Analysis
-
max time kernel
148s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
16/10/2024, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
-
Size
636KB
-
MD5
4b209fcc8728a49b303293bb3cfcf911
-
SHA1
f225a2c821d32815fedc181381b29a05aa576951
-
SHA256
ae7d7f05f38aed97e8b18006f301a366c0a8a201241666e40a8f0f70a5c7b4df
-
SHA512
5762cf8267c6bed1412f363c2294a2c3c40b2adb4c9b1ca28869b8f8f6e4f1753f80afdf2881b7ca210ebd545d52564320b6d6f7d18315b222d19fea2a03d280
-
SSDEEP
12288:B14LUaxJLbCf7cznXk4gJ6Xn0AZv0eFxNMGH94vvQe6ERylTE3:r6LuUt0AZvt7Msiyde
Malware Config
Signatures
-
pid Process 4964 com.qogc.viql.fzaz -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qogc.viql.fzaz/app_mjf/dz.jar 4964 com.qogc.viql.fzaz /data/user/0/com.qogc.viql.fzaz/app_mjf/dz.jar 5027 com.qogc.viql.fzaz:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qogc.viql.fzaz -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qogc.viql.fzaz -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 6 alog.umeng.com 31 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qogc.viql.fzaz -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qogc.viql.fzaz -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qogc.viql.fzaz -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qogc.viql.fzaz
Processes
-
com.qogc.viql.fzaz1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4964
-
com.qogc.viql.fzaz:daemon1⤵
- Loads dropped Dex/Jar
PID:5027
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD57f1e0fe2e6a0618b6c84d48ea0586b6d
SHA1dea54fa91f9f431b85e8c4048244a1c3c4b16665
SHA2564225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e
SHA5127a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6
-
Filesize
728B
MD529dc5ef5c672dbd524b5846502ce9e77
SHA11db696acff934175f2bc31feaf64b91f904268ab
SHA256c71291003819b4d6d61a7adbf72acbb573146ff51fde70280a69e970ad01e296
SHA512dc4f05b508f7b7e533be9bd0eb4c4f517aee6578cb1c8d8c9727d40319fff2e57d7f9848ac996cfa4282628976b689955254e74a4c1ecaa48b5c70bf9ed7d83e
-
Filesize
105KB
MD5fc1eb8c18ddc0f8727b5fb5eba8ca870
SHA1af6d64fe2432bece4c523066a57f35be8f175a48
SHA2567f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9
SHA51225e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5a7790d444b846c0038ae61e938aea54a
SHA128c103703dee383f26e1a6f65f83ec9af86407cf
SHA256f6c81ed259fdffa34a98dee5fc529d2e411e75f332208a8deacd3d34351cac02
SHA512e3591392710e44d78704aa10eaed4d8ccdc4e749143a85b4b880f9e75009e92c3aa6560cbbeba6d99fd1338d2f7a96bdaac1717f8ffc6bc2f3559c07f1b46e8b
-
Filesize
8KB
MD5d0169563b9394364f409dfdbc8224f95
SHA11364c082fb122a44285e4db9ab7eb1e4d4e10185
SHA256723692664568f7f974224c414c93f0ef9a5216b28696ff195a1a3659c27dfe2a
SHA51226b8a79a8ca9018ceb575b65c3a775e00ba5de18a743fff83e4acbb9ee96e286552cc81ab48a8295c4be5bfcccdebd8591a90bc828f355300bb965ce2f585658
-
Filesize
8KB
MD545f00f76bbebc2869e110b6cd4fba1fb
SHA1e81702d6efc67ba28278765c9710bd581513c544
SHA256933026c73d8e795ca7d8d4ea8653fabe4dc9dae293df4b6bf222be4ecbc785a8
SHA51210c09584d3d23906da109a2cee5782e5182cca98176c32e07f45dd58c167d32b845713cc500ad4f584263803dbed19660b9b015ba080feb566a6372437335798
-
Filesize
512B
MD55cdb2634ae14f8a4c93d7637045783d8
SHA19e546ef8f734f6f96b0d0b9d70bc3ea2c5f4aae2
SHA256636de90430f92fecd81566b57f141167fa0c8ca172a6a13ab7f776ae0fdd2fd9
SHA5124c45be9dced4cb5dcfa90bbbc8bc37d0e92eb0297f0d6ca0f1498469c3e1bb8c5bf3bbd2a1105d3d118624d153eca0a79fc17f349b9de43e3601a7b7a25f085f
-
Filesize
8KB
MD563f4ed9a652f9914539d8a62bc8062b3
SHA141244eb30e74d340db43c085db3b7752f8d34c73
SHA256c0600e8d0823de22a74f3dad4d805ab3416828d74f71e809a374adfbbcfd9100
SHA512a07d6e38d1cd81890a1499ae5dff13b6a7c99afddc22fbc3d583fb6de46152419e6f4c222eca6e9a5aa246410068d3fa2116b6ceb0386dca3d97a41e3730a828
-
Filesize
4KB
MD51ea1f18eadaa4b4b47fdf7170345ec71
SHA17e6267f253737e28da00dc2c638b2243fe943dd1
SHA2565226d59821743f2946aeedc70cd07dc733bdb81ccd250279a277276d8e8c5fb0
SHA512ae92a8cf211a2ec9fcec362638c41cd4f315a9e25ade84ce405ac2ddd2c9272a8986b29c405d9b34ce5633c6b66aafe9658305a78c8e16d45496fdd6599e87a8
-
Filesize
655B
MD5e08e8aa955edebab073fc08ee6b37903
SHA1d916ba49e16dad04bfcc9175a50a8dd175e7aa7a
SHA25697cfaa929f0cc482cff5c8e72e7642f3a7131704e7fa77fa8e8507e85089df32
SHA512fd3c6effa12f0960c586e086a21834c8b6a0a1889c7b4026eb1f6632a8b8c7f98fa321b484d61a102c8a87ddaac3e694ab0ce767a9b236da49eb26c5683b2f05
-
Filesize
162B
MD5a10765501e40e496fa615744f1274468
SHA12caef111c09a68151e31bc6a31a40fefde6cc4eb
SHA256515e24d1c1cd90669c07796135ea38544760c57e2b75f1e4345a0acbce835c85
SHA5125bcb3836b4ef3b46e362d157ce15d623bea86301f7849a540db54738b154e931c87757da7abd80f02a96301bda9fd5a665ff0eb79fdc2213cde8d43128302db5
-
Filesize
800B
MD53b573b8bb8cb81713535a91f125517df
SHA18c935d52cb4155a22d596c1ba9e85ac8fba6a9ed
SHA2564f0de82ff1540445d9a9e86e5bf6bd52a357632c8ea731845447f73e13c33167
SHA512302faf454142b90009f3f9f8f28f3390a239872c24b27ae9c751b3065abc18a9ae18bd4f91ff2b4c91f3aed2360ea1edf9c47661697a9670cd177268cda6a0cf
-
Filesize
348B
MD5575922091f0d7f6f49fe3b91459fc8eb
SHA1e57a9d3fe8fccae249544d589037fdb1167efa6e
SHA25612e04fe1c3d40d80f7d7d54e3524636b656d0951cb1d88d1c018130a4f3f8d85
SHA5127a29a6a46113ba86b871a9474ef97dcd3452f1d6267e0b219e71bf7accb1209fd23775c8a5a0c80a7e29178bfc61d63cd8361b541c2bc2cd4ee94fc035509ad0
-
Filesize
249KB
MD5789a4162427149dd5e519f917ead0e29
SHA1d2bd738c28ec21c0441c6daaefc206a6a76f8e1c
SHA256830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0
SHA512b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37