37a8186b50f7e71555de54e98165a875a579f92576aecfa56248bc9de211f0ef

Analysis

max time kernel
148s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
25-11-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e762a41028d829e98b147544802a819_JaffaCakes118.apk
Size

636KB
MD5

9e762a41028d829e98b147544802a819
SHA1

9d04ffa1a13abf7c3f8bd5cf1935ba3ad759a04a
SHA256

37a8186b50f7e71555de54e98165a875a579f92576aecfa56248bc9de211f0ef
SHA512

d5fa7dad349ca70487c84d7fd279ca9579e74508325726db7fa70fa18fc92de06c48dcfa97fd2fd8eacca20a579c5116721328a280f9c74351812c99f304c122
SSDEEP

12288:d4L4oQI8Y0FotaKIUtrbMmDS3FAGxLoi96kUjGLutzeFxvMol94vvQe6ERylTIY:JoL0otaYtXMBVAGxLoU6kVLm2hMkiydJ

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.csqo.qsfk.kadi

pid process

4465 com.csqo.qsfk.kadi

pid	process
4465	com.csqo.qsfk.kadi

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.csqo.qsfk.kadicom.csqo.qsfk.kadi:daemon

ioc	pid	process
/data/user/0/com.csqo.qsfk.kadi/app_mjf/dz.jar	4465	com.csqo.qsfk.kadi
/data/user/0/com.csqo.qsfk.kadi/app_mjf/dz.jar	4538	com.csqo.qsfk.kadi:daemon

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.csqo.qsfk.kadi

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.csqo.qsfk.kadi
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.csqo.qsfk.kadi

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.csqo.qsfk.kadi
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

Processes:

flow ioc

25 alog.umeng.com
61 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.csqo.qsfk.kadi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.csqo.qsfk.kadi
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.csqo.qsfk.kadi

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.csqo.qsfk.kadi
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.csqo.qsfk.kadi

description ioc process

File opened for read /proc/cpuinfo com.csqo.qsfk.kadi

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.csqo.qsfk.kadi

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.csqo.qsfk.kadi

flow	ioc
25	alog.umeng.com
61	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.csqo.qsfk.kadi

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.csqo.qsfk.kadi

description	ioc	process
File opened for read	/proc/cpuinfo	com.csqo.qsfk.kadi

com.csqo.qsfk.kadi
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4465

com.csqo.qsfk.kadi:daemon
1⤵
- Loads dropped Dex/Jar
PID:4538

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.csqo.qsfk.kadi/app_mjf/ddz.jar

Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.csqo.qsfk.kadi/app_mjf/dz.jar

Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.csqo.qsfk.kadi/app_mjf/tdz.jar

Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
8KB

MD5
086e5dae0e89c6ae1f6bdb71e644fd4b

SHA1
3c9e73eed6cb9cf346f830f036092f7ad1ddfa66

SHA256
634c0748ddebb08f829e96ed340952094d470b3e393f3d737a114f96d4f506bc

SHA512
7cf200791b7e781a6e77464764eab233483b4b1fd7753db0e270959e8db1253d5242e2726866d568d54a6798b7ea53f8b2e9febcf9d2d05d8955f35b7bf8c827

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
8KB

MD5
002268b8dee24c3e4dbd10773d395de0

SHA1
1316fa39430add628a43557f4e3275d241222d38

SHA256
02e6b5430479f2cd3ec966b7fbee32152269cf5288f839caec20b5aa5220c453

SHA512
1cf2c4d0a563c0d0dec325f427c3ab873c8bdf5439949572b9c92100f6bc957c9c1e8f6743ea645b1e2dd6f92fe68d5ce152802fb36bcc534e912fab5d5f4e0a

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
8KB

MD5
7c6afbff28836cdd56ae521e0b35c8d0

SHA1
69bff4d30b49446bece9acc1c67b759b2b489800

SHA256
72b227f1f8eb44e555386331b480a5c03e77ae83c729253772993e7d4b80dcbb

SHA512
b70b47f7349ee6c61efddbb8f023f2b24d14c7fffbcf50c9f7627f65628f505a847e966393b1c94fb5d6eb2b738eea0eda767f64ad6f23220a9959dba1a2a45d

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
512B

MD5
d91fb360a1cb361000fda1bbd0a71438

SHA1
bf383636c6794dd929b56dad4f8a2ec0fe7a602b

SHA256
bcd81b8a02c3ff98da32e9bff16cd7a74aafe359b13aa19e08e5857704a10871

SHA512
7334e1fdf195eddcd162ff4aa32481a4ff0826b596d30ee29921235b1fa00701c132f4e3b337a54abc734938f3c2513ad5c838d638393bbb430586c6cb0b44f8

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
8KB

MD5
313d6cdf45e58d3b1539fe037ea2aa13

SHA1
5cf295557756d711020d64aaa650756d523f9cf9

SHA256
1c7a5e1844c4afe2a0c538724a00b5580672c6b3e799905be6521c859328ae42

SHA512
f039eb03ff09a83a99600da43bd37b82acc5b5068a01a7edc5bf428829c9f615d6bca0bc46404ea2ec1b534a5271500ee998393d4478ce20bded106e54ffbd1c

Download Submit
/data/user/0/com.csqo.qsfk.kadi/databases/lezzd-journal

Filesize
4KB

MD5
e757c871cae58d716835b7a85e328cda

SHA1
2d42bd64ede633e0aa19d23545694cfbd98b82e1

SHA256
a14e4dafe5ff3615c932e76cf97e7da5d7bb5b5eea907ee1f93377fc12e09582

SHA512
e995587d9d1783972ed2565bc53fd6513c93f6ef91fcd60f0995318e95838a5820b69b8233fc5051f3da1f52f5c3f608ca0ecbe3ceedee57ccd578f01bee50df

Download Submit
/data/user/0/com.csqo.qsfk.kadi/files/.um/um_cache_1732576437654.env

Filesize
652B

MD5
addf24ca66c096f5acaae56793df2a97

SHA1
dbcf706eec3514a24f2e48450db5442892605b7c

SHA256
d5f928f112bff5b764845c4134710e319fad497985c8ac17673142c52d22af3b

SHA512
66ef75dc97957ec4eba20cffb4216edf583455dee22c73d86c88e8547cc7c9f68330aa1d7ca554e2b42d588323cb286c344edc3a4fd7372e06e5e65cd830b51d

Download Submit
/data/user/0/com.csqo.qsfk.kadi/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ad4bf98c5ce112693516b791a6d0ac77

SHA1
ad75dae0bdf065aa56984520eef8ffa3291e34cf

SHA256
5d19398761781edfb6f2f81c75c0c469bcc7167704ab58e9a8ddf9ea941adb21

SHA512
c72ff7f7ce8e370bbb54986d621fb726051cca6aca035f21972a65f72f1abfe56bc682aad7b3e3c7e4cb492bbbeff7b1f40712401bca2eab45bacc06aa6841c9

Download Submit
/data/user/0/com.csqo.qsfk.kadi/files/mobclick_agent_cached_com.csqo.qsfk.kadi1

Filesize
797B

MD5
586f66dde4a3e92e04958dfe927fadaf

SHA1
1dfd42f0bc93a4487b49eae60aa1fc98adf35b89

SHA256
3990186955fdd591edf2dc8599af697e9e06d1fba62bdf120848dd4e39741a4b

SHA512
0b1f7b72e01d66a844aa898a9c77e6ce6647d93ec13cc896898002cee388df6c8ccc6779bc00e713c7fdaad3a54bba1cd9efc07dc0fccaf085be0aeaf47d9470

Download Submit
/data/user/0/com.csqo.qsfk.kadi/files/umeng_it.cache

Filesize
346B

MD5
a3e75a4216fa2e9765a4b79b473ebba1

SHA1
f024b5ae5d075a68a73677f7a2d754dc22489cee

SHA256
dda3aab5e300d20f5d60f5cca86f33a7d71baf478c7592d136b18ac350e5ec98

SHA512
39e918464c146ca5fded932fca03985a76c4a44dfcc5bbaf48b4feb189f209f56e5230ff5794d381c9d41b79c3911835160f7c5c1d3386455842836f6e7a55f4

Download Submit