a68cc3cd81b5332e0bbeb42c4f0c65c046104a512ff2de0df938c7cd5b1c65d6

Analysis

max time kernel
154s
max time network
164s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7f2ed65e35b7cf03be3a7267f940b5a_JaffaCakes118.apk
Size

18.4MB
MD5

f7f2ed65e35b7cf03be3a7267f940b5a
SHA1

3149b142576d22bc8af3c666a8889eaed2449534
SHA256

a68cc3cd81b5332e0bbeb42c4f0c65c046104a512ff2de0df938c7cd5b1c65d6
SHA512

dadd2dfca3baf5fba3657025551f1c3861c005663283f80191f659678fa6b17c5daf37ff74ce64d5a386adfcb238eac54238051d00c758caf8ba39c889409419
SSDEEP

393216:q3zuIWLWLLmjwJyT0E3zoSkASuTukz3Bby/ZNIEXANzFWTgk:qiIcWLLmjFnKAPThz3MZNIEQTWV

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

com.tuoyan.qcxy:remotecom.tuoyan.qcxy

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.tuoyan.qcxy:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tuoyan.qcxy

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tuoyan.qcxy

description ioc process

File opened for read /proc/cpuinfo com.tuoyan.qcxy

description	ioc	process
File opened for read	/proc/cpuinfo	com.tuoyan.qcxy

Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.tuoyan.qcxycom.tuoyan.qcxy:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tuoyan.qcxy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tuoyan.qcxy:remote

Queries information about the current nearby Wi-Fi networks. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.tuoyan.qcxycom.tuoyan.qcxy:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.tuoyan.qcxy
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.tuoyan.qcxy:remote

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

com.tuoyan.qcxy
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
PID:5029

com.tuoyan.qcxy:remote
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
PID:5079

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tuoyan.qcxy/databases/TestinAgent.db
Filesize
24KB

MD5
46fe69c8767233b98cddab4d5fd2d3b9

SHA1
6e6713e4301bc9c5a41365a432d8990acbebbecb

SHA256
c7bedc5508391f7f96504224018ff541d37e87fc8b086e4190d424d7e054cb30

SHA512
ec153d04a29536ba703e08e7c1689105e0c6b6746a4c0d71bde136adf2bbf4ad1e0c0880623e1f699f2ae98d54e1e5d9c2cc347e928e6787543b84dd17659469

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-journal
Filesize
8KB

MD5
d4f4dd99170bcd1bf8168c4088582f76

SHA1
df6cd483c145ab55cf015d5beee4dec594da126c

SHA256
c3eb6454231b90c8f6a9fe7a4c0ceff0da3f8b9692cdb3ca202e5bbb86dad4b7

SHA512
4adb3fa9451df2a09883d81670d4b196699a5a62f8a9a89ae590cccdbf8ad32edaf0dd955540c0f30ad5aaac69e76d3fb4850ba9b0f95d6c839427ec34aeabdf

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-journal
Filesize
28KB

MD5
9ca4bbee3f174317120049998ae6cd58

SHA1
121b484df8efc9d36f5bcbe0c6da03cb75d6f550

SHA256
c63a0bd52d7f2afcc2937e207dad99b2db61acabde0b94e9cdda2ba65af5184d

SHA512
52e643d94a3802275ab4798a93fcdb7eba9a9f341fbe8f09250261c7544c0f3e4a6614ee759b82e791bd0e10b44de47606de46993c0b7d6a7aec6661fabc2093

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-journal
Filesize
12KB

MD5
e62c0ed06a7e9429555c90be9c53879f

SHA1
27280c222d9a53692928dc741b52759191f74e16

SHA256
049c8d374963732959e6329d91f7152c2f550435256ad6489db8d3b6352e765c

SHA512
f98ec4f582e671b0684df511a4d59be1c2aedd1184fb24dbce6b526e97733c25d5e847ac7780162e0b21df00c0bc5150c76adb2112956ed7e05be7baeb3b02e8

Download Submit
/data/data/com.tuoyan.qcxy/databases/TestinAgent.db-journal
Filesize
512B

MD5
fc2f5f8146179f23204fc8a2ea154022

SHA1
c8a178dbadb1fae2c9514e8a5fe07fb4d2d8211d

SHA256
e96e6bc996a2c78be681a68fa4dab625b34132d5af3a1a38ddc8db8c4c42d18c

SHA512
e4351aa8433983b98664445f7654f02636801440c3e5cd61c193a3ffafb11be2938bcb3cd49953524f502faab785b58dee2b5a1993a0e5e5717ffcd378591c07

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db
Filesize
36KB

MD5
be7fb1a4c85ec4d263f1243cfe8bc613

SHA1
066b72eb4cc274e5b992093d3022e9a6e2f40de7

SHA256
da2fd05d47159ee343a29ec6c1f4a537569fe50088d8bbdfe3767af5012dc301

SHA512
f516d6025e545f490cc0847a0bca24f1487ab1b17100f3dbe2358ae4a2dd66e1422809fd7c15ff24afe3e949b28c71751d952ebd75435079ffb84d09537720e2

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db
Filesize
36KB

MD5
b2f8066723d8c8eede0d4fa49aafd1d0

SHA1
5fd869cf8d3181ae6da5b1e15f3f9b785c643e9e

SHA256
6fbdf79359be26db9b967ac0983ab82c61697430b5343268bc2ff47ce9b071fc

SHA512
37f5164ca68a2d7bafc4299e7329521e8223e52e1ca507a5c161a9310370c5494a8ddff1266d355d931335840f558df6089265733e6fcce4ffe45381925a3c01

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
8KB

MD5
a2fac5b754d8683f1555bc76246305d0

SHA1
40b55422b927fb2f5779dd2e4c02268c1d508652

SHA256
af41fb8fdd15cdb5740ea3d81cd1d6c6ad2ddd8715c963e6675b9614a21a0635

SHA512
de833a9b2a83fcfc1fda2187eda0340760671c0ce4fb1c8041fceabc91c7368f59dfe33a6d45c33037eb08812cfccf5be487b91434e9cf38409def5646931636

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
8KB

MD5
68054fe236e7e19ad43408c5ab7a4488

SHA1
01b2c95a157780aeca4b53cca6f914f6d44b9f6e

SHA256
22e73638010855af835584f18e1afefed04fe59f6dd70526c5ad6e1aa084d11d

SHA512
9bc9cb39f6eb7fb82c5e7bf0f7efd851e7eb10f326cf71d32f069ff658f377b895bcfc4cd84b2a12fc2d296862ddf3bd77ed99467cce8762769ff90eb5a3c544

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
12KB

MD5
c8857f5be3a05a9057c5c9a9546074f6

SHA1
d4778523542681a46e676a20274e1219f34a7d7c

SHA256
5822e798d1d7ff2adb9b31f56a80c04f4721e2511bf6a3868b45c30123795eb5

SHA512
4ccd6f28fbbe1253fee0bdbe56d4a8127e34a19a51efef63e7ed2b375ace44a806c5eaac9e2b524c15d3e8e1e88354c523c687391c6aa06d6f4fd1b270fc005e

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
8KB

MD5
b9f0d03c685c68bfdbaead6bfa1cfed8

SHA1
6ea5d7dde52bbbc09186bb3c24739cfdc615d175

SHA256
3515530a8d60b552ad1e2eac746860d330b9f93b4d00c4c37417e67551325c00

SHA512
568b25a2c684e15fd86be5d74e9d9973699ba4026068dfec0304374712887ea692bc424726cc3506c81af489d62340b5a0b295f6333719cdd36e8669427c0800

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
8KB

MD5
7a2e52ae1b3919785068d4303a4955d1

SHA1
5d657952d6e162c3b5837f60f10805e15f5ab13e

SHA256
e7e7335ba6cb1aa542a7ea20365763c5543daf5cdf7c621f0b92ae50cd8a773d

SHA512
1b4e2f50d4e3fef64553c14c4885a3f6045a322752b90608d045e4a561154995978de0a179c49a7a975a2d15846ec18db98ca2a12cdba396bbce6df36bfb797c

Download Submit
/data/data/com.tuoyan.qcxy/databases/cc/cc.db-journal
Filesize
8KB

MD5
d18d774a51b2143dda42c8b3be0f5922

SHA1
f62e32b686f664d468befd82112306d6b43f28a3

SHA256
bafe28f56f845e3f6520184e218dd8a8151b48d1dd99749b997c8abbca94a94f

SHA512
14ea49e869056ebc640d8d658cf89025ecef23dc8550f0d3129f156184045ef2b0a67716731552b41150e2f6f7702d1bc1ee2aa9cdf65ce31344ec769cb27207

Download Submit
/data/data/com.tuoyan.qcxy/files/.umeng/exchangeIdentity.json
Filesize
8KB

MD5
4fec5dbce1ec165e23d0d3ccc6758831

SHA1
349197660c8921f4d83adfac37199bcb034b5ac5

SHA256
cb1f27d2d3a617d6e6218a299e51825707012d3a226a882085aa8f2f9c4ef148

SHA512
3b6875f521b48aa1463c89c92934352492b23cf4bf34873bcbe4a3b258612f4d0e9c86bf910d2831429a9400961ec2f22ea7593df3f548f3b6b6b215979b2745

Download Submit
/data/data/com.tuoyan.qcxy/files/lldt/firll.dat
Filesize
1KB

MD5
1e96953961919292bed1350eaffda7c2

SHA1
bf0f26f5a3d2b9704a91056f99d68d94dbb68044

SHA256
25cbf9386aa9d63a19184dd390e72ce4d0ea73c0abfb602cfe3f5493546aac35

SHA512
0b0d25ad00b3ce9e6cfc35583416da64d1d08321c5f62c3bfa72d5d0bf53a9e21a933d26a0ec9f7887667382499918c7ab227fb72d3e5ff4095884814b466033

Download Submit
/data/data/com.tuoyan.qcxy/files/mobclick_agent_cached_com.tuoyan.qcxy12
Filesize
2KB

MD5
802fad78109d91fee0ce985537c7cf07

SHA1
e11e04fbf8a46332964fdeaa439452436e2f89ab

SHA256
29d059dfda7aab39dc99bb8829b7db43487aafa69c839119f90822f8dafd1ff4

SHA512
70c3ae0414a8161d1b56b4c7b72b1641a8bf2f9b53160fb008fdb449819c7250642f43f840af381a281cf2548ec23ce0cd9292818f378bf7d9eea96a9f063e32

Download Submit
/data/data/com.tuoyan.qcxy/files/ofld/ofl.config
Filesize
235B

MD5
981b97efcbb90408af1e0b3897396e9d

SHA1
06592ab05d370fac91216204bd350b6ab142819a

SHA256
69bc510b22fc2e98090678c278da4bdf03036bde4e5b7b683487ad6ec9e18a1f

SHA512
8dc03a74a2e0df2757ea3e27b951084ba3318f2484bb5b419ddc9dd40aa2e886ee8b26924c60935bccb017c3fed1d3ce10949fad049eabdac1b79756dd9b6a74

Download Submit
/data/data/com.tuoyan.qcxy/files/umeng_it.cache
Filesize
8KB

MD5
5a62e015ba9c033e7420c078dcf5e6b5

SHA1
4d5855847c8467a17e4b23c9908287a27f35bdb5

SHA256
8b2f41feb7c0e799902c829d6ed8aacdfc7a9144d695e77d1efd0e066c49beaa

SHA512
167dfc2640508433d86172b3508518d42bf082fb1eb325985d645b305416edf8a003fc603e82d4a725689183850520d47d4a6541b60130292b8709dffdcb7b6a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
512B

MD5
55e067f326c9ba441fdd1b3f86bfe2c4

SHA1
5d8c4cc7a51bce32722ed24801659c72f49a9fda

SHA256
682ab9d1344850a020a84525cdd3050ebf12ef75c4cba021f93f1bf3f12182f0

SHA512
e31c6721359728fb9d67a50ed47d49d9a3280232e9b7f2b9261b0c31eeb45e16730d0382019e6ee6c18b46936fa83fcff762691da963c638cb46ded9d38e1f34

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
72d8e934d938efc0d9b55114bd8cf736

SHA1
3ca84c0ddf2bf58aaf5376bfc2fb8a6fcfcdb006

SHA256
613061aba12f630bdc9d710e56837dbf269ad8f2a76526de38721dbb15776a77

SHA512
35b2e43efe25c3ecbfc6e8e0d9a3c7dd23ca5c5c6730ae1538996feff0a331c8e587bbb67efd15337a0aa67e8f16bdef16e667811797fade935221091da8a22c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
4a5b8105c5d2729ad3ac91436fb364bf

SHA1
0f8642e683f1244196f6d03c670f1499caeaa58e

SHA256
27534b38f9fcc9cc1d5900f5549b3904c4e3fe6e4dc5b5e833a267189b3ba479

SHA512
4fb6021ee81497e698544923762b8656b22b57595c12cec20dbf04d01e3f649641a324c1aa5f35c0c08559335e326f921107702c2439c534009161dc9a97236e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
80KB

MD5
744ba4d6f58e22f8f82d56a50e4b5373

SHA1
535e389f9b7f2e0d14e550fdd00011dfc255e0b6

SHA256
8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592

SHA512
e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/conlts.dat
Filesize
152B

MD5
fd539efad437fc6f4ffce049ee1c341a

SHA1
fec4ca1247388ea0b8b8881cbec1078d0788eafb

SHA256
2e58177b53ce6d687ac95cb6a004eee85a54daad80d31a968266b58f1e2ddedf

SHA512
110d5e86f74b029e233620f5f7c3b22e13641a27055ba748c63f640a3bc77c3e279351bebaa58374343605789c39952d3615703f3bc3e29ed1f80afea2572be4

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
418B

MD5
e1cb98c5ce4a9490e990e96a3d7c1f63

SHA1
61cb1119ed41f562e632d5c3eefa0fe2dc141684

SHA256
b413bf29bf6bb91742bc6742cbeaec14ae3bb9c1dfe7c45c8bc820fc38fa6646

SHA512
1314edbceda0fe36e38e7b331a23e2c94d203f39094157389afebb94ee28d1c6635d0cc4e653244f48d92e2e12c15122d4fe5dd4b1e21a202317ae4ed97979db

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
1KB

MD5
05674c5b91653290c3914dd6bc88ab7b

SHA1
01fe2173df42c7632bd92ae8a56fc43fe9ca1fad

SHA256
adf146538f498ff02b0d6df87079c6baf1af63b8fffb6a0cb20673c6e38a4609

SHA512
4e7c4533f2ce5687f8416f7aabaaaef9f37918d4d54e623ff2c4f88bc29a8391f48b3b97793006491f66021089445981a153c74afe56cb98a0c227388cb8f223

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
2KB

MD5
8068e11e4c864789a9288cfc5550978c

SHA1
40f20d962212c5fa3899ab3890317b915d007c55

SHA256
42cc28743c3c8b2b1d00fa62f6870b683572bf1b84afcf4b7493debf32c3fdaf

SHA512
a65758e701f7b9560ce62db98962a7153f86b562a3f3d6f99f295344e7d3ebd33d8380713b852ccf78c526c09cfcfb8ae7e9955d90a4b8739d43c05d15aefc3a

Download Submit
/storage/emulated/0/Android/data/com.tuoyan.qcxy/files/baidu/tempdata/llg.dat
Filesize
4KB

MD5
252522648b4509dcae29dc022bdf5a8a

SHA1
7e3ab55b67c92e22c61ed5a1b23e5c4a454f1b88

SHA256
f4c89ae4b4e03388fd509eed0491c9b514c8ec1b29506c239da8b614bbb0b2b6

SHA512
6649fa08f97b625bc70803e34ddcee8a180794d4d6b5316ee403a1565098cba5ced892a23175d25f95374bff2be8caad52faf4c56d62c83d221793e6329e7112

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
771c08b5690d54b5a0c2638581ebc615

SHA1
0f2d89407f6337e45ea8190a6cbb2af731ddd7b5

SHA256
8c86dbcdd0f3a0d4e1e3159539a0b5e755773043c84eac67aef0de6f60e877e8

SHA512
cb0b1b4f3409fa855184b75d5c98fa25f03aa26cdf0290f927c3dd3cce132fe08ae5f1176eb5f99416d6236b0a0dad38bcb9749478858b554b1fff8d37548de2

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
512B

MD5
bf34de56ffddd810bcb4e704301ce1d5

SHA1
63a580353e453641ecf4262cf5fedb50222ff871

SHA256
af30933196d2d3c77db290a8674600486d20f381c9ccd8302392dbe82397f4d5

SHA512
f2dd1aba55e419f18c3f80d6e13a4b70ce1f9fe0f4e4e877d3f0c92196919e4fdb030b52a21ca5ddb2ffb72f0ec4134ef6944131aabb01484cf015ae19bfaa26

Download Submit