Malware Analysis Report

2024-09-09 17:40

Sample ID 240614-gh63jsxcne
Target a8362a776bb9db93224d6712b9f81ecf_JaffaCakes118
SHA256 49cd21b7daf72b56fe64bf6cefe71a132c5fb004b9af25c30f0c107256e445b3
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

49cd21b7daf72b56fe64bf6cefe71a132c5fb004b9af25c30f0c107256e445b3

Threat Level: Likely malicious

The file a8362a776bb9db93224d6712b9f81ecf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:49

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:49

Reported

2024-06-14 05:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

18s

Max time network

192s

Command Line

com.ifreetalk.ftalk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifreetalk.ftalk

/system/bin/sh -c getprop

getprop ro.product.cpu.abi

getprop

/system/bin/sh -c type su

/system/bin/sh -c type su

logcat -d -v threadtime

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 file.ifreetalk.com udp
GB 43.132.64.188:443 file.ifreetalk.com tcp
US 1.1.1.1:53 oth.str.mdt.qq.com udp
HK 43.129.255.160:8080 oth.str.mdt.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.ifreetalk.ftalk/app_crashrecord/1004

MD5 ff64e9e1964ea9cd48a338db159016ec
SHA1 2edf09f93ba8760c53db886de69e7d17507c7c2b
SHA256 165407af39662913ba6006f6f98c9a332c51e3583a60482b921960bc00e6a92d
SHA512 5a6b70c8c340ca5db571ebb9a9acd55b361649c61a52df5888a01e41c567b86fe5db743c6b778087a2eafff3a2d115dfbd05450d48e8396292d036c240424411

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 a569301f45de0dc4c07810d16ec1e7ba
SHA1 0871284d708f6bacb15ba58e76edcef283023ece
SHA256 592f118deb11c864eca056857d0aeed0a774ec776ab1f593268bc0e150b8eac0
SHA512 3b8ed3ef12368a4918d29edeee944e916ef64d81d41bfe1aa375660c6ab66003bc341da1577cc73c6769c0d19a19736e3ec5da158fe9d107cf0db64ddf83ea6f

/data/data/com.ifreetalk.ftalk/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ifreetalk.ftalk/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-wal

MD5 b1ca9aa45d6e31f53e5fbec8793b16df
SHA1 c47f1fecb0335cdb83bbe38d0dd9a44c597cf457
SHA256 920504966f0b6de1110e5a591bd33e0af6ab1f355cf4e151031a47b019bcf8bd
SHA512 b01dc1e3a856c486202d4eb31f2c60a521375904618465d02a12c6f777927a1dc4c70b9bcd32f41120655f491f08193c3eefeadd9216f15522f32dbb930d5171

/data/data/com.ifreetalk.ftalk/app_crashrecord/1002

MD5 98816bf03a9308ae6a62f4d9a010f36b
SHA1 5187f4955058fd1488290430330d218fb87b812c
SHA256 671145dd82f3dff537145c0564c2cd7254049c210ee3662f6e1546383d4a2d11
SHA512 7187645776d74b22fe58d637e5085b2414d9452d97023193f33afc396d53003bb96d08cad7784779cffe75bc5f7a99cb23d52f65224db2ca4e60b6b5b963f776

/storage/emulated/0/Android/data/com.ifreetalk.ftalk/files/tbslog/tbslog.txt

MD5 70b7378b53a641aef37c30bc1fea39d5
SHA1 493bf086619ac23a15d69640933623e95b8bca26
SHA256 7b76dc0ddc6e8f5e1627c6089770e270ee6fa117c7c17b4305c14e1901675a8e
SHA512 5cc4af579083b6656b1358f11b49ace35e243b368d169fd14a02ca32a1465e3c885ca23fe215b886bae27f5b9df2b0d167b5f982c50c84e38e581a323e0615ca

/storage/emulated/0/ifreetalk/log/ifreetalk_log_0_0de2c16dbf1f1131.mmap2

MD5 06ae8a01d80da962c7987c264af64cec
SHA1 63a497994321f254b535a846ce89f076d4e378ee
SHA256 0c5cc90b079d0d9c1ded1376357d23a9782a704a83e01731f50ccd162e246492
SHA512 8720928fbe7cf8351c9dc45cb1a9c8243939c7e3c9c6957d24dbe18c0819d05ea7475e3953018f0365461fb2987ad68d8ec9f59b03aef3adbd3e4ae8ebbd0427

/data/data/com.ifreetalk.ftalk/databases/ftalk.db-journal

MD5 c2b4fc699ab5cf25d43c9b609a8fb653
SHA1 238275d77e7e1ddb4460d640b7947aef34cd2eba
SHA256 76868e8e5c13cbecab9b6f0d4a7ff23b77d742fbdaec89599b2a13c0dcbcf8d6
SHA512 1fbd994d4167a0be8f9608828d04f97e5a66821d8e99e08372747bba3f16511aeaa8b2088453d6d6f4753bb22fad8c442deaa06a42773954ce1b26eaeba9d218

/data/data/com.ifreetalk.ftalk/databases/ftalk.db-wal

MD5 8a9fba9cf8ede7b33c16fe75782a90b4
SHA1 663839e408bb07160b8a2e86e476acbd9d536b83
SHA256 c3b1861157cc565a22f457239247e2bf8e02543c38a7806ed8fcee8e465179ff
SHA512 a63c7cc4489b974be4fdced44db1e20395305ea1f372945dfcbfbfb11a436ba6b6718abd9713ceae6343a104437dda91d2bcee49ca5cba53b7f027da222f043b

/storage/emulated/0/ifreetalk/download/action/ACTION000/thumb1.png

MD5 79430ebdbb85a57f2926e04264230be2
SHA1 739499a2de0f2e1d351ab73645223e0c157eabea
SHA256 e197f862b6683756c7625eca1756a91170e18d44765c2bfc670629567710d734
SHA512 40b5bdf20a226fc987fdcb6986c3ea6c025925322fb6a62a42bc516caf85ba7d053e2d9e80783fc4218864ad5cd5ffdd9ed122c117289de8faebb78088711ed0

/storage/emulated/0/ifreetalk/download/action/ACTION001/thumb1.png

MD5 4a3782bd79e713ef5d313852887fc843
SHA1 021b39d2c89c04fb78436db4387b8573cf0bb513
SHA256 c5e24df10e331a2377ad071f3e5d8a4ec32c0a7a3580f36f71f66c1bcedbc30d
SHA512 e39df85745935ff5e270919d8d0bca4255bac2d86becc469a9dfa1a30a4354d3dcc565cbcda1c176dc404d0363387b3576e7db8c9a88885e4f33243f64912d53

/storage/emulated/0/ifreetalk/download/action/ACTION002/thumb1.png

MD5 f2a3e25accf21ad89ad0ecdd9bada16e
SHA1 75c00d16b3e7b7ec0d2ea31df6a690dd529d33e4
SHA256 becd1a6bb56b5e1663be79b469a7b7f99755f6c348f9d084559a541cfa4a8b2f
SHA512 2d51debf517370d6704035bc6282cbf1c1225e3056f4b720c94ef11a0ebc198901ca5747c066a2ccc5cdb85842c0f3fde249b7a7bd6a89b0d5d37160fd022ad5

/storage/emulated/0/ifreetalk/download/action/ACTION003/thumb1.png

MD5 94ea172739185952f77054999c696bd7
SHA1 e995e03e543b827268788b00e0f1f3a68b026a8a
SHA256 2be15ac5bbea9fe07f59c4c2fb55ccf7126a8569bfd717881060e4bf619eef5c
SHA512 0e6f578006c49bba69302983c94db6aa8fccba39a9bbbae61bbbc313959ab6b3e2ee0a6e31a4c75d4d53e4370ee80b8709ebba91fb671f37f2182bb9574f391d

/storage/emulated/0/ifreetalk/download/action/ACTION010/thumb1.png

MD5 dc36af0136d4253d1a90a33fd044f92b
SHA1 e38f4ba8dedd0324e819d2bcbbb019c9c64e781d
SHA256 95b2557db868dcf2af02f2d3e844a51a0481cf6944740409e285adaf6ed7004b
SHA512 8cc00308ff4a619f6b6199f7806b351e2ae64fed1ed05c7241f4f306e5480323e48c1407e9315913dbd570f9fd7197a7b35d57b534b731505b355ceb7e8c6c4e

/storage/emulated/0/ifreetalk/download/action/ACTION011/thumb1.png

MD5 d4f8ab1f6202b61f90e9825f2275cad1
SHA1 d39a3293b78130508db6c2385e6528f7c21a0010
SHA256 217fcfedbfc47653a8470335d5a2c53cb0c6bafa9af2fccd5c72592098f440c6
SHA512 e2075145b6dcfa6c8c57b9f03a87eb11ca3c841379fc4fb024710176bf2197abc0dfb55103462ee21219df1fe88ac23b8216c6936635b559c6b2455c828c994d

/storage/emulated/0/ifreetalk/download/action/ACTION012/thumb1.png

MD5 db1498f3c75e2c823ada5fcacac59fb4
SHA1 abc81c8359e49b6bca1a3cad8073c89f3e807332
SHA256 ee326cfe519dee8a0c0debdfe8932a4a981fe41714125147d4f7dbf3de509e05
SHA512 3fdd38388bf33d1ca61c2c18166c2598915fd53187df3bae5b4c76ef00e3b8e31bb31eb3d395303bf422541e0c2ab8a41f142243b2fd4683381a18e3a4b1b419

/storage/emulated/0/ifreetalk/download/action/ACTION013/thumb1.png

MD5 e0c56e9873da87f86db45abddfb4099f
SHA1 feab87e82e9e0d17cdcbc1189e0723f52df4616d
SHA256 33a6d33aa551d3f36740e5e591a209ecf7be3de21d263f6d2f969c4695a12c33
SHA512 42f820c2d935e7c47c87875e1b35236f9c069731ef7cbec60f93acc5f04c8982373b18f528027ea64c27ad7533a49c50a87335e3ac215d0abb64d0a4483d9c8f

/storage/emulated/0/ifreetalk/download/action/ACTION100/thumb1.png

MD5 c15bfc69c4e7171a295a7ca43ed4ae5a
SHA1 99f33b4e164138560519c5f2f973aed6621177ad
SHA256 1bfa4d3834162bb5a883b88be46fd096d0adeee4b63680ea9c1cbc7bbd22c6be
SHA512 50a7a54451a24d4e5cfbdb87bfb689a63c0be0db5b128f20228cd95b19375d33dff266d5cb176c6390071dcdacc7968b1ee29da11cdb272c8aa2d7e9e8e4c5e2

/storage/emulated/0/ifreetalk/download/action/ACTION101/thumb1.png

MD5 341bbe1e51075d798393910307121514
SHA1 1f72931d4f5fb9ed0c5f09c08b7282c4d5778153
SHA256 ffb980e7a7b987f5e0e612e0fc078bbcafe4230dd18b1b59c3765fe948aa2963
SHA512 7440183e6d2f04a507c3ff0cc4ef083c63ac4fb14966857683a64d9e85f34d3f0e158251c1f682b47f96638d7b5d9ef322b7afb6a4ac54511f5ebd3e556034b0

/storage/emulated/0/ifreetalk/download/action/ACTION102/thumb1.png

MD5 c61bf18054f9e73479abb99ea9c39b7a
SHA1 d539e55eb4d5b8893bb6d47fae41163a063a0b5e
SHA256 bcf6d8b3b4cd63493c9d8b618f4c1f492f14f691932fd015901a7c46613bc6e7
SHA512 d1582863af04f4cd356c7fa9c7e8d8fbadad788c6043b929aade01cdfa58913f1a3cbd4bdf1749be90bbb1cc5de8ccd598e3a49e720de0f8fc7eda65b4daf4eb

/storage/emulated/0/ifreetalk/download/action/ACTION103/thumb1.png

MD5 ac940c14c05a2a9ac52fa03c99341b08
SHA1 f2b3177552d93629ca79846d77eec79ca0311248
SHA256 2e375a745ea91cb42b69b681d7495d33c00254bc60048c31c9ee0f2f18e49273
SHA512 9162753d955a7abf1cc4f9103309b32938854e1dbe3d64b278ac8f99d4beb8c6b5e7d75c9b3558c290ada380a6a0e1c2eae26a00871f1aa4c0c2227e9df4bc24

/storage/emulated/0/ifreetalk/download/action/ACTION110/thumb1.png

MD5 2ca1a9059ef9311b7d1b120f97e7fcfd
SHA1 7642931a44aecb68e27e72d4bedad6d207c99ba6
SHA256 ab352ebffb17b0d2698f150e40ef4f504dfcc82282bf3fb56e7c239b1981847c
SHA512 b0c71aec04fddef54921f1bb93e0ed4cba984bd4c1f1dbfd5f33b2b896bd5b66473b7933aa43a2724900e30265500c8c45ccbe6e3122dca47e4f54fc8351a238

/storage/emulated/0/ifreetalk/download/action/ACTION111/thumb1.png

MD5 23ebea0ef0aa7bcc6b308746bf95f553
SHA1 827c7e2800dadd54e2c38868a8e12fbfc4e273c1
SHA256 106d79c52f6b99975bd4e955696d432af58596d7fa41cfecaead3bae8859a7f9
SHA512 414ebb12fcfe0ab9789056b61d5f35f6d52d5f0f26426855591725db3ac8dbdb9f2c88121df85270acc4b5a08ccabd101a299b389573d4a01a86411f9da19b04

/storage/emulated/0/ifreetalk/download/action/ACTION112/thumb1.png

MD5 98977c64137525b82526047fa5919efa
SHA1 4e8c35e84f32eb4bfd6558dc559d7e153e78f488
SHA256 2b275dc12af013387419126bbd9946cfe815d34ba8149f4ff660da9b840f1c86
SHA512 b2de9fbdf572c3097911e7e18106c46b85ed9554598c9e6b7d38ad15a24942662b4dc9613596104f97c694810a03e977b0695b2d52a862adcd28b47e7b8044bb

/storage/emulated/0/ifreetalk/download/action/ACTION113/thumb1.png

MD5 eb7400c4f70c1bb24ca5c6c42e1b7a23
SHA1 d2940204be904f1f5d8f46d143e2217a0b3b8617
SHA256 91e6a90025df478d0b5671b672b325ea018a1aa87742cebf42ad67db418c84f9
SHA512 3780236ab1b1e0e421fd904b261d5722c86ce812c1dbb190508dc5e79ac459be78d02ba5b0afae714d20f7523e51d65a0f253127566528fa80681fd9b8a34db7

/storage/emulated/0/ifreetalk/download/action/json/0000.json

MD5 3bebf43aee3d1b08afb5e08df1d7880b
SHA1 d852b44b34db7db381abdcd6d61c492aaf2e13be
SHA256 0b66f4c61f3c5e849b2d5234f23ea35290f68e28826188ea000f5e8c42f67e22
SHA512 9a63bf7320b82c50829501bb9332383159b9ea976bf162c7f0babd5d268431186fbcd1334239b6ade22dd324314828378c594585c0af6879da41c173e24d75c5

/storage/emulated/0/ifreetalk/download/emotion/json/0000.json

MD5 088dc122fbdc3860ce633542630d2a27
SHA1 958704c8c8121b755c89e1ef305760fa043a107f
SHA256 54558f5201bfefc45682e71e24fecbdcdb200edf7804af10cb2e78a1c66ebad6
SHA512 1a8bc1177bc0d9194f8063dbd0c7e43765dc81f3c3a946005c07b251f59905ee018b32e8fb5fb23dfab707479f7fdb3d4354bf668d410f030f92560789d13229

/data/data/com.ifreetalk.ftalk/databases/beacon_db-journal

MD5 14b04ad88b317fa505c8793fed379ff0
SHA1 a4fccdb18a88007c756d31b8a6f7d318e09b7231
SHA256 0482cb05820d62f77ccab7d2ca68d467b446847fadf165eaf1c7f6195073c8eb
SHA512 7c2aa3bef098e2860f02ca54912a22604be32200e592d2b76113700d7ba05d3095730d3a5eb70ad25e629a82b595fc0fa78a102fc4f50ff38c8ab6359de3c2d7

/data/data/com.ifreetalk.ftalk/databases/beacon_db-wal

MD5 9c03c5bf3efca906dfc6d8b64239a520
SHA1 68663ce8b68b3a06f246b1205d5ec060f3ecf5b1
SHA256 b28a4c958b3220448739b6549150909c4365614f078d11befc8da6f724816790
SHA512 c4a18c2a369bf7672b67f79ca72586e4c0c1a407bc346b7b8775116dc78ca03a09be4ef6f67f1f1b842d0a72bcd20c25e9162425c4553720bf889023813808b7

/storage/emulated/0/ifreetalk/log/ifreetalk_log_0_0de2c16dbf1f1131_20240614.xlog

MD5 b5a6201f8322fb266e504c5545ed6e81
SHA1 ec70bcfd92d1024845bc4137c4c0d80055e2fa8e
SHA256 0c790ee672cec3376ba7c0af0572d885aa8ab2a45800e8e6dcc8c98054406325
SHA512 58d5f3ac9cf57427cd62259322cfdfc3e2e3de21bf3fc122610e3befb5866d3948fbc0cde6bf6db847ceda82d6b4d84f6dcdec1cf817ee0cda9cb5b2f2c6e95b

/storage/emulated/0/ifreetalk/log/ifreetalk_log_0_0de2c16dbf1f1131_20240614.xlog

MD5 fd2348bf8d1d2f4fc0d64505846b570c
SHA1 de0290033053bebad5d1dad0a81f350b1ecc9ff9
SHA256 40be1a6794c24545a3e8c4242546e762cd17a8a155acc52f3cc517390c37518e
SHA512 f7c351415d58f3ce7f4425743a62715ebb9f60f9b34db38f2ef13d04f6400c194a93cad1b74839858b67940ce2abdf1c441fb5457c7f41534cd65a12a0b70a59

/storage/emulated/0/ifreetalk/download/valet/valet_task_gif_status_temp.json

MD5 e104717af0d01c25ec00eb26af2718aa
SHA1 7317e13ac6ca76c5bf30ade8cb6f4a355d2ea2c6
SHA256 dbef5f293d48338d8ac2546d0168504c7976a7ee20b564433a113c2acd9ce4e6
SHA512 c79e7001e55e8f1eea80e9f0951a7d1cd072c397f4b541610d9b557b64e70bbd251dcf909d7ab4b0f0f3e64eb96bd98c62d79ce9b959dc7302e8c76cba584f56

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:49

Reported

2024-06-14 05:52

Platform

android-x64-20240611.1-en

Max time kernel

125s

Max time network

186s

Command Line

com.ifreetalk.ftalk

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifreetalk.ftalk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
GB 142.250.179.238:443 tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.ifreetalk.ftalk/app_crashrecord/1004

MD5 2401531e6015b9df2640580643887ff0
SHA1 6b15ffb3b9832dc86de3c60e052d02803d7aa888
SHA256 b54c90a0451f0107504207ad9819ab1a85ecf2f5bc868977f85eb4cfd1063b9b
SHA512 62c84f260c242744560decda17d4d97d9f4c85b397a87a9bbb8411e70e01615560f3ec912bc06286d2e7ebaab67c7f066464ebbffa11ae9394fa962862986923

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 a48f35361024299ae5140f23d6c79cec
SHA1 b6c4b26218b400c46d462c4dd633c856953f34a3
SHA256 340f0a3b33465e943f8ecec92ebc226f1eb732b5ed09230126466739e4ffeb94
SHA512 21cbfd4752ed6f2bb0b1403ccda28345e1609243db71e4dcf57cab5111dcaa89f5c5ed62eade0d48efbb2972c59af931ae78e9ea1430b91ebf17bff31379d022

/data/data/com.ifreetalk.ftalk/databases/bugly_db_

MD5 e87b9917fb3739becd805e02437d279d
SHA1 91eee39a460371a16fa164efa6f812263c967e88
SHA256 507ad392b2e896307194b0c30764c4282fa529a0c6201f8df35a4e299dda67bf
SHA512 ea0da5ec5456b474dcd1a3fd63abf9829f23f3a22daae0cfae20b840f83237a3a18dceaac35b082fe71c24c2272f7f85ce8ae6521db65ee99427929662c6ebfe

/data/data/com.ifreetalk.ftalk/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.ifreetalk.ftalk/app_crashrecord/1002

MD5 08f86bb3fcc07cd1264b577f71df803f
SHA1 b6ca1e5f9cabaa82c80927efa311735b49c06fec
SHA256 bdfa9713eba8b33db2daf7979626507a331ca410c0221a1924ec6dad4975da34
SHA512 cc8117f81fdfecb20afc15d16b5901cd2e9d5fa4015b7ff43ad281c612ae53791c3869a94ffdb63d54b8f1dcab343af7ae6cc7ef19e2aac10e1829cad35a8e40

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 2dc837dd1fe75687effbb40c70a5aee4
SHA1 6c2560df5c22af7c1adbdddf20d6c14df74d7ede
SHA256 d1daf9a91360bd1a17f920711d37c32ce333d66af1dfdd5a461351b6d5b03b0e
SHA512 b96a863d2cce4bfc7b237f42b0efc421e7cbca25e042e268c8321628e66580a9efd57ca05f8271f508850547df11e37453cd516a1c9f1702feae78860ae7f397

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 3298071351963ff67fd544d701721a9d
SHA1 60a71a2dcfcb9d2681b2d46f1be2c01f85402876
SHA256 54d01f5dc22377bfe0f103803e1eccf507ac307afdd481efc0c48f4d29a2a825
SHA512 7ef21eb2fe2e6fddd49c3dd3045e49c836a50f91af95ad560de58248b27994e46d91ba1a051128699012d165165a749974b33f5e82ac30291d5058035d8e9757

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 1fb474d2a9c59ba9c4f9db1870c5cef5
SHA1 ee8d823648d1556eb7c094a6c514481ecc7acbb8
SHA256 a10af2da44979736a71b27e4292879ab8a0ad102feacf2bb9444e7e03a7bbc14
SHA512 485db7402b47164a6c048a495015273103c8b44d72f55f39ce671b3ca3c768a44f56766acb66c2f2f0118fef6d6152a6873fe2db269199e6b49dda16f94cae92

/storage/emulated/0/Android/data/com.ifreetalk.ftalk/files/tbslog/tbslog.txt

MD5 b51414d3d876df52e419b51b19317cbf
SHA1 386a35b4075a8440c5f65b11c53db6441bcd1f88
SHA256 52cafccb7704ecd7dfc5d34430f86a75cd26473121fe97eeebdf135c006f0194
SHA512 a216f823d56ac5c5067a1f16ed7b240134c924de10d506e140efb52f546589242b59c1305ca8ce52dd0a03482cc2a7b9e39d1ff13f406aeacd16aacdb6ae1b3c

/data/data/com.ifreetalk.ftalk/databases/bugly_db_-journal

MD5 16a2184aa10b4cb6b71587471668d6f7
SHA1 ad44ec8df1affe81128a8ef7c29b6d3d14273783
SHA256 f1695943afd2c382d7424328bca82f6ccf49872b971e068c5a8076e8994b7dd9
SHA512 73c19aa2c7ae407579f8ff85d373ceca02fc9606c0a208085c62689b750c6699d0fcb8adf400cab534115524a56541b296e80b2022d2bd1607ab634d188a9e83

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 05:49

Reported

2024-06-14 05:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

159s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 05:49

Reported

2024-06-14 05:52

Platform

android-x64-20240611.1-en

Max time kernel

7s

Max time network

148s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A