28f78c1e87a6686ecbdcccbcb8750850ea3b603519d63876649406b635b0ccd8

Analysis

max time kernel
149s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
29-11-2024 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0d7e7a8b5a7791684459011ca8eaa21_JaffaCakes118.apk
Size

16.4MB
MD5

b0d7e7a8b5a7791684459011ca8eaa21
SHA1

d7b65655e95e9d4d71bbaf7e4582b5411566dfce
SHA256

28f78c1e87a6686ecbdcccbcb8750850ea3b603519d63876649406b635b0ccd8
SHA512

8ef3e496b798faddb0cb912f70db46fbb5137f1fd2e333c80eb79395f842b52e897ea6e5c3223576a7226e5e759eddd24d0d831cdb69799f42ef661ea000ecca
SSDEEP

393216:QMC3VPprgzN+9cHfksDzrLuGlcsgSHaXw2HaX9MZu7Z9+:Q399EUmHhD3L6sh+Z+t+

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 43 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:remotecom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activitycom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipcio.rong.pushcom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipc

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:remote
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	io.rong.push
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.quicklyask.activity:ipc

Queries information about running processes on the device 1 TTPs 44 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activitycom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipcio.rong.pushcom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:remotecom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipc

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.quicklyask.activity:ipc

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.quicklyask.activitycom.quicklyask.activity:remote

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.quicklyask.activity
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.quicklyask.activity:remote

Acquires the wake lock 1 IoCs

Processes:

io.rong.push

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	io.rong.push

Queries information about active data network 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

io.rong.pushcom.quicklyask.activity:remotecom.quicklyask.activity

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.quicklyask.activity:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.quicklyask.activity

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 44 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.quicklyask.activity:remotecom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activityio.rong.pushcom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipccom.quicklyask.activity:ipc

description	ioc	Process
File opened for read	/proc/meminfo	com.quicklyask.activity:remote
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity
File opened for read	/proc/meminfo	io.rong.push
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc
File opened for read	/proc/meminfo	com.quicklyask.activity:ipc

com.quicklyask.activity
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Checks memory information
PID:4370

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:4422

io.rong.push
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Checks memory information
PID:4442

com.quicklyask.activity:remote
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Checks memory information
PID:4649

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:4750

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:4961

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5051

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5120

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5196

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5361

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5471

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5638

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5751

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5839

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:5948

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6065

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6131

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6197

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6263

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6329

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6395

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6465

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6531

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6596

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6664

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6730

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6796

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6880

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:6946

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7013

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7079

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7145

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7211

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7277

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7344

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7409

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7475

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7541

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7607

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7672

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7738

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7803

com.quicklyask.activity:ipc
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks memory information
PID:7869

com.quicklyask.activity:ipc
1⤵
- Queries information about running processes on the device
- Checks memory information
PID:7935

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.quicklyask.activity/databases/mechat.db

Filesize
32KB

MD5
efb60dcb4ea9286b170b81d2fa610635

SHA1
14fbfb64956c502f3fa62fe5ebd51a0b77f188aa

SHA256
527321e64b4e7f55c5f0d2c4eaf9ddbcf13d447df79e3a30d8247f6e6cce407a

SHA512
68317d8f033fd3645400bff724694e3940c290149a6dc211bb85793ed275082db258c3e2a29f5bd0b4ae13a01f5c988930d3cd56ed54525962ddeb7743e77032

Download Submit
/data/user/0/com.quicklyask.activity/databases/mechat.db-journal

Filesize
8KB

MD5
c6771ed5414e017a9324e1258105bd26

SHA1
03aa805b8e151f8aab95ed0605d1981525480104

SHA256
2b6fb8196b653769bed18e899defa560fa4eb8cfe2d96b1d250c4de87bd5f5ce

SHA512
11d088a5cded08104462a9c62e729a082d952027966050912bb070108c7542ec116abc1c8d1413eb17e4088a298d7e1f67853ffbd57e342e8735dd2a70a3eb81

Download Submit
/data/user/0/com.quicklyask.activity/databases/mechat.db-journal

Filesize
8KB

MD5
a323071840ce8c67a9080f805bda8679

SHA1
30d3ce3329c953ba490277a658e923cb2626f12d

SHA256
bbae3d42d6fb89b5fae1f8fb74d46bfc473c2e036a21821725c67131ad3f2228

SHA512
c39a75c7980d54185b14c5573603e54aebcd3a9b6ecda155758c32bb3b7a7795fc037920e2f29fce9fbb683a7252ca6ff47606b542196e8fd8c58944c4160e46

Download Submit
/data/user/0/com.quicklyask.activity/databases/mechat.db-journal

Filesize
8KB

MD5
dd58a1f117480cc643ccedc574451cb6

SHA1
1026ba7390714126decf64d5c3cf11e5dbb96a08

SHA256
d2f1159dfbb7ea8650b1fcf4f6670a114de54ac8c92ea0f8cddc9876e0b70e25

SHA512
eb80540400ce2d92f1e272b385f351fe8781fcc878c4b3b82b0ca7fe20bb5f0610b906637f00e138ed9970d1a12e310ab6b3b82e63298b536360c8d122c59a08

Download Submit
/data/user/0/com.quicklyask.activity/databases/mechat.db-journal

Filesize
8KB

MD5
4c6a5a9f4db79e9e8cf7ed22c715f6b0

SHA1
2e0ea96a36e8b9f97c3a3cf9f3578e6c2642cda3

SHA256
d6d93a8f5eb8e8a2409ee27e1db44a337001a74c95116ef1bef3402b0ee0beea

SHA512
baff39d369cf57ebd130603ab1bbeb60b3c61052e82aac9cf95d93a67d86382d1119f66d923071faad7bd09e1412111a0fdfcccab2bb422ad178395a9843371e

Download Submit
/data/user/0/com.quicklyask.activity/databases/mechat.db-journal

Filesize
8KB

MD5
4ce60ce0c916d961d008186db5415f6e

SHA1
5fa44b691a011a5d5c0de3dc348765d77c8e0562

SHA256
b40c9b3f6649b0864e38cf0c5fee1911bdc06764ea7be62a48c19b32c38e90eb

SHA512
fef6db51e3c2a6499a1691e72d39e93d6513cb4c0f4d39771d6b604e5486fa8d5b259cb2931d78a06eedeb6a00b951b9921ccfb82b3d91ed4872ab4675088d13

Download Submit
/data/user/0/com.quicklyask.activity/databases/rong_version.db-journal

Filesize
598B

MD5
8a0b6c5463e0b78a0ae3abe26b332285

SHA1
334bbbf9bdcb1d1bb38dfe17a846b74d7ac47332

SHA256
0f059e4d4795377225f3ab121dd286273e796a6135dcc6eba75268678d85a1d4

SHA512
58335d0e2990fe68f087d1aad4992cd2b5bc4a72964fa9564ef8ad797edf1f999ce261514963785591ee5cde8ed884917c8192d9c3cd9ebab7cdbf89cd34efc1

Download Submit
/data/user/0/com.quicklyask.activity/databases/rong_version.db-journal

Filesize
8KB

MD5
f36991853e230434fa60a2520a17db47

SHA1
4712c08f49119c7ab73fa75b000d0d0a4657c61a

SHA256
25c62f67decaeb568433b03efd6ba4d28f1e78ebc21112c99fe804e8daefd0fc

SHA512
4bc5a0676af2b76735de93a87f3fc6d3afb22c6ffa9d08e21804e0628079c244fa8d28713e132a8aa717dc2b66be3ecf32483d3d26038dcb2743bcbe267bb6c5

Download Submit
/data/user/0/com.quicklyask.activity/databases/rong_version.db-journal

Filesize
28KB

MD5
f8df032b186b8daec21b955238836997

SHA1
6670b787d78d0391ca067ee9d89c1fc99ab248b8

SHA256
0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283

SHA512
97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

Download Submit
/data/user/0/com.quicklyask.activity/databases/rong_version.db-journal

Filesize
28KB

MD5
1b9ef43e198d1a140f0e67ff6c7f356d

SHA1
7a71b6c0334327b57f28488f4548867e2070eeea

SHA256
6dfdadce8925398e4e2ffd191836d2e0ba8a718c9bcff3ee639244fe0742a2ce

SHA512
f7a7da8c2231e06443eec1879527dbe3d6c1b94b9911a0bf0c672d1f5af20d43a583172579b75abea5336a2bcf54dee0138d922fc221cf303beadf1aedcf5d44

Download Submit
/data/user/0/com.quicklyask.activity/files/lldt/firll.dat

Filesize
76B

MD5
73b55a727ed1b57ffdef8c0dd631f86e

SHA1
078122e1a66b364270701da6e89c51dac195532c

SHA256
d25588a6cca0cd0c7c1355824b497b0b8f72ac8c42e8ac3838a249f4fc3ea495

SHA512
0ad9eb0837bce993ed7d2da137f53c08434d2a909b38cae549f8f37c82480621bae3002844a20f3fb65d1a5bd6d579d5ea0817838c7dba0fbc88a091b540663f

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl.config

Filesize
235B

MD5
8da48a23df52bd08decbcb5c057c2d60

SHA1
8e261c52ce9aae3c2965fccff03f5da4984fd970

SHA256
ff97bad8b73a57e5ebd81cd7120164e1b4091a5526286fec06e7b894043bf461

SHA512
35519f9cbdb2ea3ce8329712635ea5d2455195d4cc1fdd4c49c1f04b56af29fef68e5ce1b96a5d3651e4a568577e808fb0e102a1049aad03026a64b9d90bd5a2

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
190226f354610e759bfe86a1437758fb

SHA1
655fab25ba2a44c681bf47c4c5743dad7ddeaac7

SHA256
63ada738bed85891a7571e3119578be22928ef9fdc99d22ce1338df07befe697

SHA512
fcfd1767cf2ef09859f766e19c9ab578795991c00461f5fea07ecdca104c327dafa4a294f26be983acc6d15a6df8c9248f62badf9c5c7306dcc5b6ed5bc0af94

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
14451193d2a497187adbdd2768cf22a1

SHA1
9aa663f6753634b28c744ceb1762016e049509f1

SHA256
ec30b5ee930b3a39ea0a80e1f6fb30c9914de656c37607a0c336b6acaa5a7daa

SHA512
09f307528cdea1bd83994aecb237acb32e74abb8f89649ff52cb30d2d9f760bbbd2047ebc1241b4d6bea2f28f285dc9750887a114254bbada165e174b9fd74bf

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
a8db30e8fac3484125a9259983d03d56

SHA1
95476c50437171abf84379483aa8bd119ae3a597

SHA256
5fc4485f43447fc69bea5e7cf1b97267bc384adce801ac65e2ffc511e50da54b

SHA512
a1a52b9529a8b00457d724cc8bd02cd9657942ba005e0326c4af535a9e194904bee381e9dd80023d15a5747f4ba6a524d697b08154e80dbaf5fe3fca85a9c1eb

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db

Filesize
80KB

MD5
cf2cea7e9b08ffeccdad60248f536765

SHA1
61f97840aaf57a7d1c9ce994a5176ccfcdd7188c

SHA256
b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1

SHA512
c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
f2e938fd61e09474fb8975faa2a1fca7

SHA1
a47701442db72dc8d70ea6418bc04872670b2545

SHA256
2a253e3c3d0a70d2d5833b4832b16960693e0b553725ddf961b4a27fc07c7234

SHA512
c412c83ae91ae93dd559a54768dace585a152d94537683f4b0f8840f0707dfcbfc30ce74399d7927ed30d1b406016c4370f90b93ca287a7f31514c41a112eeda

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
b0065c4168bd4e8ff974f3ae8325b6fd

SHA1
5b7afdd3acaee1e35abef92ac0c10ed8ade5585d

SHA256
d17d167e8d0bdf978f7c44aeb2807a47dd37b80217e4ab4aaa6135c78a329a95

SHA512
3725fc6dfe6d2ef330a09509b828da93756c165b05baa8845ce4a53375952e415b1fbb6d7a78f9a6ca389b0923a6a6bd7ff84caa881c563bed51f1291de39473

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
7da5710af2ebd5eab5d2b130efc7a091

SHA1
451ab2088291e14f813c3eaa381c17adf5dcb1e2

SHA256
9daeef19a9cc7c07fd192844eaf701b8badff9b90047ead8b5be03c65f7b7370

SHA512
2cbc31e11427487ca089e06bb0d97ba259f7caf53bd6a72a19e5f7f38c1527d436827a0af2be4018e71bd81f479f8adfdc6206118addea369716022185e46bdb

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
ab516eb47f22f47ac5db699dd2ebf17b

SHA1
19f9b017d0e2af94de966f9b870c3ee658b50607

SHA256
6aeb7c0ff6279fb1497ae5ffe013d46e5fe8a311de9e2ebce29952ac7f1f016a

SHA512
8294333475c604daf7352e13189d64fa358e1819bfb0860345cadcb2d076b2131ffca47b2b52051404e11dfc148e5656937a91c10fe8ecd18d1e622674e1a470

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
233a1f644d2af5fb23b8e34e22aef367

SHA1
f0d3145d762526a01c8b4925df607631ee096054

SHA256
393a6d8e0ece5ff5d3ac9a65489572cf5664b40ed7257aee3499e25c5f4b95d0

SHA512
61f41fe1bd87f766d2b3db83f88f4a51f0ffc98509ac67e5724ad1425d6334431c2183b72f3ff7fbf2536d79e82cac8431236ce4648b5ff7a685b53a51d78f05

Download Submit
/data/user/0/com.quicklyask.activity/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
b8df6403de2c4e3d319dbf94fc281bc5

SHA1
8a3077acfee2c82acd2b222256bcb12df8961af7

SHA256
1376415ebb4427cf5229363a5565b29d686101a8b788c40f25a0eeb5c6d533d2

SHA512
52854942e373673562cee3b95a28ecb360ca75a978651d44681e073a8d01073bd552df6ace1b6d29f1478f1b515db0a56b7ae3f29f7599d4b68ec82cf324009c

Download Submit
/storage/emulated/0/Android/data/com.quicklyask.activity/cache/kit/journal.tmp (deleted)

Filesize
28KB

MD5
f9ede38c702b4d2e02f88e7c2b180415

SHA1
fc49baa6bb910f36ae651a03fc35aed0c69f10eb

SHA256
72c75d9b6ee505c6f42f11a301715c283e6012e51f3c1b6ab781be6dca48d5e8

SHA512
8336f67f8430247862854dc4d98a062dd59414abde92810ffc301658df7d0eca7dff3e8412bb26a347eedcdd56180c9a645286d93b281f1c156d414ab2e638d7

Download Submit
/storage/emulated/0/Android/data/com.quicklyask.activity/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.quicklyask.activity/files/baidu/tempdata/conlts.dat

Filesize
160B

MD5
6960398256d3f97cb44516997ae92c43

SHA1
f2988bb863079d3c7c9e05b4ac9dc8dcbf17c57d

SHA256
f36dd64808bdee74fb11b854b12f4d5cc341f5426353e1c2edb5b50372eecf50

SHA512
b199050710a2dae1a8dee3880da57def3a0beb09d013a79d5f588ea5ac4c357b1775da88208e72ab480e13567879d92d3926f926624b73132599f5c824a97d05

Download Submit
/storage/emulated/0/Android/data/com.quicklyask.activity/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.quicklyask.activity/files/baidu/tempdata/llg.dat

Filesize
438B

MD5
54267b496413015f9190984245aabf2a

SHA1
0381fc7a5c83803e2b56f5033b98f4955002bd78

SHA256
735816766cde6885497ed31e3c2e32e2bf28c84073d5d0d5cd23451a7f60c838

SHA512
976a2e784a4fe39360ab6e9b0d42d6188338b7fa9d1e3b0482da26868452f0a411de4356fcfe9039e0a07d98ed30be5a586b19d83b0eb5cab1318fb943de5e62

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
71132eccb1037337718f2c4212787bf6

SHA1
2940b218e8b4a6bb33fb99790d348072b89eada4

SHA256
78bba588d356625c065c85f10628723eec71f9cccd593e8f65a78b3bde2418e3

SHA512
ceb92e45a20eebbd2f5407e69793acb6fa8b591cc0d2ef7ed2167b856d1584f8850e14273f6664ece4ef0e1f600fdcc33cecdc4a3acd1b873e1b92ebf42a7353

Download Submit