Analysis Overview
SHA256
ebcb0f6979b1d307419d76c98dca8e3517cee8d500ec3a533252f4e559526fcb
Threat Level: Shows suspicious behavior
The file ac6278a2e88268826d0b20a36c161b44_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 01:21
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 01:21
Reported
2024-06-15 01:24
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
184s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.longcai.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | a1.easemob.com | udp |
| CN | 101.201.233.110:80 | a1.easemob.com | tcp |
| US | 1.1.1.1:53 | apm-collector.qtestin.com | udp |
| US | 1.1.1.1:53 | oc.umeng.com | udp |
| CN | 59.82.23.79:80 | oc.umeng.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| US | 38.48.139.156:80 | apm-collector.qtestin.com | tcp |
| CN | 123.60.92.210:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 123.60.92.210:80 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 124.70.211.119:3000 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | oc.umeng.co | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 47.95.246.247:80 | a1.easemob.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:80 | easytomessage.com | udp |
| CN | 124.70.211.119:3000 | im64.jpush.cn | tcp |
Files
/data/data/com.longcai.app/app_config/config
| MD5 | 935de2368b85d10cc7031b0a2242c9d6 |
| SHA1 | b30cca907ab2c030e38d384b0da805e643fd829a |
| SHA256 | 4ebba4f5ee93eab25edb68a06efd099da90d7d660f1be4c20a8952aa4e2d6a9b |
| SHA512 | 4304786ff2e4e4ac725d0879457212285111353e9b1e8c9f60caa049272a9811458ee3ca6d2d69beda99c57b17f6606ac8280373c9d9407d99439110e97fee01 |
/data/data/com.longcai.app/databases/trinea_android_common.db-journal
| MD5 | 810ccaf29e61933cb9ef6c2f364829ce |
| SHA1 | b5ed3b8eeaac2f2c2336ff291ea8f0df102f06f3 |
| SHA256 | a0960d05605ed7a18c9fc155327986101cfc5827ca3279dc3f75c1b3266dec48 |
| SHA512 | 2bba9a3f0ca52dd9446228ea2c940f90c95835cd3a97aa4bac6c1d366610f0cab3e8bb35dd502b6a75c3dba606b2f57fca9d0d92057bd468bc2941306a2450fe |
/data/data/com.longcai.app/databases/trinea_android_common.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.longcai.app/databases/trinea_android_common.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.longcai.app/databases/trinea_android_common.db-wal
| MD5 | 03cf0ea14f7f6a8012e3c5e5bd46e8f3 |
| SHA1 | 6438fc60037d6f9f2d137a79c4d9c61982e1a4f9 |
| SHA256 | bfcc2c2911094203c37d9a21dc108fc2f533ad7034eadbb50e976f518f52c35a |
| SHA512 | 36258d432df07432b21e81a138cbfaf6c10cf704af88119279b3696ea2f45014d15a7de808c4a556a21ddb9c1bfd36b285ebb5cdca4ff6be173a66f230451ab6 |
/storage/emulated/0/Android/data/com.longcai.app/cache/uil-images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/storage/emulated/0/Android/data/com.longcai.app/230104100137878#xiaocangshuchuangye/log/20240615/000.html
| MD5 | d9412fa5b2c0d74c8e2066a6c7c13d27 |
| SHA1 | 0adf80559414ab3334ab86d945faf0cd76338129 |
| SHA256 | 1693be955d6afea551937aadedcb03a4d110eff7411733db06e7e9e2a7233c80 |
| SHA512 | 346e7b497a074cc4a0fa3eb11d932ceca79c756d1f74352ca52257806b3fb8edc272c2b9e14a53ae34a9d95fefcbaced14df7054647461abf511a25872a5d692 |
/storage/emulated/0/Android/data/com.longcai.app/230104100137878#xiaocangshuchuangye/log/20240615/000.html
| MD5 | a630fdb95a97521430e317895ec3d0fa |
| SHA1 | e96c3b0d4efdf3512525e7a3773bd0013a60555e |
| SHA256 | 025b41c3135d562e509b6f6351f5a8863b0542e0a5e38bce2ae4cd48a1d06903 |
| SHA512 | 728bc6fc1e695d274d0eef892369fef16a1fb9e27c7c3d07d12dce3b076bd66fa793b7325ea1e7a4166bdfd11174801718474cfd38e49fc810b50265c0b60fa7 |
/data/data/com.longcai.app/databases/crashannals.db-journal
| MD5 | e2ace740a3d26e68cf700e2e26319b38 |
| SHA1 | 93006465fc5c65b0a064787ef70611595b94fefe |
| SHA256 | 697c906c01b5387a1f6be149b027ce33dc4d536f556a7b80a7b7cb4da36737c1 |
| SHA512 | 2af0239067d5e46c79a9e35220326b15f250dee90d383d44da074355e3dab1eebe8696214bf6c760e55efad389a2253034dfc92188327fd8902642bf662439ee |
/data/data/com.longcai.app/databases/crashannals.db
| MD5 | b6d6410653c0d3a9e07151a6e2fbaf41 |
| SHA1 | ec986f26ad897acace4cee77eb0d7059f4400864 |
| SHA256 | 7d65f02102de4d8525eb1df726710fb08e06508dcd2c32601c58c13e53c85198 |
| SHA512 | 92af642e2517cd2c50c3e69537772ca83ca36f36e6b8ce98329801edb622888fec3182bddec1cd268d0489a1df22d707daba3d0122372e85e4cb77bb54bbbbc7 |
/data/data/com.longcai.app/databases/crashannals.db-wal
| MD5 | e50ea542f7409e483c7481cfd32c741e |
| SHA1 | f5389d5734a98bf80908ea769aaf967380f8b900 |
| SHA256 | 37a866c69842d9ade0784669ec6458a8c940b0af3a7063a800bcbb0454a614c2 |
| SHA512 | 7f14ba7d96f51bb36404f62facd8aabb7825c6663e03b85bca1c972d8c5d847872ebafc2a6e6b7ef9899f63fe785709877e291de7d062267637a046236375aa0 |
/storage/emulated/0/Android/data/com.longcai.app/230104100137878#xiaocangshuchuangye/log/20240615/000.html
| MD5 | 0c447a77a544a46696a7d6f0808ce896 |
| SHA1 | 159acd536699aa794b984b3a2a7ac003a78faef6 |
| SHA256 | 0ba455f4e33abb7ef407cc0a0a654c5da8084de0bb0f9572753343510f109e72 |
| SHA512 | 74969a1f0677222398c7c8189b78a5363db5a48ee9144729ea3eea49f7c8f53169b0c79af14c17278689e3294964bed7a4a54a3dee688adbdd9856c0e6ada0c3 |
/storage/emulated/0/Android/data/com.longcai.app/230104100137878#xiaocangshuchuangye/log/20240615/000.html
| MD5 | dcc88baca1ab608f47dc7579ddbe44c2 |
| SHA1 | 471b5bf71fbbde3171c5e256adba6d9f5722c0ec |
| SHA256 | 8d2b80fdc2de34daaea825d384fd4f5c3f00279d250df2f91983e4fed9d3cefd |
| SHA512 | b4247a197757da053816949ec8137af410eb33906c9dbeb78b9a96ad2b4cd641498ca736daef6d0223994fe6d844be46b9218c60763e3fa05cda979ff25ff208 |
/storage/emulated/0/Android/data/com.longcai.app/230104100137878#xiaocangshuchuangye/log/20240615/000.html
| MD5 | 39cd96e19e4f42a821df083f4e42b89b |
| SHA1 | 1e79d7ea7fffebe17dde0e0d7b28a13987e26459 |
| SHA256 | 4f63dd369461267a2a1c6e44d0fdd3845bdfdcbabfbc8ea84ec0e7dc755c9358 |
| SHA512 | 4191ececc562d7b0a946a4584c05af9f5c40c13b96442dff0262d3f5a470d0a9129403eeb24ff761df06d8f747af2912cbc21008999426892fee71cfcbc2de6b |
/storage/emulated/0/data/.push_deviceid
| MD5 | a994a91f555a0e660f0724a3e7cb8d48 |
| SHA1 | 6162761eb187db10b8d29083b35fe4155a49828c |
| SHA256 | e6ed88c670175c9f1aa735a1a03859ace4e21b22119470561dfa07752fe9bd69 |
| SHA512 | 31ae5a3e9a531ad4db82a184ffc92e1a4f7ed9ba78691737d80b31bdfcd63cc1e3f2c4edef18fbc2d9b44f742fd356dc3cdf13e650296970be30a9f0bf65bc99 |
/data/data/com.longcai.app/files/jpush_stat_cache_history.json
| MD5 | 5b5a47180ee85e0529f1cf1e18c681da |
| SHA1 | 6e5aefee8ec6283ddc212484eef585a4cff729d3 |
| SHA256 | e3dae20fffe49c59cf32833e833c83fe677967cb1172b1c24c6af03addb4315a |
| SHA512 | 6f5673f21bde8c7a08bae15b1ec575bd97659d157f03dfbf192cd7a1da2d219d87bc40e346d3a0bcbad1a4636b4779d316c048ba309588e0b9b80e07dfddf83f |
/data/data/com.longcai.app/databases/rep.db-journal
| MD5 | ae268db9b4631212947231cf49b7c233 |
| SHA1 | 109b2d4f3cb7d48e73ba0a16367d92f4186612ee |
| SHA256 | 3eede15eba1ca2fa3ff09d9709096d17a1c8afced1dbf26430ad5c4e4b9e38c6 |
| SHA512 | 7711a3b64d21f0cd63ec85032ec91ee9170d257aa70351ee285dbea7529f633f222829afa3c7e9de365ed8797029778601d5f01206fd739e83a18be4d487a362 |
/data/data/com.longcai.app/databases/rep.db-wal
| MD5 | 11ee7973157f797672c092481f0f3707 |
| SHA1 | 948afcbc3f97de1ebb16233ea8149b7b8d770efd |
| SHA256 | 4d0abf159b95c6ab6f34e770af3410639aa1c3b3a90484671dcfb806ea09e886 |
| SHA512 | b84fb3904ff803a21f158a8e7e346e4c31cf67e3345ec123522f09ebfcf38f9825eab53f911ec47ed625c10a6d404d2f284940dfd30d3a2f42025c31885f5924 |
/data/data/com.longcai.app/files/umeng_it.cache
| MD5 | f1aaa587271ad71134643720e6db1c40 |
| SHA1 | 32661167c5a5c1864b9b05461b82e8eeb5dca3e8 |
| SHA256 | bbe131d5cb0f9b6e94ad19e2f0df37a2a81956c0816c4802da6502e3936804ae |
| SHA512 | e2eb3973295886f18b3f6e2e62c16a4a061e616cd118b433c87058fbafc06876fc8ab8d9ca2d0febd1a8821db59d37e019b0ffe8dbe6d29a73105a6bf1e4164c |
/data/data/com.longcai.app/files/jpush_stat_cache.json
| MD5 | 98bd1bc9309fad63d9dfcbdcc4c27968 |
| SHA1 | c10036890c47f09fac4c2585309c21bd70d358ff |
| SHA256 | 572d60bc94be98a010533800f949c0e410ae4c49f3c662fb87207f9d78215fe1 |
| SHA512 | feb7d39d3923805094cdc394a008c31475173927a3b378efdf6f4ca73ab3a80a92437c8dba3e3924d895e6bab14c49a293bcc18573c7e47120caa0d02c6d7245 |
/data/data/com.longcai.app/files/.um/um_cache_1718414575275.env
| MD5 | 41dd26302675f941a72251c19e5b0cb1 |
| SHA1 | 42b81b2e9e532d9e2aadd9120af5b89d5be7e978 |
| SHA256 | f1e4c38a8bacf524c84fc97187324411bf522ef1015ea114babd70f85d567eec |
| SHA512 | 7b879b0cb5c1d3be6a49be9f67d01d5a2eb7637760d2d61831d10e41608a1a461f108c10299a7a4f8e4c0376008b07ea0ea7a5076ef456e25897bfc0e003cbab |