3bf3399a685e0aec6ce84e5a6c09fb6b686bb48cd01abe77c5daf15bddac3775

Analysis

max time kernel
149s
max time network
153s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04/10/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119300684b3f52766ba3ad2def413866_JaffaCakes118.apk
Size

5.3MB
MD5

119300684b3f52766ba3ad2def413866
SHA1

15da22bcc9459907374acb9d57de4058ef7fd4db
SHA256

3bf3399a685e0aec6ce84e5a6c09fb6b686bb48cd01abe77c5daf15bddac3775
SHA512

14eae855064f0d25dc4b18fe618d7a41951061d63116cf9ccb01a2a0526d71ddeffc773619a066bf02ce650f94988bce08effe6c8b1ef748daf235481c3e9304
SSDEEP

98304:wV8V8hYtfVcVcF1m2MqJ2tQMSEBhWIa/cJBJ0XdbLRSbj40j7iscraCpR:wWnxm2MpVdBha/cJBWBLBQ7iscGo

Score

7^/10

banker discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.qihoo.gameunion/files/patchs/global.jar	4642	com.qihoo.gameunion

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qihoo.gameunion:remote

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.gameunion
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qihoo.gameunion:remote

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo360.accounts
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.gameunion:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qihoo.gameunion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo360.accounts
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.gameunion:remote
Framework API call	javax.crypto.Cipher.doFinal	com.qihoo.gameunion

com.qihoo.gameunion
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4642

com.qihoo360.accounts
1⤵
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4713

com.qihoo.gameunion:remote
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4741

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qihoo.gameunion/cache/uil-images/journal.tmp

Filesize
8KB

MD5
190e5f6897950a1a971ba68309b35e8f

SHA1
59dd43a57a930708415c8c5835d114fdda3c3742

SHA256
2bf8824022ec196f99e310fc89812d1891335e91b904fab27f3391b1a327389b

SHA512
568dc4e68cca26163738019be07d6eb608d6369ba3f546c2a3dc2607826a0de77be4336afc93bf9dcb0c9af0d1d452c7f575979a39a08fee449c9a058c546759

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db

Filesize
76KB

MD5
264ab98f1d8d085850040a3f4c03b2b1

SHA1
5b6de47426ed08ca6122fcbb8522ffdbac244a27

SHA256
4c564a7d37f5866f7d2d00a695e767aa82772166525f219c0b1390e8b5c9d1cd

SHA512
04b60f9d8e91eadeaffec7827f6178b58193899b068530584e3cbbc6722e24872408aaf0ff55155720054d32a7d4751b15150dea17274dd2989ba787fd78a620

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
60KB

MD5
f4d98c5ff4c350476cfaedfbab5afa52

SHA1
b7d1399c480a08bcc87bd0062f2def3ba047dd6b

SHA256
21d6d71b6c64dcacd0474383bea4e08a3979d876adcf0505ba23668aceaedb57

SHA512
a2a5d70adc78d80fe294e35c3597edc77ca057095a6b34b7eae6cfbe2fc25a093d46cd9874d2e43a44c7826b256fa2194aef3046242c4abbae34aa7cf26957e0

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
44KB

MD5
fe557d5254a63040b847683c4da99118

SHA1
3520e44f9cec09eaa91379c3123f474d31578404

SHA256
973d42c20353b0404729d31521331f0615a6abe0caa1b043f5669ee919bbb737

SHA512
cddecb26397d2db104842de3ee2f41a885bf19f0d6ba07d87fb1b3a2a3fcf87c3c74fb4f0bd0ee96aef588fcc9f3a545e550691f8aa5d087e2dc463b57c58625

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
8KB

MD5
97f5361daf9eb868fc787cf746a50aa8

SHA1
d5f08749f148d5eb8932f2f500b81fb8280e1efa

SHA256
02195224c6ca891b3c031637f8e1b27745cd8709f41924187313e1c5975e1763

SHA512
4b6133131f7ac3c868d4de9b7f324f24bcbd44c2f9e6a4106d1359b981cc4f4a3c41316cca1570331a80dc0f8710cc91359441a56c24c92dfd494317ce1a92ac

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
8KB

MD5
dbb8452d75ebc180c3c25da27caee7e8

SHA1
1d1c0c01a48239c29a0f399b0c9d1dcd5e74995c

SHA256
66564e009bf4ca3ce81c97fb534b1e66169e3b391c720711a60659eb9246822b

SHA512
cda68a40922e6b6b83d884ead24fb97f0ee23178a63773114901a7415c9b3a27adac433f4580a425472099724aeceacf3846ef6f3a6658b437911187a26ae2dc

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
109KB

MD5
dd9a1d4b314f3b06a529b341e9d7a690

SHA1
dc4ccece640cd446ca82d44fd42a015209c8bccf

SHA256
94053344f103f19e2124ee046ce44906ba15c3afe319ba68b735d274bbd7f77d

SHA512
b4cc5baa12e4966229f62c0dbed2820e7b244d2f31db84c06c99dbf226ec63cd3e35ec13f689daec541024bffe1030a984a6e3763805950e1efdde218a8c4681

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
8KB

MD5
d04aaaa7c6d853797af2243a9f886da5

SHA1
f284fad8001fac35e64860549aaa6d20d639d4f2

SHA256
487ead57c1b04d4624d9e4605c77308d19203077641039f6a1d276d461008619

SHA512
fcd92ea1e82c9b3ad4763bfecb08f2dd6201093f0698d6cb0cc12a32c2f393fddae93343e7c466d587c6eb2ac1e4c5d8d802efdb11574ebeec5158bcf4f846d4

Download Submit
/data/user/0/com.qihoo.gameunion/databases/gameunion.db-journal

Filesize
8KB

MD5
094b2afb995585a783af7eb462738ed3

SHA1
425eda2552341f69fbdbdbe9ee87b7caad8527f4

SHA256
aa4bbebea0301f9efc3d78a0e7be074f966ecd45f6107d3f861630e2f2a61b86

SHA512
97bae387e6520dbeb6e3b769a8f6b86624527723bb9e16c58e3505e3cf4769121b1470a30e669f8c6913cd68e1ec96d7b44935e2e0992b1a0298a05addd7b36b

Download Submit
/data/user/0/com.qihoo.gameunion/files/frameso

Filesize
9KB

MD5
73d1ca7ab34f79dfa09a28c79da8825f

SHA1
edae6729168678cb083682b73ce3a104fbc87a86

SHA256
0ada7290dadf19645e37bbf80e224e1ac8cf27dce6a6e593db20af49b16c7789

SHA512
78a05faa19b2417097ccd7d39f8d0362592a02cc551742b5c6b09815c47a6706a167ccd3e28f4395fe73c311be512288bcafcd56f006c0503e06e58ce13262fa

Download Submit
/data/user/0/com.qihoo.gameunion/files/libec.so

Filesize
17KB

MD5
306485692e13e1c38f9728090eecc8ca

SHA1
d15194d7954f649245435ec52147b4714f96a9ed

SHA256
54f6d16158607e4d71e1bea14b27c21aa709a2d0ac45193fc81646971bd071dc

SHA512
f21f6af5e825a02809fdd08c8b59eee6ee8618c6fdaca8c2c0f16986d20ec223796e6db42a928f6b5f69ed596f8c60ab00070ef7dd2b2b96cf7ad324202ca7fa

Download Submit
/data/user/0/com.qihoo.gameunion/files/libvxproto2.so

Filesize
77KB

MD5
daa677f0ffd56023dc203265c6528fb6

SHA1
3cbad81fcf7af88db02bc53638594ab6b427f9c8

SHA256
867af5ea4baf4da0a5a0d9864d590b1e627c0ba0ff5d0321740b83d86aed015d

SHA512
863dc075295936fdc2183b84df1814055d2a56680b2b8f8c5854d2e9a8d7cfa9d92f3af5f1c3ac43341a798c28d89ae9174948cd4951dc1a27cf577861982019

Download Submit
/data/user/0/com.qihoo.gameunion/files/patchs/global.jar

Filesize
243KB

MD5
9a1e24553fee1c8095b7033b200bc079

SHA1
cba5991e34dd3d4861284f4d3131079d4f2e742a

SHA256
b5fbbd029052215d60211187322d4af7e6d306c9474f885a50c04d82c7a98545

SHA512
78f0d3acc9fe90ba422481fb8772ce2907c9800fac9db6a0ca23d65f2f20f99a76f881865dbfb2475751898379c47e5a902915d3dca4b9522ddcc67c268f60c9

Download Submit
/data/user/0/com.qihoo.gameunion/files/patchs/global.jar

Filesize
50KB

MD5
0b4d446313f703c70713d98fd24abdc4

SHA1
9110f98771d3dba1603f10fe43ea4eb63cb1765d

SHA256
7b2a11f55d0a5670e25b5790dfaca257aa8b323baba6d18a5b168b939702462e

SHA512
22394d66dfb6171f1e7d2f3484913be3c116b43369b1eee23fa7a6cb1bf82c3bfc3a62ce00268b76199c48b9111fd7b3348cac1f82e501544d320df46a2fb9fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads