0e9acb9d441235efa9d03f6737822ae1ab96ee44127730edf921e3f67297ea9d

Analysis

max time kernel
120s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
30/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02637f8ea02b60ef4a73817fdaf01485_JaffaCakes118.apk
Size

932KB
MD5

02637f8ea02b60ef4a73817fdaf01485
SHA1

1d0ef0037ea0d65bcefee4fbb8e2be902c56349e
SHA256

0e9acb9d441235efa9d03f6737822ae1ab96ee44127730edf921e3f67297ea9d
SHA512

87c4163ae4c3ff078848a06afdd4349f43f309f4a7410fccb0e0188ec674789909546a48a27b267e8f53adaf2f454cae2cd1ccda2b9405af0fc74f2404eb352b
SSDEEP

24576:5pQ//xsrQQ1GI/zPA87piNpAKxGmUITSHsL9/QWSYuI+9f3:5pQ//IQoGIzA84pAEGmjL9YWSYuF9P

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hhh.qingcnslaidx/oko.jar	4976	com.hhh.qingcnslaidx
/data/user/0/com.hhh.qingcnslaidx/oko.jar	5016	com.hhh.qingcnslaidx:LocationService

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 2 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.hhh.qingcnslaidx
URI accessed for read	content://sms/inbox	com.hhh.qingcnslaidx:LocationService

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.hhh.qingcnslaidx

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hhh.qingcnslaidx
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hhh.qingcnslaidx:LocationService

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hhh.qingcnslaidx
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hhh.qingcnslaidx:LocationService

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hhh.qingcnslaidx
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hhh.qingcnslaidx:LocationService

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hhh.qingcnslaidx
Framework service call	android.app.IActivityManager.registerReceiver	com.hhh.qingcnslaidx:LocationService

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hhh.qingcnslaidx
Framework API call	javax.crypto.Cipher.doFinal	com.hhh.qingcnslaidx:LocationService

com.hhh.qingcnslaidx
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4976

com.hhh.qingcnslaidx:LocationService
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5016

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hhh.qingcnslaidx/databases/baidu_chq

Filesize
52KB

MD5
e2da3196f34eed3c5e8fd175353dae46

SHA1
0ea9ebd0c1c027ec1b43f021a8e8a438092eea11

SHA256
25a08324412d482d4326d68e88e2434cffc6364befbafeefe5c3540c78583531

SHA512
b4f6687c223bea0ca91fce668dcea9c49891ed5f4eb099121908e712cee4647a3036ad690e7faa49e847291521f0ff343379de31650f823ed5137ef286431e68

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/baidu_chq-journal

Filesize
28KB

MD5
e913988027a68ad34059c6c59375d2de

SHA1
f9f34a42abdfe5315c3121d0ae1ac932763363f3

SHA256
1ff07efc4b402e13a8512ee44688af1ea5654ce51a9bf404633d20e12e486778

SHA512
30d64ded158b14fea30ac6d234a0777d11fc35a3f0b825ae5b549857dc149bc3f204a0f63a8bf7d007fb2e4aff555d7db3a9677aae06767ef0c5390fb5c7352a

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
512B

MD5
f631d6576cf804ee46d1838375525880

SHA1
6ac4eea6f03f14bbdcd57158ac7d8da86c57aa43

SHA256
fa69819ccf38c67ae5027e35a21405c574ff57924330a52a32bef2795ce540bf

SHA512
6c0c3971a3e274d2a7ac39d8f45c0a519590c0e97fd49c942f93a8ca4f9a4cf0220cdbacbf5711606bf28589e1048e56a1e8a1c7f714129536d54d92057ad2e8

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
dda4656c12ba21b2789ab726765ca5a2

SHA1
eadf059b58ccececdc2fe11f27010eb3b6ded065

SHA256
75a684c8448cf3ef4135876d3c7b9234cb2c1e36c303cede6aa833259a293a39

SHA512
88af73df64059ac61ff07e7737b6551824340db149d9dcb765ea5395c627d2769d86f38e13e678b820db51020d35b27adf39e29c05cd5f334df57629a392662f

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
5d8530e95948f83a1edef57ee36df611

SHA1
3025ff67ead1152dd63d59d14db59c4da538cb24

SHA256
9df3dcffe6c0762ae58630fc4b301905d6f74444b9698ef151c4da2cc6e1f5e7

SHA512
0b4aece65b5582009430030bf814e3bb3f06fed2454a560ec7464a464be7955a3ad5f26ee85768dbd1edad3e0e3f09e83284493191d9b7b7a0762407488da998

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
f381a9003355838a26b0987ad698859c

SHA1
168a1cc75485f484d3d690ed71d0dcb08fbe96f2

SHA256
dd7dd2794f77620dc31fb06ed8cf831f916ee5abfb9a4754e177d5a03c9a09b4

SHA512
3a92d081109b2fe29326950292180594da980f5a8e2db0eb24a204466ba471ce0cc17714763e4a51dc1efa9cc4de51072c34619547686c83bf7f01e6e5d6213a

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
9ba6ec035208e40d0ae5997d89225a46

SHA1
b4ee43d61c0384320034baaa9a06e2e0e7a5eecc

SHA256
821b289ff0d5313e06a0bbaa198c654edbbe8340de01f3212833477b204a0e04

SHA512
712064cb7d67b8d21e0dd1b86ab9fe3ba128aac73de43d40263abbc0d3b1a08c209a5cdff8f049e994367f4adb9004810ac3f9ab1bd04717ff6da6776bb80876

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/myqqdb

Filesize
20KB

MD5
ac742d4baf94c5781bfef105f5b4ddd5

SHA1
66c65db1e099782e6a70c5feb36c9ce213dbfa73

SHA256
f230de9bf5c2b5959dbfb25a31b54e91489fb133cd32ac1ba5b2b3543ba9131e

SHA512
1fad58fc102c38419b798672eb510e1ee2f7774110eab645972acbf1ef5ad96400b2f5f035cf7d33ca6f0e950e18918e6dc433b1aa84289404a7a40e1ca6668a

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
8KB

MD5
eca1d98fd1437a2a6198be85ccf8ea9d

SHA1
fe29c336aa7228813739126d0cf25c31b11fb904

SHA256
46bd69099be04e0cf373e673b6212ed01f073df15f4b1f26f1a97e6803a125ee

SHA512
c6414b6ab5a814ce9653223af1aca0293a5ee618182abc11a309359ee479763d6949d93a61f949a45af84d004641a84c1be7c8f0b0532a4d8cb31d58bd0c446c

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
8KB

MD5
082fc880638f67ecc20c19916b8b5638

SHA1
91709f4e182aea3323cc0dbd92a74da69133bb2e

SHA256
100d087637fe5f08b137afbfd01a092e2d04be2eae714071cbd80a14734e6e84

SHA512
480f7f6c22b139006683c06a5baeb09714552288484121f70800ac1a70f8c16ce6487ab206174d7d37676134d395f671e1a207b5df339e0883b8e0c3cb3540b2

Download Submit
/data/data/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
8KB

MD5
70695cae9405d6f8c67bde9b76524e25

SHA1
97652eef4ad4e906e8eb6c04611345cea940fafb

SHA256
abfb9fce3ba99bc94eb46ead11e9b43d9be28b76ff9fadd6d29ed66db7096d6a

SHA512
0dc67d46afab0a8d27d291076ae5383653a219d0523b594fd1fe719401055abfd1aaa715ff656ff2a21f0bceecce41fb91b1060fe50f628a508f4dc09da02d86

Download Submit
/data/data/com.hhh.qingcnslaidx/oko.jar

Filesize
20KB

MD5
a4ff2168d0b3d0fdb947aa0b1c2243e7

SHA1
3542542c7336c06aeebcdc550ee738365e062ca6

SHA256
6238c52a29fd4dc2ac450f2637892b861a11418610b1be45a852203b6a75ed51

SHA512
cd39e87161e432e162cdecea4c4638d49e4b1b06e9b60c28a2d3c823e235bc6e02acdeba0c03dd101eaed20ed5e9f7744d7a02fa83402716b6cf66c98402da06

Download Submit
/data/user/0/com.hhh.qingcnslaidx/oko.jar

Filesize
43KB

MD5
82e6bb1bafe35ac95f3aab71965ceec7

SHA1
3d81d7a4575011d9521180ed7767d13463cf0413

SHA256
7b5f5938c60be155524b4c0dc2c4a8d48830b3770b94583bb520ba7c3fb9c85f

SHA512
4cc529c2a4a4e1a31f331f29e356949b7ca5f072c7eea9eb874d10d2b371149e6ed0040f2644f48fb370dab54090e8cec054f9040b22635d09cb3009666332eb

Download Submit
/storage/emulated/0/device

Filesize
8KB

MD5
76eeafef7d561649b1dc5c5cb2c5ac86

SHA1
6406cdfa96bff5b27ef47ea1991b87ea60736562

SHA256
dff7640582e59fb440d8aaeb54d199a48108f39434efd172d25d4034bf7f1bd5

SHA512
0d3c75dd643730b25afa2ab72c6ecd1de011c5d571d759d4b30b814795ea9aebac6018390652e65b000ae712350c2f16bbd270d283041a31646604b366c1ff3d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads