Analysis Overview

score

7^/10

SHA256

8824ad153ee651a5bba89b2bab52c0a327d0954f3c910cec0ef8dd3159da039b

Threat Level: Shows suspicious behavior

The file a73d1d48c0dbe642167b35a68503beb3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:05

Signatures

Requests dangerous framework permissions

Description	Indicator	Process	Target
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE	N/A	N/A
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS	N/A	N/A
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE	N/A	N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE	N/A	N/A
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS	N/A	N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:05

Reported

2024-06-14 00:08

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

130s

Command Line

com.qdaily.ui

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery

Description	Indicator	Process	Target
Framework service call	android.app.IActivityManager.getRunningAppProcesses	N/A	N/A

Queries information about the current nearby Wi-Fi networks

discovery

Description	Indicator	Process	Target
Framework service call	android.net.wifi.IWifiManager.getScanResults	N/A	N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description	Indicator	Process	Target
N/A	alog.umeng.com	N/A	N/A

Queries information about active data network

discovery

Description	Indicator	Process	Target
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	N/A	N/A

Queries information about the current Wi-Fi connection

discovery

Description	Indicator	Process	Target
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	N/A	N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence

Description	Indicator	Process	Target
Framework service call	android.app.IActivityManager.registerReceiver	N/A	N/A

Uses Crypto APIs (Might try to encrypt user data)

impact

Description	Indicator	Process	Target
Framework API call	javax.crypto.Cipher.doFinal	N/A	N/A

Checks CPU information

Description	Indicator	Process	Target
File opened for read	/proc/cpuinfo	N/A	N/A

Checks memory information

Description	Indicator	Process	Target
File opened for read	/proc/meminfo	N/A	N/A

Processes

com.qdaily.ui

rm -r /storage/emulated/0/Android/data/com.qdaily.ui/cache1718323547329

Network

Country	Destination	Domain	Proto
N/A	224.0.0.251:5353		udp
US	1.1.1.1:53	oc.umeng.com	udp
CN	59.82.23.79:80	oc.umeng.com	tcp
US	1.1.1.1:53	rqd.uu.qq.com	udp
HK	43.135.106.212:80	rqd.uu.qq.com	tcp
US	1.1.1.1:53	api.share.mob.com	udp
CN	180.188.25.42:80	api.share.mob.com	tcp
CN	180.188.25.42:80	api.share.mob.com	tcp
US	1.1.1.1:53	hmma.baidu.com	udp
HK	103.235.47.161:80	hmma.baidu.com	tcp
US	1.1.1.1:53	alog.umeng.com	udp
CN	223.109.148.179:80	alog.umeng.com	tcp
GB	142.250.187.206:443		tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.187.238:443	android.apis.google.com	tcp
CN	223.109.148.177:80	alog.umeng.com	tcp
CN	223.109.148.178:80	alog.umeng.com	tcp
US	1.1.1.1:53	api.share.mob.com	udp
CN	223.109.148.141:80	alog.umeng.com	tcp
CN	180.188.25.42:80	api.share.mob.com	tcp
CN	223.109.148.176:80	alog.umeng.com	tcp
US	1.1.1.1:53	api.share.mob.com	udp
CN	180.188.25.42:80	api.share.mob.com	tcp
CN	223.109.148.130:80	alog.umeng.com	tcp
US	1.1.1.1:53	alog.umeng.co	udp
US	1.1.1.1:53	api.share.mob.com	udp
CN	180.188.25.42:80	api.share.mob.com	tcp
US	1.1.1.1:53	api.share.mob.com	udp
CN	180.188.25.42:80	api.share.mob.com	tcp

Files

/data/data/com.qdaily.ui/databases/bugly_db_-journal

MD5	e10bd9eb0af1e548561f22534258e764
SHA1	7950f7b0eaccc7d6b820eb720fbcd1cf0ac29c36
SHA256	73205e63f96e18115a88887e86a915130a242f7563de8da7eb29ba110b91f521
SHA512	7c3551b6e63ceb0f2462a335b04dff806367a28e4395efb7560fe894c3c1786632aaf8cd7cfa4ddac831e84688bfe7e0936e37ebbafe26a78627bea59d495b58

/data/data/com.qdaily.ui/databases/bugly_db_

MD5	f2b4b0190b9f384ca885f0c8c9b14700
SHA1	934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256	0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512	ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qdaily.ui/databases/bugly_db_-shm

MD5	bb7df04e1b0a2570657527a7e108ae23
SHA1	5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256	c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512	768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qdaily.ui/databases/bugly_db_-wal

MD5	155d8ca386ee835d6bc3d8e78c6d0be9
SHA1	f30577c6e7cfc04562ef227584ce64a4192f452b
SHA256	20af3817b9d6abf1237bd1076d8371555b5d34983b1f785cf59a19d233ae6bae
SHA512	bad44bb704cb3c6b995e1ca8aeb450d4855a5ab21e72c6687613b164fe8063f31c293c6f9d8b9713386ce3734122a2eb7b2f302f898573804682d527003718e1

/data/data/com.qdaily.ui/databases/qdaily3.0.db-journal

MD5	2b7462d51d44e077efd6fa9f899eaa69
SHA1	5ba28b94bea106217eaa77422a6bc9ab1206ec80
SHA256	4dc301b7ae743317cc3fa14864dc65d4529577ca55ad06d7049934bd817f1984
SHA512	5bfb6a9695af874cc91c5aeb391c587a7ae94d2bc40d1b6694774470d39890fd89dc17acf17e57b61b4d6f2d26392bab807f9d523c78d584a38691c0814ce5cd

/data/data/com.qdaily.ui/databases/qdaily3.0.db-wal

MD5	408b0e1e0b19d3c1e2290be7572fde5e
SHA1	9b10b51769826b2b0d73566ab1686045428bd780
SHA256	7d0eeda87daa62d01871563063b6e8a9bd88f549802203a5d78079518a66384d
SHA512	32ad96343cbbc92ee7a85868fb181d2b5bac3687e555263aa5b17b06b53920f4d9768556933492e847b8eb15500662a813e49502e798a75d79286d9f50d3d021

/storage/emulated/0/ShareSDK/.dk

MD5	c9383021bd97affc44be4db7018c4d7b
SHA1	7e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256	b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA512	7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5	70631ceaa6f55d1ce183f9db006d3fba
SHA1	03eb78304867b194332121657b41168a65eb390b
SHA256	bd88dbdf2491f0ac2da82c5c8458aad05cd444b05335e19183f1a0d071762843
SHA512	9cda1fa4231784e7ece61c7d072840009e46a14280a00e06b386ae2fff3630d24d83e0fd5d715078ce16e3fdda085e0f8e33ce4e4255c94e2de950e25190d295

/storage/emulated/0/backups/system/.confd-journal

MD5	7c584cc980b78b60750ed298fd987434
SHA1	f298cb097aecf0d90af373bf0e03a0859737f773
SHA256	ee5a12431596ab387c112fe3818bdb60e57b159a3802d93874971b786e4a20d7
SHA512	eb0632db77d46217dcbf486f4bb215afa59782f10a162bb20f3be251d3075829e90d653c7712dd0395b6a33667bf9d44f94910ad5bb0e6cbe19902609a8c9a30

/storage/emulated/0/backups/system/.confd

MD5	22950c72585209382c09cd5628b96e95
SHA1	a7739f836366e606198fbce60e1c0fe3fbf93c8d
SHA256	86e66c6ee838542df34bbe757a983b336650352b8c020417dae98f0f5885a0c1
SHA512	49664e6aef808ee5e09e7282608e760112701d3effc0d9e33b6a3ef8023061ac2fa90f4599d564c5add5dc5d688b83e4d60e7489a709c6dec7061e3536f97d03

/storage/emulated/0/backups/system/.confd-wal

MD5	1d2a84e85464c91469beb8352ed2c447
SHA1	a4f838e8876113cec22480c1ec8989b6972a9a52
SHA256	fad7bdf6f260fc859a4f5e0d3db6d2b2e6eb7da80f1242953b93afb4270c4066
SHA512	1fb0eb601a2804a15fddfa1207eb94822295dd8746493e51581c80c48f7835d43a8d83c2d61cca1944affc65f370501c9cb062f12885083a432630f10010984c

/storage/emulated/0/backups/system/.config

MD5	65a603572c8f0c3df5ee6dabea9782b8
SHA1	c30802eb42d5ef4d8f372c9abe561a18025fa974
SHA256	ee24a2e27fd246d11069b596546db9fbacfbcd17574a9e0dd54b3da168a3d146
SHA512	d154b0692406074f3857ae99060347cd55fe9164ffe08706dfe54224fc673775cb3a9e33012b379c7f30975991647077eb766f64485fd4acb8db278c6588da37

/storage/emulated/0/backups/system/.confd-wal

MD5	173923608e258fa8348804d14e42d930
SHA1	272957857b2ac5373c16a490a540bb3c81b58032
SHA256	fa4d07c11685ac6540be3e7087721f9f39b562d076d9f319e366dd12818875d5
SHA512	bed3aa28473fe396273c63a3e9f97c417a776c7b4cf3422728cacef128d7d0d734ce43945321382597cf5546fc0f52714750463b15371e9e18c91bb53113bb3c

/storage/emulated/0/backups/system/.confd

MD5	c4613938d487142be36dc34d65730bce
SHA1	b2d211351c740c8754106dad96a41971597527df
SHA256	25a9142eb8d4447ed9b60070691d4e1152d839737a9635d7fcbbce0d46d9d63f
SHA512	87f20ce97de97cdc587ffe788e4b116f345b7f4e3e8ed6babbcd65361431a72830b0751c0992954df00c5b72c342f2d8d53dd43330de07c523772fc490187987

/storage/emulated/0/backups/system/.config

MD5	759a203679855254ea675113a40a6285
SHA1	ed574fe92681fbac93e56403a8ab2d72976d7937
SHA256	5753b35d1cf2b9664911a7aa3bd0cf04cf933501f1084c0837125c91a21dc918
SHA512	74ae584466a8933c69131422848176b7cf421b34470ef52c997c9ede0121de9ea97955381231d0adfdc752bb8199f18c7a62f26921a4a6a1fb70640b7c77b70e

/data/data/com.qdaily.ui/files/umeng_it.cache

MD5	7644ccedb9e6d68c0e7ff039ff1fed49
SHA1	6e957ec1366cdc7fdbeeaf12a106d7849a550e3c
SHA256	b6f9453a3c7f8040c75cb4b8424acd2615a70fa6538d3992cf6c213782ee9a57
SHA512	b37364f7982cb46401245fae9b12db3f2ab7d4c1656572a038d27c1fc75da2f884b50560429750b0722107662cb34e2d4a44a9b5696bd29269b546048a6fc7f2

/data/data/com.qdaily.ui/files/.umeng/exchangeIdentity.json

MD5	c9b199633c2235e33c3280320876f281
SHA1	5f21cf1628d046328d523fe814ba494a40a31053
SHA256	b6eefa0e1038e3e07bddaff7c5c77c6906966f060a0a896379ebaf12e7fcc7e4
SHA512	b265f200ac0110f1c54b84c02ccc4d5c313721253f1afc4fa51fb994ec3902d1b389749baa19848fe69710d7ac5659f8b64adb890b63e6e122819d5e2f876b8d

/data/data/com.qdaily.ui/files/__local_stat_cache.json

MD5	2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1	9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256	c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512	5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/data/com.qdaily.ui/files/__local_ap_info_cache.json

MD5	d751713988987e9331980363e24189ce
SHA1	97d170e1550eee4afc0af065b78cda302a97674c
SHA256	4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512	b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.qdaily.ui/files/__local_last_session.json

MD5	c05530ac4c453e0efa8743c6cbcc699a
SHA1	030501f54f962bfc8ddc00d8c501509581756d7d
SHA256	db13c66aa7442267d9b6d5d6779c143fb08a1a1dadd6f5a5a4df8cb316b61098
SHA512	1cc5e711e53faea66cf036b3d8fbd1adc4e9278cebd481b4411e3c1640790095cd63bbd3fcedd7e4f66183724fd580c188a6d026333871e93f692b9073a3ea74

/data/data/com.qdaily.ui/files/__local_last_session.json

MD5	acbac2d610b39e360d533a78a35a7549
SHA1	aab297f2fa1de68259525d697538a79f49eb718f
SHA256	57ef404323ee0e9d3606ac63dc2ca5f585481206db67c0c4cec68a68eb2827ad
SHA512	d8e6991fdd8416580953fec386a86930b0ed14fa0077d74bcb0fe0320a58d20c6bf19b3bbb270abd7802267b64e80654537e133da457097895f40f2144eeb288

/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/journal.tmp

MD5	8c92de9ce46d41a22f3b20f77404cc1d
SHA1	8671a6dca00edb72be47363a7071be65cf270373
SHA256	68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512	30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/journal

MD5	7becb2f1e93a441211e9c41bc11a39b6
SHA1	fff764967c01862fe0b880ab06950f05d5b7cda4
SHA256	f62a14e985d8bcd44b041f42a84a149aa8648bea74118411bdcc0824e6f7d46c
SHA512	fdae3ab2d7515929b604a5784980df422f48231e6a19fb0f7cdcf41255bb44810b5184a6c8656e8fe0e561ff17ec9f00ece8152b2e1d39585a2c9f9b767a527d

/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/b3374dc2d94325581def4460b5a58839d1564e0cf01dcb00d2601e926193a7a7.0.tmp

MD5	d627b03118ba4f0455ffb0179f1cf97d
SHA1	6663ac8ec7fd2a795f6b0676d807264a3e623188
SHA256	58b1664ce8a3a51b8c73c6abe53e4327dc9468b171f29383b5ac0ea9591711bd
SHA512	11f1fe5c12d21e8b82bcaf358c18b6817117e436ed8bb1103265309c099311a4ca622ad11877da1785989213a1ea223230db3b8b072fba838254661bf88f91ae

/storage/emulated/0/Android/data/com.qdaily.ui/cache/image/dd06e2c0179c2c67e2d9e87094a7386b72d4794fe0cdb74616c524be31b095bb.0.tmp

MD5	a4d3f8d178ba5bcc27521c4d93d95e01
SHA1	60f17e0e90b7ea5f0ab0a9a67959333acd40be2d
SHA256	b09782a8e1e253aa53c7a0738a3ed10e04aca3d1e49e409bcf71e2475e55b083
SHA512	b8e620feab44472a370fbeea62382507d2192616f37cf8d2dc06be2d66e00c8dd85c8aa6bf7ca1eb21f273de8709a66e28eea9777227dd4c26f9c2c7fdb8fc7f

/data/data/com.qdaily.ui/files/.um/um_cache_1718323607078.env

MD5	56b4e3593d7c15adec9b5813ff59aa2e
SHA1	cf2377e683c6ef803a49b389ba7c1a2c515279f8
SHA256	356a066e36f12f22806b393b29076886f06a95542bc194432954f3821ccdd717
SHA512	b6bef29f524d707c8bfb806602d842b18d1e352223cf05cb941cda191c42b0b61f31d8fb0986f38b68e29e00cbb03242fbe625903687a13262b1a62c59fe2446

/data/data/com.qdaily.ui/databases/sharesdk.db-journal

MD5	c860f5275682bc2e3ac105a19965dec1
SHA1	08d7937730d868c32a74b9a99dd28b70b68338cf
SHA256	3d50f63cc12254a0ea4212c45ac0b8dc909ddfa70cd082119df51bfb6a7b9953
SHA512	70a28545cb60377470bb8b80543d94cb44485c01578426d9a8e46e9b35fb93c452a9deb3aa0769dab475ed47238fa30d34e18f03236dab19aa22a0e44968ccbe

/data/data/com.qdaily.ui/databases/sharesdk.db-wal

MD5	880897c7ec63aab86f14186ad37d153f
SHA1	c873a4eac8f9a895495fafa16b629b3073d7a9a0
SHA256	07010b22f18652acebc3156a0128a8a45d483df0cb7cfa3c142823a759762b55
SHA512	7addd19871e987a5ff6fd977c228bb82e86a722edd96ee1dbe64d4029d12f47fdda22d96b78258345267a12ffeea6bad64e021b4140bff437386f2a127e390da

/storage/emulated/0/ShareSDK/.ba

MD5	7ca2ad6076f756d167e08f2d8724274c
SHA1	4c98ef81eb623c5df582e72a1ce7b4f000e49c4a
SHA256	a8e84f6229328208fbdaf6dab22496f4f6787144416da51d2c026664e161d506
SHA512	c851ecd65ebf9c49442aef4f8a3e9611983404acc3d89ec4351ca9913bca3b19a28b0ee2473d80b010e15628b8eec1f06e5cd542a3a91f9f752114b1b391f963

/storage/emulated/0/ShareSDK/.ba

MD5	4c4c86d50c4bd7b8e4c45de25a92b05c
SHA1	a52b7ecc24791c7748457db68723b1c1afc3825d
SHA256	46075e4cfb0edf1ad4d1baca292eaf91356a273c15525d4e15173b80c0050a3f
SHA512	146c9bb45f6ed6552091202f907fd9287c6bb6b0057c1a47feda9e3300f36d03a5b59103eab4a7f1e0bbfe73c3d2f8b757508a63db95f2304a0a2c5e1ce5f0a7

Malware Analysis Report

2024-07-28 12:42

Table of Contents