60d72131839de9f12c9bafbbd12973b2e8f2c07574ea120e81442b6abb3238a9

Analysis

max time kernel
176s
max time network
184s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
01-07-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ae1b75dd2f5f25b080f7c61620ec879_JaffaCakes118.apk
Size

3.0MB
MD5

1ae1b75dd2f5f25b080f7c61620ec879
SHA1

9ddd1e796dce1636b69173cb54b70411f15bd0e4
SHA256

60d72131839de9f12c9bafbbd12973b2e8f2c07574ea120e81442b6abb3238a9
SHA512

31023596c9ee5ecc4b3af58d717aa90322b38ab8b87d630436862d66012da8c8b1a7b622de13beb7cc849beba3e62d99e4b884fc166a6f64c68df4e024eba844
SSDEEP

98304:TyShn42D6nAwnFoW4pRjuftK0nWbD6qBalqBau:GShn5GA8FoKfXGqNu

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

ioc process

/system/bin/su com.jy2gbb.bt.qipa
/system/bin/su com.snowfish.a.a.bg
Checks known Qemu files. 1 TTPs 2 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

ioc process

/sys/qemu_trace com.jy2gbb.bt.qipa
/sys/qemu_trace com.snowfish.a.a.bg
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

ioc process

/dev/socket/qemud com.jy2gbb.bt.qipa
/dev/socket/qemud com.snowfish.a.a.bg
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

ioc pid process

/storage/emulated/0/Sonnenblume/res.apk 4319 com.jy2gbb.bt.qipa
/storage/emulated/0/Sonnenblume/res.apk 4639 com.snowfish.a.a.bg
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.jy2gbb.bt.qipa

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.jy2gbb.bt.qipa
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.jy2gbb.bt.qipa

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jy2gbb.bt.qipa
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.jy2gbb.bt.qipa

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.jy2gbb.bt.qipa
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.jy2gbb.bt.qipa

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.jy2gbb.bt.qipa
Checks CPU information 2 TTPs 2 IoCs

T1633.001

T1426

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

description ioc process

File opened for read /proc/cpuinfo com.jy2gbb.bt.qipa
File opened for read /proc/cpuinfo com.snowfish.a.a.bg
Checks memory information 2 TTPs 2 IoCs

T1633.001

T1426

Processes:

com.jy2gbb.bt.qipacom.snowfish.a.a.bg

description ioc process

File opened for read /proc/meminfo com.jy2gbb.bt.qipa
File opened for read /proc/meminfo com.snowfish.a.a.bg

ioc	process
/system/bin/su	com.jy2gbb.bt.qipa
/system/bin/su	com.snowfish.a.a.bg

ioc	process
/sys/qemu_trace	com.jy2gbb.bt.qipa
/sys/qemu_trace	com.snowfish.a.a.bg

ioc	process
/dev/socket/qemud	com.jy2gbb.bt.qipa
/dev/socket/qemud	com.snowfish.a.a.bg

ioc	pid	process
/storage/emulated/0/Sonnenblume/res.apk	4319	com.jy2gbb.bt.qipa
/storage/emulated/0/Sonnenblume/res.apk	4639	com.snowfish.a.a.bg

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.jy2gbb.bt.qipa

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jy2gbb.bt.qipa

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.jy2gbb.bt.qipa

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.jy2gbb.bt.qipa

description	ioc	process
File opened for read	/proc/cpuinfo	com.jy2gbb.bt.qipa
File opened for read	/proc/cpuinfo	com.snowfish.a.a.bg

description	ioc	process
File opened for read	/proc/meminfo	com.jy2gbb.bt.qipa
File opened for read	/proc/meminfo	com.snowfish.a.a.bg

com.jy2gbb.bt.qipa
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4319

com.snowfish.a.a.bg
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Checks CPU information
- Checks memory information
PID:4639

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jy2gbb.bt.qipa/app_tbs/core_private/debug.conf
Filesize
101B

MD5
fdd6bfd583923416ead0a4af7677b804

SHA1
6191ebc27235d2a89e36e7dd999fd3c6a684cf07

SHA256
9c44604f42f8c0490e6f16a7292fbf081a371409949f674ec525fbf1e9b83084

SHA512
648379d771b61cd40ee23163741cfe68c8f781e0dbabc516732c5d9ba5ee1f9d76fb3ddac4a44e62ed9fe6117dc534f8f8224ab158fb05f87f99f3bf92f6d39b

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/databases/outdbName.db
Filesize
36KB

MD5
61dd02b32afac0acec4567622ad36dd4

SHA1
9ca96464709fbb2fa2b7bcac15a66f61e9f3986d

SHA256
29de2c0e67eac82b07ccb50d5bdb70481a5b54965483d3a27db36fab48135cf1

SHA512
aeeb4911fab686bc5b80647bc5a932680f49b3520305d1b45ae46e7007d6078020c966e7942231565845e29893d2f55ccbf56710edda57fd302723b40d77115a

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/databases/outdbName.db-journal
Filesize
512B

MD5
5ac637527942c3ec2276981472da0f62

SHA1
145499d3de8f33e1b50a7ad2351a35473923dc2f

SHA256
9eb3bba661b7d5ad1c49795d43c6db5182c082d1a2d046394a541da46ab5c8ae

SHA512
c807e13a265724477813013e34dbf9523d2678654bca95acc514306ebace17d1d2934eb7e60b6eb189c1080b86bc70403981f80a642185e5e7774660c4ff41e3

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/databases/outdbName.db-journal
Filesize
8KB

MD5
8530e2865849d5e4a109d1d5b90395b9

SHA1
b7a418aea42e226757d55f89e7cd2382141d0212

SHA256
13f4193e8613a0aa34ee23833b901535bda6a10a1b095e8f9ef86d222a117b25

SHA512
110d60e0fccc9858ea99688b774ddd86ae208eb8bed88fcc2c165da73ed668b45de4aa6504962ba8a0e5aef2e253d67380fb74bced5b4c6ceb2c6d3c6f9f980f

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/databases/outdbName.db-journal
Filesize
8KB

MD5
2439f5982eba163a5c0a15ba9d3808b4

SHA1
c690741bc162ff316808dcb60c54e87e7b22e7cc

SHA256
db56c5f41e210ee61e74fff469b5ace319678f171299a8a1dfa5328670aed810

SHA512
8873507fc8d6c61a0f3491b34130157333aacc13ffeea7e77b0bf98f53748460848c0b73c0d894341c2412203d44e2af422050670744710d052305ff83caba9b

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
37afb0c21352c464e6f2706899920c02

SHA1
fbf2224d316e6f81de498c7ecd5d658e97e5aa69

SHA256
fe8e177f3f139992e4e54068495fd1863f59c2542db81a6354ac69f92a34f4c5

SHA512
9c47519fa9d1bbcc96e3817753b6231c38d721b835988c872309415efe932ea2d8be84584ed2e19e337ad8ab861b4e5aebb812dc517675b91edcb0efae10146a

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
773e10e858a5efc21468beeb91fc6a9a

SHA1
c49fef2163fbc0592a8d8e980291ed8451013fa3

SHA256
9d3b6957355a78774a4c51f714c5b21cf5446f778899341028ef0165cc0504e9

SHA512
5dcd9879ea58e2ed5ae25502c33379093dc3836acc2bca99f93e5e2a45b0b2e71dc3ebba496178f6e6b5b038148add460f6db9bc3931dc4505538a24b7dd28cf

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
c60d10614436521b84a9db08919003e6

SHA1
682744ff710d99496d79a3dedf9faf3649568ad8

SHA256
0e5f03d34fc2a9d1b7fd9493b76fdd52940e0c0fc2805884e936776848bad7bd

SHA512
ec595a629d92e6ad245ac243787166ba1f1951f034a6931b411713c69ebf5d8332c0771fd0eb56f0c9358e540b95a31d19d7a71dca5ff986bbe14ef5d67c0538

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
5aaf463309474062987673c9421df3b5

SHA1
d1ef2cd5f38f189627248d4f805a2e1efe782412

SHA256
35f6468276c3946232b830e873c77937255c3134ccabe741dc00ac5b90eb0e7f

SHA512
e8a7cf068eaccc0ac5b64d20a1d3e9959e0c732f5a2b58c63d95a549df54db676a4e8da30f6155adc1e07e513a66f6eba05f3c830748d53d0b5a9bebfeb493ef

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
36d99c4ea209bd654348fb0d12a7bcd0

SHA1
978b2694da6a4c580065840b7e4d27879be02dbc

SHA256
e8b5386a807b42ebead06b5e4cf27724bcb12d5c6480ed6523e80db4ea792b43

SHA512
52f5e1a7ae9e7bec51c81504c0f6c23b1fb572bb807635e250d269466caf9e42f46ac5b60b365986e5b55bccaa1636e439d24a36b5562109d379b287eff203da

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/duration
Filesize
12B

MD5
a9b113285391cbd595ad0c7a3b8922f8

SHA1
bb37a7654a497c4f84c49bbd24a0b1311a125f72

SHA256
7dfae74eb3f6ed495c76524083c24f965be6f6372add70f5d1dc9e1a9c515b9f

SHA512
4274f396f0b8652356d17f72be3bd918731878c43f5709a90aab09f19fe98497ef22e5c43a916d1f2ca6f38cb596e3b5cefa58610ccd4ff6b84e98f8756d2cd6

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/st_database.db
Filesize
28KB

MD5
b4796b4f539187b2db81ccb62c251de0

SHA1
f19cd044e00920e0eccc3d9638b6be82701aa52f

SHA256
4176583280ead1e38f999cab285219396459a554dda49a8a0d78fdec1459c677

SHA512
b120a5f7c82bd3b633a9dcd1b8fbaaf6d7a43eb3338df6779cd84b9663988b4cea696be9e8a065c65180b723e12adb870d630c221aa61e1d76fd462396d8b825

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/st_database.db-journal
Filesize
512B

MD5
06b660a398da0004408113550167dffb

SHA1
4df4cf0f48e0ca54882d64f2a00ccb4406a43a8b

SHA256
d215345b281044485409e26d942b534a953150242f028262011a9099a965b34a

SHA512
b28f6c4cfcc91423364c29a49e3885097400f842773f90b34eaff9cb86c5ed67a746e192157ccee8462c81261f0ea59913fc9c2c8ad49d78b4a34035ce11e875

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/st_database.db-journal
Filesize
8KB

MD5
d0604a6526288d8b151446956493b176

SHA1
66dee805fcb44dc998879ecc1ea852744ad4897c

SHA256
81c14d858c5491f9bed8ab629c499f6ee1f29fb97a3880555cfb4238d27c76d4

SHA512
22ddc1c3696d068be6731d1ed8ade0c4cf413bf719d64ff31f15fc45532f70f99fdda40cae4f65cb5828a36bd56150bf3d535afafdef12432c2a6d0e3800df69

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/st_database.db-journal
Filesize
8KB

MD5
c55a4c87aff4886ccd310a29fc8a5075

SHA1
80d56413a0771f0acf0d6308dc254e9e6e894e53

SHA256
f615004b57dac6102d3516f7f1b4ce4524f2980f4f6eed558d3eaa07b388d1f4

SHA512
8c4b68f5c9d6d3c7d5153db1b7f50a8ad096a6ddffab6c221fe583ba96ab8ee562e12b0344f153785fbe3239ebc1c14823b414fcf07d1254f6b39ff93e223a5e

Download Submit
/data/user/0/com.jy2gbb.bt.qipa/files/st_database.db-journal
Filesize
12KB

MD5
127ab6e75226c391329007aa1fe11157

SHA1
1ff911a952524926754801c0c4ad6abde763ee3e

SHA256
23099522dafbd49ab6952b609051bdb9ca7603e4c2b7b2d82896b25835869f7a

SHA512
047c933c048ee80a01b14829da8719b9f4637c1bfda3d00d7465559ab7ff0f2a2dca4f272fe291439d131e3a8c5942a255873309d0a162b2dfd80ac060beac38

Download Submit
/storage/emulated/0/Android/data/com.jy2gbb.bt.qipa/files/tbslog/tbslog.txt (deleted)
Filesize
8KB

MD5
bf2a6d41d3f7d2ce24f74e13bece317e

SHA1
15525581e0350baf7be5dc5328eedd4d8ee90a46

SHA256
e3724667cb669cbb68d6e0603b95a32b726a37d172312fd8587ff07205a8215c

SHA512
69c198c2b4d285ed18602d98217261e81a5b5b6366c7ffd9ac616c110af5361b112ce7ee4f76765ad60215a070651906a35a1467d15e3a5ba3a8c015582ff98e

Download Submit
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44
Filesize
129B

MD5
497a4832059cdfff54db30f9e410c746

SHA1
589d663616cd668a2534bb4c9483b809515e3fbb

SHA256
3b4a4a590186be86d590df0d26aba9e7885f017b672ae2b4859931882af64c6e

SHA512
bfac611ba44864877fe5b641d04fc48efc562b2deff2a67b3bada8c5c14c9146f6635219ac4f8516650e202a9111a3c62ad1771f2a2891a3bbbe8f0f27dcfd78

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2
Filesize
317B

MD5
07c98b387cdc56fca803c10614c65ae5

SHA1
3890f536d958d65a24d4bbf1ea6afb621e4e10ee

SHA256
a41028c8cf77ce28da38707935d30da5468bb227833256eaa8a9d0449e7c702c

SHA512
014c70057d023312084e5d3b3e346ede164696c4697271e736129e9823783ae9312b1b33b47e72f4d8b0501ae7ae878bdd6f558da520b1f376eead73db1b8b60

Download Submit
/storage/emulated/0/Sonnenblume/kb_sn.ini
Filesize
40B

MD5
bb266441eae2a53a7c83222f93d15eb7

SHA1
f812d8dbbb318ed970b637b704f05b10e02673c3

SHA256
c20a14bb04b4b4d31c74593206c07d045f2df10c928401a94ef8eccfa23d73d6

SHA512
c5296aceb9d9453a25bb781537e3b521a1a8065ead8bd305fa483f837825d715444943a4faa883e657c767502239838073c9271715fb8cec8d5f80d3afaf0d53

Download Submit
/storage/emulated/0/Sonnenblume/res.apk
Filesize
433KB

MD5
2639a7fafd82266d6313f59ac1c927cd

SHA1
1a0d135ed060c236ec35aedf25ae2b481e0c226f

SHA256
e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2

SHA512
e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u
Filesize
205KB

MD5
dafb7d4b90ea8d376128c625183dd9ad

SHA1
883c9b0586e740e9fb976d27a437e84fc26e92fd

SHA256
07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b

SHA512
56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b

Download Submit
/storage/emulated/0/system_hs/303/outdbName.db
Filesize
36KB

MD5
ffe2f40ab25acc273fd669a203608468

SHA1
ae0b67b24ec2a81a6a738e3d48cca5228111fa68

SHA256
dc19be2c949bcf172da306007a5deb126daae406129c174b573d3858d04f2f83

SHA512
191ed7bb5d2d0c083143271da4d8dc03663370dfd0a5537a240fa8bca73cc7c943f12ffc822b55bdfd553314548e98728e97b9e5358ec78630171594a3bc8004

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads