7b771359544178585ed382274e765851f728c201afcd51d271c1f4ac899d3504

Analysis

max time kernel
149s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-11-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f095c697c987e4a003f1ab2b4f4736c_JaffaCakes118.apk
Size

21.5MB
MD5

9f095c697c987e4a003f1ab2b4f4736c
SHA1

c29d4f764b2e14e4615845340b35bff0522ed373
SHA256

7b771359544178585ed382274e765851f728c201afcd51d271c1f4ac899d3504
SHA512

1f42d4e89e7f5054e39f8080999de0bffdc9096b961ef6fe67879fb640b111e701ba60841ba7442858afee6af0dfd35269cb1964cc0e83c54ef726e533dc1f3d
SSDEEP

393216:JrhXBcS5zlY5mKIF8giKpRaycYgEPJrN56XJSxOCHkGH5HR9zfMs:JrrY5khiecdEPH56XL49zp

Score

7^/10

banker collection discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.cynos.zwdzjsw2.qihoo:PushClient

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.cynos.zwdzjsw2.qihoo:PushClient

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.cynos.zwdzjsw2.qihoo:PushClient

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.cynos.zwdzjsw2.qihoocom.cynos.zwdzjsw2.qihoo:PushClient

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cynos.zwdzjsw2.qihoo
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cynos.zwdzjsw2.qihoo:PushClient

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.cynos.zwdzjsw2.qihoo:PushClient

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.cynos.zwdzjsw2.qihoo:PushClient

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.cynos.zwdzjsw2.qihoo:PushClient

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.cynos.zwdzjsw2.qihoo:PushClientcom.cynos.zwdzjsw2.qihoo

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cynos.zwdzjsw2.qihoo:PushClient
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cynos.zwdzjsw2.qihoo

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.cynos.zwdzjsw2.qihoo

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cynos.zwdzjsw2.qihoo
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cynos.zwdzjsw2.qihoo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.cynos.zwdzjsw2.qihoocom.cynos.zwdzjsw2.qihoo:PushClient

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cynos.zwdzjsw2.qihoo
Framework service call	android.app.IActivityManager.registerReceiver	com.cynos.zwdzjsw2.qihoo:PushClient

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.cynos.zwdzjsw2.qihoo:PushClient

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cynos.zwdzjsw2.qihoo:PushClient
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.cynos.zwdzjsw2.qihoo

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cynos.zwdzjsw2.qihoo
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.cynos.zwdzjsw2.qihoo

description ioc process

File opened for read /proc/cpuinfo com.cynos.zwdzjsw2.qihoo

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cynos.zwdzjsw2.qihoo:PushClient

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cynos.zwdzjsw2.qihoo

description	ioc	process
File opened for read	/proc/cpuinfo	com.cynos.zwdzjsw2.qihoo

com.cynos.zwdzjsw2.qihoo
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4248

com.cynos.zwdzjsw2.qihoo:PushClient
1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4295

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cynos.zwdzjsw2.qihoo/cache/vStaWC1H.jar

Filesize
200KB

MD5
7e59ab0fb63c6aef1049a9b42ab00957

SHA1
ab2d8d7ad0f8503fd389fa70cf7e986f0a6e30b1

SHA256
0296f2363f2f243c20c1f99dcb40afd6dc690674b0693e5f46b843494efb2400

SHA512
79cbafed41eb9221715dbf415b77bc8a5096eec632106c8e9306c8d9715cd87da64459050f1b6656592de116727c375b4a363a53de3cf6b75e6956de1befba78

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
48KB

MD5
77be42603356a24d559c2ee18ae2de3a

SHA1
16fdfcc868b5dc89cf0b297f12fd2ff90357d79d

SHA256
40460abb965f28b84c79b59083ee7f2293b6017d1d57d50395a74eebc8c4748a

SHA512
470ecefbd8e8025d2e8bc1b32c5d25ef89dd41e5705ea144e09b14fbbd6b13bf0c728877ce9be911a99d0646c9d89e5d8f4f1059531897ba48f90a0330d3c1b9

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
20KB

MD5
94ade402c31aa15986fefd0df5cd748f

SHA1
824c29f3aa1a54df8d2096bfbcfbc6bdebf4597c

SHA256
26b5ac0176b68b2c4929b38620e11e2f7c558fa0e7d7310ded7786741fe32901

SHA512
5750100e6d08d0e5cdbec8f1590b0a9ab1ae6a651c7a1303b026499458809dda5673936cedae788907baf0ff46c84798fb705c043d42dc79142cf481af8c9711

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
20KB

MD5
eb6480912cf532cd6ee6029c7786fb00

SHA1
4bcefce7f08143ec2a9e116d77811081d18f2ec5

SHA256
aa2603746f0366fe3d50545ec56010cc2c29ac1e5b4e56902e36b89f65208165

SHA512
1ba101bb905f9c8dd2c484dcf7bc42577ea4d1cb165395c736664607a23b2f4e6e43c5dffdf3a2e7a184581dee5b25f36e8cc5317f9c289032605ef065fbdfba

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
20KB

MD5
c920887a22603d16a1cc820ff3a19ba7

SHA1
b774109160e973d3aebeead21ff9944d4e669dfb

SHA256
130f4194946f7b08c9b8ad80e33056b25a7adbcff9d9fb569468b561b95bb876

SHA512
016173f1ce4dd8260b0554687e1231c099bd77b39905967a1e66e644d98683185c2b668f6997a3e719de51d5234f1829eaa282992e7f988dbcfab885034f952f

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
20KB

MD5
da4d5839297a5f5c98fba1f3ae4875f1

SHA1
8ebea1399b1e67c6e0e9ce6ecaac7b300798ff00

SHA256
f9cac1e3bc3ef950790ad8b8bfcb59919907a3c5a38aa153994f00b5308891b6

SHA512
87924fd40f08581e678f8d25bc8e183bcabf9f7c71e6548e630384f69e9361de4ea4be357ba0f46b91c5ca62aef25704f9fdd00cddc89db613f382488721390f

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db

Filesize
20KB

MD5
700ed5c39a0af0c455de03dc6813ccc4

SHA1
2e66cfca971cdb2d6f60e51d43c86937caf48bb7

SHA256
57fe80b9ec78c8752678438ddce27c16d00327314b6b4a5cc8b362243af611fe

SHA512
5578d648364664d9d731f9e21bfd93c28a9ff8fda892de7c08cd131e41570bebd10c4a4721a0c8e35b9ed8c5036a5e2645fb9f997f84eaa889fff796c5cd981b

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-journal

Filesize
512B

MD5
35e554c307056d6aa3c9d242eba48fa0

SHA1
30485b76e134ed96b0a5d555ff43c6c4783c0c10

SHA256
d8a3ed97785570d979e7bae123e3656003e02d9ff552c91d5d51aa2f325ce577

SHA512
b308687feebe22a9d39d1ed123df3663c3522a096ab0f5cf5df82e37ae84b366a087cdc1f1d51a45715803224136808a2566f1b5bd4a7925f01307e2d6f2ba00

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
60KB

MD5
d37c708dfe4821bd4cf02ffe5221492e

SHA1
40c2f8c46b8eef78462a18fc187f6d5aece71c8b

SHA256
f25a45fd4abaf4dfca77dcc320f22fdee0dc25686cd1b14d067e460415b1b0d8

SHA512
5eb31c4bbc2cab149677f4f0435d8b67f841f8677fc9f73993ad1491181bc454de7cb497b25258f85eb67bbbafd3c3c549eed2630f16637a1b92ce46bc3cb15a

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
8KB

MD5
2964cbef6345bc50af5757ac2a2dc233

SHA1
57318949a5e041684ee7876b52390c74f74ec433

SHA256
e244c0a5894c28f765bda9d8ca9c5ddae568c6b29650dd1a3a011d2da2a3c545

SHA512
c0b82f125b4d09d85d1b315b6250e347751bef7290bcd791034ac20efdefaa6432f33dad6100f5f25cba863fb04b717382cd1295ed27051af068ef10ec760733

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
8KB

MD5
55e8c27fb7d4f8e0b8606458ba297d8d

SHA1
ed5ca29604804f9130e2eb7f2df4485f0b6936a7

SHA256
5e88204d340e41915956bb6031ac1b33b39d7ead713cd4b8fb0669fc92b0010b

SHA512
65d690ce89b21cf114071608b0d367a17eab8aed39895182459632e4b6c99a3a85bdf4051204885ccba235fa2f43d930d2197dd81e7e074e809894a020e24625

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
8KB

MD5
48e2382d02129610aa08ef00f2d86cb3

SHA1
6918b51f8d2e05eb28409f27188f83f88d00f5c3

SHA256
da1e7fa5ef1ad6820b7d091a317f5f99791f632cf66f931f86e3c4e1e1a13b8a

SHA512
2cb647b26dfe8f86f7a78f54f0470db81ead8ba07c342dadc6f53d3d1846b072f0d4829b8772af012cc586c1226e85709822632820354c9c58bfe5e060fc09a6

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
8KB

MD5
64d7acd7c8c387966a3c23d452f6a325

SHA1
7583e48992d455ac07d74b86cc71ee6caf3723ec

SHA256
2905990004265cbb4c494d03993d1a338425f723c2e75d0e9abcfb53cf8a213a

SHA512
89660607b9c60ba6ff16285b754143227e5f4805ed97a3dd2d3e862f81c0e26259b1f3042d9cb887ae1b1cfb61ffb101680c6c5df2943843bf2653f52f693b45

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/databases/sdk.db-wal

Filesize
8KB

MD5
b30caaaef3291b87cd2bea9fd8bb922e

SHA1
ddf36f0b2273c58867db30058a7b76f5a5343dca

SHA256
f2c60002633426504fbfb3545211267b3718bfebf293c11f44383c0fdd83ed25

SHA512
89183ccf77f09bd04eda055152200e4a2f8efacc49e5ffdaf852aa8a422b38f378244e7f3dc5905d67f651166baf7b1178e1503dab6cbff2fbc4da68a88da2ce

Download Submit
/data/data/com.cynos.zwdzjsw2.qihoo/files/360/sdk/persistence/lock/Y29tLmN5bm9zLnp3ZHpqc3cyLnFpaG9v.tick.lock

Filesize
13B

MD5
968cb328bfc6cd3a657595c412d2717a

SHA1
58e0f1220b281c7415492823ef8fa197dd889590

SHA256
848400582f3061ba03e0bd8c5554d48e36b3f9c92ec790c83167953d4211c76a

SHA512
7c55e362402c64104826c2997622d94faba6e282665d39617a928c9d57a36ccc22f85b83bcb013920a5c909305c7eb17ebaa839625b473fbec67a19849ea0629

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
96B

MD5
ff2a0547d27bd8a6bfc9223fa899b987

SHA1
e0bae0e18b3674b989a04c7b95046c030ecbfdd0

SHA256
06fec11676f8677569cac3dfc46b66ef24bd0a71ed728f9d8a17f856781c7158

SHA512
956b04e2f9ea0e4413e842f3db5e0bb23308ca9a9bd090542af7d089dd86b7e7a3f4c5f6c3197f556a0d0fa370daea6dba9c2660275e868f7e2af02205f5e3cb

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
144B

MD5
0fd7871595919ac687cf6ff24c42b618

SHA1
8c47cb60721f26cf9327badbd376ced126f0c483

SHA256
68e59d42830640b863246af7568c25a9c5ae9d7a3580348c55cb09805bf99f38

SHA512
44b046588f3f2f34ebc549bd8d4aa6a50b4fb6567f6aaf4f5590f3a931fc2d9fb7511cbe7712c0200be947878adad98c7a1d258331caf7a35b27cc3cf9d4ad02

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
176B

MD5
783228e24d8d905e80478d0379765c8c

SHA1
2605ef395f4409897f93950b1c278bbbd4a052c1

SHA256
356e97249b393a3df7aa911597237a219ed84385f2f052e3713a5f5831f2997c

SHA512
d9c679068e0db8c868a990289f111f090c6e1eff1b5fe83400fb68b4d40dc5eca29789049630a73e54e68e69b71b271544a73dcb6e6c0da7a0bc9acaf64b3549

Download Submit
/storage/emulated/0/360/sdk/persistence/0mx

Filesize
1B

MD5
0cc175b9c0f1b6a831c399e269772661

SHA1
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

SHA256
ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

SHA512
1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Download Submit
/storage/emulated/0/360/sdk/persistence/data/Y29tLmN5bm9zLnp3ZHpqc3cyLnFpaG9v

Filesize
592B

MD5
73e89a9681c6d9ba2997c2205fea5c4a

SHA1
a9d28d2255ee8e3c0f3e1c80dc058200110c1b0d

SHA256
82aba6bc6c5063a744834af7867609ff0a800ca847210c68ede2ea1cbee15334

SHA512
a3c0100a50c45ca13f9576da511b596232d21db68e157efca336193fc98ceeac88f59337a4ce972057d8f44e0142610716939c632510a579fda2ef2a7eefd24c

Download Submit
/storage/emulated/0/360/sdk/persistence/data/Y29tLmN5bm9zLnp3ZHpqc3cyLnFpaG9v

Filesize
712B

MD5
4786add35bd387f4cb5c62ce2314f29f

SHA1
a5e81e34aa954d955fc77a5b3e368d5c4b56db5d

SHA256
e36e408dc2b89b4cca8ec7a75a5b5ebf09f7e5cff1309730efbf5c248f69348b

SHA512
c958883ba3db14ea7042fe5be9e69d752fa299db8539a67294e477f1cdb282e5477d3157501370203eaed342146bdc278bbe2ed8b783868f32122f8828465689

Download Submit
/storage/emulated/0/360/sdk/persistence/dcsdid.dat

Filesize
32B

MD5
b8695fcc5328ee48581a1461146c99ee

SHA1
0ec9bfca3f42384c2566b0c14e7fc8c0a07a8a9c

SHA256
11f0adebde557561c0c121c3b1a1827e058c40cdc254c6fa91ddc8ebe5ce3e87

SHA512
8b7dd5295712a8969b7440e2693b680b7b946d6dc8ffae4871b695e3e6ff22f8f14f14711eccf88a7dc1408a55e7df244a53e0a9fb42adca0ae1ddf99a3348fe

Download Submit