Analysis
-
max time kernel
175s -
max time network
159s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 09:41
Static task
static1
Behavioral task
behavioral1
Sample
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
TencentUnipay.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
TencentUnipay.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a90341fc8a223ac9a71762bb762e191d_JaffaCakes118.apk
-
Size
26.3MB
-
MD5
a90341fc8a223ac9a71762bb762e191d
-
SHA1
3ac10113916a9e2ceb68900639f9c0b6f5c6c2a5
-
SHA256
42bb109ed9011f6c6cb0644b60dd69c13077b539e504755045a7b887e316ef2d
-
SHA512
3366795a0c6b15d3294a69eb0fa8f42d5b97288bbaee7564bc627aacad1c1ee4f60388d18bab6ca9c74c13eda4b9f5dcf955650913a96d4a47e881e583f766a5
-
SSDEEP
786432:OI1QFm9vZ0rojiJFb2krbomRoRhi0KZMoRAX3lG6LtTK:PIdojRk4RKZy3MSw
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.qingshu520.chatcom.qingshu520.chat:corecom.qingshu520.chat:cosinecom.qingshu520.chat:QALSERVICEdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:core Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:cosine Framework service call android.app.IActivityManager.getRunningAppProcesses com.qingshu520.chat:QALSERVICE -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 20 alog.umeng.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.qingshu520.chat:QALSERVICEdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.qingshu520.chat:QALSERVICE -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.qingshu520.chatdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qingshu520.chat -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.qingshu520.chatcom.qingshu520.chat:QALSERVICEdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qingshu520.chat Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qingshu520.chat:QALSERVICE -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.qingshu520.chat1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
-
com.qingshu520.chat:core1⤵
- Queries information about running processes on the device
-
com.qingshu520.chat:cosine1⤵
- Queries information about running processes on the device
-
com.qingshu520.chat:QALSERVICE1⤵
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.qingshu520.chat/databases/tls_sdk.dbFilesize
12KB
MD52e8d2b7e3b1a8758ee427d301314b7ef
SHA132bcf7c03fd4934e1224feaf2114df2ae56d0551
SHA25667b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d
SHA5122a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f
-
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journalFilesize
512B
MD52c47198ae672082cddedb20566bb5909
SHA13c5a846d9224f7c43f9e6f768ff7807d40328b60
SHA256ebfa0937249897bc6e1f2ebf7afc27956425389cfcd9f368986cd1a5923b3188
SHA512c4f38b4ec2f688c29f21c7e615195eab631863d74486830b830021e055e4345f5e0d87eda3559115905cf06b6de48c2180745cca764d8db39bb1ccc43174e40f
-
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journalFilesize
8KB
MD51da490b64cfa112fb0492f83b0cea84f
SHA1fc59581291a78c60df4736306eedb9ac0567fd10
SHA25653a6dddc7f50f3c971da219639adc9c214240e94eb240b1574424bad2cd56552
SHA5123088aa6f6755b991724bf331e4a9612efd8dc299a9f2b9ee2134f30f8aa3b852307a0ccf912aa5e1c56462fc7fc75f8aa384f4fe7cb92b52ca15a1337574b160
-
/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journalFilesize
4KB
MD54db5a45d43116165fbdd5a40fadafddb
SHA1ba5d5819d1ae5f948e44300baa764b27972f863e
SHA256124855524319c79957138e2bf51156fd6fc160a07c056c22bba991ad9893a5f8
SHA51221a7a3946abbb956a03a2616e88c126b9c7ea671a2a34ce953646bb042915bdb5cfe779dc87aa9dfbc47176c81e358d5b608c9fc0457f8a75793a5fe2560bf04
-
/data/user/0/com.qingshu520.chat/files/mobclick_agent_sealed_com.qingshu520.chatFilesize
530B
MD59667bf2bc6327c9e956fdfe8d85ec5b4
SHA1ddafba0ccbc44f187c1956a0ec8ff29a437f2229
SHA256184c2abf9ce4dedc41efae065708e4cde0de0fe282333721af10eea7366e6410
SHA51254f013e28708b37e83907673c27502b750fb917e51e11c5cf2a22f7a1024174ea5f308d266528cee4f8f118a93575e0f581aaa4f45ef2b321fa054656cf77426
-
/data/user/0/com.qingshu520.chat/files/tls_device.datFilesize
16B
MD5ad51bb0d70b558fab59f7630890441f4
SHA107444491d092e63cf99c87d5d2708709a72c8bdc
SHA256b917dab81b2b70a00f9b0a0a5c7db0f8a0dd7a13fe305fd52c1dcbf8a05f0a0e
SHA512130390606f306626bbb32cfe6dec9025fd5cc6b0b525f0c1ddd6c1dd12cc78a1a70d3527cc71e92d47ae7cf669a2113e0557ac992acc3695c163e1f96dc5e30e
-
/data/user/0/com.qingshu520.chat/files/umeng_it.cacheFilesize
148B
MD5b60a3141a5b23cd397da11e0c350dea8
SHA170fde100f31b97d647301a4f3d5fc305036caade
SHA256c947264a0d96a41056617fe80e2b75f30effaab0fde84d501cffd5a2097ffa0f
SHA5129426c3b0ffb29609608bc57ac568fd6df4438feacdf276472aef26b68324c939028a79ae771aaee8e2861ad5fba5434019e82bebf307ddd8f24bb5b55183c1ed
-
/storage/emulated/0/chat/cache/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
123B
MD5a2b3c9a893df5e5e6615459638d4eb17
SHA1385d2d91ad03a19370e4d17509beafb28e214e70
SHA256b84980e08846d8b568e04f70634aadcab39fe5b144ecfd18250c19014cb859e9
SHA512f586474f6fd9fe499b8401f6ea91ab87bc91d2fd4cea3e84c58aa5fe20e69b2da43d0b2b1de43b37e02069e98234f6f8e714cb6aa9143aea845825d377a7dac5
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
8KB
MD502f64b8918167bdf7d0ed7a11d100fea
SHA185be2bb6baae7727ba6b70860fb1e42f58a240ec
SHA2561d6447431588336d36a0b8f53c9f22fbec2294a75816b4e2a2d4d7fbe7cd1b4a
SHA512510b1fd55488c0dbe3a84f8a1a39671de259faf56f440667d92695f389d2b2ed8ad9b4dbf56cc4413de431e956b1c427e1d69303bdfe2773d4a2b192f69d95c8
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
59B
MD5c94a91a26213caef3cb3215ba987a341
SHA162605d80fc1409f278ea37dff60c640bcd9c5ab3
SHA25686bcbd0c3560ce7a496612d42d79dab5d2907fa988fc7ef1ad489ed66c1e64f4
SHA5129dba30e76de02e2eb1cde68a741fada5459fb3c463952401a97182a1048ebc8ca4b9c3cd7def60b87255cc7d8770f8450cea56b630e245e7ece078a5f872af22
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
158B
MD52a24449f4044f851d78ace9c49bf4c04
SHA1c1115730f071cb00a1d0e7d1b3fed33a7bb542f6
SHA2562ea3baced3d756231a6951331852e7a20a13a43c770430820c4cb779d2e0a470
SHA51259638f64dde3a02ca7181ad8048599649c7eec27d8e569b171ce2b687231ca7977a2adf22bf6b6eccda78f4fc383ded0ffbae612a069f4660915c637b73544e4
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
96B
MD57b869832f9eabb7a93f0aa0f4a102cc9
SHA13d2586da83555d0c7f29cf3deb8c4c862c6cb2a9
SHA2560616438382a6f2e97a40f2e2796f2f60b847caf201bf85383f3cf215fea74322
SHA512c04d18dd68f2216c942c819195ab9b49d08a1e024842e613012278352db792e3214910bcd53818bf82606a8a5b42a0cee85956b73430d7cd91e22be56052e1b3
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
141B
MD5a49f44fc336d4f0f66f9c653ebf100b9
SHA11ba8a35891175644e17818bfdd0bb53eac2a106c
SHA2565eac3cb9449a48e32942d4dce9f300d11d44cc249c31aacda91ffbc3c9671e35
SHA512db0e0d78d1012fa4b8308308119f9808082a46924c380d3919b12e3c3de68432fb0b8e1d906fbbc20b063d796f8a7858f5420a41cb78c27282833276b04ce2df
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
8KB
MD594396e2187f583686dcc6237a4890125
SHA1cb597ac4bcfb15a02f9d325864f06a1a4a29278a
SHA2563ceecff32c3e36c23c8e3c946c8d448f515a89fb7ef0365c8dd35e072f2d67cc
SHA512d4e4124702f5f1c3036e7a15094af5ed271b5dcc831d4507ed2228ead18d977126e29907101fc86956cd1f1776738002963459da3f21dc6598b82ea8180c44ab
-
/storage/emulated/0/chat/cache/nim/log/nim_sdk.logFilesize
78B
MD58c8648870a8b33aaf29277b860f1df90
SHA1d47aef094542b5dfc8e3c721c7b4fa720071643f
SHA256ba6d994fa73492e5552e0f062aebb18a172f6d2e2a2202d0400ca4d391eff1ae
SHA512fe1400aac43a1b5605c15b404c09797b028e99ac4e193c5a549a8c34f657d42a7147da4b985a71a80e0d26cb691b3e061fa781d7d618a368ec9b01709d766e68
-
/storage/emulated/0/iapppay/statistics/com.qingshu520.chat/statistics.logFilesize
116B
MD50b5301d3923f60091e258f967692d090
SHA18cc76117824f2f4833c3061ccbe4c5f7802215d5
SHA2567017ccb5a65b39977ad030db252d9e10c478ba73019f9cde536f23c12998611e
SHA5127a96d750cf5b076cea0752dc35be4e667d34aed4b0e884045cdd1de65eca47f9ddb27c66acd4040ee487189f062579a628b422d4703b51c05ffcd77c93777cc9
-
/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/ilivesdk_20240614.logFilesize
212B
MD5674f8723d4fffcb36800aac329476c0f
SHA1d52d8566253a27dc7ed2fb82880823251e392f47
SHA256d54bda6458144606e603804f7afe111b9c8105b6e3ac50e1ad69673b9a16f507
SHA512d3287de6c2b80ec3bda08cfa71a43bedc99fcdfb9cb8f2070ed010157be6bd6f8656dd7be0206b5e06cb2feedc8c2767eda3d3c85b50ad7ab5772fd406848dc4
-
/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/imsdk_20240614.logFilesize
2KB
MD537f913cbece197232e81b5be12525306
SHA1b0dd576c0651587f62d6801ffb58fcfb6a6ca320
SHA256896725c2967b82fe36e1a65a5b5506f4d4085f47ce42feafc94e9f79dc3cb09f
SHA512588bfe4d1a2840f9e56d7fb82c54ba3efb2ded748871da55de1905910b4ade00c356104f563768fce86b2f4d196946caf80f3a3ad73ae8e3f150c5cfcb5958fb
-
/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.logFilesize
10KB
MD54b71d7520565719952dc54bc24d6b9b9
SHA1c4e5d6d379f26b700081510cfa6fbc005494eab6
SHA256a31096c85c317c173bae5590f8cd9df0b6702dfe001cdfc8258f18061a974da9
SHA5124ce028e10bd4079c3e67649248224d349c036df748c6205a8d581ebe0ec84d3f6b52419bdddda46371d098d96eed5d2b10edcb9992a137f23acb4b3f11a3c7a1