Analysis
-
max time kernel
175s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 09:41
Static task
static1
Behavioral task
behavioral1
Sample
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
TencentUnipay.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
TencentUnipay.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
-
Size
26.3MB
-
MD5
a90341fc8a223ac9a71762bb762e191d
-
SHA1
3ac10113916a9e2ceb68900639f9c0b6f5c6c2a5
-
SHA256
42bb109ed9011f6c6cb0644b60dd69c13077b539e504755045a7b887e316ef2d
-
SHA512
3366795a0c6b15d3294a69eb0fa8f42d5b97288bbaee7564bc627aacad1c1ee4f60388d18bab6ca9c74c13eda4b9f5dcf955650913a96d4a47e881e583f766a5
-
SSDEEP
786432:OI1QFm9vZ0rojiJFb2krbomRoRhi0KZMoRAX3lG6LtTK:PIdojRk4RKZy3MSw
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.qingshu520.chatioc process /system/bin/su com.qingshu520.chat /system/xbin/su com.qingshu520.chat -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.qingshu520.chat:cosinecom.qingshu520.chat:QALSERVICEcom.qingshu520.chatcom.qingshu520.chat:coredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:cosine Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:QALSERVICE Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:core -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 8 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.qingshu520.chat:QALSERVICEdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.qingshu520.chat:QALSERVICE -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.qingshu520.chatdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qingshu520.chat -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.qingshu520.chat:QALSERVICEcom.qingshu520.chatdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qingshu520.chat:QALSERVICE Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qingshu520.chat -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.qingshu520.chatdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.qingshu520.chat -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.qingshu520.chat1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
com.qingshu520.chat:core1⤵
- Queries information about running processes on the device
-
com.qingshu520.chat:cosine1⤵
- Queries information about running processes on the device
-
com.qingshu520.chat:QALSERVICE1⤵
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.qingshu520.chat/databases/tls_sdk.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.qingshu520.chat/databases/tls_sdk.db-journalFilesize
512B
MD53576baaef9f1bb28fde37bcbdd389409
SHA18706a15ab169d2daf63fd273f95700887f052958
SHA2568cf38a4217f7303bedda6dd6427db91d6f34df9db31904059dc224f86b01b6e2
SHA512d8d63a7cb316fcc93dd93bf0b751bd76a93caa40f7b3fc7c43beae51f271080ba52453163be7b6c63d130f4a1bde7041da3aa9b5681c56e51c7ffbd91fcef0e4
-
/data/data/com.qingshu520.chat/databases/tls_sdk.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.qingshu520.chat/databases/tls_sdk.db-walFilesize
20KB
MD57e5296d06ebf4ca3ed424870d4b106ed
SHA1a2ed59aea17e366ca8786468a269029cfc862fe6
SHA2564953d1ecb1e72691151b4f13ab8397038bc8027dc659f3a4b870b1d92990d7aa
SHA512a3fdeec21dbe0be3d6e953917de6906ddca68b0dda218a47e3cca12b7123f4278a45d65502870b881c64863b6494f349f9d798bdbb0009ee83ef832e94a8ac6f
-
/data/data/com.qingshu520.chat/files/.imprintFilesize
998B
MD596ff701aaa34c34639b09b76332c4b44
SHA14898849b1c8cfb62d89784927eda7a3df00f2f0c
SHA2568f89caf5124404c0a5e14d9cd7445ffdb8111c40617a56b3f288b63c2ca346ef
SHA512d394088cf0b796e2e0cb5ea2f1158882d22be3b4ca31b168a6a301ab732d01ada09dbc096b4556149a78c626588d98028e33ff23cea558090c1da31e2ed1f07f
-
/data/data/com.qingshu520.chat/files/tls_device.datFilesize
16B
MD5a23595bc985197f5702a8ea191a6361d
SHA1317fae4b6f960f09518c38ebc915d283d7b62d4f
SHA2562d7a72e157226e994e7801164b787280c78dc8a5aac3d8e81f582914f19662d7
SHA5127fe8f98e4cda4f0d8e02c3176d25b4c663fce616d07f224adb16655db6e1447472f41e68c99425ff9db01066c250fd7943447385cbc7664fb50706ba66e084f2
-
/data/data/com.qingshu520.chat/files/umeng_it.cacheFilesize
211B
MD5197bfc896c2575b88b20971419b9b65c
SHA1cd27a2e6bf898263631c09cebfc0f0ae88ee0915
SHA256810f0133d38c3b7ad8bd5eced74ea16b0460b68d7f95e4971cb324418d57c3d1
SHA51266ce99cd8fe23d8332b7de588d8252d59d21605a7b4a798fc16db001154cd4ddda73e9cfa16aaf9f84a67dbd5009f289c29a445f3fa70d5ff124bda09171a86b
-
/data/data/com.qingshu520.chat/files/umeng_it.cacheFilesize
108B
MD52a6f0f95abb6dabf222d52f5f5b3e8fd
SHA1de55cab861f5d180cbcb38a460194f6416bb4808
SHA256a5e03c0c5e1889e7860154ac2824703c2f4f320e8896c7bac3d68c77bc912a7f
SHA51270f36606db83f4d614a19dfb6cdc5daab3a8d5c7bd82879cdf2580553139c8054bf30f6c215e2481baf7c4443a380ecfc50b13715c40321514725c288dcda764
-
/storage/emulated/0/Tencent/imsdklogs/com/qingshu520/chat/ilivesdk_20240614.logFilesize
212B
MD50681c082859adac4a1f2df7e514a0d9a
SHA1175e9eb411fcad3558d1b3b35abf7321339818dd
SHA25625221ec51ae749245700ca404d401182d411826fc9a27437313614192c4efd16
SHA5121ea8a4976537a6b9f3cdd38922bce863d4dbc8fe272054139a497215501c8c3f6e48728f486009a63e4ae242e38782f4646ec8d8669c16ff8f262ee9668fb358
-
/storage/emulated/0/Tencent/imsdklogs/com/qingshu520/chat/imsdk_20240614.logFilesize
2KB
MD5856a3d642a60955cbd3e639188ee07d5
SHA1f575fab64b40d4c0350ee31bc4b6b5c0e6292978
SHA256f59c100bdb18d6d44375d006edff07af4ff6df703e45d2d94f210e41828d66c6
SHA5129554ddb18bf8ce600f48f51de96c6bef97924edccf238492f36ad7cdf18a5a67c13b176c1075ed0a3b16c327591bb4d697abb694c5653f7aa30c77e6ccb5bdc9
-
/storage/emulated/0/Tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.logFilesize
1KB
MD590074cf6ad8d78ea361db5efde0acc1a
SHA109df402c515afee2fd5efc16aa48612f0b48edf8
SHA25613ac74c02579ad1c1aa35f5cda7a8af22a4a026bc9abb3895a59ce6ba4ffaa08
SHA512ccdb00cf125c06d46413ca681d53df492f7e2dbe08eaf30faad3ac0deb5237c0bbd0862371f534de8025e74b44a684170ec52514d0e0ee9255fe90c69207f7e5
-
/storage/emulated/0/Tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.logFilesize
10KB
MD5a0726a95a01190866884dd10e74d6609
SHA1f897c878bdc290978f32d8eb28f8772ee5155fe6
SHA256ea7932c51b742d0a8598219baa041db01c23566c0e542daa7efe49bc2e15d77b
SHA5121fc954581046f80aef64771df067d867be5beea0494a701411f6eb5235e8287e4c26de148164f7ad8e04f7220e704b1261d3d2b56e907b08c28966bb74245ec1
-
/storage/emulated/0/chat/cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
123B
MD559deeeab181394630d9ec618c6f53af0
SHA10bbbaae6abadfe681eb1a1b5bae8f55b0d6bc352
SHA256906493c1bd2d4eaa2e7b9fddad5530db75f9199ee98d30ff9d15bec3a74fe88d
SHA51254b1c6ac59ce88c6d050769a8a0b9296cd87c506900da58616e87f4e7e0a7840bd68c1eee11f95bd992fbc8415e13cd468ed9b80fd0a39dd6d843575e9f75a78
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
8KB
MD567d626b2311e260e0ca63f49f69f84dc
SHA133b6f81ad257e689f55924ca7004870f840f92fd
SHA256b089a2e7980662956d33aed4cb32551f55c5d7d6ed7255b7e6038761e77f6824
SHA5122d3d4221c451d5b37421162cef6431dfd1bd4b69290b8bb16bd4b522b7d7219c724b1102805328beef3c56f141d263ec77e2fbdc2f25c34c47b5a9e83ecbdacd
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
59B
MD54a9d1a7419870ccdc4b07897278dbc1c
SHA110d5f11fe80eb1eb11771331d86d3acabf9bdc77
SHA256101c9424652ac17386f26e6da53050bc261e78e51b0f9be53f7300b41ba3de14
SHA512cbf45e97f987c25e8fd31428d3898acaa43239898983db0ffbbcf495c9193c09a29a150082d4031d06fdd0ae7ce8e4ab9c9d8eb557519e81ad810e9459029855
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
158B
MD568af2b7b993e49ec7613c75dd78e3502
SHA1a17aa939402b67b325153bce19bd921cfe2b6c36
SHA25620f0c66f30fbc114c09b7816d39dccd6ff34287a54f7b36a128110fc6167f344
SHA512f7dbf7e3ed4457bc7159d641737389123fc2092dc50a7b64373f5c01f53d76cc03c833dbd5155d4a5c0342eee6f11b57133e246aea16f2800fa4e3e49e6bc19f
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
96B
MD58c297de67d53abba7d52f6e9fefc2181
SHA143609b1798d531a374f80cfc0fc387585dd6ebe2
SHA256c1735836299092c571cce879f2cdecce3134f7957e5b82e66adcca426cc25cb8
SHA51208debcc2580aed671fde38393dcc2f4f0e6911e1961aa6e1a8687091cbaed302718a74b6492f7ffaa8281fa8a8ad927b88eb915d0ff738be6b4b29475acb9943
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
141B
MD5a17baceab9c6e36df772a044df99dfd2
SHA1a032f31bee741e0af7031893e0c4bc252c5ffea8
SHA25654fbe631906eefbc8b235abf2902ba9a20fdf75cf01e9c5fc30638f4de08b0c1
SHA512a0d1fb3ed35aaf932f616f3ba13e26db6575f7fe836b1f1544657ddc9315772c1a62e5837624d94524dc26ae98f9ab6a8996bcf57d0636c3045a1cce19b9d6c0
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
144B
MD5da53073fb9326ef85fa4eba1274fcb10
SHA1dc2e936fb592bd216be40b66a1a4c9643d2b951f
SHA2569e38e4ed71ed3a9b6f50069615ecaa1419c7e979e161b2ba93c34850646312a4
SHA5122a2fe629f3480d259832dcbbbcde6ab87517ec2e9ea97691ca4a0c9e63bf9bda05444442fbaa50ec05ddfe66ae993021b2de5077d5207220fca9098b4fe4dc9b
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
78B
MD53dc807aeff86640e1bf6255841f8a224
SHA174f221154b05acb4b06ea53d59d71f43e459f9d7
SHA256882577a73faf58782bfffe28e6a0bb860825801728fa83837522558282f1a7c7
SHA512c876dd9cc400ec125751b6fdd289423cac9ffedffc1226532c2017c5285f8345bdc33dcaa4d1b733d09e1442fbf19189964c0f26348760561ae081f2ce2aca5a
-
/storage/emulated/0/iapppay/statistics/com.qingshu520.chat/statistics.logFilesize
116B
MD5509e8f78fdb152c4a081853afc04bc86
SHA1e4f27c4c4e60dcd996752e7e8188a2197c9ff473
SHA2561d2e7146ec2713b2308f2d181a01186e1179560ebdd2e4389075940e09898899
SHA512b5037738da74d3124c1ae66419992f542fb227dffd8c203a6645741694d8ec15f76d620465ececee447d20e3e2138c279535774ae4b79ac0b833a2b7f985b0b6