4822b1875a666f130999c0c347470f7ff64308b14063b101606b944b416ac6f2

Analysis

max time kernel
149s
max time network
164s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
07/05/2024, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ee90d451cbd168682c0e20d020af07c_JaffaCakes118.apk
Size

37.8MB
MD5

1ee90d451cbd168682c0e20d020af07c
SHA1

5f8f348dbbfd6fc8498ff7d474f1d0e3cc13827e
SHA256

4822b1875a666f130999c0c347470f7ff64308b14063b101606b944b416ac6f2
SHA512

1a021971140ba878a3af602658bc395746e1d23fd1d3677f9b424160f1d89e441f15d9ac3952874d0a78d28aa66fa66622cfc8626c651274661de7e904b6a2c8
SSDEEP

786432:hDs5OAxsLqiBxRRpZJxVt+xwMEOWaCKsfLADtFn01Cw:hY5O3ZLRrvxOUPKsfLADQ3

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mobileqq:MSF

Checks memory information 2 TTPs 2 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tencent.mobileqq
File opened for read	/proc/meminfo	com.tencent.mobileqq:MSF

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.mobileqq:MSF
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.mobileqq

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mobileqq:MSF

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tencent.mobileqq:MSF

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mobileqq
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mobileqq:MSF

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.mobileqq:MSF

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mobileqq:MSF

com.tencent.mobileqq
1⤵
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4313

com.tencent.mobileqq:MSF
1⤵
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4531
- getprop ro.miui.ui.version.code
  2⤵
  PID:4649
- /system/bin/ping -c 5 203.205.142.158
  2⤵
  PID:4731

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mobileqq/databases/beacon_db-wal

Filesize
108KB

MD5
361bd7d3248ea18068b4d619ec41a4ed

SHA1
915b6d2e1805dd8ff7d4a8ec8f181ce7fa22684a

SHA256
f11740ac9b9f003b97e1ba17c7b8d4419ee1e5d153405189ae05da16ff196f89

SHA512
b3ffef7b5bd9be663d6e7ea0c094bf6361ce339f9be95b336aee89fd2924699866eea8a48432baa362298943b9e1c9364c0b7b1f92e69e6c83e6ecbcd9295bc0

Download Submit
/data/data/com.tencent.mobileqq/databases/name_file

Filesize
12KB

MD5
ac4cf7caff840bbf8fa5c344b2df7d30

SHA1
f38f99d4e0533d58abac84c4fe151e4e647649ff

SHA256
330f18f6eec4299787e422465f7d7c46c56c839a8d5a7e014fd0278037e93565

SHA512
77493f325fe4f3d4d086be8cb517fdc2c587e854ae1c2c5c03a92de57f18afa2b3502575a8505a9ff13ad7abf65cc3aee71c75a8e86cf7aa9ed1febb2408686e

Download Submit
/data/data/com.tencent.mobileqq/databases/name_file-journal

Filesize
512B

MD5
f95a4ecd817a29d24be843b94422a350

SHA1
1afdbdeb76d602be39b113b02205da3e5b544aa6

SHA256
87204896a93251e69c026b4c5cd07b6b9a4aed38c0e767df79365f670bcb12a6

SHA512
aa6678e2bff98a74a4494592203f9d03f83f7b2b0a8dd2abd6d07be6a6f2f1e4e7da7f9283968b335100c651caa53c37d87687068bfc91923895486747b0f366

Download Submit
/data/data/com.tencent.mobileqq/databases/name_file-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mobileqq/databases/name_file-wal

Filesize
20KB

MD5
d75f2d13de622180c1104d068d6bb269

SHA1
494c8d00eaf52c76f94e05573645e53c9ec06ce1

SHA256
c52e399d1e04e3677a1aefc282ea5215bce24ede06e0b086d39ea0339af5304c

SHA512
a00093619c98b583fe08ce7172aaf27b0d3ea671f6e40a1eeb99471ff660971f9fba9ae68fe926b9ac9e51ee95f92f9a1790041e147269ad2d04b41194c8cdb9

Download Submit
/data/data/com.tencent.mobileqq/databases/tk_file-journal

Filesize
512B

MD5
45249396ae08db6e2bbc852cff337c04

SHA1
a285e6dc4954037a46cff12e0d8f08aeb2944cb9

SHA256
ff9db03f1f609dc0290cdc8f34114cba79631cdcb4d6edb70161492fecb8b3bc

SHA512
72f42852bcf6e60a597e110c6795a06f5e404b3978d29725c0654bc3edcb018b5973028a596e5608dd4873143246a7d4ba9bc9485157e42279a1b881d85c1c39

Download Submit
/data/data/com.tencent.mobileqq/databases/tk_file-wal

Filesize
20KB

MD5
3ca7454bc2bba895d3c6ad4005a6f6f6

SHA1
77a66026067123503118286fbdfc831d7eb4b54a

SHA256
6eace72c362a333661cc9a270bec71447c330f9e58a1dd637c469e92050d5c40

SHA512
df61611e004fd509e960cc868e97decf894ecbe081fc147a8c12e91b7b2296a107a65f9ce417a9c7c23d591f95845f5c1faf5088a49502bf5bb091f6d14ad672

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
104B

MD5
3ee31c56e5939d386d091763e19dc8c2

SHA1
97bd5a610508fa881b92df3ae9b9a63c4ec67371

SHA256
60633becf75ccbfe8c9235153a6d6931fdc7051476853c1b7f223772da93468f

SHA512
4e0cf7acb7b6d0e5f7feb06efefccab485a77989ae7e2ce15034f949db378a53f60ce677a6e4aa75de73084ea9f6c5d13f0a51510ecd68f3434915a53deeb668

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
128B

MD5
d59ee02d6ace41e08882b49579142edd

SHA1
c44823c05a7a26296afff31735f8376f9d8d04e9

SHA256
dea87895f94c3fb5ebd9a62b77e6004ab5bd13f30fabdd243e3c20be5a41f93a

SHA512
8d642e0dc5f1b30175dcd12bb1c0c6d661834be0c47d726e8cc51e136d38b3b54c451eb52f082b764dfa6d945c366ddbd79ba15a5a8c359b2d22ffe29bc4f59e

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
160B

MD5
27b2cbd765c3725c5e17c92282d3bde7

SHA1
7286a6d9676147f8bec931a63873646981dcaade

SHA256
b3701538870f17ae50eb823634f81e7115696274b34e18aa520e3756f83de752

SHA512
c0fc4477b660cc300f74fe4fac8088dda7b009734ff2cfd8a0b6dbec4672994dedb39578e9a42309e0389e0a409f09f31b60d2b13d1651a02b261956f9a3c78c

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
192B

MD5
55f3ff5a7e9f3ee48729b3ea3811bde7

SHA1
9447560688a0fb0d9562125c504089267a115883

SHA256
69bd9eefed5b65fe70735b68f46ee3b2790a37305fb0fbed3e4993caa5cff8f4

SHA512
44926f062cc9d89759c5bdd28f48eb465d800e18e2acc6ecd13c78a4b41d185696f6d6430f14f7ea204d10a5401087b3855563ddfc28f8b5ea535876f0147254

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
216B

MD5
8c2e5e67a3b334c7a87bfd585cab418d

SHA1
76b7e287b3e0afdb535ab200a8de934ad5f120e7

SHA256
62592c44d6cdf28011af08b9bc13574c9a5b4b7013c38bdfd95485ed73dd2e62

SHA512
c48d3742f362a49111b0d5217e0d7658a1836fedafcbb2761316d330f91bce90036840597a64b0895c941b58212b5fb0cef5b1d2984e1beb922a0f14d7a8c3fd

Download Submit
/data/data/com.tencent.mobileqq/files/ConfigStore2.dat

Filesize
10KB

MD5
69566f56adaa7ed1fe9052386f5e3551

SHA1
6c7ca676ed7699440ce2062cab2aa22bd960d116

SHA256
50fd0a71e0d37a33aa4489e9c6cdca3bf19cc699c22cdc6f83aaf02076f644ed

SHA512
0b414c4960b2dffd1ced4dd217b8061eb4001328db5bec190caf01a1dac54335369b8595851cae0e8d8c3afa35b74250b5440a07f420924f840e0dddad76ef5b

Download Submit
/data/data/com.tencent.mobileqq/files/com.tencent.mobileqq_app

Filesize
1KB

MD5
a491cba8e542cec0b61c36ed1d9bb834

SHA1
12e1825d29fe8ca27beec5720bb2e78d6437052b

SHA256
ef58ea5f50ec321edd06b5f42383146ff805a396c1d2bfadcb58d5e1f14f6471

SHA512
81ccc04c7727012ba49432246f1e2e9ad4bc65bb6c71625460fe6b42d2b64fc43c89ceae6cc8d5e5848bf1a95a7109f466322a010d37ededce5770aff39e0013

Download Submit
/data/data/com.tencent.mobileqq/files/com.tencent.mobileqq_common

Filesize
3KB

MD5
21920001fe6ee8d4dce3c8e8ca746b3d

SHA1
a5da7c2d2447ef48ffb5f51310074f3cd79523b2

SHA256
5bed6d540547ab460dba9846620bf5ef86ddf280d117d7bb696f9b191c4a03f7

SHA512
cf2161f0541ad859d70f83ecf8f564c8d1c8d4dc39286695b95d1ce3a2f4ada943e1de0c06af9cee4f21c49e2e95d3c9409bc0257b1c409cd03ec64bd93b1f9f

Download Submit
/data/data/com.tencent.mobileqq/files/gm_history

Filesize
56B

MD5
a154e899a333b5788e7cd3e1927bb5b7

SHA1
ca0d767f33da08deba2594cd2eb1f5cdf1a52ef1

SHA256
70090df7abdef009ab59b3c31e859364d7ec1b5006431aa863cd5515e749d0ea

SHA512
53d1c969c4cd2c37a0572f0b736c9a4115955791ae4c13fa4c5f86ece79830bcab2603078b2f876829f527c02495cf645edb74fc171e04c76ce2569ff5186690

Download Submit
/data/data/com.tencent.mobileqq/files/imei

Filesize
53B

MD5
0632b5b503d4d607f29850796cec6cef

SHA1
451ed4ece0a7590d31bf4d186ea56a1c4b16c812

SHA256
b43df0615e922b29c1b7cad85b879f54c005fe5f62b6bf83705e20d5895869a7

SHA512
4f477906278ce6fc12d0c69c26a36e50ea5d98ca4adc89baf46cd0938e2eafa2fb64b57c52f668be1fe2231314873eb69ee66e723b1467dfab64a4e64c0b1ac8

Download Submit
/data/data/com.tencent.mobileqq/files/jni.ini

Filesize
23B

MD5
b563e4a777a51b6ae3850d11ed61d1c3

SHA1
5860e58639d5ab4d2014018d8ea6c8873c72e370

SHA256
c640e9eaf2017680618d3d59e866565c66282c557f27a0b65f1874d7c8b309ef

SHA512
0c9c20fbc54c9d19feb3aa6551f7c10206cb2a2ef73f8a07acaf31913cbf24d85349f1a4114ae39d11c886deba49779d354c92e518fecc18347000236011a8ca

Download Submit
/data/data/com.tencent.mobileqq/files/soconfigs/codecwrapperV2.cfg

Filesize
83B

MD5
a83f0ea3a023556ae453971e25f5b425

SHA1
b8c67fcfe87e082e19b43594b21022b110dd6fa4

SHA256
42de0687d17d82a38cf5c7167e355418217388893ee6ec27141ad719dc3facf6

SHA512
bd9851c328bffe7854c12b1a18651bcbc6b8e73aec73f2e2e8720f78fcd065a31eb4b94691208b6942fa9b165ef7a145900de168bff70b1fb4545dc35ea0ac38

Download Submit
/data/data/com.tencent.mobileqq/files/soconfigs/msfbootV2.cfg

Filesize
78B

MD5
128d7662dc6b155bdf8309522c927b39

SHA1
f2fb2fa29948cd375864e6c4c71e16e9ae66d9aa

SHA256
5b50d24ba45230ccb93d37c1e90b5e79d594e6809f2a1751470034036c8b7c4e

SHA512
ed2d5fc2194507582761a2b594df723df40fd9423630d990f9d937b390b21808033ffce93e417d96b11f50f631766bda990bfd3bdcae29694168d74dba3ea8bd

Download Submit
/data/data/com.tencent.mobileqq/files/suicide_count

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.tencent.mobileqq/files/verFile

Filesize
4B

MD5
5cb38db03cf2b1b0848aedf65267b3ef

SHA1
ca08d88098aeb46768dab68e63d4f512077330bf

SHA256
7387914195babc85bd39c200dad48b1515775a9752fc4b811818ea1c8682c282

SHA512
f2ff5a61e6524c979e85d2a2fd436487d4097795b6680d1348be2adc516ba09e270225850acacf76882e7f1781f5382ec8d2e7b88aa7a8edd53874e384456e94

Download Submit
/data/data/com.tencent.mobileqq/files/wlogin_device.dat

Filesize
16B

MD5
9e136747ab40f4c41b6e1e1a888be5fc

SHA1
82cb5a16f650996106e1c54cf6a727ed3bed6c19

SHA256
24335d9a994fc24560077db890d3ee75b8598ef4f5afded121535be855ecd6e0

SHA512
eadc454204c4b66b60bea7811758aa796ee75d8d02c0404748c314ab9a0cdfd4ff00bfbec1b0364ae5b3b4dcd83727fa4f9c6b3570a394d3a22ce225a6ab96ec

Download Submit
/storage/emulated/0/tencent/msflogs/com/tencent/mobileqq/com.tencent.mobileqq_MSF.24.05.07.01.log

Filesize
9KB

MD5
04ef2da1528e1b86b9ccba5f318f3be7

SHA1
2f683749b945f6bd103bdcbe13bfd16eabba64f4

SHA256
2dd1efb06358432051334cfd255813c0b55edf261836162f2bd56de5eb76f350

SHA512
09a78968fa6ea5468fb26ce45f4fd4ee0dbbcce371e7105931c893bfdb03ed2f93f9bd46049add99ffeabe8d8670e0a1ee9e5272f22de49e71047ad54b2425e0

Download Submit
/storage/emulated/0/tencent/wtlogin/com.tencent.mobileqq/wtlogin_20240507.log

Filesize
30B

MD5
48dd1750fedce720298890345f42bb06

SHA1
94e36619448b6894a6369a8ed318ed2799358451

SHA256
c08c4ce2c28db4d44fdc778469944dc2a811080e3540e92c6f91e403d1f5531f

SHA512
da25dc6b2c6f1035aa39761bfb8d0616e44cb31f164086b730ecc1a95a3847ea052ea2e9e943822f35c177d7b5bb53d310188a6282583698dd52c37f73e55141

Download Submit
/storage/emulated/0/tencent/wtlogin/com.tencent.mobileqq/wtlogin_20240507.log

Filesize
727B

MD5
4fcf47ba50f5e05ad77cd3766f0d7675

SHA1
9c45b1f5272c080b7f93a1e760be0046e961ca04

SHA256
8a7c8c98fdbf90448ff3f1508d45c686c24af1b7f717804604ec2e578ef559df

SHA512
629b801c209850216d68fc1a22688426af1895c5647b38534d76a3482eaad26adcff4f624a1203a26fe89378ab06adf6818f02f44480d3b97822ae186a94b8c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads