c66c226ed
SSDEEP

196608:j5E7ZE7i9d5N8isXNYczfv1qvrCbbK6MaYSRhtMrZ2ZXPpKXOPiUiAd2zhKH2iIY:9ENbX5CXrrUrXAYS7aEXoXbhKWi8X1By

Score

7^/10

discovery execution impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qijin189.huosuapp
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qijin189.huosuapp:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qijin189.huosuapp:channel

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422

Queries information about active data network 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.qijin189.huosuapp:channelcom.qijin189.huosuappcom.qijin189.huosuapp:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qijin189.huosuapp:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qijin189.huosuapp
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qijin189.huosuapp:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qijin189.huosuapp
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qijin189.huosuapp:pushcore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qijin189.huosuapp:channel

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.qijin189.huosuapp

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qijin189.huosuapp
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.qijin189.huosuapp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.qijin189.huosuapp
Framework service call	android.app.IActivityManager.registerReceiver	com.qijin189.huosuapp:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.qijin189.huosuapp:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.qijin189.huosuapp:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.qijin189.huosuapp:channel

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.qijin189.huosuapp:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

T1471

Processes:

com.qijin189.huosuappcom.qijin189.huosuapp:pushcorecom.qijin189.huosuapp:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qijin189.huosuapp
Framework API call	javax.crypto.Cipher.doFinal	com.qijin189.huosuapp:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.qijin189.huosuapp:channel

Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.qijin189.huosuapp

description ioc process

File opened for read /proc/meminfo com.qijin189.huosuapp

description	ioc	process
File opened for read	/proc/meminfo	com.qijin189.huosuapp

com.qijin189.huosuapp
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4294

com.qijin189.huosuapp:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4418

com.qijin189.huosuapp:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4670

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qijin189.huosuapp/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-journal
Filesize
512B

MD5
4e723cdcf77d06b7e98a2a52a5fd811a

SHA1
bc26b61150b541a167ec26e5bf2d0b7a0eb24970

SHA256
4184f1a6f6199e032d08fe7e126eaaa2da2d7460139828d16620f4d457709a62

SHA512
d756f8269a8d2f42e8037a71846b59133255be1d74acc3977073f473cb4ec09bb33a69343e5efdedcbb49de4dd312d959c258608e2c24a377a0ee873e579881a

Download Submit
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qijin189.huosuapp/databases/MessageStore.db-wal
Filesize
48KB

MD5
ea65fda460318ad4ceaa52f0f4b831e7

SHA1
fa5e5e75f6125322d28ccc79a981a29821febc63

SHA256
37cdcf2bebb78eef0df1bf56c5b293b1d8d3291b1035e5973f65a78aa8b4a474

SHA512
2624eaa57faeee8906f118834147fa83fc501b6bf14b757709a09e6761ad540aac63ea891771062b50234995755659e1881458c63e5b47064326e51bf13da612

Download Submit
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-journal
Filesize
32KB

MD5
6311e8ec39c4a030093d53f98d0e8f56

SHA1
ec2f95f04d20b94f9317be23f202db86326e7d40

SHA256
4c8486ff9a40ffaba836db42613ad4a52edbe8c310d70ad946fc347c41ad3fec

SHA512
f275329023426a1bb8c750849aadee5a18af19ae2deba16480352272e03350065d7e9d7e5b6a5364a983a6f899fc88a7f8b88c58eecd87b1e86cc2b065dfda8c

Download Submit
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-shm
Filesize
28KB

MD5
259bcfed324b4d3fea6e94e15406a399

SHA1
6f79fbd9e4ca5b5add43051ac6001166ca0b9675

SHA256
f3770084e8014288bcf86ea2663e3dcba9d4731ccf12d3d7e6b7ce62ec3e03ef

SHA512
ac797d67b0cbb04104f5605e430b86c8143ab527a39b40867441f84516a3d55052cc66ec38da0bdcb44015366e212bd2c4737370c9b7c91bada8162c1f263b3e

Download Submit
/data/data/com.qijin189.huosuapp/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
0ac1021aef9819696bfe91f6dce4c963

SHA1
651ac0156993295a3e12ddffbaedc12bbfe4fffe

SHA256
0fb95b764c0994444b022ca1d6a72ad6fd5393b23fcd9ed755173c2368e9a90e

SHA512
afd233b665f2d147ced962ccdd56f7667ffc335b3afab875d22e26121ccbad8ad15900713fa594e66da875fa0498a381a2bd6daab0285c2c6abbca634906d328

Download Submit
/data/data/com.qijin189.huosuapp/databases/outdbName.db
Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.qijin189.huosuapp/databases/outdbName.db-shm
Filesize
64KB

MD5
025d2a0bbddbfe91cf8e21de2030b2d8

SHA1
e2c377a7e54dc57f0fe3a6025337a723b0a644c0

SHA256
d300fd8873ad4b4698183f385af644fefadeba0114b750d61e57dea32e84570b

SHA512
92218e97fac5849fc6ce25cf89833d4b111d21705660dda858af945b6489dc2bad467bb89ce9c74a86e86dd7437823f8d30a1a9ca57411fb913cd2d19b7198d7

Download Submit
/data/data/com.qijin189.huosuapp/databases/outdbName.db-wal
Filesize
64KB

MD5
69e45159ea754aff385071f6839436a0

SHA1
af39e5cc55ed539df219493e40e7c11bd891d7de

SHA256
394d116851f845b2a965a9808b63b173ed3efc96f2d760790ef7897bbd3fcf45

SHA512
bfce46cd45a98e861f5654a3119fd45075af868fc0af49f33512992003f4135dae8e3befada15c2f5f5cff765ebbcc500005927a57e076b9c39c01ae2d8d17f6

Download Submit
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp
Filesize
4KB

MD5
eb0f6c28bc3ad3471902e07c82d2c0db

SHA1
b6ebc7bc314ac6aa920bf71c0ee717398e101837

SHA256
9a806d0f45cddd023f8a05fc69b907a6a5aac0e35e627f12caa053ca6458d581

SHA512
6f9720e4e88da91f03fdda7f1862df69177a32b5784e4673a6e64f1704b0683435daf36932e9cbfff4b4580596374787065a4a7b69567707e4939af8dbcfa09c

Download Submit
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp-shm
Filesize
72KB

MD5
9987d060852eeb929edd635567dcf56f

SHA1
6053ade00090e8ea9200444177227d9294a8a326

SHA256
af51fbf580dd6e29192e0fe6a0a5464c3d6e32ce7f0b481643bb494f771f09ce

SHA512
c82814a72ff8b0a045a437f0f4ecdf674a83f9ce5961b0e26d10721a8cb6d7224dbaaad84012c80c899eb28ab7fcec1e793297666f14971cea159c08db4dd859

Download Submit
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp-wal
Filesize
72KB

MD5
37d45211c96c0b69b55d8db22b96b502

SHA1
a14c2c4e554cdb7726f842d6a481ecc802c0723a

SHA256
ed9814061f3fc7675f0d04e809f5e0c173ca9e4aab2e372e10490ef51913d3fa

SHA512
a64f8221966b2ca0e628cef9762300677613082cf7a147856e84b254775d0b6ddfe971178ff64b330a0677cea470e7cb9f5477c3040fa12be1c78fc640c14dc4

Download Submit
/data/data/com.qijin189.huosuapp/databases/pri_tencent_analysis.db_com.qijin189.huosuapp:channel-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-journal
Filesize
512B

MD5
81d9fb47dfa5f67e1e81e5e32f76d1a2

SHA1
8771aaaaa33f74efe8ae11e3a656f203d787d6f8

SHA256
91cc067a6b42835d2877bded86eb4e7c38343ab96489eb603620571d33a27a60

SHA512
f04df501ef2eda5022bdb9eac8503801f53786e34c09b448e69a226558e8947805e9353910dc35d968cd2c0c660246ba0422e10f97f92ce553010bf92c940d0e

Download Submit
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-shm
Filesize
28KB

MD5
c34b66d4384f39176b17f1b82b446790

SHA1
9eff61e9c94d23d0e2962b55c8b15adb8d315224

SHA256
329e0d3cd6667f9adde4f721972b7c8b191fec411e1d8f48a96690e21416289b

SHA512
38c099b2ba5fd3d75627f0eb5e73f9a3f6c633abd0792c2b4c8fe1a8f6060fee5532fc0096ad2a98afa633e727f0ba68bab44485d352db2b5b8093e32ca2b6ff

Download Submit
/data/data/com.qijin189.huosuapp/databases/tencent_analysis.db_com.qijin189.huosuapp-wal
Filesize
72KB

MD5
6e006447c677701c996a01f58df162ec

SHA1
2c65847027cd78dadca3332b5bdbaa6f6a963930

SHA256
3c55d049e7f719dc7b48d005bd1df8a8f65e423c00cf35c9dc92910aa97f56e9

SHA512
a6274fc66752aab0af15dadc9891ca7f9000722cfc566616dfd576708096852d0e054d7165041c13e3c0cd25704f85b2501195515678b6b245ed8edad39119ff

Download Submit
/storage/emulated/0/system_hs/189/outdbName.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/storage/emulated/0/system_hs/189/outdbName.db
Filesize
32KB

MD5
6ccb1b41fa090bcc9c348cb0f25e826c

SHA1
89c072b876b8eb03f6e4b18e7fce3c8835eacbb4

SHA256
3b7526ac18f9a7133934bdfccac237eed07cf5ce48c50f557791af3920320131

SHA512
67fb619abe241b723608e3a1c4b85863f5c224fafffec52a9aee61c5d449a2e760b2d0787baaf2adce72daaed5472ceebebece73970a16bb4875aed8ebf2d801

Download Submit
/storage/emulated/0/system_hs/189/outdbName.db-shm
Filesize
48KB

MD5
8242d22fcced66f8250722d1b6467bc9

SHA1
f6a40e49a208f4c064fa18ed542c1ac2e34e1b39

SHA256
fe7460360397c98c47e965522c5e3abc99e2f0cbaaca09c13fc4a841e5679ce7

SHA512
59114013c6e4eb4134fd98367e9fd0f1e81c79df49fc65728f53936400fa40ceb77c425e9b5f9779e2e2fe1b33fa31e8a18a006668895ccb07f14118e2dc885a

Download Submit
/storage/emulated/0/system_hs/189/outdbName.db-wal
Filesize
48KB

MD5
a3b5e79b7adf4978b5445be69cb1e224

SHA1
6a07128ff5b44574fb654cc7d79209ffd42120ae

SHA256
dd555e3ebd725c8b6e856211e7be23def70f4b676df4e704c5c3bb158f9263fa

SHA512
19c24214e85f8bc31c20634670adff882d34f974acdab8199c5a81976f26b91c2d3c29efb9179e86213a2d1eac3fb9d32ed2a7cc7304f5a09adc408e1a7e60a3

Download Submit