a68cc3cd81b5332e0bbeb42c4f0c65c046104a512ff2de0df938c7cd5b1c65d6

Analysis

max time kernel
148s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7f2ed65e35b7cf03be3a7267f940b5a_JaffaCakes118.apk
Size

18.4MB
MD5

f7f2ed65e35b7cf03be3a7267f940b5a
SHA1

3149b142576d22bc8af3c666a8889eaed2449534
SHA256

a68cc3cd81b5332e0bbeb42c4f0c65c046104a512ff2de0df938c7cd5b1c65d6
SHA512

dadd2dfca3baf5fba3657025551f1c3861c005663283f80191f659678fa6b17c5daf37ff74ce64d5a386adfcb238eac54238051d00c758caf8ba39c889409419
SSDEEP

393216:q3zuIWLWLLmjwJyT0E3zoSkASuTukz3Bby/ZNIEXANzFWTgk:qiIcWLLmjFnKAPThz3MZNIEQTWV

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

com.tuoyan.qcxy:remotecom.tuoyan.qcxy

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.tuoyan.qcxy:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tuoyan.qcxy

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tuoyan.qcxy

description ioc process

File opened for read /proc/cpuinfo com.tuoyan.qcxy
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.tuoyan.qcxy

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.tuoyan.qcxy

description	ioc	process
File opened for read	/proc/cpuinfo	com.tuoyan.qcxy

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tuoyan.qcxy

Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.tuoyan.qcxycom.tuoyan.qcxy:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tuoyan.qcxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tuoyan.qcxy:remote

Queries information about the current nearby Wi-Fi networks. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.tuoyan.qcxy:remotecom.tuoyan.qcxy

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.tuoyan.qcxy:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.tuoyan.qcxy

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.tuoyan.qcxy

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tuoyan.qcxy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tuoyan.qcxy

com.tuoyan.qcxy
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264

com.tuoyan.qcxy:remote
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
PID:4306

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tuoyan.qcxy/databases/TestinAgent.db
Filesize
24KB

MD5
113a83e3eee0b741fd97735cccf42904

SHA1
2a5efc9df35483c9e6923aafafed6e58f4ba90b8

SHA256
a2cface188664e400980de28b8ff44ccc9b6851610bfac4f0421a8bdc662c44f

SHA512
23e9ae0732da0327cd238ff35b9517bfc582d0906392c980268ecd6289fa0ff950c625db4cbea097cfc59a1f78f6b6d1cccb7685a4c82828ac9481f4cbe120c9

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-journal
Filesize
512B

MD5
e1f0be3de800cb8f0b5ba13e0e0fd6d1

SHA1
4bb4389206358061d02543a0f22ef8a75ee5f2ec

SHA256
32abc07552e9712cbe7e5b36e9e80532b3292d203c938d100e0ce80587b8600b

SHA512
edfe0310e4f8bc8f82d27274cdfa70541db016812baeb74f2fe47df33bb8ff710fd0a582662a18a3be12d1dc3b8e6e3386eb8b43accc1961a3ee56d78acc319c

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-shm
Filesize
48KB

MD5
d95ee71a632637d8814d3113c5a8bfb3

SHA1
9d7c125cc161e1b10d9c4311e411d9980d1ff155

SHA256
b09a6bd7d21204d7cee590929c79631db0cba74bd41c237a591a69980c2e2b9d

SHA512
dea90f9dfda2f513ef5ff0c566c9d88aaa5d698ed3e91713157cb446bad2fe9f578a1ef04d989b8c54d61bc494abfe25695b1c1e0fa2061ba43b9772c5a5d4e5

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-wal
Filesize
44KB

MD5
9866e30fbba02a0aa412c54ee56f3d43

SHA1
a09cbeb100d9acaa3341f74b9ab8d06e55e14068

SHA256
bf86df86f73e1c64693b544ae21aa68386be3c41ee9fba7ad3ca84e4270ce4aa

SHA512
be030f7d737f93ea13aeae4b5c69a24c114b09ad2ab8a04d6b004bce0fdf8e2e22157b23a22c2ec8fd76192c1d7f92aa08547725bb375f6b45f670b18f4ddb7e

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db
Filesize
52KB

MD5
3a10f2e9875aa84f544e6dc5b4d6de60

SHA1
8e265813ec4dbad791efc6c30b1235fc5b9adec1

SHA256
b536943aa1ee5beb08271593a39e34161af7e08b1a3b22124a0c80f8b16039ef

SHA512
76a49b6cf59bad59ff07a0bdad5000a12091b25c0e026486fe8c7ab3699af782d097557e385141cc0f8fd4ace4fc7bad10ba75b4f703c62f84a8c609c271ce74

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
32KB

MD5
1393b340dc92e3cc426451c2eb041454

SHA1
de8ace39941c8692a83de8dc9dd0480e73bece91

SHA256
9b91b8ef924e2d46a182896c7f2a3d8dab602d25571a60776b09ae034b2dc4f6

SHA512
0fd95e60b37935f98e75e208ecf701d0f08211bf563492663e31242daab007581a5f99be243891f06fffe95a5f72ff7a8a3a71677d731294ad938fa1cf58b0b5

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-shm
Filesize
32KB

MD5
6284c66edafb02c325577dfbac0012f5

SHA1
00120e311f41939e1ec8cdf0238e0ab1b971951b

SHA256
63688da0caeb287a40c7f4b462480dadfdd9d7a79643654e929f03366687de87

SHA512
664943975fabe5c00048e808220615ba42a4d541dc93cab569450ff187da7337e22623cecf613896808bac25ab8b084aa686be15626f0d06b49168fc19ea5491

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-wal
Filesize
16KB

MD5
10538d24022fec661578af8dbf2f2a9d

SHA1
5c1010e13635f6d58517234b84d00e07e99a529a

SHA256
9d1368e42a673644e922572c62a543a992f738d4ad12a73129404c681fadcf35

SHA512
0f9c74b4f69e59a5877763728a931dd317f30af55b1618097e02e1c88834fcd0cb0404010c01eb77cde9d26d9f358aaf3fb18875116c315578f6ec7d1cd3e5f8

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-wal
Filesize
48KB

MD5
b92b767fc4ad69598019444ac71e50c6

SHA1
06f0ca8f52e9c652fcba6c6c2a546d56b2466d68

SHA256
3139bc688a988795d343d7200170a119df02352a1d2697aecd038b6a2a757f6b

SHA512
0618c13aebd52a638d78ff278190a6686ed3840ea6436e258a0f5166dc1a6b2a7e97e7f9a7bf843b6c7ffc44e61897b13ec7a342b854f9c9fa22e4c439167189

Download Submit
/data/data/com.tuoyan.qcxy/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
2969a018720edf63a51b7ed6a17f9e4a

SHA1
d62b349ada35918a861fe73d20a2d9b1f6deadac

SHA256
2af4fc339fdf7bf73bce4f1d82f5bd1aaabc39d0fcbe11c75a1657af57842120

SHA512
cdc36cc0bef28662b59f0a4ccfcddd63989ec5ec5e172c47d9eb87d630767258a497e1fedbf053c52b03f4e1fd4987a94ad6050c9b3f370ed71b9b63b147df43

Download Submit
/data/data/com.tuoyan.qcxy/files/ofld/ofl.config
Filesize
235B

MD5
ed692bf053ea8c7b55b443c436621e92

SHA1
3bfd2303899df76f0e74170983ae2488453bfd94

SHA256
d62f97e4f46375da315a97560fe797e463a7b1d259de6243c1e410c107bf1179

SHA512
b2f52282085cf74c2aab82ac80b134fa51f90409518a968290c37cd4223394ea925f53466dbc2c6242aeb920785a2526f671cfae901a29b2ccea32528ea71f70

Download Submit
/data/data/com.tuoyan.qcxy/files/umeng_it.cache
Filesize
32KB

MD5
55c0bf093c0c22b719281e7b00dde825

SHA1
7750265a6d2059836b17f81a9b7c481b80a7f9dd

SHA256
a4284df81ebca0a4e41fafaede2e9d8b58a2282da482e72746a4c3c9fda756df

SHA512
70fab667dd4575d43c0c38d9594b84b974d9c5eefa6d6c815a9c27a17b285e8becf7515c463e6eabc11f7cdd67833346fa31500eb2ac237617f001a01f0dc760

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
512B

MD5
b8d228dea0138f42eae6d9e1e0d7634e

SHA1
40295683add26d94f20d7f8355e246dbff082238

SHA256
c74f20e346fd50fed5c2fe775b00e43e0b47828f80c4241cbef64184e425630f

SHA512
4fd476ffbd9fac4ae4b08cf41dc6b427eb2f5c0a94f099dfe5fef16347cccbdf3a5b0cecdf6a2ad78339bfd3edaa9db5ded93f53a77d7488d295d4deb5c04e95

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
32KB

MD5
b15b00bf90b7c93b3665eda88fbc4808

SHA1
5d90cbaee0798753afcad7e6555a92d2567dd02a

SHA256
92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429

SHA512
cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
36760b62f34834b3bb11a0068f893906

SHA1
82488a8bba62caa72ed56ea1c5d3dc62ff2f1204

SHA256
bbcbe5f8fe4483322eedf771e6c43cb017dd8d9d277a42dc889eb1eeb5eda755

SHA512
e968519198bfc07bec7c8f86045c0a05fc03def0fee89bab6b1b6d598c1d3ca8a4dede040a0af790e7e87681484e7af09abdfa63eb4d222da6987d5bad9bb832

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
156KB

MD5
823d6d467e7889a07795890f147673c4

SHA1
22779720666f6dfc1e4ab2fa751f71f7b61f7495

SHA256
1b71beb436a4fcc3f98f75a79881d312cb45074fd3660aa187b7261ec4e33b49

SHA512
5336a13eebacd6e2f4620bf4cb707789589c744efd258774a6d06fbd2e49d5af3be2e118c066e2df897182ec875f1902c75796a41b4651fe59f6920f71a25965

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/conlts.dat
Filesize
152B

MD5
fd539efad437fc6f4ffce049ee1c341a

SHA1
fec4ca1247388ea0b8b8881cbec1078d0788eafb

SHA256
2e58177b53ce6d687ac95cb6a004eee85a54daad80d31a968266b58f1e2ddedf

SHA512
110d5e86f74b029e233620f5f7c3b22e13641a27055ba748c63f640a3bc77c3e279351bebaa58374343605789c39952d3615703f3bc3e29ed1f80afea2572be4

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
1KB

MD5
a5270ef08e19ce73226728f78a1f543d

SHA1
bb0c8e6bbc7ff224c32d3a5eea0a931bfcfeee2b

SHA256
cdcf4f7b24f77a14efa106d4716d13cc09398a969bead5067d60254110558f38

SHA512
dae7b8349a161376feb0c4ebff0fa2f3dd9179159e01b87fa5d938efacbd95952b135c5994aaf108950f75d9657ad20015557fc620b08c94f1148d1507c48735

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
2KB

MD5
3f5fc73b28e732fad55c8b424e17fe0f

SHA1
21b59665cba0dfdc6d4addbe7e15ac0e9dee4ca2

SHA256
254dab7d6fc05d1c869d01d068d309218328f98d556739eeb8a6855fd4091b29

SHA512
9d52797d75b786bdb578a468c44193fafabaaafb0cdc74afbf1f0136f26d7d5af30515a6e55293a5b02534ae4812f1e544da5b99efd090079f876a8f61b1b907

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
1KB

MD5
4353f425d36dd70b83beef8d093c203b

SHA1
2d3c9e1dd6e355143ec997c78c73ea68dc9a6abf

SHA256
8353a9427a41d7130ffb2886f6ee7697e4b28be2a4a32c036a9a2aa9f81547d0

SHA512
e7031a0604a4653035224855d16cdc24e52768426636106cdaf2ac99a6aa43a700beb37fa6d056374a119116de1375012627fe7878a254f153cd941644cee524

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
2KB

MD5
ec6bcd0ffbcf21383fd82eedd177a035

SHA1
d5d068e1f64b5a023f2a6d1c9ed4afb52cd23239

SHA256
a3c77bcf5c98fda51cc07c96bb50b244e65fe0a49f1de327ece22ee84dd30bc3

SHA512
0aefaa413530113fa16fddbef7c90128f8ebf2a2b84f7647b0506839bb17846098cd05911df44255ccba77f0895c514e70cf54ae1aacc0b1092ea41d667eb396

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
4KB

MD5
7e605c4452a461adcc855279fda62d72

SHA1
d4a44cee28590cf8d32b27c7e364edfaba3a7253

SHA256
e3b924543bf261832f0f385e2e0cb4075fac3c8c4bfd13f987e8a1163ac66dd9

SHA512
af71ccca57ab9297ebe1a2d155a2ddc716922b1eeb704702ab8f204a7932ef2a7103eaa8d9988e70420a86a5d131123cce821945e03a192e286776793aaca2ea

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
512B

MD5
3f3cfac740824d412a0a70c132e172c0

SHA1
8b8a79ea93234b9868fa395f3cc92d696bfff608

SHA256
5aec845a89319cc3e9caa6a612e148404811fd97db94aaa6aec793fa1528ae0b

SHA512
b654a8087fdca4ef1ffeac0a6b2240dc11903c4e58d893931f440b350b8248afe43018b9b47b2591d6dd39835c2273e0c899eb4bc23ae34fb04ef82cc856fcdd

Download Submit