Overview

overview

10

Static

static

7

db68bf10bd...18.apk

android-9-x86

10

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    11/09/2024, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db68bf10bd0272897cb4e6d419313353_JaffaCakes118.apk

  • Size

    12.2MB

  • MD5

    db68bf10bd0272897cb4e6d419313353

  • SHA1

    0309d990d08937ff01a2a092ecbf64fef548e088

  • SHA256

    adbefa7ed21b2b9e812c39909a24aaac4c38aa88ecf48146582b1701d0cbd30d

  • SHA512

    8d06fcccf7c8e854129735236256e6a78ccb0cc31d9a32421aa2bfc91312d247070a1566b27806941f23bfced0e29971db91ebcdf6fbc40007f24c364a279060

  • SSDEEP

    393216:VcTKHJuQsMWd9srZALGu0pOokD96zwmR3l1:VcGHJuQsr/Cu0Efpm1l1

Score
10/10
badmirrordiscoveryevasioninfostealerrattrojan

Malware Config

Signatures

  • BadMirror

    BadMirror is an Android infostealer first seen in March 2016.

    trojaninfostealerratbadmirror
  • BadMirror payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.qihoo360.mobilesafe.gdc.mb
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4207
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/process.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/oat/x86/process.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4261
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PaySDK-1.2.13.16-UR_yx.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/oat/x86/PaySDK-1.2.13.16-UR_yx.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4286
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PayUtils-370.jar --output-vdex-fd=83 --oat-fd=84 --oat-location=/data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/oat/x86/PayUtils-370.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4335

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/.imprint
    Filesize

    900B

    MD5

    a97ce123dc68464696901c9d9de6fbf5

    SHA1

    846a8deb5c20fe9940f90604ebcc09e6989d19c3

    SHA256

    a1b27c5e7c464b9ec003c5a368012ebf91390ebece0b9c6b2f0b5868838aedd7

    SHA512

    279a5123e0bece561c468ad10d08078598f4b568334aaecef2cae0c8578cad0215cb270272ab430afe093d8d754df1d65527df2446eca9526bc04e2adb742121

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/FightingConfig.db
    Filesize

    2.0MB

    MD5

    11f056c2fb67378af51f84990e99b2a2

    SHA1

    8baad06a583c0ce26dfffa52b50140f47dad0cde

    SHA256

    7d81f45903b85f6349d5822f442f308224cf20c2d7f967a0c6db37a7d96c8dd7

    SHA512

    6777ca3050bd5850138cfea21a8201dc982a83e71048495ebe4bda028069e58b3145caa2eecd66444bd66ef41931a8cdf81ad7adea222accdbc63f1fe8edbe63

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/FightingConfig.db
    Filesize

    68KB

    MD5

    f93543eaba1117e83e98fd744edb33a7

    SHA1

    72627c1e86bf7ccd1cfe33b678873ac6f5cc373c

    SHA256

    0fe05e074d0b5983adedcdbb1e4945fa3b0e721212b5f2ea4dc1ec10bea66459

    SHA512

    2fbd09d118ab1a8c12d6bcb278d9eb5337039024a1d84f1adf2f8285853606c2e445d9314b236dbd606359bdd26cf3d7554cd7e2d1127a539c2f88563487882b

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/FightingConfig.db-journal
    Filesize

    2KB

    MD5

    8a36dbeb16b3ed047b079ca509d35ba5

    SHA1

    9c2745d5aa2d29ee60d76ffa0d46051d44ba53a9

    SHA256

    9c05a0eab6628fa000054f06cd456cc8d2325f62726732910cd7e3fa4e2eee90

    SHA512

    00f380855a93d1aca7a5ff814f8a50a81d78ca72ebd3ad4343ec2e68b586afe29abca8ac3652a03b862a70a87268369dc95d33aa75fe1dc5ada33a0740de21ce

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/PaySDK-1.2.13.16-UR_yx.jar
    Filesize

    124KB

    MD5

    ae2fa95a266b81eb9d33a9d36dc89044

    SHA1

    98b8bef7cd46de05a433cb382ea3b51192356ba1

    SHA256

    ddf85a7743866944c1c7ab82af0dc26fe1abf11218b2479b0656536583122661

    SHA512

    1dc6d32eb21dd3f63f1cfdf180002fe7a15fe1dd428965acc5788fb11d5bb4d97c6f2d58fce96bd88e69a86857c18839719bdf7463bce18c307288f460f34c86

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/PaySDK-1.2.13.16-UR_yx.zip
    Filesize

    124KB

    MD5

    cc8a3d3b720bb15e846223a3e124de2f

    SHA1

    0f59ea7f43ad6b2a3cfbe29c4c459ae204fdf2d0

    SHA256

    345d743f2ebd05cd8867c0c7bbd84b56189bc5cebf584bf2a93f10e45f91de49

    SHA512

    84598c45fa4a9bebe2d0d0d9b8f9a5d2d03ab6fd03cad756f57b620fc3624478809e9b0497895b40bed75cb2cc6c569c27ef1c0f14309ed198620d446f9ce467

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/PayUtils-370.jar
    Filesize

    101KB

    MD5

    388bf70ea8f190597d287a05c545efa4

    SHA1

    a45e48158b448390bf8347bff5d5a3988f229b74

    SHA256

    87f2089001a950588d5442ebbad97ec47696fead9247008e8488ef5242ac2fc5

    SHA512

    00a20e7c8b5dde2a41728a37816c1f89195e24824a60148c0df0a32825d48e78c68adeaabb218f0a81224c28c1f3c67418f40eb71ef6e68a40c75b028d6f35aa

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/process.jar
    Filesize

    19KB

    MD5

    1feba919b57d1a897a71e3a5c5384ac6

    SHA1

    51073c7e7576e27a98a2d6c2e452757932f10966

    SHA256

    38789ee28891758cc83404ed1ed05ed237a675ed8c620313c2b5c566fb76f634

    SHA512

    5c058ad145fafad1f72b1f05fa35d01d6a947d588f3c0eafe156d53c106e363cb2edb7b2e2c83a9d86e7895d1a2a66f5762462ce97539ee329f84089d372d49e

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/process.zip
    Filesize

    20KB

    MD5

    aa960a452f9ae7529c82098ed0082fd5

    SHA1

    2d44808951b1ced16ca54b3e0b597aa5507cd418

    SHA256

    c8c4ed5148835374a52c083a65310e2531f6e907e3b8dd30b7e10c5ac5240389

    SHA512

    ad1e659902dfdafaa73ce5bf29da363d356ded8ba207c2bf16798244ba32dfddb457d0e7e26e0559b7f9cb798daa454b86a0bcb206ea66efeba2d9d10e6d64c1

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/umeng_it.cache
    Filesize

    310B

    MD5

    d44aab67d745a48ae0f5d2c78ff54fa9

    SHA1

    b7618811196190ef5665a34f607eb76c980f8e42

    SHA256

    6645991d78ee3d3c4cde31081b6037405ee87772aa50fcef0eec59a49bb89a32

    SHA512

    f466995a78b0fec9bc8d59b74149b4680d74d05822f12323461a82d03266dc2dafdadb24bee0320d56014c92d14ea97c8a881ffdf9957f35620bdd5a28ef3782

    Download Submit

  • /data/data/com.qihoo360.mobilesafe.gdc.mb/files/umeng_it.cache
    Filesize

    158B

    MD5

    360c1135da03afb384ace8c5ce57a655

    SHA1

    7e5a13c39820cf554bdba1720cf300321533846f

    SHA256

    0c432c45762762776a36c72b4251ff94a7d9c33c3e146020510da6a236bdab0c

    SHA512

    7f1bb3c6461f4eb1cef623c2b342418d5779cfd3182cc77b19fad38d6b037ff722d0a4a830c45a5cd21f2404b827f184ef848a142e921e41dd640b11d6443b49

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PaySDK-1.2.13.16-UR_yx.jar
    Filesize

    301KB

    MD5

    81712ad0d2ac18d74932c36854506b0c

    SHA1

    db671373bb16f47c53d284d49abae607a984db38

    SHA256

    57dff12ca92f8b313554b3548f99dd69f3101bf297327050eea1af882a55a54c

    SHA512

    ce979b0d2e3ffc6b67b156b6c420395da64cf6058be21c176ffd258a8da421aea61fa0c3d14216c3f6dead65336e0a682385383d086f63aa82ed340032b4e6b7

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PaySDK-1.2.13.16-UR_yx.jar
    Filesize

    301KB

    MD5

    78f39d1fab28c0231a06331db37cca0e

    SHA1

    aace45db12a9e467f12778596ae24e6a6bb4fff3

    SHA256

    9244622f375dc34a1637eba20ad3118048bc9d68750d971c674e9277038da0d2

    SHA512

    3bf130157f83a6c45f236a7cac187cc8f4d3103e7be3c81f94e3f5f7e9ed22055534c035e5f945fc764b274322a6c0f0c36963ed7399dd09c19294015025281c

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PayUtils-370.jar
    Filesize

    257KB

    MD5

    8594b6ab606c39ee257c5a9232342ef2

    SHA1

    14561a602ed98f746739a657e6d546ab3cf40570

    SHA256

    be0894f420bbaa150bba75d97a925549f6a1ed08ec42e1684d794da19e9ac8cd

    SHA512

    3f08edaeea95da725c425be5f8a2871720c2b1f0d38a32bdd64e05d4b7a533b1b611a7b3a5eb86c4d0d20cac49dd410879a039a77fcb7f80f9c9ce2323ef0e4a

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/PayUtils-370.jar
    Filesize

    257KB

    MD5

    4ff6a1a70ec12d3ae49bf0e587076b4a

    SHA1

    180214ea74388e412f95a93462183110c9a65f65

    SHA256

    96c5adb75af5c8c10f19f0019b718b5d23a176731b5b406d0f5a195b4262cf03

    SHA512

    2c107d314cd43f85772b1c26370cb64e1e8e9a0e72b6f569a03698716822197e3fa8e23adbe21b38dc7dd70810a79be91d92d34b6850d4ce130b10e203340aaf

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/process.jar
    Filesize

    46KB

    MD5

    939b8ccb6e29d6e309450e0f12114653

    SHA1

    fd68ec64da5f561792f9f96bb70e18faf487745f

    SHA256

    eaba9e778954fc76fe7315fd4b42e5ae776116d181d3607f841684e584cc2f0e

    SHA512

    befaa1e232b2a53a0abc18fe7000cb02e3d2bffc6c6d8efc7bbddafe35a296c33aed4f00b7bd1d752c1e79f415fb9694265278dd1fc4776c08ecaa6b4cbcaacb

    Download Submit

  • /data/user/0/com.qihoo360.mobilesafe.gdc.mb/files/process.jar
    Filesize

    46KB

    MD5

    9079538ac944a3ded1ce6e410717ff9d

    SHA1

    ca5caf23ede4322e013f95d329b4243549589daa

    SHA256

    45da2d62e7ee9dffdc46594df724a5c56bd25128b1efea395bec2f0e1fa636af

    SHA512

    4d55d4166441e4069361ee4a9a1246a36ef60f0b1f635301d7d6eefc59ec1cb1518c16c37cacd3cface2f0b8d6cbb5f377e0f9282240f17ebef8e0badc488f90

    Download Submit