Analysis Overview
SHA256
31ad8487c4a089a6891becc76fb688c9cf4152e97db466c3fa8fa192c78ef91d
Threat Level: Shows suspicious behavior
The file ad3aab10f0a6f07a1fdb2bc8f881d719_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests cell location
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 06:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 06:55
Reported
2024-06-15 06:58
Platform
android-x64-20240611.1-en
Max time kernel
155s
Max time network
183s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.borqs.uclient
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | b.mobeehome.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
/data/data/com.borqs.uclient/databases/uclient.db-journal
| MD5 | 974e61d3186d61ef8ea8a045ea26d7cb |
| SHA1 | 535a83ec54344bb3e645ee66381e51760c89c0fa |
| SHA256 | 0549bd416d13142331eac4309395fd663b374cc9145a2a66588fc1372e12e0bd |
| SHA512 | 2f0699b79427f34b417fee60cdfcb153315ced7e872a11a2f2d65a29daa8ce8e0558fde7f92ca919e33838de9b7201292c00fd8f8b8b79f6fe60a7ac2085a8af |
/data/data/com.borqs.uclient/databases/uclient.db
| MD5 | 1b25e5739be1d4533fdcc70b5687a191 |
| SHA1 | 1b17133deefea6659d24c17db8c08117216c4d30 |
| SHA256 | 79161b12a83115b5b4803dc530cedb1fe50f62a6f06eaff2b90061ff28379fa7 |
| SHA512 | d588d9c1052b7a87bc48ec5039db47abd41988d75e0a67b099c294c59107ed42c561e2a1d40d76f7637f9bc37ba5ceb1d2cf070ac23ebfdfaf9ada21e8c9719e |
/data/data/com.borqs.uclient/databases/uclient.db-journal
| MD5 | bb9c8e8401425c11a0e40459ef9cdfa6 |
| SHA1 | 616906d1533b1aeac3b88f304810f72f3309371a |
| SHA256 | a98a4be7bbc5b7d92495713a591b70691bdc49c244fde8f2ca7136e8d4f6c42d |
| SHA512 | 04cbced58347293af79592972c278399ea48250c25ff9cd5e21107b49859096ed9373a4072d282d25f5a40bea1baf1a8e68ce6c10fba52ffd53b6a2f4dad7261 |
/data/data/com.borqs.uclient/databases/uclient.db-journal
| MD5 | 0c7915bb3afee4a637d828b88dde5831 |
| SHA1 | 5df2d1ece84c7e3879efb0e91b10d8762fde313a |
| SHA256 | 0a1f5db8ced4ebf6278bf4067e3da31ecefa6ac9f7cd886e994902f44d2dc2df |
| SHA512 | ef77f19f69bae2b2fe0abceb4345f7500fedab24d88aaaf118412a73da5e17a6eb790a93542790ef1981a9dfbfb7499daa5a0e01a83dbf7bc9247c255b4319b4 |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 25274f65781b1ac345df0fea7ac7fbb3 |
| SHA1 | a37f51dd2517221eac3d87fe3d67a97b9dd1a7c6 |
| SHA256 | 3a44c8253d08aff5c88501a60b3156a0a21c748ebf4f65d762017e4303a77065 |
| SHA512 | 8f87e19f99c14ae822e4640a322276a8d7cb28f2bedd3af1ae1be931c670ff638b17d13b81cec7c854edf0612385f16888b2249beccc2bf46c59019aa1b7b75d |
/data/data/com.borqs.uclient/databases/uclientconf.db
| MD5 | 07099d1a18ac873d76e71312f21f4ec1 |
| SHA1 | b1f045e88079a79dc46637d063658d0db78cbec8 |
| SHA256 | 24545559aabaad78f801a51536cf4f4c11d7369e2e29e0612b4a6a68066132b7 |
| SHA512 | 801217174f3e643e3aaee1711b4f243250ef080bfbb6b6ab64d6ed3fb12255687f5dc4fd5bb8578009ba5ec5da25ecc1e85c67856bf16c720e50e189ca11df06 |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 3252f818251510ae1e7579ddd138a916 |
| SHA1 | 6225db0edf4ef0877c5842af82d3fa9e78ada563 |
| SHA256 | 5a2858e7cd537e06a40e470f342312062a75734ee1053304f46c597a39259825 |
| SHA512 | 85ca0bff5640f0e493bd20598b74a497549c9cb0aa22e3a39a145a9a1caf3ec6fa985352b709d90af386682b07ddb46d2a8e766f04b1e3c744604c592874c3b4 |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 9cec66e07c2674f2ebaa25ccbf0685e1 |
| SHA1 | 33de199d4f8fd71474abd900b7ab2e4430bbcc7d |
| SHA256 | 57adf270d379484fca8cd9643d2c2cb3087849902297fe9aac28d238c0957b31 |
| SHA512 | 872f1d2260f8c982cf216d058dd16903456692d5db079a1f3ec647b183eb7ea77836a1b259704ff07f8759e2973fadf3625d2c832fae3c56407ec0ed6b0ac819 |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 480b0a53ff4179d20a10282a7f97c69a |
| SHA1 | 9075838f919a8644b048bff75cc6e06827bf383f |
| SHA256 | db1bc303116552a990ee658ff042afe70dfe62333d24086edb0cd809df22f314 |
| SHA512 | 3e25f892fc4fcb055d40f3fd7a16064a6741fdba0b194e8e4a927c90846ed684bf752c828dad3f7ce10d3d1f2e0e5a567a3df22e2b3a7290193d9bc908ed0fcd |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 52b77976e725baf5f49d9bfbc58bc0ae |
| SHA1 | 6e3b5a295e141e8a188357e8a8c24770d6a6fc96 |
| SHA256 | 44dc6005d73d0bc85ce6d3a4a0eb4da7366c7e97fb75a29a550b2cb8d887c2de |
| SHA512 | abc5319cd6dd6d3512d32df3db7979e8d0b5e6fac9aab32ef7cdbce18f89810a40cd680fce8980db94133c790922039f25697f2b576d6e2c830ff183d1f8cbd1 |
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 11be4033da453e1388d505bd126684cf |
| SHA1 | 8ca4151511338ffceed2df07fc843351bba6bf49 |
| SHA256 | 5823e5e5021407b4feeb1a08298de816b3509602066bc4659a330fc2f55474eb |
| SHA512 | 17698488350a27ab22f6181d7cf5d6358b5d6e6a350d5256732b82376f48de049b7b4f881b3a37b4bf362b964841cbb4f4a6c07e8d0405dbfbb60617c98bd0a6 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 06:55
Reported
2024-06-15 06:58
Platform
android-x64-arm64-20240611.1-en
Max time kernel
155s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.borqs.uclient
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | b.mobeehome.com | udp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
Files
/data/user/0/com.borqs.uclient/databases/uclient.db-journal
| MD5 | 3d1c511a68ddb0c87a07c6d3e1346a60 |
| SHA1 | f40d233551d61cb5a3b65e97503298a4ce06c58d |
| SHA256 | 4a8511f8628f2d4b783490795b0db44563d5d991ae1e3c82a179672d96fac200 |
| SHA512 | 27bd50d72d13773c5fbf056a60eafc6cc9d515d00271109eadbe1ec24ae463a48eeafa72f9364e2e8d21581fe9f30b54c47e7c765a3edc437cf72cb6af9e88b8 |
/data/user/0/com.borqs.uclient/databases/uclient.db
| MD5 | 56aa75c56c46ff62799671b224d905b9 |
| SHA1 | 6ff0cdf22bb6b4d250a6c082b743fb066be5d0d5 |
| SHA256 | b10d1b66af3c3eca754ed962d30c21291936ff6c9d88005d736ffce2f0fcd6f3 |
| SHA512 | e2bb5271022535b3d85e87549e39a6f44c7b4a6b76be9fbd9d061920ae562ea3c50eed412242acc19df27a38572fea6588d2c347e3ec3e76a7aaad34d088d30f |
/data/user/0/com.borqs.uclient/databases/uclient.db-journal
| MD5 | 891ff5d2ab69c4e5fa3fbedfa21b29fb |
| SHA1 | 5c9fc24bcdef2bac3cc55e3b543932683bf01324 |
| SHA256 | d75ff0c29a83b114e0857335b2db8826cafe46d11c05d770a43924cba68fa865 |
| SHA512 | 3618a4043a4729f9bee93126dff5cd2531e686c5313130757cf9208900fadbec0256de02b7c6ffa21443c7b4a9da1c6d0980cc4cea2c145fa4f7cc71ccc01c73 |
/data/user/0/com.borqs.uclient/databases/uclient.db-journal
| MD5 | c1146d7e59aad5291dfb18075c62faa2 |
| SHA1 | 0d12e990d8a7a4545f323fed894d123690a3b28d |
| SHA256 | d9d1ab6daa0a5540185cd98e11a48f8181eb10575a361a6e5c31932a44550577 |
| SHA512 | ca85e588d0e59668ee652a323a0f606aaa3538bfc6c353c7efbe3970f9d1d827db77b8259a7b9ecda9de89faa14761cafb079c817909568e4c80bbea0eff347a |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | d2e7d14aeaf3a59fb54c6fdbc26a6577 |
| SHA1 | 63a641acc76c01421af2d51b8accb8ae8621d407 |
| SHA256 | e104cfe0d9120e8485ee49387bc10b4e24518ecaf291e4ecb03aff0b86476bc4 |
| SHA512 | 4f77e036b4870c9adab7b91ab097c8a89677134d34530c761db36095ebfaef113a84a3d687a809218d497906990af2d21e11fcbb7ec5500438faca7f5dece8e4 |
/data/user/0/com.borqs.uclient/databases/uclientconf.db
| MD5 | 990417c562578f8811ebf7f933c9240f |
| SHA1 | 2ce1e22f4208bfafaa3c67a7b515b5165b510e79 |
| SHA256 | ef95d1cba0fbfb6319b4a28a4a9a0f884a4c63ad203d6e1a0856ea83806783fd |
| SHA512 | 2020c444dfc8478123835a44b41a5b98ba9d8de0ecbf52962a57bc52151bc37bed81d2a795259d06ce5f1c732e8bb832a89037f5addba8f7d7e3b250192d8159 |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | a9bae1acd14d22088ce9ae9cbcce8809 |
| SHA1 | 771a847dbcc0c887f64f8f620a4df599105d501e |
| SHA256 | 2b83f1bcedcf982029d5a44ef9209f4194a676b22350ae084f19f4a0e3ab67fb |
| SHA512 | 368a58eb8bada74c55c3a7fb69ff1fc13d7ef120c45a16681cf11d772c75faefce5696fb410c459b693fa8dedb9ad39b82f53ceb4ad34e72c5f960fed4ceb9e3 |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 638c7e0b26b7ea48158e5492ae3c21ee |
| SHA1 | afaf3fec0bedb01299506fb816c18f9df7fd755c |
| SHA256 | c027710b08cf1f60afa273a83128f39acdb75127b6013b3003cf54a805f23d0a |
| SHA512 | 12ca220a43a63c2c48ba097aa560fde5c4e9ea18c7d57765592a85c391dab841beb9c192fc7c30f25ca6bcaf038d29dcd929c5922a2ba794d265b92696f9f20f |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | b71c78e229c03f01cc890242246e5b9c |
| SHA1 | e3fc53deccd1f8301f5b7bf2968c36c66554935f |
| SHA256 | a1e30206f3bdb578b81e898855abaf39ee72deacdfd113ff0ff1a0dc02cb45b2 |
| SHA512 | 0a6766250087ab0c9ef80c4378cf906b76c0e1378075cca6b4f3bf5a534ab45bf691ccb7620e6c7a3cfc2fb64a65e55949cb5d45fe70d4df0595f203fe5d26b3 |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | cc8251848bfb767164bca57057a68369 |
| SHA1 | 186913db03379f85e45cf4c0d7ffa14fc630f7ed |
| SHA256 | 0f70496cb384e7af20d8f984b721d2c46fdd27e218fd38ce339fc71dd03d30b8 |
| SHA512 | bca702eb7e046a8375dcededadb94769b2e82c77e89ad44b6b2c119ebe70f8a48dc93e7f35654a68fbe888df6cf993b32c7ce5a1ffa860cbb9bfd57dd7d081f7 |
/data/user/0/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | a152c86252369db88b944d02c7bef709 |
| SHA1 | b5348c2a77a3bf3d7c9b382259d2cbccccd41f3c |
| SHA256 | 50f023081c84ad3ff797756351b003f235bb67090296ed09424c618f0ae4c31d |
| SHA512 | 791743c154de63324f5e89af33cf361c61d1d9d584cc8f5893ec722d50ac8b349a0a6368af91e69c3d51610a7a3c1461414f5af287258f39dd1daf16e6bc0bb1 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 06:55
Reported
2024-06-15 06:58
Platform
android-x86-arm-20240611.1-en
Max time kernel
156s
Max time network
141s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.borqs.uclient
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | b.mobeehome.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
Files
/data/data/com.borqs.uclient/databases/uclientconf.db-journal
| MD5 | 394eb048a07ffd0504871f2ec68b7b8d |
| SHA1 | dc8dc3b0810bb4c0c2e17fc5458fc31cae37b5db |
| SHA256 | 2dceb4fff36fbc80a6c31250fa0951a23fbe18e128ece05f1dd03251a8503497 |
| SHA512 | 2b2405848f66bb41b61fb7372f51e38d50dac2c51dfc75815d2ded1598aaf117f9d3606d55168df9501efb18c44ca1db478431008226bf16f57b2fe3c81dbc08 |
/data/data/com.borqs.uclient/databases/uclientconf.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.borqs.uclient/databases/uclientconf.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.borqs.uclient/databases/uclientconf.db-wal
| MD5 | f3bcd0cfa8d3713b5a4782f3414766fa |
| SHA1 | fbfbc0a372dd955d714d5acb395e68e0de2cc91e |
| SHA256 | e9d9228cfac2820ec4bb262acf22bba6bc1e0d7ff32c2f7e60f98c67ba8ac1b6 |
| SHA512 | d516f98b9b428b772aad06f7f9bb481ebcc599ad5ffa1b025262403563b7357262a8876e1969170792fec0ae502098738b15d9cbd6ab8180f592b937531585d0 |
/data/data/com.borqs.uclient/databases/uclient.db-journal
| MD5 | 453fb7fc4dca02cd77d49d974727a913 |
| SHA1 | 59aaa05942fffaaad378cebf9c98077cab142aa9 |
| SHA256 | 2241b42ceabf0cdc584b2cccdfb1c51ee9abe28350d7cd20ace9361c272d605a |
| SHA512 | facdde033b97c20bd60441bc13f4851f9d2102e9c50d8d4cc97198a3617eef8b6b68d13019c10dda3adcf1eb706248542371aef757affaa2762f4f86385454fa |
/data/data/com.borqs.uclient/databases/uclient.db-wal
| MD5 | 09bac9abc4c73691895ad5f1f6ccfaec |
| SHA1 | 414c4752183d417d3216c4db5a4aee8978cfcdaf |
| SHA256 | f5f00956ccfb3587d32f7649b9cc0573b7105fd204e913878a03faba2794f248 |
| SHA512 | 6cd5d0ac6b233cc775206bfdd6b0f27ae91e7ee14b32bd76935966a4da1316f9e4744fbf27c6365313dc725cc3f98b66002ca095a7bd6b8d03dff06fdc826ab9 |