Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-mhk3za1dng
Target a05275256cade7f842f8765ac31a9059_JaffaCakes118
SHA256 29c7c5e91b2f6e8ed48be9c2987e75ff18595039229ffff97911aae71526fe93
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

29c7c5e91b2f6e8ed48be9c2987e75ff18595039229ffff97911aae71526fe93

Threat Level: Shows suspicious behavior

The file a05275256cade7f842f8765ac31a9059_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries the mobile country code (MCC)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 10:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 10:27

Reported

2024-06-12 10:35

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

185s

Command Line

com.qts.customer

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.qts.customer

com.qts.customer:pushservice

com.qts.customer:remote

com.qts.customer:pushservice

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 rs.easemob.com udp
GB 193.118.32.52:80 rs.easemob.com tcp
US 1.1.1.1:53 eco-api.meiqia.com udp
CN 203.107.60.151:443 eco-api.meiqia.com tcp
US 1.1.1.1:53 a1.easemob.com udp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 stats.magicwindow.cn udp
CN 101.201.233.110:443 a1.easemob.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 userhttps.qtshe.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
SG 47.246.109.109:80 alog.umeng.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
CN 47.95.246.247:443 a1.easemob.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 a1-v2.easemob.com udp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 101.201.233.110:80 a1-v2.easemob.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 47.95.246.247:80 a1-v2.easemob.com tcp
CN 118.31.214.104:80 stats.magicwindow.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 47.95.246.247:80 a1-v2.easemob.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp

Files

/storage/emulated/0/Android/data/com.qts.customer/qingtuanshe#qts/core_log/easemob.log

MD5 3bbe84a16033526c9345fa44e3b32e93
SHA1 b76c6adc9263433d688be227a008c5e1377605ce
SHA256 4036260c295ef5d957de88d376b78e66fe7a008c540b5586b62511321bc56350
SHA512 7d22fa7345a2bb97151022eb9b26fcd93ed00e1fc3f8849cdbde920a09833463b95d3c16ededd69a0d659d3f0caefde160d4139ddbc835554b5f9b83cc0dc292

/data/data/com.qts.customer/cache/com.parse/applicationId

MD5 42c1d54e747de0d30e362add36f5cc23
SHA1 8a5a2475e6741c3dbc1360faf824a872509515a5
SHA256 24a2b26de1a24afb80fe676ff67bd82fbde9802320c1380f83c939ef32a8db4f
SHA512 db019740b063a20717e99f1dfbba72ca8ae27fa0ee6e7c16a6b6408f6d61493809bed5ef66eb7968d32e4d6f21a98a327aaefed91c412d7f84f2901cc3194d11

/data/data/com.qts.customer/databases/ParseOfflineStore-journal

MD5 e675498578ed792c0d7922ca6cc686d8
SHA1 6566ba7b60f6cbafa2080a6939d038ba4cb34fcd
SHA256 cd7ab253c418802b12a5017389ddb0dd4fe5a2c39d95b51b29f57c84609c6212
SHA512 4ae3b8921885cf5360c8e1b8b6c4abe076c2fb597e15133e3426e2eab56b6a15034fe9c508f665b9f07cfe093c0f2ca8f3aee474dcf3976f254d9fe63d0508b7

/data/data/com.qts.customer/databases/ParseOfflineStore

MD5 3c248c18b21827cdeaf2196de81c872d
SHA1 38e18abdc0263f91764f0138c7ea46b2ac0febd9
SHA256 657d85168f5ff376bdd1b77a29040877d0ac20984e3a6ad874b1db0d38a0b261
SHA512 bace752502e82b332e98b98af9cd6dbe0ab506e410fc323e9e5482d1cdde14c23e7e3e060155ef7d573016dada3ae2051a42de4bbff7fa7883bd6e5b77a9f622

/data/data/com.qts.customer/databases/ParseOfflineStore-shm

MD5 d47723b3ab2586c1e26bd7be2a84174e
SHA1 0dc6edfcf107a438d60ca5016c208a6a10f2fa49
SHA256 1f2a026d608a0aad7ef32ef92424444550f91e02df59e1daecbef6797db950b6
SHA512 ba90469effa33032fde54aac0c767f56844444d529809405c92b4a4696ed384742e368a7d2cd9cd736b9f708b9f32877eeab5dc7ba01ee743a50a0c6433143b4

/data/data/com.qts.customer/databases/ParseOfflineStore-wal

MD5 113f235cebaf4c74e6222b8313e9d824
SHA1 b0188d41b9eb883162c88c9bbdc4283ac06093e3
SHA256 a13e791b5927cdb3778e56a8ad33b0147edd7b2670449a82cfeec6e30f00044f
SHA512 274480648fd4498b98b0cdab4f71e1ae73302e39133b9b388147b8f7aa822b718faaae901cb171d569797886288376d6eb0ae1b3fa9243c1c1e52eb5fed5d5d5

/data/data/com.qts.customer/files/config.json

MD5 ee3a1fa6b2f23fd5d4a1b938c732c1b8
SHA1 2b30d6e2d398b5c3845f90deb1b6f94c02bd0524
SHA256 1ec1322d7b73a423751ba147c9e7d5e47ef842b30a243f902e12ba9a86af389c
SHA512 dd38808c071e9a5d5e2c5cc06a81435cf66a064f4f5cb70f0d7130fd09a77ed4a5f74597c2601127281ac6d9daff5444feca1f8cdd3c4a3735909a6bde1e9745

/data/data/com.qts.customer/files/libcuid.so

MD5 266cfa3a3c77a0e426721b87ce22f7d7
SHA1 4d4de7088da039fb9d7709569e915e68e5faaf1f
SHA256 af44da6e35d1a8f5a68636b69d03fcb866d96915f0222509a571f30437983321
SHA512 09740720d883d30af2f932443ef456e6972deb01dd7238710ec1942a2d815361458b0fada0beb21d3cca969b05722cb219c5b5bcda7709a52b37870d3a720e4f

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 7ac6daecc7cd771728caea60c067c98c
SHA1 2c28c634e98e9e19092d6cdb8105a278c17adc0f
SHA256 f3101eff36092023fc2d5dbbfb7d10cd4f15be7bd324aeb195fbc6a9b56d4fd0
SHA512 746e5a17b7bd88d2956a723c53fe232443436e5a1ac6a25680ef7dbe7cba077cfc688b57c504fa0845daf27a37f08ba393cd7122f0407429dfd7c8ebf9bd2255

/data/data/com.qts.customer/files/SubSet.s

MD5 9dcf2a6f12095ecff342e9fa0c5ca72f
SHA1 c815f34691be353caa9de93bbdb00a31f62a9ed3
SHA256 4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5
SHA512 7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

/data/data/com.qts.customer/databases/customertest2.db-journal

MD5 16961e300cf669fde7aafe089e2cfaa8
SHA1 e7b7675f1954dc74f31d7bb755b46f059a9cc83e
SHA256 674efa7d3d2411fd970b44cfc1cb0b4640940c8d7a2b2c598dc8566a7ad24a9b
SHA512 8ebad74402ebd47741dee913e0301ddfcf66b18964a1e59709371d1517e297526602568966b046996231a0fa99dd69b61cedbf6d5d641791ea1ac5c525b16b77

/data/data/com.qts.customer/databases/customertest2.db

MD5 59e63acabd8e19c9e122799eb37b1027
SHA1 e08f27269a303de607a93cdac6361e92fadbdf87
SHA256 c34852703e603e0992a1bbd4c06cf9ccfe77e6936b83e3dbc2038d240100398b
SHA512 2a26ef3bdefd89d7b7a1304706897a9a1088a96fd3f9d7f351bde0b0232175f5eabdcf16da658a20874ede20b5d8672e891b3cdcec0344c69dab02a3c4d3cf97

/data/data/com.qts.customer/databases/customertest2.db-shm

MD5 8bc8185be2162588b5962c9132f1ffc5
SHA1 65767d3a5fe4dba61bf052fb2584c174bb21e1ce
SHA256 dd818a5ddcec10dcf95ead817b6c155f2d735610fe16cbd719834d513c4e0e4e
SHA512 3aa7075a9ee72a4fbcbbeb5f4e52ffb842c4d50bc04417a877cc9d7b396f6d1d851e3faa1d77bb4c1f3578eb67bb8928892b63d70b664c73cef21508ea4cd094

/data/data/com.qts.customer/databases/customertest2.db-wal

MD5 fc13668c741b1b4b408330297f4b9148
SHA1 594862cb900c1e5ed1d055f407614cfcc3bdf5a4
SHA256 45aae7c7af6f9736de434ed12da56b5d32b69b393f072cbf42613d118e2315b0
SHA512 a7fde33fe93f9f7cb8e11f186f307e412763945fbfa99ced03cae192ba3ceae80c8e50b27ae25ce86ccdc4b4388b14537063a1e0426483a94d325491906adecd

/data/data/com.qts.customer/databases/cc/cc.db-journal

MD5 c40360471200d9d4cc1909cb293b9a5d
SHA1 be003678410a58cace93a7ad99c01ce1dafb4894
SHA256 1a0840605973b94f85d522f1ddff4a6695df12045190dcc64c8a3fb4b3fd5f63
SHA512 00bb9ff082ff19b2eb40c13e387f7f9e5d2054a400f37b8d23cfe692ca872506d31ab18f68624344b26dd1a23fc41d1ba0662a31c7c3a80a85b211a456ee9e8e

/data/data/com.qts.customer/databases/cc/cc.db

MD5 c9d7bed35ace84417c52ae294d3db45d
SHA1 42b48bf136e26efdb8dca8103b8df989bed1b650
SHA256 32c02438e00455f536e7e5a56f1e2791d7f442ea9be3e40469c7016ced62f2f4
SHA512 d8395f38da71a11c9672fd990b759b2a0e5fd731dbb7d4fca92e7aecf0e4494873f676400deb728b323cc43aec1b95dbe97aa070698042b864736edb9a49ae01

/data/data/com.qts.customer/app_sslcache/api.map.baidu.com.443

MD5 ae62767fc9adb8dfdd68f0c294e009a5
SHA1 b7948a06317407076b81d11f133d951a406db13d
SHA256 91597cf61fc2933680f171210d9bffda01a54d6323daafbb7e124096c80647d1
SHA512 27491afb72467ac5662e5d42d3c15a7d0b7caf8ed2cdf4e8b2dc4da58afd8c62e0175fde58a1b6df79e0dfd20d82621472aabda9cff4eabde971268227739dbf

/data/data/com.qts.customer/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qts.customer/databases/cc/cc.db-wal

MD5 477468859c7edcaae5e0a6dfd3041ee0
SHA1 09034bcdc141d2fe932aa56c6d24e530983b55ea
SHA256 642afd654d34ae893196e5a6c85d91d107d680979d31da5912008bddf5467914
SHA512 f07f32201b936c6a798ec6d5c5045408acece4f65e368ab01fd8ea418d766434f48c3cf30fc66a71bf6c482cb11c8cf51877094aa432d79baac204840c9db961

/data/data/com.qts.customer/databases/.ua/ua.db-journal

MD5 d0e52ad905243727d800aea18897d862
SHA1 6d7d1fa533e8040f57ed72c08901286678b6e8fb
SHA256 2040913480da1be797005fb42d9df5cc68823460619eff5d1165d946846aa676
SHA512 a3b3aad3a12fb8dd26e9c92b560568349c8f0bbd0eb2ea57c34f24cb124897acb66b527547c9dc946b10bd77e03479365cb57988bd3673f830d66bae258824c1

/data/data/com.qts.customer/databases/.ua/ua.db

MD5 fe7f7588e03b530475838d2e00023ee2
SHA1 de29e678ac9e6620f369a410fe2c04acfe7c7b2d
SHA256 6fbc462a0182a44c4841244108abb875980c4a04bfa122c21d460e7dfda7c63a
SHA512 c96ce07028b771fc4f89896806daf9906c662d0ca2efa62a4d6d39d8733af01b84107ef6d8452489736a1ff44c0a7a97089a7a2bd5dc5e1104bb37d2afa65629

/data/data/com.qts.customer/databases/.ua/ua.db-wal

MD5 6cfde94ac1876638f9a9d97a35269d2b
SHA1 9b034fdb746a352e186b2f8762f8e92bc39eaa21
SHA256 f312b7c90a15521178aa121f31992e42ccbb6acbc1c66780c631687a91c21c4f
SHA512 27d48b0ee3878cbe7c117151bb062ebce6b1f206c7ed0f0d5d960d4b76c7a7b2f5731bb4d2b962442e3db653acd34861c4510e733e11fe2e370d27b7e8a7e1a3

/data/data/com.qts.customer/databases/mwsdk_analytics.db-journal

MD5 b668b75ab8678f70c77c60edae3a94c9
SHA1 83c62800390992c33c4ae28612cd3a78ee6fbdc1
SHA256 abe26979027283045065c50c353e678387bedfef9979f8eacbbf5c1da6f7fba6
SHA512 4fa0d8be1cbc77aeda46423e87ca6972cdb1b61bde195079a7944e2fb6f9cac9deff7fcbb29fa4c01b971505f4f4cc591c1f5eaa2a124cda8a56eba9587afab2

/data/data/com.qts.customer/databases/mwsdk_analytics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qts.customer/databases/mwsdk_analytics.db-wal

MD5 591c015cce78f08bff07fe0f08e34560
SHA1 1663abab015f954f79e2a6c1f06a599a5c1e48a1
SHA256 631f895e47cd7d3bfb24543c3119ae3d4f7189e69c6ec0cbea6d4ab2e41cc153
SHA512 60df10e636a449f97b804c48e7d2eb9ea5ebbdf7c48d79b2c866509d39b6e5e94665f9deecd958c48c21f2b2ed3c068774d154a4ec6ea096ffe57633b3b77175

/data/data/com.qts.customer/databases/.ua/ua.db-wal

MD5 4c5dd104174d463f4825ba010edd2a1e
SHA1 bc5f4affc4ea64307dbb2e6def8a3b089a3e6ba6
SHA256 b1b2839e2868c2b355595f83e6536e1f42e112c3f80e722b3c5db00b71473531
SHA512 0bc9bcb74fddb6454433c1a5fc7b745db1c43fc1815250afc7f5f49bad75ea286d85c53a2b25f8460182d20433ce48189531c3585bf01254544616870c60296f

/data/data/com.qts.customer/databases/.ua/ua.db

MD5 22cfd51ca77a235b53f151869df0e8ac
SHA1 3fee3de92851de038fe3a2cbf49b2b3cbc298f76
SHA256 0af08b33661a9fdb0a9d1bac1cf1578dcb6cc0b415e859c6b2ddc1416c646e22
SHA512 7966e70cfde671f52df2794b537333eefca90a4c21c6ed190499dcd38ff26fe7dcce964e5e5634e32aef271e3b6496e9c0e999ce9295a9d96100b960f8f05781

/data/data/com.qts.customer/databases/.ua/ua.db-wal

MD5 e75ea053fed25720983a5cee89808c83
SHA1 ed612e65bde0869e694ce8b7121dac18a1caa1f8
SHA256 c67ed17abe064fbb3fdb73ae06d0f6d79b358b89890b33f7e193745e13f85793
SHA512 78019384f5e6936caf511358dc1a971d68fe87e10550eda18a6e16b192f426effec83bec8c2ae213f9e231dc8130cae0a38412ed2cb539ffce52fba2928f3b1b

/data/data/com.qts.customer/databases/.ua/ua.db

MD5 2d1afe30d25a76258e3ff0e53fef3bf8
SHA1 61fd574eeaabe8d37e219167789f940e44a2060b
SHA256 50048e9b5883f412afc47a8b3abde0d393e917c4116b335c8baed9859ed31c16
SHA512 e1e9e4bd68f668327204c5530a5a91eef0137034bc410a9a40d411598a9c8641b6b5c3f71a6b14fd5922e3506b1ec464e143d92f606d629c1db7832863620849

/data/data/com.qts.customer/databases/.ua/ua.db-wal

MD5 e476176df46b54eefc8c4993893e8356
SHA1 860798312f091e4813cdf39d57647b0bb6767ea8
SHA256 1aec1e7e0ea46ad2408bb9916b8b5d772e36630fb4a9dadfe0f6d4099ae48e2e
SHA512 1ce1bc683b6aabf5939abf09450e85f39a5d9c8accee4913d495e39a02e63842858fde044bbb82f0d99a6160cedd31dd84542db7433a0225cafecbfb2dc6fcc6

/data/data/com.qts.customer/databases/.ua/ua.db

MD5 e8d2e20a7d77c10b0b14884f4b6b542c
SHA1 bec584fa3fc0c5932aebdf0af78f211ea21aabde
SHA256 69f132a7da26541345edcc7379d899c1d1b3f56db3ac2a6db8a8b5a25b7182cc
SHA512 1f10e7a4cc0dd8ff04b735e5b67e2a57d6022925c3424c5a236ddad5039173f138dced467612fc81d32fd6bbc401dac7fe341fe00cbf6a5d90b9a4a29ace1ab7

/data/data/com.qts.customer/files/umeng_it.cache

MD5 a5c2be1459fa7e5c68828a3cbb5a6284
SHA1 c0668eb6e5383dbba85778b7e80cda000e493a3c
SHA256 022427688809c6acf4f74ecd14381069c40c1d1829cd87e5d778a3735965b2d9
SHA512 5ab5948d039bd25e6717c9bb2117c6c9df52a27b16364b1f6e08bb58868f4786e72065f11bbf8cca4c662f6730d01d9675728a3936a66385219590b59014e579

/data/data/com.qts.customer/files/.umeng/exchangeIdentity.json

MD5 c5370f4f72eaf2dcab8ea66cbb3ffe4a
SHA1 cc8de3878f8666fb0f769016f3ddbc40f98c7d05
SHA256 9fdbac381eb671bf57637f35440c185fc56c8152ab0bd005c57df2494dd168fd
SHA512 0bfe17c2244e66fa29026029403e3c1241ae781e906b11cb8326e8a41a1144420acb2995dabe38a29a4a0ab08e9e96b0c7cc2f08a7fd38637aa3a09510723668

/data/data/com.qts.customer/files/exid.dat

MD5 006b809d2b6427e1998a6c64a33c1248
SHA1 61325ebf36dc241c806c9607fad26b1731577819
SHA256 39eae184baee121c2b60eeb095b05daabaa7bc2e5645ef009ffdc3af1cacb901
SHA512 fe354655880763b872db31d3c566e80604cf3af0b9db2e680cf0279ddd61d594e5a1f6715d27f4126dbc763d7ff2bbffb827cbb412059900660bac5e9448e202

/data/data/com.qts.customer/databases/.ua/ua.db-wal

MD5 58fac056fbffc558431983ff5e5d5566
SHA1 b7b36b05ce608a1e440acd7f3bd1a2449617367d
SHA256 4dce0ab91638e8237e53841c1a80ba281d42cfd0e100aebc718910afbc75aa14
SHA512 28f868fb800572588a02ea5d6ee369a6d0774f9fe5b1326e3e15fd24002f136a9ddb1a5371a4f6b04581e1d9a394bdaa0e53d2f4035fcc6e464e6abdcd0c59a8

/data/data/com.qts.customer/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.qts.customer/databases/cc/cc.db-wal

MD5 2e8ab15c0cafef2278d10a902d6334ae
SHA1 60d5609e55b5a425bc04c5aa2e3dbcd0ba65b7a4
SHA256 b199c8f94b2f2f1aa7f1c5a7049814cdacdc438579255d0f83ec10fbd8e61fb9
SHA512 d55049eba1f0f40e08d68ee57c901e23696bb3ee02448debf8dd6817efd1252a52794f65bde5f0bfdeedb01c85a2dd367f767cdef73e9c2a5e11700041932116

/data/data/com.qts.customer/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.qts.customer/files/.imprint

MD5 cf83eca0c07596f51434a5c5cded83ae
SHA1 e3bc26637b6c74180b2a99b47f8c6e6ff1243a72
SHA256 72194eee4c6b7a36c21fbac01345e6897b900cc505e776c89957f5fcc8b8731c
SHA512 bdde1697cfaef88ab4cd9458bfc60106d123c1b8f01bf084e5fa7c6631ea7ec20474dda7f1d0f5c967856477fca3ddb447926515596785d6bb7ca87b5065031e

/data/data/com.qts.customer/files/umeng_it.cache

MD5 bd49c549a1e6abfb7f552d38142524fc
SHA1 d690458d9bba0dcdd0b815a00851d525d371507a
SHA256 22880f8ae0a8140c2cdb3e591e9a053372be8e8bc154b09d0f2520a97e01d770
SHA512 f00a8e7b29a43c9c1146896a2b5a5758d49dd27e8364325b879ebd67ee456d22280b2546320c83dc5efd6d5a976f295a3e0987599829819a6da4fa759ea1e5f2

/storage/emulated/0/Android/data/com.qts.customer/files/baidu/tempdata/grtcf.dat

MD5 7c366ea8f849e91e3f0f3093867b5c33
SHA1 88bb005e5643134f8719895233047017afe39800
SHA256 d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9
SHA512 4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 10:27

Reported

2024-06-12 10:31

Platform

android-x64-20240611.1-en

Max time kernel

2s

Max time network

131s

Command Line

com.qts.customer

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.qts.customer

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.228:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp

Files

N/A