Malware Analysis Report

2024-09-09 17:41

Sample ID 240614-aa6cqazgpl
Target a738fb2fc1c01bf18c6c2475d1eea406_JaffaCakes118
SHA256 10fae2fbf207797112d6ed28688dcc4494e668860af7e23890d07eb1040166af
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

10fae2fbf207797112d6ed28688dcc4494e668860af7e23890d07eb1040166af

Threat Level: Shows suspicious behavior

The file a738fb2fc1c01bf18c6c2475d1eea406_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:01

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:01

Reported

2024-06-14 00:05

Platform

android-x86-arm-20240611.1-en

Max time kernel

156s

Max time network

185s

Command Line

com.tencent.qqmusic

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.qqmusic

com.tencent.qqmusic:QQPlayerService

com.tencent.qqmusic:lite

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 monitor.uu.qq.com udp
US 1.1.1.1:53 monitor.music.qq.com udp
HK 203.205.254.145:80 monitor.music.qq.com tcp
US 1.1.1.1:53 proxy.music.qq.com udp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
NL 43.175.22.211:80 43.175.22.211 tcp
US 1.1.1.1:53 imgcache.gtimg.cn udp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 203.205.137.72:80 imgcache.gtimg.cn tcp
HK 203.205.137.72:80 imgcache.gtimg.cn tcp
HK 203.205.137.72:443 imgcache.gtimg.cn tcp
US 1.1.1.1:53 pingfore.qq.com udp
CN 183.47.109.82:80 pingfore.qq.com tcp
CN 183.47.109.82:80 pingfore.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
HK 129.226.103.11:80 proxy.music.qq.com tcp
US 1.1.1.1:53 y.qq.com udp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
HK 203.205.136.105:80 y.qq.com tcp
CN 183.47.109.225:80 pingfore.qq.com tcp
CN 183.47.109.225:80 pingfore.qq.com tcp

Files

/data/data/com.tencent.qqmusic/databases/eup_db-journal

MD5 3b4738b146155dc0d1688c6179e1db6d
SHA1 7f9f48a1f75d85b674348f4bf6aedae2c10b1f68
SHA256 0f5d9b3db2bae25362f52e8c005592ed691551bae300ddbdd8c3e938f5046290
SHA512 3a026f60de1cf0891a9c11300a272676f8ddf4d20b484e08cced2f9709e6700c44bfec7588a4d91a5aecd3e6a6210ba89c5d89ddb512767467d82054e8812c7f

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.qqmusic/databases/eup_db-shm

MD5 21830b00a929c1a9fd9ff3ecd9e9b134
SHA1 63f26f6a7646e905d5671b3faad9702268ab2a12
SHA256 3fad2e665e0878d6953359d6e52104b5d5ecde89317c7c8bd01c8d6c36467d40
SHA512 d7e2ab9aabacdbfcc8adc66ffebd6c0b14aed87a9f3b9bea53c239e19d83286445b1584e1b40a2e93147ea778440480461fc59e72be938e338aad2a122ffb79d

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 3021fc5311900e046ee789c75021f9f4
SHA1 24d468105bf3c7a42b95295541bcddfc4d251cbe
SHA256 df74fb39538560c1cce7e3f60883b5bc914289b85d2634da1e6fd3c8e55e86bc
SHA512 6f5342107be8954be9551676e4580581d13bbb4149a9e513a74865607765743d18c4f932bdd34ec1f9b58f78feab8f46de1332b27f4a287d7a096131174b06f1

/data/data/com.tencent.qqmusic/databases/eup_db-shm

MD5 3f1fabe3955bb49095df84eb8851085d
SHA1 7b8993baddeacb98f5468890da127df073a1140b
SHA256 1b9a889376fd3ea9a1ce0b30cc4f2f592f1a8f8f06f2a15afe43c72702486e0d
SHA512 adde45c892553b10e1c06eff7ec09e129a7809f4e115795bd00ebaedd8ff536dc8d37c3d87cd58052ee9ecd843e08ac75005e27234b77a0bfcce27a525e7d779

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 2e091aab8124fce7d30a40e6cf7186b1
SHA1 e87a78c2e096e6f95822822e4248a362cf0958d8
SHA256 d9e2c6db9ed6078d5102e6fccc86e169cd96b46c937e35dee4f4b108ef79e26b
SHA512 0b6e8e3a20bcaa0d720d54d2c4d8c564ed906028f260b4c2ca4490108b22d75df91b9922275f162a4ee893e218d47df8aa95848493fff4218172a6bf9473aee0

/storage/emulated/0/qqmusic/playLog

MD5 383b581d6493e6a74a366573fdd902c7
SHA1 38d05092f8bc3d5f68ecc90dd9ecb61166da4bfd
SHA256 c60fed4466a64cccda7b5087deabd5d3ed52f49ff2a00600a296646fb8b62e8f
SHA512 4212fb07b646b841fb7c9e9e9558c3d30013d71a381558f2a794a0fce5fabc2b2f3ba03237f5741d9a92b636752fc38e6feae2ec613e24e8100f6a6cbf17a793

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 079cf0501981e7c6a32ffe09bf7f5610
SHA1 4c355c11f52623264a645131a81e3f67cf93fd29
SHA256 1740062794ee255a712123ff393e847a55820d6919ce892ec281107d9a040793
SHA512 9badc8453e7d9d775faa95c397dc0f35e20e823dfef886aeb49d70e03431dd94d1c5eca74d6af20fcc71a07424952c4cc7c5597960e7dc87cf1f7d6abbe2cc64

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 136df4eca388a20532783a916c1169ab
SHA1 f8606b4f62b5f754dcbffd4906d4e1525036d84e
SHA256 2bad76967fde4214dc07fe1a96ca04868ac5bcf418c0cfea403ef12e99fa28d0
SHA512 22b8a823aecd3534cf04e6d6b7d840a97312afa2816ba0723263af8ba30385097da87620291d7064f5aefebcc9f569be54e13ff92a836e7edbb7e95c8881339b

/data/data/com.tencent.qqmusic/databases/eup_db-shm

MD5 dd48fcb4e9ffdd75a311dbba478ca604
SHA1 82318ede64c71d799617a5263c0d59c4642e8d2c
SHA256 14b65d25628306daeab186d35e0bd473c832b7193fa5dbdc4b641b4f86afc900
SHA512 84d4bdcf0faaa2a992dd5bf80eac5bf760a12e68116579c8f034b2516b703970e482442dfc1adb03eafe25cbaa7b1e888269df04c077045349df2108fbdbfa9f

/data/data/com.tencent.qqmusic/databases/QQMusic-journal

MD5 2ec15f54647f88f102d6f66ff168a5d3
SHA1 bc2a369de293f6fa9180d990f0724aca328ea603
SHA256 d963ce6a60503d3d206efd4e43e6b6fc35179fbebfc5d445edacd81cda670fc7
SHA512 bfff6eec402a9a134acd5b2809e667a3821f22c3d8f8bb8f9620e39154a2535ff6c987905858a3c5e4ba4aa8bce6c3cf5789b4959d94c2361cf186485e68c1e3

/data/data/com.tencent.qqmusic/databases/QQMusic

MD5 e2b1496a586d72f8e807b0985b8cf81b
SHA1 b6b90f7a13a5350cbef31354115342247b40f5a3
SHA256 fb0d64d6b3bafc9ad254feb68b2248e157239703bcdde694b0531f5c0dfe5219
SHA512 0d30ae39b74fcd33f80a1ab0166bd657ef40109e3f58fad324019e2861b462f685e40fec57e4696705494a119cef70252f0bcc041daffff6434e3b5bff9b04df

/data/data/com.tencent.qqmusic/databases/QQMusic-shm

MD5 b9eee62a5d6bf6c7fc39feaceeccd0a2
SHA1 4543ca14c5a839b7c55032a3fc3e97234c751a01
SHA256 2b1b9289702113e48870140108b98f7d3733ac37086e706b8d21470c8c82bbab
SHA512 62c6c9561e9792e65e391bafbca42722e220bce2c563992df72d8d985285741abe2eee2d6c046b1c016523195d5f9fbc19731ee6cf98a0fbc845002e9f8446a4

/data/data/com.tencent.qqmusic/databases/QQMusic-wal

MD5 8bb3fe16b55b566932c164ce1f64147c
SHA1 41b6d8dafa4a9e34f35a253d9e8f614d44e13dbe
SHA256 9bbeda3381a50b3a1661178deae7835c6e50effa232ae68d1a1d0935b9c65e21
SHA512 766f5a466ec58503298f8f26184f4b89392fe3849b04383df29543bd4985394a209ecf29fd44ddff3c2c13373535588980f98caaf752f69415dd63779b119eaf

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 d20b7b572d4be10131c118f58139e0ee
SHA1 308d1822fe7ae3b95b4c0418c16520676705f07b
SHA256 aed380e78441d706e69dae5807f9f2516dae20581d00ffadde94cd5800404b29
SHA512 d57ec1250986a022c87856c8304b1a4e3288b1cf394a1dec57b436a8a23a1898dffe7f8e17329d777035cf91bbe58a0460dba9e646ef6316d66939947ef2bc01

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 040394fe11420bc51e9a47750faaeb76
SHA1 e01d0491769b52b1042b280613cb3a5748a254c0
SHA256 6fff61304c4c669d39f7e57359187367722a407157e0e9939756aa1d407b3e40
SHA512 a718b90f272bb329cbf9c1b688baf30b1511dc8edff59590436d082646a161560e66878f02c2852ee64dbd229e1dfbfe8c8a814684359ae7421b595cc4c1e27a

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 90fb15363c6951dbbd3132fc78f3bbe8
SHA1 42f2d9f0657c0cf360c3233d7689a9c193869fe8
SHA256 b18123e6df6df52e4e3688381881aff173c23198108432a967f953030fb951ae
SHA512 a92342807ac4c7d95be01c6e2fa1b9f902f0816762e08afc0783ed084c59e3121d3c8342e9e912f161b64c4ecac1782bfbcc69bd519ce7f3c274899d094948c9

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 5d139ca11b1e3f94367f728b23f5a7ac
SHA1 b1aa741c2959cc64e72f1ee7ff30700e0ac2cfd5
SHA256 7148efec1396e36f4140d76cca00008f49aa512b5634c84a1d04270f67616d33
SHA512 52b8a5ad985e4202965bf09f0f997eea78d470161004db0bc21a4035981f1e7c04a8d898159e1ebcce312b6a184487eea6669101ca15700e5f071424732915d6

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 8f6fc7383bc08bb615ef84a78c3754e2
SHA1 dcc689f3caff99a3cad4f68ef5f44df1fbf06772
SHA256 84382bace53652cd930c25c32979971872417b3e1dcb6a646eb290ce537cfd48
SHA512 d195688f6dc2a84270aa7064300d7191325775897184ee71555ac30f7656ffdc1eecc23c336c6aa8748d9ce5ddb3efffc6168599d190b933d92fe214070d42b5

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 fdbc603cdddcef519c144002b710dca5
SHA1 5a6f1ed19643e616f5d29cf7e27564bc28edaad2
SHA256 83be22ac5f8293872bec9bf421b13ee9b74462ce66cdd9014778ee8f9fa7a8b4
SHA512 3ea670bf5fc9ba6f70929fd7a59173500fb4d9b23ee272fa8bb3405d55a31830a24fdd36e03b3c9f622aeb7296a217ca20ce5169dd21c16cb123847ef6e17649

/storage/emulated/0/qqmusic/playLog

MD5 1e59fa480f051eb232cf5a106f2bd2cf
SHA1 4a38f5ff3bc03a24b73e8b175ea77b185114575d
SHA256 249f5d661440ed9a11a2164593ec53c5a43adac54de5b113ba69b251752bb8e7
SHA512 16a3077663c5801d86d3797f4121ae618d796a287c1966c5e12ba65da153bcdfc10b79835a2f75f54d60f09976505b50e3295044bd47a6e5d1e517e6ffc614f3

/data/data/com.tencent.qqmusic/databases/localalbum/local_dir.db-journal

MD5 e4fee49c39aa7075f754aa93c96d9123
SHA1 57d1f566c1d178d62348ba2fbd7fedd15f3c927c
SHA256 9f4534932d315fe65ca48c43e30028679421f8abae844bfedf4e41fa6fb2c070
SHA512 8d8bee4def8b29c81b4d7c74da8e4b37414071f0fbfc864efb55cc1768811112fb11d5e1f4344b7f23ee851eb6a9bcbe4ef4ddea972cd1edfba3c0d9200bf26d

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 8ae383a3109716c77f58f992104166c1
SHA1 974e6e3546f8a4e87dbab854cc97380f0c1b3c22
SHA256 1f0fc2a65b63d7723a5d9393dc24b52039bc7368016c7da76fd4f17422e12fdc
SHA512 d53d2e4ec61baedcff1488e34c7c6319583de09444949b7df207280ecc4e80b55664a15b8e5fe6f24383bebab2a24d32eda9f2a3d3c2da96201d8fc63566113e

/data/data/com.tencent.qqmusic/databases/localalbum/local_dir.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.qqmusic/databases/localalbum/local_dir.db-wal

MD5 c74802a4debe17a0884d07694d87e26f
SHA1 a54b69a462d9e0774394cecdca72fdc90047994d
SHA256 1ed9af9bbad7912fb06aa14d3ab4d9342f4a0abc7dd0fcc6b4edf295be36694e
SHA512 975828e9311a9b45dfb74e145e0a7d9f1415a800a0ac11593f9bfc2bfa0388d6309b1c86e66b17db891bba014bcef2e35a82a48a91cf3804adcc685e9fbbbe7b

/data/data/com.tencent.qqmusic/databases/QQMusic-wal

MD5 b24fe1125c105ab68fe3bd959fa6701e
SHA1 6d306ad3c818917f3b273c59015c78842f88ff88
SHA256 f26b94a0eb455c7be9af8b29691ab14a4b37c4be5bc3cbc18abcdbe92252c228
SHA512 41b6af7200331d12ccf596094ebb02136fa08594fd22e29beb2e5d0634d4ad8a9e204fe5d143a0a703daaab4dd19f851c54b26740aafd0c447337d8e93d72f4f

/data/data/com.tencent.qqmusic/databases/eup_db-wal

MD5 7d291f95b56efeefcea71984cab538b0
SHA1 70c18867f7ffbec13d6d7006d678abd583ed79a0
SHA256 44fa19b8657b5d58f34344bc9f4eed3cffd005e9de6babeaa11a4ad597e6bbe0
SHA512 d5fcded1a148034eebce2afaeee30a0aeb2f59b227c5785dcfbd914799bb6be6cbeb89484f4918afc70ecf01c1d12d9d084fd44bc363cf5df3987a2d07eca690

/storage/emulated/0/qqmusic/log/com.tencent.qqmusic_QQPlayerService.log.20240614

MD5 e6faeba5313ab6547a080a44b8824429
SHA1 3f7e648772e979df03ba77c5c577846661e72eb1
SHA256 8b8e2e9939896c1c008315bc3d2ff0ac09742e3f2d3695fbf2aa8ceb59dfc652
SHA512 8fdc348fd3dcda9226a0225e7b556a7d25d215cf80be653a2da3fc714d40dc7762658dffca66d230bcc4422ee9bad581286342a10797939b8e4da02f86795d4b

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 576795343720fdd2812add03ca1c9b8a
SHA1 673f1cabfe81bf66ed6b6325c921ea12bb4af9f1
SHA256 cfdb7551bd1a2453b4f1b0ad2d9b37de20ecb6b571e8ebdc3839d6ee3e54a550
SHA512 f05cea23da33215f0e45a5f1e926b111a189acfa803ebb66b36b99cab3a3ff788f09df072b6a455e8cc0f1f13dee1e3d38836b11542f27627f2f1e638c07dfd0

/data/data/com.tencent.qqmusic/databases/eup_db

MD5 e26745010cfe495b5973d7ccbc911845
SHA1 d076ae084fd1b8c031b5dbeb067f329241dc1411
SHA256 66396e5b8d67926caeff719746ac3c4a6518ed5f9d571abf01197f4af8e1b750
SHA512 20dc17763fce458b222dd286d9e0292684b4afa6a398ed1c0e6de9def8cfcc4213a7a3cefb70b2757de3f01b88efd4fd818ca5982a738a4004452c0b390c7fce

/storage/emulated/0/qqmusic/qmSfile

MD5 cf389b1abfef1d76e5b178cb101d0656
SHA1 e530f98a203fb05cd3009f9dd6d73332d876fae9
SHA256 11f6267d4e27667be1c2946442af24abfe755214d4d9e93029f3bbe0a5e67115
SHA512 0c3a052788e978b4ab49f1aac5c5272a319efb98c3b3ec8427b98416f537b3b7133216ac1697994a269b003eb62e4461f8c8fc4f49678334ab560f3848ac2325