Overview

overview

7

Static

static

6

b1cf36d498...18.apk

android-9-x86

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    13s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16/06/2024, 04:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b1cf36d4985940b3108ebb84c5494923_JaffaCakes118.apk

  • Size

    22.5MB

  • MD5

    b1cf36d4985940b3108ebb84c5494923

  • SHA1

    1d44c603f579159acd98c9cfddfa8267ef6b1304

  • SHA256

    88c5b3ca9c82801920f840476df64d3ca73748318ac1d477258d1c91af99fa2a

  • SHA512

    7590164efe61431145c1c08ba724d7f6a7d4124bb81dfe7e6998a7de8d4fc75d6c35df64995c4a17c8ffe8fed12cdf25d5fa706d55ba891719b1f1bcea65c650

  • SSDEEP

    393216:4rG+9A0Gb+ltSkSF4Eau1FPUXN4hZHn3H0ab4V3eqKuGMmpZYnQBgLOQQ:aGwbTSF4MtUXN4hOab4IqHnAX

Score
7/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 2 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 14 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • cn.qcast.furrycruiser
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4178
  • cn.qcast.furrycruiser:castlinkerservice
    1⤵
    • Loads dropped Dex/Jar
    PID:4274
  • cn.qcast.furrycruiser:sandboxed_process0
    1⤵
      PID:4303
    • cn.qcast.furrycruiser:sandboxed_process1
      1⤵
      • Checks Android system properties for emulator presence.
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      PID:4337
    • cn.qcast.furrycruiser:castlinkerservice
      1⤵
      • Loads dropped Dex/Jar
      PID:4384

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/cn.qcast.furrycruiser/MoreTvLibrary/libluajava_moretv.so
            Filesize

            141KB

            MD5

            7ebf9bb1b999f4d9211f456f17cdfbe1

            SHA1

            3d6c3d38fcf5731c4cef53d09451f111848eea17

            SHA256

            2717ad909ec00a06d1aff1708d5c9cb65f394c8cb4ea04c0eeb648def6dcc008

            SHA512

            790fe149b9fd462ce58093ee759c487bc53b28fa55bbe4859f242487a71d810f3c87652cd186fe06b6922a9ca31de3bcb935c957381106226802b9119a9814d9

            Download Submit

          • /data/data/cn.qcast.furrycruiser/MoreTvLibrary/qcast_moretv.dex
            Filesize

            567KB

            MD5

            3357f260b8cfa7a4825538adc939e293

            SHA1

            dee4a3737d32ad09cb8f84aefcf4eebbc27491ee

            SHA256

            474c7804f65f5dfa9002bfcb120a437b48b46a88c6207365e1433d242069063e

            SHA512

            db04e7c5f1484065034e43c8fbe2848f4f4d00f3385c1e4445ef646cd945f9cb854d23b656cb4d37eead4604a8ce993b32eb7b4100be1b2b495024d9f857a06a

            Download Submit

          • /data/data/cn.qcast.furrycruiser/app_content_shell/icudtl.dat
            Filesize

            5.8MB

            MD5

            016b7c560b53fe4fcf41f4b2eca9f61f

            SHA1

            b7e60915aeb077c7e4ba54f87b4b8b8c4f335956

            SHA256

            86030aafd3e4128b37d50bfa63aecad20bcccacd8037925f9ada49a40620394c

            SHA512

            867b84f196609c212736904ed733ca9c24a0e9d1a4d3b5246955c053b743801b4e7f1d0b44aceaf2cc108b80c06b016399bb8b27b97e91e0eeca1ce95b56a609

            Download Submit

          • /data/data/cn.qcast.furrycruiser/app_content_shell/paks/content_shell.pak
            Filesize

            1.6MB

            MD5

            736b282401615ae39eb0f278759258f7

            SHA1

            730db06ab2a8409bb2ab2441848b7706bb120c47

            SHA256

            c487e0133b3a7e5772d5147365e41d2648a635c2ca2e66047661fc5222bf2874

            SHA512

            14ada472efbeaf0625e0a55f7e46b91aa2ce2a11cb86e235409f39532b2d68d904ddcc4d8c10b6e537d3e9ed9c3f43c981226f1aea752e7c5c5f34838533006f

            Download Submit

          • /data/data/cn.qcast.furrycruiser/databases/download_v2.db
            Filesize

            20KB

            MD5

            dbe92b0fc1d3e8c132fc348357718564

            SHA1

            dbf5046e438deacf58b72b00888f81d7fb7e1693

            SHA256

            1b0e2c647a4a97e2f58aed49391c4dbd1dd49ac97fc963957815647949c49ae7

            SHA512

            a56ec1a444fea8159762a5e88974194694fd2b5015f0c802c5e146a7e9448e102cbe81aebbc4ad3da1a21f979d4a7c38d6c5cf9eeeef24237ddd072d240ba1a6

            Download Submit

          • /data/data/cn.qcast.furrycruiser/databases/download_v2.db-journal
            Filesize

            4KB

            MD5

            9415c753f5f6341949692bbbbd0e215a

            SHA1

            4864a07d78fb5b0e7f29a5459907122095b8c0c9

            SHA256

            1f3b6f253f60365fa409c4a9528501654011c8cf30ce41741d02595a9c335d99

            SHA512

            6163eb17357d4c471454f48296ebd86ea0b48c091315822c53e6aed37baedd6d6188049083a40467b1a27375931fbd2e30d3e5a86bcec79659386a835e5bb8a5

            Download Submit

          • /data/data/cn.qcast.furrycruiser/databases/download_v2.db-shm
            Filesize

            32KB

            MD5

            9014d0b1fa8f34fcf800209036f17920

            SHA1

            8e2890fd099c44648c14061b62c759f9b33e42ba

            SHA256

            58825dde364dd89a3e6d3b3276416d99b633f983008394f1713a2869f7a9530d

            SHA512

            cb3073fe1392da1158039d84e34d8f26c3e4f9fc8e411e15112783307bd1b57fff5b6ec8bf14a318e2e8cec9a92204889256f79ca4eea82cfa5bc327c0fb086b

            Download Submit

          • /data/data/cn.qcast.furrycruiser/databases/download_v2.db-wal
            Filesize

            32KB

            MD5

            7b3c1a75db13e23fd13ea54110a0cad8

            SHA1

            d78f64d96199e12ef5065573df242db83d6c13d6

            SHA256

            284007fae114cf08b91ef4a8f6b8dbd0a7c6f6fdd32ed9565ec7bfe8843bb342

            SHA512

            f748c9059039b6d364b40bbdc1177f1dae8fd8f4a7b88b53775bb4ddaa47b11f88ae1cb1271aefb3d3fafa77298be89bd35c6cc26957a80a26a69b8360923eac

            Download Submit

          • /data/data/cn.qcast.furrycruiser/dex/qcast_sdk_core_client.dex
            Filesize

            394KB

            MD5

            bd91fdb7782acc7e9f4727d8d97fe6fc

            SHA1

            bd01dc79a2f64c4d80e3710202c745b503a94cdc

            SHA256

            55da7214f348176a0deda2b58109089363196cf7780b665318dff8184168f448

            SHA512

            27d7ddcaa1820ec11522addb5948db502a33c4881ab960e59d4f96d3d553b3349cbae5bfa3a9d2430002be28526906e579be63eac86e1a731c4ef8f35f66b2e3

            Download Submit

          • /data/data/cn.qcast.furrycruiser/files/mobclick_agent_cached_cn.qcast.furrycruiser170
            Filesize

            4KB

            MD5

            605e4d5944e432cce637176ad6881d40

            SHA1

            62d3ca8630623a592e70dd92692afe9f8f991c16

            SHA256

            951a25e30eb0fa26115707d95519a02b96b8e6f1b4ff6f40819aebff46160c53

            SHA512

            8be330ca4628c4bb99a8711b7d833f85ad0638b63761bfc3ee8c78d26e913d2c413bc28e3e2dd2a8a77aacc6726013bfc646fe8ebe1b488f36a4150a99dd3e24

            Download Submit

          • /data/data/cn.qcast.furrycruiser/files/umeng_it.cache
            Filesize

            310B

            MD5

            2095fd41194aee618bcb43d8c68a888a

            SHA1

            38a27de69f56d54b0b27dd8dc63b59e4df2789ed

            SHA256

            6366df0d7c7659e41b5dc24791066b1ff64254497591d419d7df1d058c656f86

            SHA512

            35ec8b93b04829b6632859cd5d96e0d2e1163c0074ee9ec5d68596e345bb7a32d92ff267e1365063b1efe97b34c4a7136961b620cebfea335a2c7cfde16fd240

            Download Submit