0e9acb9d441235efa9d03f6737822ae1ab96ee44127730edf921e3f67297ea9d

Analysis

max time kernel
119s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
30/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02637f8ea02b60ef4a73817fdaf01485_JaffaCakes118.apk
Size

932KB
MD5

02637f8ea02b60ef4a73817fdaf01485
SHA1

1d0ef0037ea0d65bcefee4fbb8e2be902c56349e
SHA256

0e9acb9d441235efa9d03f6737822ae1ab96ee44127730edf921e3f67297ea9d
SHA512

87c4163ae4c3ff078848a06afdd4349f43f309f4a7410fccb0e0188ec674789909546a48a27b267e8f53adaf2f454cae2cd1ccda2b9405af0fc74f2404eb352b
SSDEEP

24576:5pQ//xsrQQ1GI/zPA87piNpAKxGmUITSHsL9/QWSYuI+9f3:5pQ//IQoGIzA84pAEGmjL9YWSYuF9P

Score

7^/10

collection discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hhh.qingcnslaidx/oko.jar	4659	com.hhh.qingcnslaidx
/data/user/0/com.hhh.qingcnslaidx/oko.jar	4702	com.hhh.qingcnslaidx:LocationService

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 2 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.hhh.qingcnslaidx
URI accessed for read	content://sms/inbox	com.hhh.qingcnslaidx:LocationService

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.hhh.qingcnslaidx

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hhh.qingcnslaidx
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hhh.qingcnslaidx:LocationService

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hhh.qingcnslaidx
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hhh.qingcnslaidx:LocationService

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hhh.qingcnslaidx
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hhh.qingcnslaidx:LocationService

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hhh.qingcnslaidx
Framework API call	javax.crypto.Cipher.doFinal	com.hhh.qingcnslaidx:LocationService

com.hhh.qingcnslaidx
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4659

com.hhh.qingcnslaidx:LocationService
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4702

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.hhh.qingcnslaidx/databases/baidu_chq-journal

Filesize
12KB

MD5
b7b0d87470156f720ba2da9287be190b

SHA1
6990e46111eabeb51d490c39c37e86f194e48d39

SHA256
a1ab670911c18c404d817f7a35564fbac444e2a7917adfb3aabfec2a40ecf529

SHA512
7cdb2c2ee9f4a8c3a43f121e1a208a036fe8bf328727b4ae7c70b80feeddeae99d374e65a9938f87ec0565765389ed56bc9000e42de51c2176c91aa0b67e2266

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/baidu_chq-journal

Filesize
28KB

MD5
07056c9965b84cc551354b172fdefc26

SHA1
47c298fd133a6ab660f06d7842111dc329a890c9

SHA256
778410ed2bee99e9f2e973ccd995922a086c7c0b2da1bdcd285ededaf9a3c257

SHA512
3c0908f21c4a7157024be8d222141f375d67e30c435f184a11608875d0b06871e795c9abf0bf3d87405937ce593d4ebbee3e72d5025161cb23ebb1f7749a398c

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
08c2a2d5d77c5b3c355bdcd7fdb00960

SHA1
b6f50d924c3f8912ca4f07cf47ce6fa96558c001

SHA256
7b275fa5d71718c095ef47d730431527ed571b0e5db4ce862012b0e229586b1b

SHA512
dcf0e3ba91ded4f483e0a265d9606814bca634b741f052d7225b9c5d8e5a06dbcc27f18a7c02a9ad09face68785841890d1cb7dac6eb25ecfd7c6d09f3381987

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
ac5b307be5c392fff6f7cee77d04ff89

SHA1
bc322c213a39af327e05a3a52e661d24f17321f7

SHA256
f4bc15b39d540d083656fa9953beb5a0ddc11f7e6e9b98f3d82cd60cd4b4a5ff

SHA512
04857f303f1a4f53cd9efefaec9131f6d21e16a5a1ab3956c485ac4adb96d38dcc33d6dab77a9ec6a59986114f5527ed9066f2a61e80e5ef4fcc6f2b48e85966

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
3512b0e761fa69e108216e04a584ace2

SHA1
7f192722c04ba5e7415ef4250da0c8bd51cc20b5

SHA256
5cdcc95d870e6c2e3b074c72956dc9c699f79cfc051b3325ef4380be17af01d9

SHA512
7f72b2e75b4bcca7e3619eae2961d87f0bc80d7160fb7aea3657a706fde55ee51cb57285c7c45df5e8118ff2af8ceb7ffaa963717ef08b0d9d7d017efba5e5fa

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/blue_chq-journal

Filesize
8KB

MD5
e3d4423d8f73b5f63e085bfbbc16f7c8

SHA1
777f0f10edfb64ca9ab794365be21a4ac2183caf

SHA256
940663585ef6a1b0425e2183b83dfa2f8520cee3aeb0d36bf918ff0291f47b1f

SHA512
3a07c7f51297734ecb6cd1761e833c3bf9b1828f80af78e1d21c18b48ee4a9e8ebb49af4d50212fa2abef87800098a4b8e4b3587b6d06fa5816e0476d68e990b

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/myqqdb

Filesize
52KB

MD5
0c39df88a2d5064ff8944533ed8a1687

SHA1
daf2c818c4a3a369ca6b9e6e559357ab8d8a234c

SHA256
04886a6a1397686aca619757dfa23f83c9d18e34dcdf65bdd2aac3b27c8eb51c

SHA512
b6928c711ed4e9aeff2fe1729409bdea96f139a7ab206d4704b2d4788c9754873b78115d02fa997cee240fe3413dc267696a33fc12ca745de44d9f549cc3bb31

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
512B

MD5
e087a293916b5f25ce7df221b0c5b07d

SHA1
b45e88fef99bb32b30ea9897f696f114d177bbd7

SHA256
99b10b46555285a6471a1a75366ad4bbb3bcad905f7db82080a49b1df807d5a7

SHA512
116edd17a06a6537ad50ae83b2f229c27ae0640f75e875fe1e346aec525d29e4d004b11cdcd9d1412b014fcfebd37081ea246858d9381dfb7755a2d409d88845

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
8KB

MD5
dd125ff3076c324d0ebb0c81ba59f655

SHA1
369a63ab8070ba8b2ad91733290de1b0f81adac2

SHA256
b1ba40dbe9b7ecd29c2e720d100c22cce9652cca9f44b20661339e618a0138f5

SHA512
a534c665e1385bf146bd58d1fe2b724b4e4f6c91434d432b8f046927a652ea0f4da39f71b7d4322f9e082144eaf232d09476d70aa8c5536c3be1b9b89ee1b82e

Download Submit
/data/user/0/com.hhh.qingcnslaidx/databases/myqqdb-journal

Filesize
8KB

MD5
8155be0570828238b7676a1c345bae09

SHA1
a6bb6db918c73e73517213d61e45636c80ffbe7b

SHA256
34e5a59487c1e42bce0c106203dd649f927b598378563e64741a78c66547344d

SHA512
82becdccd7bfde5be7ab10eb2aec68beed746cfa1d874f4b2d217ec143802f70ff576fa51cffb703212cc9aa1f941ad95e567f1b0d6c91442aa6d42307db8528

Download Submit
/data/user/0/com.hhh.qingcnslaidx/oat/oko.jar.cur.prof

Filesize
170B

MD5
d52e5041b7032b25e8dff9985bfb4b23

SHA1
d83149e9673320314073a988bba94fbb39a513d3

SHA256
932a1b1e7d1bfd24e5481d0844645382be5a48f7ea563d7c50a64025841549f6

SHA512
5925c92c75bff299c18c9e7b53f2378eb5582779880e788b5d2b80b45edd6a3c8c1d6d1e379045b647bca590ff1f5a9e71bb041849a41cb9f5556f584b081533

Download Submit
/data/user/0/com.hhh.qingcnslaidx/oko.jar

Filesize
20KB

MD5
a4ff2168d0b3d0fdb947aa0b1c2243e7

SHA1
3542542c7336c06aeebcdc550ee738365e062ca6

SHA256
6238c52a29fd4dc2ac450f2637892b861a11418610b1be45a852203b6a75ed51

SHA512
cd39e87161e432e162cdecea4c4638d49e4b1b06e9b60c28a2d3c823e235bc6e02acdeba0c03dd101eaed20ed5e9f7744d7a02fa83402716b6cf66c98402da06

Download Submit
/data/user/0/com.hhh.qingcnslaidx/oko.jar

Filesize
43KB

MD5
82e6bb1bafe35ac95f3aab71965ceec7

SHA1
3d81d7a4575011d9521180ed7767d13463cf0413

SHA256
7b5f5938c60be155524b4c0dc2c4a8d48830b3770b94583bb520ba7c3fb9c85f

SHA512
4cc529c2a4a4e1a31f331f29e356949b7ca5f072c7eea9eb874d10d2b371149e6ed0040f2644f48fb370dab54090e8cec054f9040b22635d09cb3009666332eb

Download Submit
/storage/emulated/0/device

Filesize
32B

MD5
2af3047de354976c32e18a831c0a0818

SHA1
0f2bcfaad1cda537596502035bd189cb0dbbc33d

SHA256
d230414be838c18efb49253357bde4abad8d7f7e04e855a90fed5a96949f2e7d

SHA512
618c135bc816caa8919ca8ae008bcfae32f3f1c0bb61c7cd58a3eb72245df6788ee1ccda1bf15c99d08fcf089555d2a157343e3690dcdbd1848ed716e2c93f73

Download Submit
/storage/emulated/0/device

Filesize
8KB

MD5
b3d9d66e0c0eeda6fb46bdbfe0485af0

SHA1
bcf357a6091d82dd4e21cb92037ac783513504a1

SHA256
8d9a7c75a41ba44cd65af7ab905743d7a486bc2fc709340e7508c86c4be93208

SHA512
11c1e6fb005d921fd39a566ff2a985cdc3ec31693323d1290569e98e4c6df8291a7511286b72edc35d60241d4d82b33a8bf5a42a412fa44d542d2223c1bedbc9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads