8824ad153ee651a5bba89b2bab52c0a327d0954f3c910cec0ef8dd3159da039b

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a73d1d48c0dbe642167b35a68503beb3_JaffaCakes118.apk
Size

9.6MB
MD5

a73d1d48c0dbe642167b35a68503beb3
SHA1

07c79162e8b693d242501eb6ec962462561d2f9b
SHA256

8824ad153ee651a5bba89b2bab52c0a327d0954f3c910cec0ef8dd3159da039b
SHA512

7284855f5cb090896811f9054f91a47f3718024e24255f072dbbe315c8255b2e262b469b1e53e8126f0aa3aaf6f2f7ab8164827e4843d59369ed52e33cb193bd
SSDEEP

196608:mgJmpxa9RLpjyE0KiJQVU3oJlx0kzZbKzcJ4Xe4BrJ64fT:mkmzaTLF5kJ3GVzRKznrxJ64b

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.qdaily.ui

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.qdaily.ui
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.qdaily.ui

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.qdaily.ui
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

15 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.qdaily.ui

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qdaily.ui
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.qdaily.ui

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qdaily.ui
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.qdaily.ui

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.qdaily.ui
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.qdaily.ui

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qdaily.ui
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.qdaily.ui

description ioc process

File opened for read /proc/cpuinfo com.qdaily.ui
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.qdaily.ui

description ioc process

File opened for read /proc/meminfo com.qdaily.ui

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qdaily.ui

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.qdaily.ui

flow	ioc
15	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qdaily.ui

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qdaily.ui

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.qdaily.ui

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qdaily.ui

description	ioc	process
File opened for read	/proc/cpuinfo	com.qdaily.ui

description	ioc	process
File opened for read	/proc/meminfo	com.qdaily.ui

com.qdaily.ui
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4261

rm -r /storage/emulated/0/Android/data/com.qdaily.ui/cache1718323547329
2⤵
PID:4445

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qdaily.ui/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qdaily.ui/databases/bugly_db_-journal
Filesize
512B

MD5
e10bd9eb0af1e548561f22534258e764

SHA1
7950f7b0eaccc7d6b820eb720fbcd1cf0ac29c36

SHA256
73205e63f96e18115a88887e86a915130a242f7563de8da7eb29ba110b91f521

SHA512
7c3551b6e63ceb0f2462a335b04dff806367a28e4395efb7560fe894c3c1786632aaf8cd7cfa4ddac831e84688bfe7e0936e37ebbafe26a78627bea59d495b58

Download Submit
/data/data/com.qdaily.ui/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qdaily.ui/databases/bugly_db_-wal
Filesize
64KB

MD5
155d8ca386ee835d6bc3d8e78c6d0be9

SHA1
f30577c6e7cfc04562ef227584ce64a4192f452b

SHA256
20af3817b9d6abf1237bd1076d8371555b5d34983b1f785cf59a19d233ae6bae

SHA512
bad44bb704cb3c6b995e1ca8aeb450d4855a5ab21e72c6687613b164fe8063f31c293c6f9d8b9713386ce3734122a2eb7b2f302f898573804682d527003718e1

Download Submit
/data/data/com.qdaily.ui/databases/qdaily3.0.db-journal
Filesize
512B

MD5
2b7462d51d44e077efd6fa9f899eaa69

SHA1
5ba28b94bea106217eaa77422a6bc9ab1206ec80

SHA256
4dc301b7ae743317cc3fa14864dc65d4529577ca55ad06d7049934bd817f1984

SHA512
5bfb6a9695af874cc91c5aeb391c587a7ae94d2bc40d1b6694774470d39890fd89dc17acf17e57b61b4d6f2d26392bab807f9d523c78d584a38691c0814ce5cd

Download Submit
/data/data/com.qdaily.ui/databases/qdaily3.0.db-wal
Filesize
44KB

MD5
408b0e1e0b19d3c1e2290be7572fde5e

SHA1
9b10b51769826b2b0d73566ab1686045428bd780

SHA256
7d0eeda87daa62d01871563063b6e8a9bd88f549802203a5d78079518a66384d

SHA512
32ad96343cbbc92ee7a85868fb181d2b5bac3687e555263aa5b17b06b53920f4d9768556933492e847b8eb15500662a813e49502e798a75d79286d9f50d3d021

Download Submit
/data/data/com.qdaily.ui/databases/sharesdk.db-journal
Filesize
512B

MD5
c860f5275682bc2e3ac105a19965dec1

SHA1
08d7937730d868c32a74b9a99dd28b70b68338cf

SHA256
3d50f63cc12254a0ea4212c45ac0b8dc909ddfa70cd082119df51bfb6a7b9953

SHA512
70a28545cb60377470bb8b80543d94cb44485c01578426d9a8e46e9b35fb93c452a9deb3aa0769dab475ed47238fa30d34e18f03236dab19aa22a0e44968ccbe

Download Submit
/data/data/com.qdaily.ui/databases/sharesdk.db-wal
Filesize
32KB

MD5
880897c7ec63aab86f14186ad37d153f

SHA1
c873a4eac8f9a895495fafa16b629b3073d7a9a0

SHA256
07010b22f18652acebc3156a0128a8a45d483df0cb7cfa3c142823a759762b55

SHA512
7addd19871e987a5ff6fd977c228bb82e86a722edd96ee1dbe64d4029d12f47fdda22d96b78258345267a12ffeea6bad64e021b4140bff437386f2a127e390da

Download Submit
/data/data/com.qdaily.ui/files/.um/um_cache_1718323607078.env
Filesize
716B

MD5
56b4e3593d7c15adec9b5813ff59aa2e

SHA1
cf2377e683c6ef803a49b389ba7c1a2c515279f8

SHA256
356a066e36f12f22806b393b29076886f06a95542bc194432954f3821ccdd717

SHA512
b6bef29f524d707c8bfb806602d842b18d1e352223cf05cb941cda191c42b0b61f31d8fb0986f38b68e29e00cbb03242fbe625903687a13262b1a62c59fe2446

Download Submit
/data/data/com.qdaily.ui/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
c9b199633c2235e33c3280320876f281

SHA1
5f21cf1628d046328d523fe814ba494a40a31053

SHA256
b6eefa0e1038e3e07bddaff7c5c77c6906966f060a0a896379ebaf12e7fcc7e4

SHA512
b265f200ac0110f1c54b84c02ccc4d5c313721253f1afc4fa51fb994ec3902d1b389749baa19848fe69710d7ac5659f8b64adb890b63e6e122819d5e2f876b8d

Download Submit
/data/data/com.qdaily.ui/files/__local_ap_info_cache.json
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.qdaily.ui/files/__local_last_session.json
Filesize
116B

MD5
c05530ac4c453e0efa8743c6cbcc699a

SHA1
030501f54f962bfc8ddc00d8c501509581756d7d

SHA256
db13c66aa7442267d9b6d5d6779c143fb08a1a1dadd6f5a5a4df8cb316b61098

SHA512
1cc5e711e53faea66cf036b3d8fbd1adc4e9278cebd481b4411e3c1640790095cd63bbd3fcedd7e4f66183724fd580c188a6d026333871e93f692b9073a3ea74

Download Submit
/data/data/com.qdaily.ui/files/__local_last_session.json
Filesize
157B

MD5
acbac2d610b39e360d533a78a35a7549

SHA1
aab297f2fa1de68259525d697538a79f49eb718f

SHA256
57ef404323ee0e9d3606ac63dc2ca5f585481206db67c0c4cec68a68eb2827ad

SHA512
d8e6991fdd8416580953fec386a86930b0ed14fa0077d74bcb0fe0320a58d20c6bf19b3bbb270abd7802267b64e80654537e133da457097895f40f2144eeb288

Download Submit
/data/data/com.qdaily.ui/files/__local_stat_cache.json
Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/data/data/com.qdaily.ui/files/umeng_it.cache
Filesize
415B

MD5
7644ccedb9e6d68c0e7ff039ff1fed49

SHA1
6e957ec1366cdc7fdbeeaf12a106d7849a550e3c

SHA256
b6f9453a3c7f8040c75cb4b8424acd2615a70fa6538d3992cf6c213782ee9a57

SHA512
b37364f7982cb46401245fae9b12db3f2ab7d4c1656572a038d27c1fc75da2f884b50560429750b0722107662cb34e2d4a44a9b5696bd29269b546048a6fc7f2

Download Submit
/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/b3374dc2d94325581def4460b5a58839d1564e0cf01dcb00d2601e926193a7a7.0.tmp
Filesize
42KB

MD5
d627b03118ba4f0455ffb0179f1cf97d

SHA1
6663ac8ec7fd2a795f6b0676d807264a3e623188

SHA256
58b1664ce8a3a51b8c73c6abe53e4327dc9468b171f29383b5ac0ea9591711bd

SHA512
11f1fe5c12d21e8b82bcaf358c18b6817117e436ed8bb1103265309c099311a4ca622ad11877da1785989213a1ea223230db3b8b072fba838254661bf88f91ae

Download Submit
/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/dd06e2c0179c2c67e2d9e87094a7386b72d4794fe0cdb74616c524be31b095bb.0.tmp
Filesize
25KB

MD5
a4d3f8d178ba5bcc27521c4d93d95e01

SHA1
60f17e0e90b7ea5f0ab0a9a67959333acd40be2d

SHA256
b09782a8e1e253aa53c7a0738a3ed10e04aca3d1e49e409bcf71e2475e55b083

SHA512
b8e620feab44472a370fbeea62382507d2192616f37cf8d2dc06be2d66e00c8dd85c8aa6bf7ca1eb21f273de8709a66e28eea9777227dd4c26f9c2c7fdb8fc7f

Download Submit
/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/journal
Filesize
327B

MD5
7becb2f1e93a441211e9c41bc11a39b6

SHA1
fff764967c01862fe0b880ab06950f05d5b7cda4

SHA256
f62a14e985d8bcd44b041f42a84a149aa8648bea74118411bdcc0824e6f7d46c

SHA512
fdae3ab2d7515929b604a5784980df422f48231e6a19fb0f7cdcf41255bb44810b5184a6c8656e8fe0e561ff17ec9f00ece8152b2e1d39585a2c9f9b767a527d

Download Submit
/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
369B

MD5
7ca2ad6076f756d167e08f2d8724274c

SHA1
4c98ef81eb623c5df582e72a1ce7b4f000e49c4a

SHA256
a8e84f6229328208fbdaf6dab22496f4f6787144416da51d2c026664e161d506

SHA512
c851ecd65ebf9c49442aef4f8a3e9611983404acc3d89ec4351ca9913bca3b19a28b0ee2473d80b010e15628b8eec1f06e5cd542a3a91f9f752114b1b391f963

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
468B

MD5
4c4c86d50c4bd7b8e4c45de25a92b05c

SHA1
a52b7ecc24791c7748457db68723b1c1afc3825d

SHA256
46075e4cfb0edf1ad4d1baca292eaf91356a273c15525d4e15173b80c0050a3f

SHA512
146c9bb45f6ed6552091202f907fd9287c6bb6b0057c1a47feda9e3300f36d03a5b59103eab4a7f1e0bbfe73c3d2f8b757508a63db95f2304a0a2c5e1ce5f0a7

Download Submit
/storage/emulated/0/ShareSDK/.dk
Filesize
107B

MD5
c9383021bd97affc44be4db7018c4d7b

SHA1
7e680409d1c86e35149bebc22f2cf8c484f0d23e

SHA256
b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

SHA512
7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
89B

MD5
70631ceaa6f55d1ce183f9db006d3fba

SHA1
03eb78304867b194332121657b41168a65eb390b

SHA256
bd88dbdf2491f0ac2da82c5c8458aad05cd444b05335e19183f1a0d071762843

SHA512
9cda1fa4231784e7ece61c7d072840009e46a14280a00e06b386ae2fff3630d24d83e0fd5d715078ce16e3fdda085e0f8e33ce4e4255c94e2de950e25190d295

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
20KB

MD5
22950c72585209382c09cd5628b96e95

SHA1
a7739f836366e606198fbce60e1c0fe3fbf93c8d

SHA256
86e66c6ee838542df34bbe757a983b336650352b8c020417dae98f0f5885a0c1

SHA512
49664e6aef808ee5e09e7282608e760112701d3effc0d9e33b6a3ef8023061ac2fa90f4599d564c5add5dc5d688b83e4d60e7489a709c6dec7061e3536f97d03

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
c4613938d487142be36dc34d65730bce

SHA1
b2d211351c740c8754106dad96a41971597527df

SHA256
25a9142eb8d4447ed9b60070691d4e1152d839737a9635d7fcbbce0d46d9d63f

SHA512
87f20ce97de97cdc587ffe788e4b116f345b7f4e3e8ed6babbcd65361431a72830b0751c0992954df00c5b72c342f2d8d53dd43330de07c523772fc490187987

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
512B

MD5
7c584cc980b78b60750ed298fd987434

SHA1
f298cb097aecf0d90af373bf0e03a0859737f773

SHA256
ee5a12431596ab387c112fe3818bdb60e57b159a3802d93874971b786e4a20d7

SHA512
eb0632db77d46217dcbf486f4bb215afa59782f10a162bb20f3be251d3075829e90d653c7712dd0395b6a33667bf9d44f94910ad5bb0e6cbe19902609a8c9a30

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
44KB

MD5
1d2a84e85464c91469beb8352ed2c447

SHA1
a4f838e8876113cec22480c1ec8989b6972a9a52

SHA256
fad7bdf6f260fc859a4f5e0d3db6d2b2e6eb7da80f1242953b93afb4270c4066

SHA512
1fb0eb601a2804a15fddfa1207eb94822295dd8746493e51581c80c48f7835d43a8d83c2d61cca1944affc65f370501c9cb062f12885083a432630f10010984c

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
20KB

MD5
173923608e258fa8348804d14e42d930

SHA1
272957857b2ac5373c16a490a540bb3c81b58032

SHA256
fa4d07c11685ac6540be3e7087721f9f39b562d076d9f319e366dd12818875d5

SHA512
bed3aa28473fe396273c63a3e9f97c417a776c7b4cf3422728cacef128d7d0d734ce43945321382597cf5546fc0f52714750463b15371e9e18c91bb53113bb3c

Download Submit
/storage/emulated/0/backups/system/.config
Filesize
25B

MD5
65a603572c8f0c3df5ee6dabea9782b8

SHA1
c30802eb42d5ef4d8f372c9abe561a18025fa974

SHA256
ee24a2e27fd246d11069b596546db9fbacfbcd17574a9e0dd54b3da168a3d146

SHA512
d154b0692406074f3857ae99060347cd55fe9164ffe08706dfe54224fc673775cb3a9e33012b379c7f30975991647077eb766f64485fd4acb8db278c6588da37

Download Submit
/storage/emulated/0/backups/system/.config
Filesize
50B

MD5
759a203679855254ea675113a40a6285

SHA1
ed574fe92681fbac93e56403a8ab2d72976d7937

SHA256
5753b35d1cf2b9664911a7aa3bd0cf04cf933501f1084c0837125c91a21dc918

SHA512
74ae584466a8933c69131422848176b7cf421b34470ef52c997c9ede0121de9ea97955381231d0adfdc752bb8199f18c7a62f26921a4a6a1fb70640b7c77b70e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads