Malware Analysis Report

2024-09-09 19:07

Sample ID 240516-jb5l9aae88
Target 4a010da6b55852c0940b3625f191f788_JaffaCakes118
SHA256 ef9a87ad3207cd8376170f77c3945df78656ad3c60d375d386b1cd2b021d39d7
Tags
impact privilege_escalation collection discovery evasion persistence ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ef9a87ad3207cd8376170f77c3945df78656ad3c60d375d386b1cd2b021d39d7

Threat Level: Likely malicious

The file 4a010da6b55852c0940b3625f191f788_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

impact privilege_escalation collection discovery evasion persistence ransomware

Checks if the Android device is rooted.

Tries to add a device administrator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Reads the contacts stored on the device.

Reads the content of the call log.

Checks CPU information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the phone number (MSISDN for GSM devices)

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Declares services with permission to bind to the system

Checks if the internet connection is available

Changes the wallpaper (common with ransomware activity)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-16 07:30

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:34

Platform

android-x86-arm-20240514-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:33

Platform

android-x64-arm64-20240514-en

Max time network

166s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 64.233.184.188:5228 tcp
GB 172.217.169.46:443 tcp
GB 216.58.213.2:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.42:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 172.217.169.33:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 epgnxrgsowciva udp
US 1.1.1.1:53 sejixwgkfhhal udp
US 1.1.1.1:53 zvbydaa udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.180.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:33

Platform

android-x86-arm-20240514-en

Max time kernel

13s

Max time network

132s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.67:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:34

Platform

android-x64-20240514-en

Max time kernel

13s

Max time network

131s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:34

Platform

android-x86-arm-20240514-en

Max time kernel

176s

Max time network

188s

Command Line

com.tencent.qlauncher.lite

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A
URI accessed for read content://call_log/calls N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Changes the wallpaper (common with ransomware activity)

ransomware
Description Indicator Process Target
Framework service call android.app.IWallpaperManager.setWallpaper N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.qlauncher.lite

com.tencent.qlauncher.lite:tcm_service

getprop ro.qrom.build.brand

com.tencent.qlauncher.lite:intelligent

getprop ro.qrom.build.version.day

getprop ro.qrom.product.device

com.tencent.qlauncher.lite:tcm_service

com.tencent.qlauncher.lite:plugin

com.tencent.qlauncher.lite:tcm_service

sh

su -v

getprop ro.qrom.build.version.day

getprop ro.qrom.product.device

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

getprop ro.qrom.build.version.number

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

com.tencent.qlauncher.lite:welock

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

com.tencent.qlauncher.lite:plugin

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

com.tencent.qlauncher.lite:plugin

com.tencent.qlauncher.lite:qubelitestat

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 monitor.uu.qq.com udp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
US 1.1.1.1:53 yun-hl.3g.qq.com udp
HK 43.129.2.77:443 yun-hl.3g.qq.com tcp
US 1.1.1.1:53 wup.dobby.qq.com udp
CN 106.55.209.185:8080 wup.dobby.qq.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 183.61.38.168:14000 tcp
CN 112.90.140.213:14000 tcp
US 1.1.1.1:53 dispatcher.3g.qq.com udp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
US 1.1.1.1:53 w.html5.qq.com udp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 106.55.209.185:8080 wup.dobby.qq.com tcp
CN 14.17.41.159:14000 tcp
CN 117.135.171.182:14000 tcp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
GB 142.250.187.206:443 tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 112.90.140.216:14000 tcp
CN 140.206.160.242:14000 tcp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
US 1.1.1.1:53 strategy.beacon.qq.com udp
US 1.1.1.1:53 monitor.uu.qq.com udp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp

Files

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-journal

MD5 79cf424bb4d08047a068108e90cd713e
SHA1 2cb4d2c7eaf53eeab7bff699fdc828117afee7dd
SHA256 dac2f84b554200242ec11aadc5ca98565fa634c6204e095a448fcd1565657b47
SHA512 ffd8a95e5579e1e5a1f57e0bdb109c9b5834833bac3a785590e05e1a751d27d5fef483a90e0bed973dade213e16eb54c0772f9510e60388d1e259ca44002784c

/data/data/com.tencent.qlauncher.lite/databases/launcher.db

MD5 a1a48ff4a63f6c223f58f9e0e008009d
SHA1 951ea3fbe3cf5d91e325d8d9433442a013e893e6
SHA256 f9268bccd2ad5136c33d5982c5fde7ad7e6a6d356bb646a524947224e95eb61a
SHA512 34a1e490916487cbc4457dade1ae93c44df0e2966914babb59cf26e04869ba880e85e69f73ccb28c1d26082806cf5ea25aded03e590a73fe344f616c7a16aaec

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-shm

MD5 b8f9c1edb7dcb72419eea856b622126d
SHA1 6eeea039c13341afcfc65aa2e5e03f1793039fb1
SHA256 5759b490348e821d9b53da9bb9d0400024388873273ce1987508cb0d1f616f94
SHA512 0245ff9b4e18b79869756807068c772190c691dfd4d8b805fbf1525c806f1956a55eb52eb1272f650c0cb465cf0cf8fd5e43039e5fd30b2e2ec7fc98c21b0d87

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-wal

MD5 fced9311d7cd6b459d9b43bd88526da6
SHA1 42cbd0d9bd41bdce392cf8fc8311c69b0dbd82e8
SHA256 3054d4f6da629eb8e544ae8462a44599fdc079d25c7d01700b87fdb3d36b8b30
SHA512 1fc938df85d647ed9497fab361cae06d816081ef347401d42a533ad87f2a8ad5493b7163927cf587294dfcf7580475fa25cd3a37647de9e8f06031ad5c849aed

/data/data/com.tencent.qlauncher.lite/databases/eup_db-journal

MD5 1680d15bbb99a00d9f6955314ba7e008
SHA1 c11afbc63a8ce0d3e56a7b3f3c8e89b3ebce154e
SHA256 cf86a1699fba248f4bea7f9b7f0b9b457528aa55ad0462acd543bdcde464bb17
SHA512 84e957e6d47ce858b09bc3f576322303c6729ffed5629925a9d8d39db9e55577311d61e54a6d54119abd16b433065e714c6b9a992d038ef461aba7bf78de227e

/data/data/com.tencent.qlauncher.lite/databases/eup_db

MD5 486b5772790f4c9004e9e0c18e5b1318
SHA1 185f6f644de1b515368a6d42246d965c0ed82248
SHA256 4178817cc366e9e9be4f48109dfb9501be41de6e9a1a2500fd995b86da275489
SHA512 3501bdd1bad94a791b80ab9c8fb7b69d4190af03d6c7c7421af8f62898892c371293d3a640fad8d27b79dbfef07e1e17b40891e0eb02e206b5474ac15cbedae6

/data/data/com.tencent.qlauncher.lite/databases/eup_db-shm

MD5 10949e2e2544bb17741c9dc5e258bdb8
SHA1 9c3511e90d8931dad35fcd21b2d8cf4578b17833
SHA256 e5316cd541179e5bbd7033699056ccc56d766fb76da928bfd9482b415f0016e5
SHA512 382c89ca58b548bd8c399a53f503a46157f4c773cb82a65c9cf84b79520db1d279ac8b2b50a583955aefa986d17225fdc37b00fd3fa6366a1a83d8de359c5b61

/data/data/com.tencent.qlauncher.lite/databases/eup_db-wal

MD5 4ea4321b60548d798e8673ae8782ddfb
SHA1 2a07eff6950b31304ff1d30f62d3fb6a865a2674
SHA256 9e721a85543a3e3971755d643442da39062f220b932bb66ff339567de9e7b2bd
SHA512 bd143ab7405c14c23374592b67be5f109de6fbbbd5ce3be4a5ebe7988b4dc433f8c111fbee57bbff1ba614114a0b829d2e47ff2ea86255d20429c6712adafa19

/data/data/com.tencent.qlauncher.lite/databases/download_database.db-shm

MD5 37e52f961cd0ba66230b3726b3da1b14
SHA1 377f8955c29f432911b43140150dee28d079a393
SHA256 7a4ae1015d9623ae945c4054046bde9b2a58b926e6b150a393fc21029074d453
SHA512 fb50cc93f29bbead0fa44cfdb077dabecde23d0bfb79f6eba9500f671135bfdd0633bed482abc4b08f19d8b18767f17bce2527559aba9f0b5e0a9a7f378daeb1

/data/data/com.tencent.qlauncher.lite/databases/settings.db-shm

MD5 0696aa2bc09bfced789b9fba16644444
SHA1 792dfd87b2f33252aaa74f25c2c8f2cbb8091ceb
SHA256 85b01db359e24a1ad918d15c354220270ed54f96436d8809626cba952a881f6b
SHA512 dd193cb7e90a60125f61e9b2f1a4e9f941a62ca1459883f95050b9bd2a86288fcf3943effc928c06f1827e419b62245a6d7514a9ae14aeb9035fff8fb29f1c67

/data/data/com.tencent.qlauncher.lite/databases/download_database.db-wal

MD5 62f5ecaff48bf7c654e625347c37ca78
SHA1 e9f897efcc1fa9a4957bbc2ad96ae7436ef2fe96
SHA256 0aaf3075de84888b33c5e5d3be98ec724352bd00e9ba75907ed790c523c117dd
SHA512 2001a632c583da8a09078808939e0115c6c3750566aba6858990137e0a80a8eb9d672e1469dd42e5682b5a37632e5ef9c7b7b345363aaea8c36dd87160d2b988

/data/data/com.tencent.qlauncher.lite/databases/settings.db-wal

MD5 b8d333c23c561d86ff551c1a8e715760
SHA1 4c7a725f357856878d796da5de619d55a653c833
SHA256 0ad8fe87b273d07c38febeb6e6c86159cafa8519039e49786a0db4bc54212e43
SHA512 ce4cb9ca52926cc1db87e41ca3ec3d43f8e50f882fa0ca08ba76bebfa388d8ed5be88531cab72683384253106d46b5eb547241a3c60c04cab047db493bd1e688

/data/data/com.tencent.qlauncher.lite/databases/voice_opt.db-journal

MD5 435eb3a1f0193bd4c1f545ca7ed009d9
SHA1 8ed5ef5f36bbfe3443a0c4c9709aad947dfcfc05
SHA256 2f560c94e934a4c5bde88f50c1f15d0d9416984fad8b5b7233f878a6c5b1d9c3
SHA512 0467166236ac368d507af3f4e5a2bcf09d5a19bf9e0b0c86477f9a2077db0533bb32703256ba415bc5e422f2c66b20009eeed7d7a314dc829dbf3a27330728ad

/data/data/com.tencent.qlauncher.lite/databases/voice_opt.db

MD5 4edca9aad8479a03547908bae0f23fdd
SHA1 336450ddd9636dd4bf29f133641c6b6fa9ce1b9d
SHA256 32967062fce1a54a0331a21fc47b067e41aa455ace7933b1ccb7e7b557c6abbf
SHA512 22d0fc9d2cedb17381be80e1ec3183878542598fa1b131151b3b73d58156d0839db5c2bb8ae0a946ae203d1c655197027c102bc99aecad990d8644036a47c84f

/data/data/com.tencent.qlauncher.lite/databases/voice_opt.db-shm

MD5 d906f719b820f4db0abd8de43630d515
SHA1 ca6fd4677fef5746055503b997d7f4fee6cd0383
SHA256 a5c66cdd03644209d0eef83dc80be4e8fdacc9ce5d03a8427eee866a664c52ee
SHA512 ef1a1d67d6d940e6001b9e938053c81b088d4a98fc9f9d5dd1a5ea507348300f5d1e95f95c783c2d9878558fdcffeb461422028cca2df0a47af5413656270293

/data/data/com.tencent.qlauncher.lite/databases/voice_opt.db-wal

MD5 5afaf76d2fd0a85ccfd6be2604ab24a6
SHA1 b479229d88ece57f3aeccb940f725315669c1e89
SHA256 958a14be2e572f5a6ef3a8fb9b5570c579271b07879bffed0d5e4242343486a3
SHA512 65ad89d85976d42bab9489b19230180253fee3b20c1444fa7939cb3fbfbea054d74d041df755d5ca67287415d82f50ded59e8f9c6a2bc4ded206b8131ce835f1

/storage/emulated/0/Android/data/com.tencent.qlauncher.lite/files/tbslog/tbslog.txt

MD5 786d28e0d2a53352fa8d4a69b23a9928
SHA1 d7c94e8c5b57a99275e6cc5cf980acb1b46e32ed
SHA256 77832640a51b000c3b42bb001bf433de08c7f9c2b4cb328079aec29a4bc01bd5
SHA512 aa11ea2fe70ae1ea5b903cb3f68104e8d18f305c931cf6ed526f9679354abc109706808becf814380d425113ac2504e14198a87692597c4d71c8919913adacf5

/data/data/com.tencent.qlauncher.lite/databases/theme.db-journal

MD5 f8ea89fd602a74f45d7c590b183fd2a3
SHA1 e07d562f347dd0cbf64012a2588176911f431465
SHA256 419b022a0e9b2a5d825baf2d7c11bf6112c3daa6e174d43713c55685e96b6723
SHA512 c990074b0228c418ba3229bb751d5fb570dbe0ab703bb9906760db9582832d95992b48b5ce83cf7a319ae96be4a7843be29cb9c08f9b994f7be33890f587576b

/data/data/com.tencent.qlauncher.lite/databases/theme.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.qlauncher.lite/databases/theme.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.qlauncher.lite/databases/theme.db-wal

MD5 172100e2d45813201173fe1c7f5429f2
SHA1 e460e158f7ccc29d75a819ce8fcce0ba9711ee10
SHA256 e44af494309767d36584d69a94c0c4d8ea3c541806fb04647daf4d94fc0f862b
SHA512 d721d532ace18036463b1d5558c7b66d609fbb4ba2ce390cc4e448461f728d5afd465bce1ba643fcbb0c664d45cfc54d90143dcccd006b9db24a96706d753293

/data/data/com.tencent.qlauncher.lite/databases/opt.db-journal

MD5 c6277c289e7933393b482810f10008d7
SHA1 57a870df95e0bb39d34c156f39404974f6aa3c78
SHA256 eaf031f5dafe60ca1da6176f15ee4939d1080df1a2ed1a0eea3ac7bbac065ce2
SHA512 84cd39873636c5ae5e66fce6a80bdf5c0507ee11333d1273fc253ee30834a28033e00a3ba4d80e72744b4a7613574d4e0ff62f2ddb784e73276ab0a96ccba721

/data/data/com.tencent.qlauncher.lite/databases/opt.db-wal

MD5 27a9113de9ebade4bedf2aa3a09a2a58
SHA1 a37d0e66c03ad3a5028abbee14aecb93691b3b73
SHA256 d0422f8063d55ff7ba9d1ce69dbcbd47b08a8419a4e33b858650f372bf6aca92
SHA512 cae8a0b519b6d9cb34085e0897599dfd329538ef11cd7852d287b6a771c67165147c847ea65c9f4f79ca90d768182581469d0eb8b4818127695665a5ff660c52

/storage/emulated/0/com.tencent.qlauncher.lite/theme_file/com.tencent.qlauncher.theme726

MD5 e11c9875ba71e9071aa10fc7dc8fb283
SHA1 9e260f24076b708fc60a982037f444128efb41d0
SHA256 a08e5e30930046518f72da24e4077b93b70e72011d9211729833f4b8fee691ef
SHA512 d59a043b65e9a218928fcbdf4cbf139c860dd287e32594d7e73a9d7137be7d0fe8728b9667063b25b22e526b456d388d1e950bd99c5deb52a12935c370887d6a

/data/data/com.tencent.qlauncher.lite/files/libs/libblur.so

MD5 5dcc45589459853ef9f2f46c441e50be
SHA1 41da974bae2bf9fc6ac21a3c5c427419567c1767
SHA256 ef8f0b6cd686c2c4bbc18e71b14ae1b84c63eea75a9e424b0e6b43dd4d16af84
SHA512 21cd568450f0124ad2dad023d8302aed49f1f90991f4a69b82d4609e13786341bedf446e2bce386a02c4fa88fbe00541e8c408eb3a3c6990e8fb5fc28a90df7c

/data/data/com.tencent.qlauncher.lite/files/libs/libbspatch.so

MD5 8018c2a4aad05de14709f5e03bb04ba4
SHA1 82961bd084ccf0176bcc24a0aebebe7fc61d2cc4
SHA256 a55bb4c21f2cce83fc9defca8e70eeee90e0c9660ccf1364d1d58ca226eaaae7
SHA512 c5af6e0b6a3db926ffb77e82d93673e4c89e3d5f86ff29559834483c5a5411c97881ffa7d337249a5f4db693920d73762ee8a868b755de5de225ee572fe15b9d

/data/data/com.tencent.qlauncher.lite/files/libs/liblbs.so

MD5 0b35104d837fb0e9520f949c12e7f6f3
SHA1 01a8fab5a80ddfc603abf5d42e3184675b619600
SHA256 897dc0399ba8ce7ea23d2eb676dae2a712050347a5b74caef5693e3ff183dfb6
SHA512 536db2178f453f8f76573668a96f7c879db26c52b3d34ed90f0f19d21367f293c277bc7acac096ecf8d342e93a79f98b27bec186d9e150581928628efa8d3f34

/data/data/com.tencent.qlauncher.lite/files/wlogin_device.dat

MD5 9e136747ab40f4c41b6e1e1a888be5fc
SHA1 82cb5a16f650996106e1c54cf6a727ed3bed6c19
SHA256 24335d9a994fc24560077db890d3ee75b8598ef4f5afded121535be855ecd6e0
SHA512 eadc454204c4b66b60bea7811758aa796ee75d8d02c0404748c314ab9a0cdfd4ff00bfbec1b0364ae5b3b4dcd83727fa4f9c6b3570a394d3a22ce225a6ab96ec

/data/data/com.tencent.qlauncher.lite/databases/name_file-journal

MD5 c0707fa2e12d0dd177ac75f6891d907a
SHA1 e24a8e7ae574a74e9cbc01bd800e6903b044a76f
SHA256 8ef51c0b610b88f26e3b35e2716bcbb7a80558fa269f306ac416cf9fefd803f4
SHA512 93d56c050cf73843e0838ad3dd41d111f306c49dd03a9066ffe92618c3ab1788b1737639e0184e00effd33da01cf1eead2aefc25a9e74b23fdbf86a1b834a0e3

/data/data/com.tencent.qlauncher.lite/databases/name_file-wal

MD5 ee7a348c659aa9faededa1376eb8958b
SHA1 1c145c6fbda993179735936a02ed75a84fa0549f
SHA256 b8baafc5063e94bfaea00f8e72e59d47100bb7623c8647696749925376ed19a8
SHA512 1d958dd1c58e46b8dd8f3425bfa7a5cc0df5248cbca6a07ae680c997e575b119cb8caec8f703bfb343c35367cdb9b723989d32f1d497441198a49a9448882cf8

/data/data/com.tencent.qlauncher.lite/databases/launcher_function.db-journal

MD5 22e21b2dd4c67609ed6c767a9e2f239a
SHA1 e0dcc19ce0f0524a6c4fe151e4c4232a89e3a0d3
SHA256 1aed4a831406fe352fedf67cc6c5248223c2a3879b6cb4361d1aaa898388cafc
SHA512 091ab5cc394078230812fc7358d4788b62b5d8c08570063d850d008e7c08483b8f643697e62d6398f9f6e66d42784468da580d9b7a48079dabddc48389686c1d

/data/data/com.tencent.qlauncher.lite/databases/0M300MI4MB1RC6CP-access.db-journal

MD5 3e0997d609e405b92b66028069d2b22d
SHA1 f7336e669e715372be56e609bef061095d98a556
SHA256 216c5ffa77d6dbf27ed29ce3a4a240b9f469f20e7b3c9b2244cae62f63255fa0
SHA512 649839313dceb20b1cd14113cce2caca56372d4b9f4501d3d02d19a07e62e06e8dd1d8de3e3af544f3e45688a000289f93ba622a341de32ca2674e13e75aeea1

/storage/emulated/0/tencent/wtlogin/com.tencent.qlauncher.lite/MjAyNDA1MTY

MD5 b2760d01bb57e413e536ecd6afd18c7c
SHA1 2e4fbd136960e23550680e2f5adafa1de8890e22
SHA256 a8ed457bb09f308fe2661887b12b548a1338197f8bd4c1c05ca22e3c18bc1207
SHA512 2a80d40afea555481a988661b4bc96c9c5129a88d057f8d4fd6a9c7ded17657c9a223239dc908f368e0120ec30f4da3c8dba105e5f9e05dfcbea7ccadb6dffc3

/data/data/com.tencent.qlauncher.lite/databases/launcher_function.db-wal

MD5 6e75325e216de7afb7b63192486d380e
SHA1 1ab8cefea8b3125884086bc615aac895d2a6a838
SHA256 f38f392f312d0b816f863c35ab1339f4a7c9304e2af556a60bec0df3389750e4
SHA512 7ba5be0172899a698dd22ddded2b630f2d8d6683f6f8c84fe76dec557917460fb5e964a1e7965ee70c6655ed9540c3097b544cd4a79319363122216d8cb4e753

/data/data/com.tencent.qlauncher.lite/databases/0M300MI4MB1RC6CP-access.db-wal

MD5 840e73c4af7af5cb5807702700fcbef1
SHA1 ecfc07a1162c794a4d706be8ef9fcaeb67852ad8
SHA256 a54047c305ae2dfa12c815b8faff4edea34a90f696963724377d763808f835d6
SHA512 e69e418007e4d21b682bd40b776eeed80ee6c38b959eac073863acb560d43b5c10c06a9b3abc6074cd96bd5a03e8855f05af6fc395897c8cb3b153e8ee384b98

/storage/emulated/0/tencent/wtlogin/com.tencent.qlauncher.lite/MjAyNDA1MTY

MD5 e1a0561a2f4f8238aab0e7b94245ff69
SHA1 7b631f3e1ac138ad640c4aa1627437a844099fb5
SHA256 bbc2394577550ddd61c2aff7a5356fe27690cfdc72efcb7489c6c7b7646b5b59
SHA512 2d3cd4097cb91b00c311da48c16fd3e41695bba7e4004c108df61cf5d5109899c19e28190bc3cb9a9461508d9dcfc76641033b936855e8457f98c86b24f995e1

/storage/emulated/0/Android/data/com.tencent.qlauncher.lite/files/wallpaper/proto/default_wallpaper_726

MD5 3b06ea592f21b8ae064a3dde9c8a7144
SHA1 54009ce35c0a0171fa27c820e69e190e37815bf1
SHA256 3bb39aedd0281fb5831d6f41f3418c27367e1cd5f4c063cd2e9b044d5a3a18ad
SHA512 015421876ea8aec8838c554529935fad94da4512f4ced1c39a51ccc71cbde265a0223b8a4b6508969c9053c1f654c2484d1d514e4e2f6c7c000e753558a0aeb3

/storage/emulated/0/Android/data/com.tencent.qlauncher.lite/files/wallpaper/proto/default_wallpaper_726_temp

MD5 6f2348c9007f2f21250b337535c1772b
SHA1 ad51b45304a4a03e5adc0801e35ba594d4e6efd9
SHA256 ac9d97e04cd11a8ba06823ca04040cef9cffdd726560b2c608d3d4498a7ec093
SHA512 cd69b87ef9253e1170ba17c2c5b22425d9a429fb1f0ce8bd9586c1b83efe37b220889e05cd5c1977fa9c47aaa6556fe901d8417f07f149c8f6486bb2d621e161

/data/data/com.tencent.qlauncher.lite/databases/hd_icon.db-journal

MD5 22ae0eff7ffa1742d473da775be17045
SHA1 4d1dfb75aa48255880f141e6037e4647f4889654
SHA256 8f0357dcc19903cd83810c1a16ea96e7a2d2ab00868d266315791a23033394d9
SHA512 bed5a8a3a434a30644461e0794ada462529a3e687c1bdd5fe7b54a77b769014c475b4bde4169b4c13f08d35a1059d1274757da3c489d213a56d4b95397537cf9

/data/data/com.tencent.qlauncher.lite/databases/hd_icon.db-wal

MD5 672721b0787ae85c8409f06b7d6defc5
SHA1 5d740c2492070ea1b28a6b25467c454f272e2f48
SHA256 4b862768200e0fd2555707daeda4c1d259f3600480e0da570eefb320174c94b3
SHA512 c07246590a30a9ea1b66beca69a2cfba854d48ff5b1b40a6321dfecae6b4f8e51f7254fbc111ff54413db3e30167978362d5ee096077a513cf3b3b43de4ecffd

/storage/emulated/0/tencent/wtlogin/com.tencent.qlauncher.lite/MjAyNDA1MTY

MD5 3bbf7df911da5e84106e07227ae17da5
SHA1 e1a0a5eb9b21874ab1b360c1460d4d9a439c372d
SHA256 f57ca122873d249a5b61089c8dbeb99e90d67485e187b250a03109b30cf967bb
SHA512 0e45486e674035435a65adbb77a154edebc0c7d44634be4577d9c2c296bb8c87766a8abcf6c6ebeb448420f2b839a45ad9ea8ab94c727c6a0bf2ced3d4a3e349

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-wal

MD5 7667b88ddbda0ad0f70d70c1099659c8
SHA1 04ddbdd87c5bd5aa56eecaff279201ff6659d1aa
SHA256 bca06fd6b3722384149020c5f6a5027b555e3e2388ff8b7cfbab2f1a9d3bd154
SHA512 25b253d650685232f45c8c77cd8ba9a83135760a521b83823d51ff447fe6979519e55f2a6b439b2eb28578a52e8afef2b971c4bf207dacf144f3561f59f6b02f

/data/system/users/0/wallpaper_orig

MD5 9c763f51093c8bce368a22dc67cc9513
SHA1 795646724f9f91806bafc403efc065fa34c938ec
SHA256 fc8451458febd07ad1aae273470c85b1169d78c49f018a1707da63328538c5fe
SHA512 4ac006437e1b48d440d3d65df4b21142538aad93981023ff2966ba5e775c903f599074336f6013815129a12b1e3d5ce8656ce650aa25620b75e3c50d57cc9f13

/storage/emulated/0/tencent/wtlogin/com.tencent.qlauncher.lite/MjAyNDA1MTY

MD5 e254f551bdd433b86be84dd9296bbdc5
SHA1 f662612271823b9501a7c0ea2d7038502cec46d9
SHA256 5b348951866476f5b004c066d42984f9ccaa07cd0942d3b04734c108ee598ba2
SHA512 7bdb3e073cd3738c015358893386561e54fa5b3bced02658b3d789921f8d03320f6b8c6bdce24899fc13bd67987d570d65e317e92bfa648ced23f49068d41030

/data/data/com.tencent.qlauncher.lite/databases/eup_db-wal

MD5 88a25794ccee1de814dc7108f2eff90c
SHA1 524a744ddeb5f4ce21bf102a265c71d300bfd161
SHA256 69521fd471609d87bd34656bda3ff623da0ec8ea21bb57284c208a7804f03c22
SHA512 f263bae44f9da02451fc6615c9413e15efbdd8457b50664e33b451c981bfbb461963997857c8b6880c4cfa6b0ab98f94c39846d39e74d689e64d954e98832124

/data/data/com.tencent.qlauncher.lite/databases/eup_db

MD5 a6829ef974830d15bcc2465e4b03c2af
SHA1 c0b1c316fc41aabc7c1fd90aa6f42cf30850acbb
SHA256 056723cde7212037147d22e14995553b37e9e44152ea3d2555ab7c2c563f0b07
SHA512 55394d946d3b046b73a9504d73d369fd3474517ecd33eef9cf13a63bd746ac54cb7ca8014f138b3d41187c4b642ecd2e94a23779a140d44b745e16f9d8eb9bba

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:33

Platform

android-x64-20240514-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:30

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:31

Platform

android-x64-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:30

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-16 07:30

Reported

2024-05-16 07:33

Platform

android-x64-arm64-20240514-en

Max time kernel

14s

Max time network

131s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A