Malware Analysis Report

2024-09-09 17:56

Sample ID 240529-frkegabd31
Target 7f93e6c55572585d6736524e53709472_JaffaCakes118
SHA256 7964c31d2b708507926c545fcdc342526479206b6ce90bbb40f0e06513da3843
Tags
impact privilege_escalation collection discovery evasion persistence ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7964c31d2b708507926c545fcdc342526479206b6ce90bbb40f0e06513da3843

Threat Level: Likely malicious

The file 7f93e6c55572585d6736524e53709472_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

impact privilege_escalation collection discovery evasion persistence ransomware

Checks if the Android device is rooted.

Queries information about running processes on the device

Reads the content of the call log.

Tries to add a device administrator.

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks if the internet connection is available

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Changes the wallpaper (common with ransomware activity)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 05:06

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:06

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:06

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x64-20240514-en

Max time kernel

14s

Max time network

132s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x64-arm64-20240514-en

Max time kernel

13s

Max time network

132s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.googleapis.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

187s

Command Line

com.tencent.qlauncher.lite

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Changes the wallpaper (common with ransomware activity)

ransomware
Description Indicator Process Target
Framework service call android.app.IWallpaperManager.setWallpaper N/A N/A

Processes

com.tencent.qlauncher.lite

com.tencent.qlauncher.lite:tcm_service

getprop ro.product.cpu.abi

getprop ro.qrom.product.device

getprop ro.qrom.build.brand

getprop ro.qrom.build.version.snver

getprop ro.qrom.build.version.day

getprop ro.qrom.build.version.number

sh

com.tencent.qlauncher.lite:plugin

su -v

com.tencent.qlauncher.lite:plugin

com.tencent.qlauncher.lite:plugin

com.tencent.qlauncher.lite:plugin

/system/bin/ping -c 1 -W 5 info.3g.qq.com

com.tencent.qlauncher.lite:plugin

com.tencent.qlauncher.lite:qubelitestat

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 monitor.uu.qq.com udp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
CN 183.61.38.168:14000 tcp
CN 112.90.140.213:14000 tcp
US 1.1.1.1:53 dispatcher.3g.qq.com udp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 w.html5.qq.com udp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
HK 43.135.106.42:80 monitor.uu.qq.com tcp
CN 117.135.171.182:14000 tcp
CN 14.17.41.159:14000 tcp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 112.90.140.216:14000 tcp
CN 180.163.210.30:14000 dispatcher.3g.qq.com tcp
CN 140.206.160.242:14000 tcp
US 1.1.1.1:53 info.3g.qq.com udp
US 1.1.1.1:53 212.106.135.43.in-addr.arpa udp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.15:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
CN 157.255.244.95:8080 w.html5.qq.com tcp
US 1.1.1.1:53 monitor.uu.qq.com udp
US 1.1.1.1:53 strategy.beacon.qq.com udp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp

Files

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-journal

MD5 52484534514614cd26dbb890c5951e90
SHA1 7380bca326f5432c5e0221aefd5c8ea7a591c6f3
SHA256 21fa0b0de273a2525cef853402055cb2a6c23316578f1c8730be1ef777c01b10
SHA512 7da502ffa7c4708faf1e3b334bad7a52c01aef47acf4f6154c256004f96eb9cae9595e0c45a32f84dfc6cbfce4dddbf13be9ca8b20845235e41859d131fc098b

/data/data/com.tencent.qlauncher.lite/databases/launcher.db

MD5 3e17bf2e541ae18e264baec8301f226f
SHA1 b3a5f54b681ea6eb9ead3ee599025e29a15ce93f
SHA256 4e5f4f8f07d5f31da1e6142dc3fbb062e01f988193c79ce6db541860780803b5
SHA512 de60aff14ccf01eb29c3253fe79b9230575ba05ca3f457356914162455091a78dfeff94d1c48f18e05efb055c51eefbbe61d56a487a240df3e2f49e430309407

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-wal

MD5 03ecfe39eaca93b6769871d8548975b9
SHA1 1a9a4d2761ae2d2dc90d97f192b37d0e2baa01a1
SHA256 95abb7cccb8bffba4a93492f836647d735d0def77f4a0f779d4d7cf7097e7dd7
SHA512 50b9318485a1a73f768aebf02f7aa721a494e6e34255e322e23fd9d5f047f28c794e35f87c0338d6fa1e53cecd4e15c2be4eb280788893fbf20e48aa33643e3d

/data/data/com.tencent.qlauncher.lite/databases/eup_db-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.qlauncher.lite/databases/eup_db

MD5 0a7c2287a47f5420cca6e64ea959b1af
SHA1 9f67143a3bcab70d26b9b7ba4b232be70f1a031f
SHA256 e67814eabd960d39f17c6dfe5319f1640955b4b9b0464ff2898555a5b8076ee2
SHA512 ac3ff0eb9ae66c063f05e2c8d2423294c1bddb0eedb1816fa92b8e3e5afab88374798f4297d7774d4619e6bdd4f180238889346d82e7737e5af851b2f6d5a7c1

/data/data/com.tencent.qlauncher.lite/databases/eup_db-shm

MD5 2ec7630405a0227839e2c9439d3ceeef
SHA1 0ef7648ba02a62f6cf8a51ebf64112ad985db9f0
SHA256 8d7e0f6c89ce7bf0fd85d5433830e480c39895d0732ed9c0d9233cbf2b7b0338
SHA512 c7c4f60f562a2e4dde5fa4cbfa538dfe02909e8064fc8ecc1ea233136fa59e174dbda4d22732014fac6e33f3a2dda558e27b4599fec5dbd7b72b1a78d1b26628

/data/data/com.tencent.qlauncher.lite/databases/eup_db-wal

MD5 d35b3990a78c12497362ce18228796cd
SHA1 ed91af8549689a599ed93ef6c367ccfb76eb6ed6
SHA256 3afc1b3db8fd802f471b5c6f0f9537875969c2d1a95a02f6f73eaeffdd9e2c14
SHA512 3321f0edf5cfeef5bf417971f47b82ccbed010a1936a927a076ab0754965b32da85dd64909dbc56d6656b417c269c0ba2c5e6d6c91e5cac8f69468b797002879

/data/data/com.tencent.qlauncher.lite/databases/settings.db-shm

MD5 13d6305e5affeb493abe6c693cac1618
SHA1 76a32239c49383d54b541218543181848491d37a
SHA256 2ce466a27391da088e528b23730349afb2ab28078fce38567b741370acfcd17e
SHA512 400c39aa2e04df9201d8940c4d2562ba97ce73405c613216bb5327b2a2fd5250a7302f56aba572b81b22b6a7ac16a3527f979d503558c1f800e3d861736122dc

/data/data/com.tencent.qlauncher.lite/databases/download_database.db-shm

MD5 ee505dc613761fc9e7f59ffc112fcd0d
SHA1 c68e55432cb5941830af7ccafdbf6e44c7867f56
SHA256 255c83e526cf26d6488390ebacb1436c653dbabed40726c3d16dd134b8d53b0d
SHA512 5448b8e7ca20fdb98784d2dcdf162eee9b9dadceb49e05485bf4272c768a1b6b028eeb28d8cfd43c21c120edc24812a9922775f7ab66e66e8def9d89e0d72afd

/data/data/com.tencent.qlauncher.lite/databases/download_database.db-wal

MD5 5b689a314f148664956a71a649c5663e
SHA1 01fd7d67b9c7dcf3c25bac3ebfb58b10e3275a32
SHA256 92205f5f043e4f1c7ccf06e5a242bbce9ce2da6cee42ab2fee2a08567ebef2a2
SHA512 8aa1b8d91252e4549a594a4cf49a7469900f7b7edf5619bd6ebde17502db2ea883e7496752ac2cc4e61b58640d31039aa2cc7ae3682f95dd18ace4c12e822332

/data/data/com.tencent.qlauncher.lite/databases/settings.db-wal

MD5 6439b5df711eaf282d60692f0f98865c
SHA1 c1bb2a8794b8cc75c8008ef91b8758f21e781384
SHA256 204072890b5df1360187c4a7e458a691e791ba497f74b5912a1375c15a6a7277
SHA512 5a1ff8947c10f27538ab805d4a8f0fe7346cb80ca0c5da74b9e2e6bbbbf252f4c9bc1545eda05b7eb2e2161dc9193fe9c5cbbc637523390ccbd3a83149231363

/data/data/com.tencent.qlauncher.lite/databases/eup_db-wal

MD5 ac173533731b87fe7f3d40577e2bdb83
SHA1 55266499430e2ed2748f3219d1ebbf21d9cce283
SHA256 b9e72748e2588d3cef45a655a3af4fe8131f0066e5a9a0e5c6a3702ec777ae2c
SHA512 e810a0e0c6fa8f35d7bdd636d87be66c058934a33233576da44a4cee1cbac858b3dcaf4795676a75703f2b6eae9a6b9ba0297ca8bcf10a5f479b6a3bb120b0b6

/data/data/com.tencent.qlauncher.lite/databases/eup_db

MD5 722efc422310797c089b3decfab9ca37
SHA1 07a0c51671565959b634e917c0dd1eb46174b4ba
SHA256 e11e61aab4bb85e607dd4765861e33145b2f30b1ffb06178be9794576d10c3b3
SHA512 1aa37e014410d302693faae53b58634805d5b97b201ad4f6321fefc1630976fd9d0d02c862cec64058820f338341e96f3b6d64aee83b59df8de131204585f907

/data/data/com.tencent.qlauncher.lite/databases/opt.db-journal

MD5 2bef379f1f1e28920d19cf191d99bae1
SHA1 ad450ec0c42c0d4594c01390cc8fedb2c845c682
SHA256 342507e71c6b77568c282e5a4ecc7caef3d88514275510861e3138da8d667699
SHA512 059963eb3ad208d1d44783366c3b00d6285355fcb76abafc96b9133626ca62931b426f4835eccc26ff40e50298317d0cce6a5a9b29206c9df5b3c5ae60e2ebdf

/data/data/com.tencent.qlauncher.lite/databases/theme.db-journal

MD5 4b032e3e79c313f033be7dfb03732be2
SHA1 1a1c16dd8430a1c6821a155d144f5314585d4098
SHA256 460f164b3a7a9551ac107f08a362da5de46ddc79c72d09ca4e9c1e8512d8fb92
SHA512 1a74a65f3d19dac95aecf17e3ae7d524cd648c2876eaf6cdf9a788c727c56150000d42295a0f4296a1c005381b5b411767fc0b74da46b602051cbb443327c61d

/data/data/com.tencent.qlauncher.lite/databases/theme.db

MD5 f667dc104e8ee10ed512f0a44cf121c4
SHA1 cf80a95741a8b9804fd70b15d95d3bfd9e1ce272
SHA256 8c40b7cc5d65a690096e53ee2a5db8c2a476552022d037fc507e154765233451
SHA512 2ccefc9dc79917478a8535981c7cedab1c38577c003eb23f7f6f35c4da6160b3f3093175e95b9cf813bc617e38a363bfa4194a99dc2ab5e530a425e8f9a8333e

/data/data/com.tencent.qlauncher.lite/databases/opt.db-wal

MD5 a4da20990cc509f9df7e3d33f1553d06
SHA1 46afcee38858328e025439bc4213b0d4a342163f
SHA256 f133e29c20cc58813363b90b18abc9369bea268ee45eddff2dc19dcebef7d34b
SHA512 9452efe79bc53b61182767f8b1a9b7b55709a363186c34dc16d26ed68d0a6b15f53cce89ebd37fb113a192a9ed5db489dbe46129c908720f4900d6ffcc005e37

/data/data/com.tencent.qlauncher.lite/databases/theme.db-wal

MD5 0fde1d279a4d60e8b53c40501304676a
SHA1 ccd81ce62420dd1442ce358dd8910866d85195e4
SHA256 debe9f218d6a89d72e42ef0d00d1ea0c45d8c8812352e47f643f43a5d0c2b31f
SHA512 66bd25ebc8391ac9e22ff6c9e6bd0aa14febb6506868cb9edf391d52258905576b7e1e7795462e65872625d103c6767a37a4da429e6a98a3d465969dde12a3a0

/storage/emulated/0/com.tencent.qlauncher.lite/theme_file/com.tencent.qlauncher.theme726

MD5 20f56c9d6cf52f61b7a7bf14eb602d41
SHA1 3fdaf261c88a5d8d02816ed3446eea92de8425e7
SHA256 d6ae87a83b5268f2280bfae3543a09d0a2d4d31755c2cd1699e31075dc3b9082
SHA512 f4e44c3bd3dca6de035541130142d37a5b71dde56f10c08b2f13b59ebb34adf377e6a14acda9c5c33abd14f3259847fedfcf6fd5f24095fd4654d5c2912bd8f8

/data/data/com.tencent.qlauncher.lite/databases/0M300MI4MB1RC6CP-access.db-journal

MD5 2a74977871b0df12725227d3b8ac05a4
SHA1 478f2be4c1884be9b0d1b974087279e4ea8ce58b
SHA256 49a0235aa92a02295b155ce1fb4ea1030a065719834da9c6e4247d07825af0ab
SHA512 8ef53c8c0216bc0e758e4464e971e2fbf63c700964de914066b43d63f4bb7b21e9975ae35e1f7c64051afe7b664518fc9e1f3c7994f4984b8a1269104a8e49eb

/data/data/com.tencent.qlauncher.lite/databases/0M300MI4MB1RC6CP-access.db-wal

MD5 8527fb15516bd72908f5e03610b5638f
SHA1 9bff3a64abe236618c1ea4870346df948585c1fa
SHA256 38eacab619f2de3d5334f856c197c03136c348b36244a1b603cd30ae8b4a50fc
SHA512 4fe68c3758d471c71fcac41030e3ed316e8ed098dd22280d5080cd21fe0f42eb8b93aa0c679600762b1ebe6516e04721c49879b058398ad5298a862131f80335

/data/data/com.tencent.qlauncher.lite/files/libs/libblur.so

MD5 5dcc45589459853ef9f2f46c441e50be
SHA1 41da974bae2bf9fc6ac21a3c5c427419567c1767
SHA256 ef8f0b6cd686c2c4bbc18e71b14ae1b84c63eea75a9e424b0e6b43dd4d16af84
SHA512 21cd568450f0124ad2dad023d8302aed49f1f90991f4a69b82d4609e13786341bedf446e2bce386a02c4fa88fbe00541e8c408eb3a3c6990e8fb5fc28a90df7c

/data/data/com.tencent.qlauncher.lite/files/libs/libbspatch.so

MD5 8018c2a4aad05de14709f5e03bb04ba4
SHA1 82961bd084ccf0176bcc24a0aebebe7fc61d2cc4
SHA256 a55bb4c21f2cce83fc9defca8e70eeee90e0c9660ccf1364d1d58ca226eaaae7
SHA512 c5af6e0b6a3db926ffb77e82d93673e4c89e3d5f86ff29559834483c5a5411c97881ffa7d337249a5f4db693920d73762ee8a868b755de5de225ee572fe15b9d

/data/data/com.tencent.qlauncher.lite/files/libs/liblbs.so

MD5 0b35104d837fb0e9520f949c12e7f6f3
SHA1 01a8fab5a80ddfc603abf5d42e3184675b619600
SHA256 897dc0399ba8ce7ea23d2eb676dae2a712050347a5b74caef5693e3ff183dfb6
SHA512 536db2178f453f8f76573668a96f7c879db26c52b3d34ed90f0f19d21367f293c277bc7acac096ecf8d342e93a79f98b27bec186d9e150581928628efa8d3f34

/data/data/com.tencent.qlauncher.lite/databases/launcher_function.db-journal

MD5 6eb94bf3c6ebf8fc46492568e97f21ea
SHA1 7b105323eb85c6d3fb1e87269c701956e0570326
SHA256 67677daf760b36d7b3ecd77ac41dc5637f212224dc996ffe9d26d30e0662b054
SHA512 2190acd8b8140b816314a980a44517936c830a217fc7c485437052d678dd87061e1e05e2291fb5e71f9facef2a3a58939c776ce3febf2512a43cc977f6fb21b2

/data/data/com.tencent.qlauncher.lite/databases/launcher_function.db-wal

MD5 2c2cc906682ef2f3e34b12c9f585b910
SHA1 d0a3041a826212e483efb82585e98f612b312d2f
SHA256 b23b3292086868630cf7bc570b75263eb8d4a5cd965379bdf8976bef6eb34ff9
SHA512 a14fdc3a7081aef95056d482e82f7900f4803299eeb79f578cb7cb43bd462bb34e31c1967dbba28d0d096a005a2236be7442f5858a24f10b6134de52804e1a23

/storage/emulated/0/Android/data/com.tencent.qlauncher.lite/files/wallpaper/proto/default_wallpaper_726

MD5 3b06ea592f21b8ae064a3dde9c8a7144
SHA1 54009ce35c0a0171fa27c820e69e190e37815bf1
SHA256 3bb39aedd0281fb5831d6f41f3418c27367e1cd5f4c063cd2e9b044d5a3a18ad
SHA512 015421876ea8aec8838c554529935fad94da4512f4ced1c39a51ccc71cbde265a0223b8a4b6508969c9053c1f654c2484d1d514e4e2f6c7c000e753558a0aeb3

/storage/emulated/0/Android/data/com.tencent.qlauncher.lite/files/wallpaper/proto/default_wallpaper_726_temp

MD5 6f2348c9007f2f21250b337535c1772b
SHA1 ad51b45304a4a03e5adc0801e35ba594d4e6efd9
SHA256 ac9d97e04cd11a8ba06823ca04040cef9cffdd726560b2c608d3d4498a7ec093
SHA512 cd69b87ef9253e1170ba17c2c5b22425d9a429fb1f0ce8bd9586c1b83efe37b220889e05cd5c1977fa9c47aaa6556fe901d8417f07f149c8f6486bb2d621e161

/data/data/com.tencent.qlauncher.lite/databases/hd_icon.db-journal

MD5 aa0283fa4dd733feceeb1579cce6655b
SHA1 799de85c9a4b6c066d5e8c197fa5096059f4ba05
SHA256 5b2622436fb26fd32e9f67ca1d12a1ac99a180caea200887f28b319ccfcc6a28
SHA512 d2b6ebefa4e03db846de966ddd86733603a1571c741d1251f42ea3a892fb3de4728791d1dad83df7fcde4f73a0de5e0f112e4dd8a0f908cad082800f7907798f

/data/data/com.tencent.qlauncher.lite/databases/hd_icon.db-wal

MD5 4418c40e31ef582ea63054d23edd1fe1
SHA1 6674c26f89c78bf628eb0e2e928a339ac6393830
SHA256 c5fea9cc56217b42367bdfb9562b1c98ff2172c0899a91e6162f03fa0a3dc8c1
SHA512 3af67f44d868123d6be7e2881096d5cfe714c2ef26bf0cae3b9908dc5e931b9c8bdc36c12848b4d1807912c5d20c24c3ce8aa28b05826e70e3dfa5ad1be659bc

/data/system/users/0/wallpaper_orig

MD5 9c763f51093c8bce368a22dc67cc9513
SHA1 795646724f9f91806bafc403efc065fa34c938ec
SHA256 fc8451458febd07ad1aae273470c85b1169d78c49f018a1707da63328538c5fe
SHA512 4ac006437e1b48d440d3d65df4b21142538aad93981023ff2966ba5e775c903f599074336f6013815129a12b1e3d5ce8656ce650aa25620b75e3c50d57cc9f13

/data/data/com.tencent.qlauncher.lite/databases/launcher.db-wal

MD5 25e05c3ead41a3b42e40c8b99d0bed02
SHA1 8ba55e43ab71d837764e5d41ecb2ef6a5cea01d0
SHA256 922d013f5e92967f667f6541d314aca1b9b029a100f08c4e8444d1d32e1ba64d
SHA512 9d00258f0e6de25e3aee406288088c5dba46bc84c2b256aa0bc2f9c478b92bf518ef271c2b9d04b918bdbd23fcea07f55c3f3f698a4ff702eba146805e2f3e16

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x64-arm64-20240514-en

Max time network

152s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.187.206:443 tcp
BE 142.250.110.188:5228 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 gjugnyywtepxdbx udp
US 1.1.1.1:53 owxvrjll udp
US 1.1.1.1:53 xxbstjuu udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x64-20240514-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:06

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x86-arm-20240514-en

Max time kernel

13s

Max time network

160s

Command Line

com.tencent.qlauncher.lite.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.tencent.qlauncher.lite.onekeylock

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 05:06

Reported

2024-05-29 05:09

Platform

android-x86-arm-20240514-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A