302db1cc104ea99662ec45dff2034ee8828d1ba898a526a7b50823bc8a50c2c9

Analysis

max time kernel
143s
max time network
153s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-10-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3140851d042fbeb0e08633f5f38c1338_JaffaCakes118.apk
Size

9.3MB
MD5

3140851d042fbeb0e08633f5f38c1338
SHA1

7c824d88a5f78791af7b7f3a4cbeb0a0e58cd6b5
SHA256

302db1cc104ea99662ec45dff2034ee8828d1ba898a526a7b50823bc8a50c2c9
SHA512

3290a9145a5c019f8324e6a06e4b34c1c017d3283af5995a94511bc2568d1409e4cec67f4de50e1fa0170a7d52f0316a6dc50cad7d64bf4e6de27bc88a246407
SSDEEP

196608:SvYoQ/PipF9DW0bwc3xBAT7LJWlwAYBiEdgxDOo0GzlhsL8tW:Sv2SF1WbFWlwAYEYqDV0G/tW

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.xianggou.qydjk

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.xianggou.qydjk

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xianggou.qydjk
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.xianggou.qydjk

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xianggou.qydjk

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xianggou.qydjk

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.xianggou.qydjk

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xianggou.qydjk

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xianggou.qydjk

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xianggou.qydjk

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xianggou.qydjk

com.xianggou.qydjk
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5051

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xianggou.qydjk/databases/hmdb

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.xianggou.qydjk/databases/hmdb-journal

Filesize
512B

MD5
3d3011b7b0350fa1beed3f4d5e0d0b59

SHA1
54ad0055f5486dd6c4bf67f061d84d194a27517b

SHA256
8810ac09014bf95efdf17eee4ba5596e3cacf8dc0392779584eec02ec904f264

SHA512
b415e160e6c887099a9f078b7adfcac2ebd19b6132cd633c066778773a09d8c985c7b8c7537a1745dfa3fd9a3f4faeb0def01af9a710468b6315051b19b03bba

Download Submit
/data/data/com.xianggou.qydjk/databases/hmdb-journal

Filesize
8KB

MD5
6bbbbe7bdb83a08ffcbde7f9f7bf8ddf

SHA1
169819a3605a0bc2e29fcbc9d73ebd6a8aeba05b

SHA256
d33524f42b76e2b6130b67ecab9dd4f6a68223d00a0a82732b21a5fa583b4327

SHA512
6d85b354a64283b44ed09450c911f46e2f9247394fecb97908227570ae21ac369aa8a5b7e4a718eefbf565a16b0b27c781dfd43c467e639d5515ff5376d87b7c

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db

Filesize
36KB

MD5
ad9fb6cff3dcb996f326ba727feac61a

SHA1
6079df4926b2575038c048eb5c5da89d928944b7

SHA256
7db0a9474dbabf4d3aefeaa1fbde6457f5ffefe3773c9df30c41675808393e07

SHA512
573591e0eee4d4614d0dcdc2369b9664c2cf58ec863ac85e7a148a9e4f3162e04c2a6dc83a8ad221bdf5b39671027b1a29cd5e6d00ac1d8ed6f046c226e29250

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db

Filesize
20KB

MD5
e2e212f1bdf24e13c4a885faf4189e38

SHA1
9f634cffb11e3121aba37d4ff497af7edabf553a

SHA256
c927a99cfe25f37ab490b977ceac9bde2235fc8f38f90c3648be7fa1fefb6055

SHA512
317982330a4ee343e950f267503ab26c3bf60ebb4750cf69ee8fb6ad19b759c585292e28024b4a3b122f3670d05eff05116898509c340649c43591cad7a1a139

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db

Filesize
36KB

MD5
32ccf88c529feb00f9b87f5ebe85e3eb

SHA1
583aca0e4a6d96754d04994866a5a9e2e9720bab

SHA256
77169c33a3b780d881dde1f4b480ed0b4c7a521f30def8303c3c3c93981d6d89

SHA512
f3fc9804dce19ebb409959cdf85225aac897a62a0b4ba6e9e6186d970d6f832e4b20298aa6187daaad302e9e4252f33e1f8aa50f57923bae45e1ae21c45b2e08

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db-journal

Filesize
512B

MD5
3a3b3fc38d21816d6ad783b1dd34b7df

SHA1
2a47d81579d5766af163c001517bd7e9d1895ca4

SHA256
62a5f9478efa59df72d72d9ebde98fe09930acf7c61ae547e94fc8cab0ff4866

SHA512
36e086ed03acd7deba283747e13e19cde6b1b1fd458e586b7fb29e2f0234a4db38fa74c824cbfbe580dbda67fed7c9691b753161099fe3a2cbe3e9cfd0139ce4

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db-journal

Filesize
8KB

MD5
4919a67566774dd0c800d0f1440ee558

SHA1
d53d8617ae04ff8ba58e9313b0a6a5aa6d9d5fe4

SHA256
1290abf5ef0da467bba1bfa7f28b44cd2f2e1aedd28a81dfc9de8c37e9d5cf4b

SHA512
feaae9969b307344cd071b616b9eb61a28899261c0f6e96d9a29897d954c37dca0d87a7483d2b6ca32e8dbc70d58dde591f2026073b92c364aff359544b946ca

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db-journal

Filesize
8KB

MD5
fd61408fe7170644c8ffaddc51604117

SHA1
da61312212a706646264a422f9ceec60449cc9fd

SHA256
da69ee58028744e083f47d89f7fed6762a7f485da50b85c17e08e3124ca2eddd

SHA512
50b5b881ed5929a8d49262136cdc2568eba23278f79482f1bfb03b7a7ea21de3e85e863bdcc23e46272b9a38ab16e3db29e5e8050975ef23374dda1a9215878c

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db-journal

Filesize
12KB

MD5
0b89bc7fbf0e564c542f8f6aaf0a212a

SHA1
8280032b1fba94fa46f92b887db0e057792171d3

SHA256
79f694b4718ac9f576d86e6adb2ae4a15439d7432886d0a3db390735ac76179d

SHA512
33854d8c72d66c8a9d42db64817755b7cd20b69da46eb7a465f4e1400b2f827e5360012f472d0113052c9e8c0fb5cb855174e6d58a33e5c9ac18b726896088f4

Download Submit
/data/data/com.xianggou.qydjk/databases/logdb.db-journal

Filesize
12KB

MD5
2636f04eaa242d71e61630bb2699dd13

SHA1
cf39734ad152b78fe63c0a7a6092280bb2fe621f

SHA256
ccd03e4cd80fc5de12785bbef9833018ebf8d559fddcecf70d08a6149b53c19e

SHA512
3f22769945988f0c5fe1889963a9e68e58aec7b1e09f6848f81c76636ff39c9e13b23a31274d4515bb7719484d1461135a7861711bf2985c7db983e503e70287

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads