Analysis
-
max time kernel
148s -
max time network
155s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
16/10/2024, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
4b209fcc8728a49b303293bb3cfcf911_JaffaCakes118.apk
-
Size
636KB
-
MD5
4b209fcc8728a49b303293bb3cfcf911
-
SHA1
f225a2c821d32815fedc181381b29a05aa576951
-
SHA256
ae7d7f05f38aed97e8b18006f301a366c0a8a201241666e40a8f0f70a5c7b4df
-
SHA512
5762cf8267c6bed1412f363c2294a2c3c40b2adb4c9b1ca28869b8f8f6e4f1753f80afdf2881b7ca210ebd545d52564320b6d6f7d18315b222d19fea2a03d280
-
SSDEEP
12288:B14LUaxJLbCf7cznXk4gJ6Xn0AZv0eFxNMGH94vvQe6ERylTE3:r6LuUt0AZvt7Msiyde
Malware Config
Signatures
-
pid Process 4649 com.qogc.viql.fzaz -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qogc.viql.fzaz/app_mjf/dz.jar 4649 com.qogc.viql.fzaz /data/user/0/com.qogc.viql.fzaz/app_mjf/dz.jar 4720 com.qogc.viql.fzaz:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.qogc.viql.fzaz -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qogc.viql.fzaz -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 26 alog.umeng.com 51 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qogc.viql.fzaz -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qogc.viql.fzaz -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qogc.viql.fzaz
Processes
-
com.qogc.viql.fzaz1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4649
-
com.qogc.viql.fzaz:daemon1⤵
- Loads dropped Dex/Jar
PID:4720
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD57f1e0fe2e6a0618b6c84d48ea0586b6d
SHA1dea54fa91f9f431b85e8c4048244a1c3c4b16665
SHA2564225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e
SHA5127a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6
-
Filesize
249KB
MD5789a4162427149dd5e519f917ead0e29
SHA1d2bd738c28ec21c0441c6daaefc206a6a76f8e1c
SHA256830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0
SHA512b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37
-
Filesize
105KB
MD5fc1eb8c18ddc0f8727b5fb5eba8ca870
SHA1af6d64fe2432bece4c523066a57f35be8f175a48
SHA2567f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9
SHA51225e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5f047e45cd1afa55cb19d1286c0ec9bbd
SHA11970ed58d5d7f64528629fce0ff3baa7455663fd
SHA256d3ce7d2ead5246a12dfb95e496a2abfc0142b2a18b185c1af4d7a15c8d0c2f79
SHA51206352d27b381b67fa325c959bee11e140a8d3e165afc7c45bd4a7c6116ec0711f9dc994b37aca94f0992ccd70f99a8c2a7df82a79c1bfe2b3e2f2a47a52cca31
-
Filesize
8KB
MD5643aa17225a03f40f6726d2fdc97bceb
SHA1fd01f363fb7caaba2742c4a6e431499b0405d40b
SHA256c44c051fa65d81415e43115a677a9c714a4d2ae3161dc74dccca812b93279a00
SHA512fa33c92919a8f233b43b2d5a8d60474bdae10c27e27b3163f3fdbe8a6e230052ab25f931f6a88a5706d4c11b50b3045230a87e2ed879e55e7692677ae7b2a8c4
-
Filesize
8KB
MD517d5f23031231e1b109a5f3ee3f9adea
SHA1c137403e1e472e558fb0b179d6e7dfd9b438b755
SHA25689628401a4d401a78e8f0ef51f69be8f9ab2b0b1a064922ec0fbd236142dc6b4
SHA512722cccf98195aff8042a6b8f5c34645743c1312c6e4573afa7a9786108b8cf74108dc1f2a50f76cdc00d08ce87c07e9deafea092fcc16f7e23b8e686c509f9d5
-
Filesize
512B
MD53cd37733a0b6f0ad01bb40d2309c6f61
SHA110b2f1dab32d123bea2b20aa4d3cad2465a56a3d
SHA2562433aec8e4ddaab203d2be4837a834e305fc0b365012197fe0f350e27a69b611
SHA5125cda2114e5f1cbff5680050e6402be861e0eaacb491a20ed166fc32903f6021b7dd2226db74c0bc2dde37c307c6d9375e8f040a995544cb2900ef0a009497565
-
Filesize
8KB
MD58b81f8d610f1b883b9e07a7188327bbf
SHA17dc5ae1fac327de9caa0093c992b6dddc3b14e9b
SHA256e2af380d3a06b03ae28a9d5242d688a1756ca6227633116a5f64d72bd2b15d8c
SHA5122c93fc71b0bcc152ce24505336dd561aaaa7ef18c471d363050da6ed811828a5170c723936e0a6bb8fe80b0459f901396c3c1c790b284a2075e9e8c1abf247bb
-
Filesize
4KB
MD5c5fa13bf585bd70034747a8fdf3f5721
SHA116ed264fb9adc8d3c19c1e219f38db97d454ffa6
SHA256f6cfce4a9758535655d873ded167fc3ca9ce2f52a741884f4a6e724cd9539d4c
SHA512e30987ea58391f9203ab10e8d54f8411209f59318a018fc8ca93ea035de2242a8516b3d12ca5317426b70bf869a92d820b54287d9fc4c1ca4c534ed492cc7ee6
-
Filesize
652B
MD5d684e7898c8bd902c2da13b06c4f1dda
SHA1b5da6d9873cbe1b62c956e1ac5eed87234db03ad
SHA256bba054e23bdba1875c728e29adc61fa8d6a5c15c92f4a8eee6852d152adb9f51
SHA512fb49ccbb3abcf5ee62fa1cc99f8fde5ce86f19fde3730d756d725c173bf3fc7c00ac9efb2f5f42aa6ace73ab2b52d3c39735e37389378a74b4e01e4c0677d182
-
Filesize
162B
MD573a1530c17e9f60393d9486457fefe1c
SHA1d43c6a725a2b92839675532ca345c421e8b6624e
SHA256dc2bca2afb59d311f8b6a1ce45156ae2852e7387d646d15ab116769d2ef7b957
SHA5126d57cf904f7deedcd00260eb94fefbbd885c07d0ddf41c1f197c102f229ba6a051061c28162465c83521e9a4369522370f82b7dd63fa69f684948b5383c0b916
-
Filesize
800B
MD5e2340502d156abc8ab27584250fdd92f
SHA15857b96f7528314f830d067bd2d9af9f254c7aca
SHA2563185edcc1ec46ce8f095f9ffc9a59228040a10e9deb543d3916676407f373ffe
SHA5129b2793e4c4cc101ffa08a4e0c90509d0c9dc79eac5082da696989723c430ca7a8f89d3c6cf40d90f5a226b27627523b4388a510815466353c453df1d7591e2ef
-
Filesize
348B
MD56c11e73c1734eda6e7b551b41337053b
SHA14825f321c710d29e0adec458aa963ba56392e7bd
SHA25636d92d73e7853f3886ae187bfd9315838afc470de8d3eee29667d3499159b427
SHA512fb0c47fd2c3dbd8785f8ef37203c8f0ef8efc922d5b189fdfb33fe8242cfb97bde34ae433b6a678d33c22ab6347e615db5d132a24f8d20fff2345d93f178f202