bfb3c1d84580ddad870f074df20c86c150383c8563dd2b247eabbbbc19025a4e

Analysis

max time kernel
179s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e2f6312fe13afaa428d1ad1929994c6_JaffaCakes118.apk
Size

5.4MB
MD5

6e2f6312fe13afaa428d1ad1929994c6
SHA1

8498e23279ab346aa8246f9b4f2f4538fe57e64a
SHA256

bfb3c1d84580ddad870f074df20c86c150383c8563dd2b247eabbbbc19025a4e
SHA512

35aea46a4465855f0ee36b3615808f607be92f48f926ee9b337bb4a387703e4121a8f5e29da5d7846561ddb044b919d4e4c78d5a084d107265ad9cc329f8f4cd
SSDEEP

98304:pCEwzQ8ZoN40J77H7A/0i+ggSxvEwrtwIp4U7k5/VpMtPIxC2D12cSpTCSydLo:pCE+w/bA/0iuyEwnp4U78/jMe8Cf6

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

/system/bin/sh -c type sucom.tencent.docs:MSFcom.tencent.docs

ioc	process
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.tencent.docs:MSF
/system/xbin/su	com.tencent.docs:MSF
/system/app/Superuser.apk	com.tencent.docs
/system/app/Superuser.apk	com.tencent.docs:MSF

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.tencent.docs:MSF

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.docs:MSF
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tencent.docscom.tencent.docs:MSF

description ioc process

File opened for read /proc/meminfo com.tencent.docs
File opened for read /proc/meminfo com.tencent.docs:MSF

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.docs:MSF

description	ioc	process
File opened for read	/proc/meminfo	com.tencent.docs
File opened for read	/proc/meminfo	com.tencent.docs:MSF

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.tencent.docscom.tencent.docs:MSF

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.docs
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.docs:MSF

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.tencent.docs:MSFcom.tencent.docs

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.docs:MSF
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.docs

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.tencent.docs:MSF

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.docs:MSF

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tencent.docs:MSF

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.tencent.docscom.tencent.docs:MSF

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.docs
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.docs:MSF

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.tencent.docscom.tencent.docs:MSF

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.docs
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.docs:MSF

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

T1471

Processes:

com.tencent.docs:MSFcom.tencent.docs

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tencent.docs:MSF
Framework API call javax.crypto.Cipher.doFinal com.tencent.docs

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.docs:MSF
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.docs

com.tencent.docs
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244

com.tencent.docs:MSF
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4369

getprop ro.miui.ui.version.code
2⤵
PID:4490

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4596

/system/bin/ping -c 5 203.205.142.158
2⤵
PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.docs/app_tbs/core_private/download_upload
Filesize
56B

MD5
4401db4016a2fa7e95dbdbf02330a664

SHA1
41a2c0547bbb5c956703e2ababa90bb98790ea8a

SHA256
e31548eb739c0ee0b053fd6df1ec4a1f80f79c9eb78043237f54c48a077b4b2d

SHA512
82704d22caba0966bc27b802b30a837a71ba80842acb7ab29c21e9de0fe82ce0c68ad67d04fb16ccffa4170934196d42278a98caa71758df9dd88e7d41005145

Download Submit
/data/data/com.tencent.docs/databases/beacon_db-journal
Filesize
512B

MD5
ee10e7de10dc053c0a59caf67256ffbf

SHA1
a04fa0971f7ace813c9eebb6a203f92ca03f2420

SHA256
589ee0918e658af699b41517d3f3c308bf81989d3bf8a039ced499e6cf071039

SHA512
8c836a26621d90a72fd3276c96b0ac2cb601146b2c024dbf1b8c7a20744566dcdf309f548a63db67d8053c9354887b1c84d95a67f974a9e0e198ac2a513f87d4

Download Submit
/data/data/com.tencent.docs/databases/beacon_db-shm
Filesize
28KB

MD5
c790c933f2155fe6ae966aa6496404b1

SHA1
2f78b544abbd9dc5d56f4ccd9b6d296786ffdab2

SHA256
366c6b8adfab09df5723fca44d263961799879300c7613a86d87d731bb66a48a

SHA512
bbcd6bb26314719be592cf5c3ee928462ce6b09e2a29dbba24f597135561074c35753659daf29b8b4c6968786511cd7a73095a9be4bf0fec116729be1457b325

Download Submit
/data/data/com.tencent.docs/databases/beacon_db-wal
Filesize
108KB

MD5
c848ef8cc426c5071b98100e8b258a14

SHA1
4b373908b7c7c3786f77b84531eba7ab81f85064

SHA256
b28ccd086500cda0cd80c2a1911d5a9fdeb748b16cd1445cec2c958508796955

SHA512
18254df76dcc28d4acf336b194d3d03b11a1358adfcbc084a610565fdc1768d8e2e87c2a0928c0fcb1dbeefa4de03764c6b24559dfce1061ffb7b0152a722f97

Download Submit
/data/data/com.tencent.docs/databases/beacon_db-wal
Filesize
100KB

MD5
76b6ba5707934316411d50411c21f080

SHA1
f5f8b9695ac8229f8ac0649e46e0dc6e7368288c

SHA256
e06ee6e36a935059748e80d284a0836bbd6a019a7c39693e763cb754f0ae4c42

SHA512
970df1f4609c148e1aa07aaac33625216f4d386dce0162080dc47446666a2bbf03e2c7af7600e66a8cb9746a9fb89cf4090b947a168d4cecb5cebc7c98cd3810

Download Submit
/data/data/com.tencent.docs/databases/bugly_db_-wal
Filesize
68KB

MD5
44318dcd4e1a91f0dfee195e8e7443b7

SHA1
1b0cf5bed389b20b5c11c6a0a835b425fdd2a0a5

SHA256
f1338fd16a7fa7946f395ffaa6d308a2fe24547f04f617481ef9db1618760e57

SHA512
6c53f83359c181d019b2cbbd9513d2113399d4ee10732dedb613c963099cbd04237e9bde0ece32fbcf61058c661984933d08f7762c3d2add17e280f672b65d72

Download Submit
/data/data/com.tencent.docs/databases/name_file
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.docs/databases/name_file-journal
Filesize
512B

MD5
9123bf841f9fdd0481846c982ef19c20

SHA1
f8e885202fc61ff6deb1d0e60332a81374d108a1

SHA256
12fae0c7991d2e6020d78ec979fac510024d3bdbe9668827dcd7d08ba65b9cb1

SHA512
68b38e50dd155626530df0c5a2494173b8ecbd9375b3806e20808e54afb422967f90420ecf49a1fbfe0ca9f69bd55d1cdaf5258485af581170a28d1b53440104

Download Submit
/data/data/com.tencent.docs/databases/name_file-shm
Filesize
32KB

MD5
b4c6fb187cecab2ef3ac573675af7fb6

SHA1
6c5899f4128c32f3a805e2dff567e669eee56a54

SHA256
ba00df3cd24f3a77d8f62ac7f62f192b28e2bab1ac3022de986a382ce054a29c

SHA512
0ee694b7fa677315126c644fb04ef2870f380ecbb85cde401467c73aced410d6119348583a13196a05dcfd3a563ab201438409a652d8277e527b56a95262901f

Download Submit
/data/data/com.tencent.docs/databases/name_file-wal
Filesize
20KB

MD5
00590e0b47bb1af8145517a92c07abce

SHA1
2ec3f7923659e6e2067637157bc9b12217e6b777

SHA256
041f2d0452ca62779e03cc1694bb31dcab34221c30b11cf4ad8ca2ccf430881e

SHA512
3722f40f2d12431ebaab7719c88086d40eadf3770a4509f6a6d6b6372cbf9aa513782f9563c9453f7e6b4dc3e0d8e1f82d5e2b5b640eee9a70df27fc4489b230

Download Submit
/data/data/com.tencent.docs/databases/tk_file-journal
Filesize
512B

MD5
d37d15081c7a6372fb5bbebfd914740c

SHA1
7b0527ef11f761b95d4c3dd789437d2e65d61bda

SHA256
13ff8c1c92775d29a2034bf5655945e3699582e8315f250d4515afa87e8b774f

SHA512
cebed75c2e796ed25df9df58eea3f7bda4a7feb04f76dbef12e41fc92a47bc6c4756f366abd15454804e88735d1cbd1e80c402a6c488ceb584a8ab38d7f4f1ac

Download Submit
/data/data/com.tencent.docs/databases/tk_file-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.docs/databases/tk_file-wal
Filesize
20KB

MD5
916004218d5c3d5ed3c3be936d5cd9d9

SHA1
609285bfe8cc8d82d7eb44164b61daafe8d42c3d

SHA256
9c6abf4bf38ce9c98c470cecec74150f6ebeed484aa7489e2f42837cd38b924c

SHA512
934c34fe256b653502547ef284d57f10d0f4266a0bfc32b433b5e3d0481829067f0699f2a29daa4b9cbe3ca873d9ab8040f679a32069e72c23c02f21382b496e

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
56B

MD5
ea9a452d0dc1528ed33652ca10586daa

SHA1
9f3bb194957c98aff23c7b378760041831242596

SHA256
9877465c0c9b18cc64c3d8d7c19853341332e94c4c5d5dad2fe7b17efd1a4b57

SHA512
c69d2fd66d9383fc70bcf9e0c2fb603925c946ead615d40b8c26a753cb0354487cc1e953714fb7d1829057fb9f1396d7e983bb1052a295ee73a222aef76fa4bd

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
80B

MD5
76ad185947d7808849b4ef3c7758c0ab

SHA1
23d5280db90f93396889f01535220782b9bec5be

SHA256
9355222afe82f61dcbf859a3f5e8e2e0423998d667ca99a052d792671684c039

SHA512
fae63db45dfe914e08b44ce41e43de08363f4bc324e650256aae1aaae4a442033be98e9e6b97246967cada6f5e7c159517b48a90872541a3d912783303a825d6

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
136B

MD5
20fcfd8309640fa802463d94c9caef41

SHA1
51f7f97bd953d155a6899b92f005b5b71448f2c4

SHA256
e1bbf3e422c80a8f4cfced529dc5ebd4bae86a248ff78ef10ff8b6d76fde34b3

SHA512
55d40409b74686b38283267cf4eb2406e426c4d9cc2c225b5e5138429c594b4e141c62d203476440e91ba0b6e45474437fd1d6bb5da1c2150838d834ee856225

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
144B

MD5
985b07e37f7ff2918817577f9a979f92

SHA1
6ef09f014a2b365be74fdf621676e70f72da1751

SHA256
96f92fecfd67e23d6febf5f3a18b0f5c883264c69bc35abd12803efed5a46ba7

SHA512
c489debe63081b6c5757ad43c2942c7e0034d0bc5d25cf7b88aaafbb091b068157e18ead2b403e2397d884d87e94148d291d44c5b7e01f50ce1255f22a1719c1

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
176B

MD5
79c895ea1985ac841a3bc4a8f6117274

SHA1
289b380e27842f8309339705f788fbdfb7fbe376

SHA256
7b4b3e4831ba846b9e86fdf43fbcb5d91bb66c8c914de783ac719931c1d07419

SHA512
e919884069bf8919c538c89772382eefc83992ed6fb7ca3371012d38bee5a0706e12021913bd76032cf881842a5f97561b4156fc64041b774ce55d73f0714f53

Download Submit
/data/data/com.tencent.docs/files/ConfigStore2.dat
Filesize
7KB

MD5
e7e8a25ce785fb7371282b6348bae11b

SHA1
8c83cadac2c9a0de1e1d42ed9d82328b19c00123

SHA256
a0cb3f57761e14667dce5b288e77c7fc091de28dd03b41706b089a3e8ab40618

SHA512
91253d6cda03f28d9a9fac572fe7ab49ec7d1dcbf9bdccb94989f0c66a153fda24cf1d7d89308cf4120df6bececfb7ef6ff5504453b3cecfc6321b1c6199515b

Download Submit
/data/data/com.tencent.docs/files/com.tencent.docs_common
Filesize
3KB

MD5
21920001fe6ee8d4dce3c8e8ca746b3d

SHA1
a5da7c2d2447ef48ffb5f51310074f3cd79523b2

SHA256
5bed6d540547ab460dba9846620bf5ef86ddf280d117d7bb696f9b191c4a03f7

SHA512
cf2161f0541ad859d70f83ecf8f564c8d1c8d4dc39286695b95d1ce3a2f4ada943e1de0c06af9cee4f21c49e2e95d3c9409bc0257b1c409cd03ec64bd93b1f9f

Download Submit
/data/data/com.tencent.docs/files/imei
Filesize
53B

MD5
e16fc57c94693e7e75c4f2327b240b53

SHA1
43e14a53003cc879faba2d1e87a4362b173d988f

SHA256
ad0117ed86f0fcbf6e8469b3ca61d4cdde2c957f2519e0afa4fddbe53ff998b6

SHA512
cc3d8ecebad320167a992237100166a3a7eea27e879bbe5ad89637e5db6216492b144aeee7aaba4989adfba1d23771aa468e4d727bdc8b229348d6cd4df9dcb4

Download Submit
/storage/emulated/0/Android/data/com.tencent.docs/files/tbslog/tbslog.txt
Filesize
5KB

MD5
da354d6b24978144d0173e89fcdec90e

SHA1
9427b590f22fd3e0e8478ceb22585b958521645f

SHA256
c59dc1b4b17b4ebafc4ecd9ceb46c3cb8793e37cc1a737d927f335df20ff420e

SHA512
c250c4253047a9f6a0229e2be5985473bab3313dc3512a0856b143ad4712163d33288f88e2507dff710d8abf87f4b378d0a66463a983eca2493d60168e880f60

Download Submit
/storage/emulated/0/tencent/msflogs/com/tencent/docs/com.tencent.docs_MSF.24.05.24.10.log
Filesize
36KB

MD5
e08d25a75e969d53f7680ee9fbe4ac70

SHA1
21e1bff3f9cb57cc04a068bee0e6186fc2b5f8a6

SHA256
5bd5f7f4974689a3af0fa102f9282fd8c97096454d3035f4d77773952fc57f35

SHA512
bebb0344f2b5c70ae10a633eb4aaa580d8a57e9242f92ca9a3407a65e63dc4999cf43c4a8444282dbf73038ebacbe8b975195300a1813b640d79233047560ee6

Download Submit
/storage/emulated/0/tencent/wtlogin/com.tencent.docs/wtlogin_20240524.log
Filesize
757B

MD5
14e8070a11a5e019e14f27e0c31f39e9

SHA1
cd4bdf99197eaa4eaae7bbd1a0c0366f1dba3be8

SHA256
f7e8061004eb3d11c9356d12169ecfd788b540b4f3ae409e1e6ae1f24a15fc3a

SHA512
c99b159500d9200cc5d02d91fc5e130c49de0fb954316760f7b752c50faf5a5e74102cc836c4e51844b7e28de84c715a9f1c9250e068e457206bd9c98abb5038

Download Submit
/storage/emulated/0/tencent/wtlogin/com.tencent.docs/wtlogin_20240524.log
Filesize
143B

MD5
3cc16884942aaf0f7c810b2b9e1dbd0f

SHA1
1e7ded52e4d14b8950656a80df893950bc1178e8

SHA256
7c933c5f82fe7ef78b55269fc77dc36f051171405f300d94e37502511903f9c2

SHA512
b8a59de797245ce1b044282e2cfa0fcaa896aeb18f371d83bff9b5f7e04fbf98bd5c175e0557475db5f5227425d9c0f2e12613c9aa26563ba55be601fc053e14

Download Submit