Overview

overview

7

Static

static

6

02637f8ea0...18.apk

android-9-x86

7

02637f8ea0...18.apk

android-10-x64

7

02637f8ea0...18.apk

android-11-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    30-09-2024 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02637f8ea02b60ef4a73817fdaf01485_JaffaCakes118.apk

  • Size

    932KB

  • MD5

    02637f8ea02b60ef4a73817fdaf01485

  • SHA1

    1d0ef0037ea0d65bcefee4fbb8e2be902c56349e

  • SHA256

    0e9acb9d441235efa9d03f6737822ae1ab96ee44127730edf921e3f67297ea9d

  • SHA512

    87c4163ae4c3ff078848a06afdd4349f43f309f4a7410fccb0e0188ec674789909546a48a27b267e8f53adaf2f454cae2cd1ccda2b9405af0fc74f2404eb352b

  • SSDEEP

    24576:5pQ//xsrQQ1GI/zPA87piNpAKxGmUITSHsL9/QWSYuI+9f3:5pQ//IQoGIzA84pAEGmjL9YWSYuF9P

Score
7/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the content of SMS inbox messages. 1 TTPs 2 IoCs
    collection
  • Reads the content of the SMS messages. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 2 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.hhh.qingcnslaidx
    1⤵
    • Loads dropped Dex/Jar
    • Reads the content of SMS inbox messages.
    • Reads the content of the SMS messages.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4259
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hhh.qingcnslaidx/oko.jar --output-vdex-fd=44 --oat-fd=43 --oat-location=/data/user/0/com.hhh.qingcnslaidx/oat/x86/oko.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4299
  • com.hhh.qingcnslaidx:LocationService
    1⤵
    • Loads dropped Dex/Jar
    • Reads the content of SMS inbox messages.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4296

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal
    Filesize

    512B

    MD5

    14095fefdf9a4c6264bac92542927d2e

    SHA1

    23b9dfa9144abf7df6ff3025e19d584305708dba

    SHA256

    71a61c2292720b40df3e7f35162ccbf6832f6cb588f0592b7b8cacebcf9a8cf0

    SHA512

    8f2c654449f0c64dbd32449b7fc82073e5708d7e6fee430439dd042b7b07297568c869d2309377884c836bb3b6ad1efc81645726bae40a23a543b414888ce2b1

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/blue_chq-wal
    Filesize

    56KB

    MD5

    392f79362072eae2ccd5f73f78dea8d1

    SHA1

    a23f4f7e8158ee29b6415d2108e0523b60ba4997

    SHA256

    784f69c5bd52131e44bc9ba44c9f966e67ae0cd398030f760229d2e757a7c462

    SHA512

    57f557c4a0c655f52e7f0281300b938c8aec44248f1c1f40fabd4bd072cedd1e17236851f80b1095f238fe83cf0711347217d391c2aedfdf07920029b2b76ec4

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb
    Filesize

    20KB

    MD5

    63b5cb80da82083421505306f862903e

    SHA1

    b2f4f3bb0923decbc4b5b8bf8212167ce4f8853e

    SHA256

    e306c402368ea880a095faeaeee4e178b4ef16e5f8c992ad9751eb437a89d4a3

    SHA512

    5001251da7eecb44e4e73f31518efb764ab1a0d5c5f06ee5903085c76c9bf69ded2052a46e0670ac9f3d613611c52a837d3ac4c765f5af8c3ffa395aa4c90f38

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb
    Filesize

    4KB

    MD5

    fd165b74426fd4bb48bead6025e0087a

    SHA1

    df30d1e44bb45e4c1b10ebddaba6241dbc5e1940

    SHA256

    b0563ee25383c07a4b0d0644ce2e884f9f9fcfe70ff0cf0dd7cda6a34ba95fe8

    SHA512

    7b0cfd4d5a35d2d714d7dd663b500ba6affb3cdcbacb970ede65966a05d08c23935ef2b26871e5217faa847129bea0df859bc878e330f8d2b6b5f4c1820f1fa4

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb-journal
    Filesize

    128KB

    MD5

    332adff114cd528222910b1864a79914

    SHA1

    78126369a25992ce2a6f6d020b2c7164b5365a5e

    SHA256

    162aa6202c4a22802ca6b2fa7c0cb572920f3fe2aea758ee4feb7d6101c8f8eb

    SHA512

    9e549ea3f1e20f0bc9c15bd4e059eb5eeb5666eef1df4fe00f5c7e08e4757f8561cfc711e94c005bd595d7b60cff9c51e6119a8eef5aa93495b2dfbb155ea227

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb-wal
    Filesize

    32KB

    MD5

    c27f703e664928da36124e4a98d55a15

    SHA1

    7e5a7bb2432bccd5f76fb4456a7d7dfe2cd9fd7c

    SHA256

    939c011df36ccee9f478be14d11018764512ae9c60e2712a3a43c7619272b410

    SHA512

    bf73462c96b77b7287fff7ffc4d9fa816c64b2e6fd0c39f9838c17e30609ad765cf38cf39d4ecca707683befb0f1c5a789ca859e411872c08b5b34ac0a675652

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/databases/myqqdb-wal
    Filesize

    36KB

    MD5

    338f896b128e15049662dddee258dba6

    SHA1

    a2dc425d76b72778f45d5da91c2094025e7fe2ec

    SHA256

    6a0ba553af621ab616134f71a4ef8fd365ee7e7adc1736536172d76e8ac80937

    SHA512

    a1dc39681825d97f1422ac021d12a808ed5bd209ba4556d2b9a9d7e618f5591f54159df9027b01f1b388af8f147c54e6f96e915b3a019618a3a7a6d81091db6f

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/oat/oko.jar.cur.prof
    Filesize

    188B

    MD5

    649cce332ce19e25b3319029d5ef7129

    SHA1

    be79789b85b85f48f43d637f398833e127ca1899

    SHA256

    6fd8dbef819284595c2d8c6b1d11c202ea45327f32e87feb20beb96daa79a871

    SHA512

    53b9bb01a2a22ee33d21fa6cbe7a92c1cad91f055ce9ef636edbcfc4af691068f2a49151e29b0370f2fc77362712b2bc58bed72d5d516ebcfb54083736895edb

    Download Submit

  • /data/data/com.hhh.qingcnslaidx/oko.jar
    Filesize

    20KB

    MD5

    a4ff2168d0b3d0fdb947aa0b1c2243e7

    SHA1

    3542542c7336c06aeebcdc550ee738365e062ca6

    SHA256

    6238c52a29fd4dc2ac450f2637892b861a11418610b1be45a852203b6a75ed51

    SHA512

    cd39e87161e432e162cdecea4c4638d49e4b1b06e9b60c28a2d3c823e235bc6e02acdeba0c03dd101eaed20ed5e9f7744d7a02fa83402716b6cf66c98402da06

    Download Submit

  • /data/user/0/com.hhh.qingcnslaidx/oko.jar
    Filesize

    43KB

    MD5

    4d0eb5b7285e5c15f1044e7117bef3df

    SHA1

    65e6102c1d602c9ad8b47f8742329871d8eae8c0

    SHA256

    9f06ff45d7467748f2257283e388b2e1cb9ff115c095b685b25658b54191aef8

    SHA512

    33c7b3e988eefa65811fe9b9d05513eafa0c8b9f3a943d0bdc74769db34f8d1748d68f1d608594d5581186918e39107d5110ba90d6566eba057dd98d05125752

    Download Submit

  • /data/user/0/com.hhh.qingcnslaidx/oko.jar
    Filesize

    43KB

    MD5

    82e6bb1bafe35ac95f3aab71965ceec7

    SHA1

    3d81d7a4575011d9521180ed7767d13463cf0413

    SHA256

    7b5f5938c60be155524b4c0dc2c4a8d48830b3770b94583bb520ba7c3fb9c85f

    SHA512

    4cc529c2a4a4e1a31f331f29e356949b7ca5f072c7eea9eb874d10d2b371149e6ed0040f2644f48fb370dab54090e8cec054f9040b22635d09cb3009666332eb

    Download Submit

  • /storage/emulated/0/device
    Filesize

    32B

    MD5

    2813b09cc9a27d42cb1312df66c7d65e

    SHA1

    d56be1ed97eb04f455183778cca780f9a6111f69

    SHA256

    f05b159b68295781141d4a2dd7b69052d9d5bc79e2856bd6bc81d4355b91a3b4

    SHA512

    29481f507508002b3907fd289728de6de2a959313adb30dc0f3993defebf69ee7aedbc12c2d26f3f35f121505797a1f8bbb83c219d8c9631664021ff803c060a

    Download Submit

  • /storage/emulated/0/device
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit