Analysis
-
max time kernel
163s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:47
Static task
static1
Behavioral task
behavioral1
Sample
a89763ef75c52faabc465f1ccc0019e1_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a89763ef75c52faabc465f1ccc0019e1_JaffaCakes118.apk
-
Size
19.9MB
-
MD5
a89763ef75c52faabc465f1ccc0019e1
-
SHA1
483b71345cc25323d324689de0e8e740398ca1af
-
SHA256
405fded82b71943a56d65957ce9e6778c3c77e8482a94e27d3583c00a46704b9
-
SHA512
a4855fead4dd616dca5434e43f8c9b74367718a484d1e3aeec4c15095892ef363fdcfe91945603f2f0383758214eb7f2f2f2617bc44b4021c3a5dd9834da589c
-
SSDEEP
393216:Oxn2Ji6oWLGhuvWsGorIhpDnQTkfZ9LQuWVhGIsgL6GUcqKBDUFZCp:ONX6oWLdWiunXfZlLmt6jsqZCp
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.video.newqucom.video.newqu:xinqu_processdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.video.newqu Framework service call android.app.IActivityManager.getRunningAppProcesses com.video.newqu:xinqu_process -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.video.newqucom.video.newqu:xinqu_processdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.video.newqu Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.video.newqu:xinqu_process -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.video.newqucom.video.newqu:xinqu_processdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.video.newqu Framework service call android.app.IActivityManager.registerReceiver com.video.newqu:xinqu_process -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.video.newqu:xinqu_processcom.video.newqudescription ioc process Framework API call javax.crypto.Cipher.doFinal com.video.newqu:xinqu_process Framework API call javax.crypto.Cipher.doFinal com.video.newqu
Processes
-
com.video.newqu1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /sys/class/net/wlan0/address2⤵
-
com.video.newqu:xinqu_process1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.video.newqu/app_crashrecord/1002Filesize
225B
MD53e7d13dee7ca64d7317dab304e733e5b
SHA11e51f6d98e0d03bed7c5613df6c55979fa5903e9
SHA2560ab642efebdb60609f920b51cdba689380ce52e197ba8be4734522c3f6300905
SHA5128c177bca13bca3f45145eae0762d991d61f03db1e4181acae84d4a7e4bdef7cd9465c931322a2a1fc8270cf21cba8050306ad760fe82785429d73254a8a01ddf
-
/data/data/com.video.newqu/app_crashrecord/1004Filesize
225B
MD5681c0f33b901d6e5e0ae480ec746e1d0
SHA1b3b807153145aad5a3df5ff086721ca3d6e1fe76
SHA256d810be741a2bbef3f8111473560de6fa8daa79e32d150a394ffb0253f7d1a584
SHA51291c5d7d5efabdae5568f0d9ff68cb71a471d6d872070303b8ee32cb877d771aee9ea68a2db687e4e8d6d3cd8b584d891ef7a68a15351d512c707bab0e55054fc
-
/data/data/com.video.newqu/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.video.newqu/databases/ThrowalbeLog.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.video.newqu/databases/ThrowalbeLog.db-journalFilesize
512B
MD5bb6b0cc576bf139d6eb2898716d48824
SHA16eeefa702cd0e2e7ce13cd23d3805617d73eedb8
SHA256064c8d2a1693a481a7e6da75278736ca1c9bcd3ce992b5985bebe0a0d0003c1f
SHA51200bdddc69474a3d8bbc4f00500def87780150cfcc24c7229c88718117e4605b7bcf432e59fbaf4c3c0a62b2e944120c82dd84dee4bb5a6038fa435fb6469af99
-
/data/data/com.video.newqu/databases/ThrowalbeLog.db-walFilesize
32KB
MD5f28d1bccbb62b627d28225129d8238e8
SHA1d74846ae7f7df7f20bfeb3f0c9a0ce7f5b466f4d
SHA256af0856fce54c1001374b5c8ab3ec91ab4c758a56f376e9186ab12e5a10107a18
SHA512f787ae983aa6ca51d8644e498ea85c3d22db93109ff6097472d3fe4e2e1f991f44a1acbc451f7e3667a05b340055b7cc1afa23351a8ce1e76c5da7d77f1cbf91
-
/data/data/com.video.newqu/databases/bugly_db_-journalFilesize
512B
MD52933bb46724b2ed173a5a999e69aa445
SHA16041e376baddd1f2034f5002a9f333ea535506f7
SHA256e3c1347f52802bd04b6996ea6ee39b3ed7ddaac6dacc31aa8574bcc4ad5cb106
SHA512e438d6a91183ba278be64dd7f69bedb9fc3d12da7e2d5f8c2b9917450339b9203d78d56b4a0f679c53fdbd95ed39e8b58829326bb4c2b7964b876c26e520f73a
-
/data/data/com.video.newqu/databases/bugly_db_-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.video.newqu/databases/bugly_db_-walFilesize
68KB
MD554a6909ac9a50c128e133cca57d45807
SHA1e359ca43297dbcb3668c6cf16e986959578b0f49
SHA256555555f9bccb1b1b929d7801d377381986ce55ea6022e44ea56b72ac06ad7fc1
SHA512051b4fc8454077d6b8e114d9fd2cc23551898aae6d9ecece4404829db44bd775f090ae39a0249c84741d7dceee930103c2148b38f154d0ca40f13b43f32d4bcc
-
/data/data/com.video.newqu/databases/xinqu_data.dbFilesize
4KB
MD56b1516be12f8eaf294f7262400115f64
SHA1d656a337d9b61cff552039d1e0c8d0edef9bb8b3
SHA2567b7bc81068a8628966341721c37055a9d96f64b7b128d95faeec522201ebfee5
SHA512ee33471fd66bd2bb38a27bb1ebb97aefb349b75c9453abd95b98ce1ee60dfeacfd074b4e4f617f532b6d95635f4274d8ed663d4cef56f9741cb7c3865eb32846
-
/data/data/com.video.newqu/databases/xinqu_data.db-journalFilesize
512B
MD507c3193115abd61c51ffe5acf1c476ae
SHA1d5dcb6bec2b90026967a71529200d55683b6a1e8
SHA256df7c27112dd2be6576ea7c7164f3c224de4917d19bd4c2dd753d513aa6686d89
SHA512393fa9384ae09df66b052d8620fd8a6a774fe7e89d4e27ed038e100965163f83420c36c06572b0bf51e628a796ef57a218ba8f7b03ae895832c28ac12672c44a
-
/data/data/com.video.newqu/databases/xinqu_data.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.video.newqu/databases/xinqu_data.db-walFilesize
56KB
MD5b1b5a74cba2398e47d08e2f9e25adb8a
SHA13419cbb9e21741e99f6e87edb0b2f22393cc6c93
SHA2565a7162d7a28f33cf570df61e4bbc9cd7a989e3e9934d4cc4fab2bfeceb59caff
SHA512e747e2d0399c07f4fdb7597db0a20b1337f67642291e1fe168373f01bb9f30a9288132acb6765d3157163d851dd9a932768ec72b12ac17d30f6ce2ba679195f2
-
/data/data/com.video.newqu/files/Mob/mob_commons_1Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/data/com.video.newqu/files/Mob/mob_commons_1Filesize
856B
MD5ba311645e8c6bddd03aea811364fa68d
SHA134fe64e6a710609ecb6f1139a22a0430f9da996d
SHA2561150e6463918122f70f401099c32388d181b6735ae5d94cec434be876c11cf97
SHA51239cde6f1b3d845cffa2330cdb7b407a7cda6dcc65f7830a6ac801f03bab8b345b9cbf6db7677e99b4ee287dc694c336f5627d4848f9dcfedc3dbee26bca70c96
-
/data/data/com.video.newqu/files/jpush_stat_cache.jsonFilesize
137B
MD511f0a9bd9e5d14a62403927b7ca48048
SHA1aa754404b444b92890698292edcf5d94ccfc5b9c
SHA256b8266a5da403512c5053dc76e5017567d9d551610b7c08b3934a516c5163b758
SHA5122b29b4f4986307071a3b5c2e648655b9f245913fa02a3cd84812f307cc40096ff5554ddbb64f3e29bc19c1dae5308678681a7a0d22ca66c5d5bd5cee4abd4920
-
/storage/emulated/0/.mn_410185822Filesize
98B
MD5114066678b657c133a1e833d12b00c75
SHA1683141a61103e005acde1ba3570a6689899732db
SHA25674529c99ad319d947e21faf48d52729a2db24d06a16a79381acf946fcc9e700f
SHA5127781fc71951a56f065a0e93c5d103a9559f2a6024538d99089b54de832960dbd724b569a0f36861cfaac6cd3ff4a5052dac5b998139b550a653ccb61261f2b59
-
/storage/emulated/0/Android/data/.mn_410185822Filesize
98B
MD572192abab228a97c32a31ff2138e3e78
SHA199469d35f779f989cab52fa1dfd8300c3bec2ee9
SHA256c77779f68dd83302058a487aed530d8e2dcd2b80efc9f62a23a264d207ee2467
SHA5120660592f3580413585c7d7e2d1503614ec0086280a138a82b7656e77b0dadfc15468290a6132960798d24edf84ba743b8bf44ce8daa2239b10dfa3c7852c0817
-
/storage/emulated/0/Android/data/.mn_410185822Filesize
146B
MD5a6b27f6969197ddf2e52dadf3806cd62
SHA16122e5da727db3ce36f0ed76a79d8b5b9b59a7ec
SHA2562bb874504d7a90f7bd1da70b80b9fad596329b7c648dbff59e421ea4a1718736
SHA5122b78eb6597b4002a4abba1b491b07e4c0b5d54b206d8ded9630e31d8a5d867de2fe04cb7ca9cf0c5c0833c3da28c9a7afc47e359a6fa3169b756680c536807e1
-
/storage/emulated/0/Android/data/.mn_410185822Filesize
82B
MD5e8be01a3d651b9f955cbb28d7fe2f623
SHA104010f8b539c2e98c8d7b7752e9879547aa9dc0f
SHA25697f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4
SHA51219eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f
-
/storage/emulated/0/Mob/.mcwFilesize
82B
MD5761a11a8adb3bd33f7d6f6f7f6911fb5
SHA15e7bcdc71c62c856bf059c4b0950b7aa4c4d55ec
SHA2562de6c7c17116a9928fe92c3b6f32232acce574c0e5f4f00a0879af3da975a7d9
SHA5123917cd6459dd537a945f76c1e927b94c68c4860bf79974389d35be7df272b86fa5795da5adad69c8c07d5a6557b6e50a795035bbe31e9ff8c094b148039fb084
-
/storage/emulated/0/Mob/comm/.diFilesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c
-
/storage/emulated/0/Mob/comm/dbs/.duidFilesize
132B
MD5688ee1fb5c2fc3de3a580cdcda03379f
SHA1778ba30d37a9110cc119c520246ca4bc4a015584
SHA256125bdf3d9ef9151c5fa3d87f5b9e3f4cf6ec892bd813f4acd9bb4c8495198f33
SHA5126768b9f622ece82ceb0902255603ea55958bd3a023676ccd62918f5fea155e08f846a63f30eed15f77e243b242c9538be1bb07528e53c7244a3991f89074866f
-
/storage/emulated/0/Mob/comm/dbs/.lecdFilesize
772B
MD55cf29fe04c5d44db590d6c80f8eb4e66
SHA1d772308829d9fc91a2a728818a1a2b97b6562ccb
SHA256fbf5c6746375bf883744c4713f3c9956e76f096136d70d0688c9f9761aafe515
SHA5125e0339e5701b4a5f9b7d6a8f69bec5c530d790dd8842e0d46d2fbd45771c13d476711d74cd81402b40bb5b48422002e38a7fb07e42ab56d9a9656d0f5c58d7f6
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD59ed2c2db3f884109175b36742f2754fd
SHA1a185d5637c82d880d297119a8521550b6a8568e4
SHA2560629957a87c683021c0dabe374ebf5b4b0230e6d885ad975e602642612bdfac5
SHA512eacc9ef0f80d2824e1d50ff46df5187fd545e0892dc8e250a3d23b6930f82647d243d680b952283b5e819e39f321f6ac68ebcaabb4bbc8ab659a7a1405a2f6b1