Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16/10/2024, 02:57

General

  • Target

    4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk

  • Size

    636KB

  • MD5

    4b209fcc8728a49b303293bb3cfcf911

  • SHA1

    f225a2c821d32815fedc181381b29a05aa576951

  • SHA256

    ae7d7f05f38aed97e8b18006f301a366c0a8a201241666e40a8f0f70a5c7b4df

  • SHA512

    5762cf8267c6bed1412f363c2294a2c3c40b2adb4c9b1ca28869b8f8f6e4f1753f80afdf2881b7ca210ebd545d52564320b6d6f7d18315b222d19fea2a03d280

  • SSDEEP

    12288:B14LUaxJLbCf7cznXk4gJ6Xn0AZv0eFxNMGH94vvQe6ERylTE3:r6LuUt0AZvt7Msiyde

Malware Config

Signatures

Processes

  • com.qogc.viql.fzaz
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4964
  • com.qogc.viql.fzaz:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:5027

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.qogc.viql.fzaz/app_mjf/ddz.jar

          Filesize

          105KB

          MD5

          7f1e0fe2e6a0618b6c84d48ea0586b6d

          SHA1

          dea54fa91f9f431b85e8c4048244a1c3c4b16665

          SHA256

          4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e

          SHA512

          7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6

        • /data/data/com.qogc.viql.fzaz/app_mjf/oat/dz.jar.cur.prof

          Filesize

          728B

          MD5

          29dc5ef5c672dbd524b5846502ce9e77

          SHA1

          1db696acff934175f2bc31feaf64b91f904268ab

          SHA256

          c71291003819b4d6d61a7adbf72acbb573146ff51fde70280a69e970ad01e296

          SHA512

          dc4f05b508f7b7e533be9bd0eb4c4f517aee6578cb1c8d8c9727d40319fff2e57d7f9848ac996cfa4282628976b689955254e74a4c1ecaa48b5c70bf9ed7d83e

        • /data/data/com.qogc.viql.fzaz/app_mjf/tdz.jar

          Filesize

          105KB

          MD5

          fc1eb8c18ddc0f8727b5fb5eba8ca870

          SHA1

          af6d64fe2432bece4c523066a57f35be8f175a48

          SHA256

          7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9

          SHA512

          25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66

        • /data/data/com.qogc.viql.fzaz/databases/lezzd

          Filesize

          28KB

          MD5

          dae68dcffc3d522a79f98ebbc3b6d457

          SHA1

          6df5dce9a50f12044a2d20b8d1742ae47b82ee03

          SHA256

          56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286

          SHA512

          23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          8KB

          MD5

          a7790d444b846c0038ae61e938aea54a

          SHA1

          28c103703dee383f26e1a6f65f83ec9af86407cf

          SHA256

          f6c81ed259fdffa34a98dee5fc529d2e411e75f332208a8deacd3d34351cac02

          SHA512

          e3591392710e44d78704aa10eaed4d8ccdc4e749143a85b4b880f9e75009e92c3aa6560cbbeba6d99fd1338d2f7a96bdaac1717f8ffc6bc2f3559c07f1b46e8b

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          8KB

          MD5

          d0169563b9394364f409dfdbc8224f95

          SHA1

          1364c082fb122a44285e4db9ab7eb1e4d4e10185

          SHA256

          723692664568f7f974224c414c93f0ef9a5216b28696ff195a1a3659c27dfe2a

          SHA512

          26b8a79a8ca9018ceb575b65c3a775e00ba5de18a743fff83e4acbb9ee96e286552cc81ab48a8295c4be5bfcccdebd8591a90bc828f355300bb965ce2f585658

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          8KB

          MD5

          45f00f76bbebc2869e110b6cd4fba1fb

          SHA1

          e81702d6efc67ba28278765c9710bd581513c544

          SHA256

          933026c73d8e795ca7d8d4ea8653fabe4dc9dae293df4b6bf222be4ecbc785a8

          SHA512

          10c09584d3d23906da109a2cee5782e5182cca98176c32e07f45dd58c167d32b845713cc500ad4f584263803dbed19660b9b015ba080feb566a6372437335798

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          512B

          MD5

          5cdb2634ae14f8a4c93d7637045783d8

          SHA1

          9e546ef8f734f6f96b0d0b9d70bc3ea2c5f4aae2

          SHA256

          636de90430f92fecd81566b57f141167fa0c8ca172a6a13ab7f776ae0fdd2fd9

          SHA512

          4c45be9dced4cb5dcfa90bbbc8bc37d0e92eb0297f0d6ca0f1498469c3e1bb8c5bf3bbd2a1105d3d118624d153eca0a79fc17f349b9de43e3601a7b7a25f085f

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          8KB

          MD5

          63f4ed9a652f9914539d8a62bc8062b3

          SHA1

          41244eb30e74d340db43c085db3b7752f8d34c73

          SHA256

          c0600e8d0823de22a74f3dad4d805ab3416828d74f71e809a374adfbbcfd9100

          SHA512

          a07d6e38d1cd81890a1499ae5dff13b6a7c99afddc22fbc3d583fb6de46152419e6f4c222eca6e9a5aa246410068d3fa2116b6ceb0386dca3d97a41e3730a828

        • /data/data/com.qogc.viql.fzaz/databases/lezzd-journal

          Filesize

          4KB

          MD5

          1ea1f18eadaa4b4b47fdf7170345ec71

          SHA1

          7e6267f253737e28da00dc2c638b2243fe943dd1

          SHA256

          5226d59821743f2946aeedc70cd07dc733bdb81ccd250279a277276d8e8c5fb0

          SHA512

          ae92a8cf211a2ec9fcec362638c41cd4f315a9e25ade84ce405ac2ddd2c9272a8986b29c405d9b34ce5633c6b66aafe9658305a78c8e16d45496fdd6599e87a8

        • /data/data/com.qogc.viql.fzaz/files/.um/um_cache_1729047522795.env

          Filesize

          655B

          MD5

          e08e8aa955edebab073fc08ee6b37903

          SHA1

          d916ba49e16dad04bfcc9175a50a8dd175e7aa7a

          SHA256

          97cfaa929f0cc482cff5c8e72e7642f3a7131704e7fa77fa8e8507e85089df32

          SHA512

          fd3c6effa12f0960c586e086a21834c8b6a0a1889c7b4026eb1f6632a8b8c7f98fa321b484d61a102c8a87ddaac3e694ab0ce767a9b236da49eb26c5683b2f05

        • /data/data/com.qogc.viql.fzaz/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          a10765501e40e496fa615744f1274468

          SHA1

          2caef111c09a68151e31bc6a31a40fefde6cc4eb

          SHA256

          515e24d1c1cd90669c07796135ea38544760c57e2b75f1e4345a0acbce835c85

          SHA512

          5bcb3836b4ef3b46e362d157ce15d623bea86301f7849a540db54738b154e931c87757da7abd80f02a96301bda9fd5a665ff0eb79fdc2213cde8d43128302db5

        • /data/data/com.qogc.viql.fzaz/files/mobclick_agent_cached_com.qogc.viql.fzaz1

          Filesize

          800B

          MD5

          3b573b8bb8cb81713535a91f125517df

          SHA1

          8c935d52cb4155a22d596c1ba9e85ac8fba6a9ed

          SHA256

          4f0de82ff1540445d9a9e86e5bf6bd52a357632c8ea731845447f73e13c33167

          SHA512

          302faf454142b90009f3f9f8f28f3390a239872c24b27ae9c751b3065abc18a9ae18bd4f91ff2b4c91f3aed2360ea1edf9c47661697a9670cd177268cda6a0cf

        • /data/data/com.qogc.viql.fzaz/files/umeng_it.cache

          Filesize

          348B

          MD5

          575922091f0d7f6f49fe3b91459fc8eb

          SHA1

          e57a9d3fe8fccae249544d589037fdb1167efa6e

          SHA256

          12e04fe1c3d40d80f7d7d54e3524636b656d0951cb1d88d1c018130a4f3f8d85

          SHA512

          7a29a6a46113ba86b871a9474ef97dcd3452f1d6267e0b219e71bf7accb1209fd23775c8a5a0c80a7e29178bfc61d63cd8361b541c2bc2cd4ee94fc035509ad0

        • /data/user/0/com.qogc.viql.fzaz/app_mjf/dz.jar

          Filesize

          249KB

          MD5

          789a4162427149dd5e519f917ead0e29

          SHA1

          d2bd738c28ec21c0441c6daaefc206a6a76f8e1c

          SHA256

          830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0

          SHA512

          b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37