Analysis Overview
SHA256
f32133ba50e3dcfec044c841fc4661b921e99a6734a0119d0d7f541c45eef165
Threat Level: Shows suspicious behavior
The file bbadc2342f1bd97567a9fea7d612d45f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Requests cell location
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 11:24
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 11:24
Reported
2024-06-18 11:27
Platform
android-x86-arm-20240611.1-en
Max time kernel
25s
Max time network
131s
Command Line
Signatures
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.app.tanqo
cat /proc/cpuinfo
com.app.tanqo:remote
cat /proc/cpuinfo
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | sdk.imap.baidu.com | udp |
| HK | 103.235.47.88:80 | sdk.imap.baidu.com | tcp |
| HK | 103.235.47.88:80 | sdk.imap.baidu.com | tcp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
/data/data/com.app.tanqo/files/imei.dat
| MD5 | 748d9beeaa1899252a7365b780b95fb0 |
| SHA1 | 2158cbe9044f2b138df0094615afe6616e526c9d |
| SHA256 | 59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8 |
| SHA512 | cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440 |
/data/data/com.app.tanqo/files/imei.dat
| MD5 | c40cbb3b7fe3934476264f4f97a2688c |
| SHA1 | dc6c74769b86253ee3c4de620a6557d0b80f76ec |
| SHA256 | 69dc129931e71092a3330af07b64d6a1de62ea51bc703819adae717391fa40ce |
| SHA512 | 1282a5f695eafcff1dabb659e8b02f1b2380e46808aeb7678ac74b92dc665387bf85d2857202fb717dd077e6bfbd95d7275924562bca07f8a482d6b66ec63924 |
/data/data/com.app.tanqo/files/channel
| MD5 | 076e806c9f06c2146bb741ea9aaad609 |
| SHA1 | edab0b8d60c62587fab36a3619e99d08ba982eb7 |
| SHA256 | 32bcebded0fb76f69437e0830ff609faeca938dd1569c54e428c2ac081f5d9eb |
| SHA512 | 5d8efc7b3d8be7efdaa4ebe1e153951ab290ac5d3e45bd05202e8c228f94f9a8ee8a44a0f21b7a0f935d9286d17a10581f8511c402a20d22309669a4a39b2f78 |
/data/data/com.app.tanqo/files/oem
| MD5 | bfe279945c6109d067bcd295b5189d86 |
| SHA1 | 9969230fa9c65716f6f82a97c9ba7c7007609014 |
| SHA256 | a89151ba4b5ac0f22e96b71b963db927791d3808f5175f06ae4a60de5891bf0f |
| SHA512 | c843adbb98d263d02ce3f9d3d9c684b9cfd8e61e8b155d8349317f122fa9089119e8eeced1a0f0f134db68a0b88ce095273acb863c86c1be6f9b8e4682eb00e9 |
/data/data/com.app.tanqo/files/ver.dat
| MD5 | ea58bedfdb6cfb48cef4fae785468b5e |
| SHA1 | 59898d4c278cd3743475a6ceec3f8cf955449fb6 |
| SHA256 | 6188278802c1243a78e1db82e319137ca3416036ac835118caba00b07cfec62a |
| SHA512 | 51cb055c3a6d8a6d72555d24e47c670aa92d71ebaf12894a3f43010f64fdf26c92eac2153d114aba43ab28b67b7dcf656765f95962937fc16afda0f89cca0dfc |
/data/data/com.app.tanqo/files/CMRequire.dat
| MD5 | 25e57636aee83606d202f04f26c2913b |
| SHA1 | 1ef0ade456ba38aa31584d0fbce647d0ba74b399 |
| SHA256 | 89c56da41f0046c9e733fed330d2636d623510c217f72c2d025df3343dc66783 |
| SHA512 | 3a8d294b8be98abe4d18116cbf7c16d44a541d1d20dd4dfbbbf3bbd8cb7997abcbaf51790bbc1978135d888c4e89868a9a2575d9cfed65a331969de77ba07326 |
/data/data/com.app.tanqo/files/VerDatset.dat
| MD5 | caaa975d7bf4952bd5dd695ade33f1da |
| SHA1 | 119373fbb2db036712df72ec9b26c0c2840dfbb1 |
| SHA256 | d0f94264a6b5c355dbf5c0516202c732bcae471a2401542b2ca43307727a0d02 |
| SHA512 | db2acdecd236eab67cb67151032f53e51c9c04e754f3c21d74e05cacb1ea5edecbbccbd66ee760624b9cac97b8dd77f568324e8abc2b9c16aa73131db81c8b06 |
/data/data/com.app.tanqo/files/cfg/h/ResPack.rs
| MD5 | dc21b4edc571aced2aa937d173521c91 |
| SHA1 | e2960e6f71e352309991b25a44d4f7518d60f5e3 |
| SHA256 | 8c896c9cc47451e0c79b3b341cf6aa14792a2aad21046ffa6ec363f37897283a |
| SHA512 | 2001b46c1449715f205da8a4a14196b1cd30f78898ec141ddbfc7d20d7e03d25438b754fda80c023e6e3d26f72e181adb2f28aadfa2a5ef10502e59c078ec2cf |
/data/data/com.app.tanqo/files/cfg/l/ResPack.rs
| MD5 | 7806e5053a46c8ebc18c2c8b46f67b58 |
| SHA1 | 511d8a0e0939f004b515d591554b129b6d93b884 |
| SHA256 | f0ac8af0a9b2bc0db27c044cf7af338928a45fcd3ec48a2458dcee4f05131135 |
| SHA512 | a3adaca2e6c1ec238a203059d0aecdfe24f3a6fdcb4e88c21e6bb5353d3d6e05daf5d14024081e1b278bfd4153102293e3abe9f077caaaf7369f13b79590f4c6 |
/data/data/com.app.tanqo/files/cfg/h/DVHotcity.cfg
| MD5 | 1d335013ca7d9773180867ae0705e97a |
| SHA1 | e5658eabd7385e45f529279790a12b9c208d7709 |
| SHA256 | b560cfaca15bca257ce41cc5b25d4480ee4dad06df2121d21e804d6ee78cc9cb |
| SHA512 | 5e6384eac82149a17d5073a772770706410e21727c469f9330030258454eced07b6867b23366e7e024408706785ef74f4b0fa6ddd4952733cce110dd5b3830cf |
/data/data/com.app.tanqo/files/cfg/l/DVHotcity.cfg
| MD5 | ae2eb9bd87feb727bf7096ba8ade8c04 |
| SHA1 | dc959ae89ef6cccbf373bd4e3741221ad5a2bc1d |
| SHA256 | fa71ba760e1b3a7df0f4e6957cc008baa9f1533bbf743f920fc352f7f141d42b |
| SHA512 | a5fc8d247c6d492b47829305ea455eca2eb3f38a181e36ada7b212e107cb1047bd4aa5d2a25402a69d60ab03e3bd30a8f8b5d242c30f262dd8bb52b01607b3af |
/data/data/com.app.tanqo/files/cfg/l/mapstyle.sty
| MD5 | acacee140aba5e4a18fdfd326e722def |
| SHA1 | 53c6f3e47bf072d40e31806045db41bc8d6900c1 |
| SHA256 | a687d0612cc56090d585dc5dac7374f8b6b5c2270f354d38c50c4fdb14887439 |
| SHA512 | 25af0abd326662a43fad74cce675c3c6eb5fe1fafd3f138fe8fb69809ee95986d485c5d4359f0713bee03a56d2cc48de49abeb1ac53e1ab9314bd88f0619cbd3 |
/data/data/com.app.tanqo/files/cfg/l/satellitestyle.sty
| MD5 | 33146135cf68c35c8733a9f9f093d81d |
| SHA1 | 906b622cfa0aaae436409b5bd3707bea581700ce |
| SHA256 | ccdf7c3c15ed2140f759003afc4122d269772fc13cbad36bca8c5cabdf4beee5 |
| SHA512 | 17b815a3f41351740166558db47c3b8cfce911ae8af87140ec2af98d9589d1ec655a8c77c51092ee9a2c4fda94b6756435fe6f59ef047e85006029b57b3e8057 |
/data/data/com.app.tanqo/files/cfg/l/trafficstyle.sty
| MD5 | b6195b62e9932c6710b135179f4c4c22 |
| SHA1 | 954b3823f6ec5d6ce2df3066c32ba7de1f9e4f0e |
| SHA256 | 1dd67d5d39b6f2c0e7763239b9b0463b38d1365c341d1c50c4250159d8c28cbc |
| SHA512 | 1bd38136abfe46eaf41498837a280584a7c0804efba497ee62edf7544e2020fbbf1fff425cef10acc4282b50456e38f1f7d6ec817578ab091276c814453a4405 |
/data/data/com.app.tanqo/files/cfg/l/DVDirectory.cfg
| MD5 | f2d3e2aa6890698cf36d3c4e3075c6d8 |
| SHA1 | 96d788adc72eb08c4c72cbe933f8c5e2770522e7 |
| SHA256 | 3f0a5be76f3872ce20b31f052e942b7b4d5ab77a84188ffeaa1cf28f8cc7b8a0 |
| SHA512 | 648ec9e0d79a62739e12fde0c99955bc0afa472f81097798887aff665374680e5d572417b8db29efd52004c06794b301dbd3f36f7c5e57b71e8f628eadcfd5b9 |
/data/data/com.app.tanqo/files/cfg/l/DVVersion.cfg
| MD5 | d7b2c2b7a6b3005faf649099e4574066 |
| SHA1 | a1723e239e4d4120668ff9c473232656feaa31ea |
| SHA256 | 8015e5d3277c1072516bba2fc262b80351da55191dd8ec63d4dadb86499efd9b |
| SHA512 | 31d4bd54a779643fce02a3fef597e1e64dfb0730c5dce59582e1b8cf6beb494657e063fe3abbbff267e23bad9eee3a4e6b01137b3bc48f6b92def39e85182d3c |
/data/data/com.app.tanqo/files/cfg/h/mapstyle.sty
| MD5 | 9f2cb51454dca85880c73d2e20652007 |
| SHA1 | 6ffa334629131a48d861c26418c8745be9da5d1a |
| SHA256 | 308eadf0a4b0719f23d43fdb857a140f084f361e6ec600ec34881cd70386c8c7 |
| SHA512 | 45e6662da0bccdc3c945df7cf99515d5b95e03c927048704aa3c00dec7ed7d284d38168c6205b356ca15e7c9c7722ad6af9e7cd422ff988ee95ad015754dd1b7 |
/data/data/com.app.tanqo/files/cfg/h/satellitestyle.sty
| MD5 | cf819338ece317ed262e196ee8559920 |
| SHA1 | 51fa0449076e5455da8662b7591c2a93d546608f |
| SHA256 | 3ba647a3a06077e5e9afd34ed43c936c9db90639e719439f6046891ccfae0465 |
| SHA512 | 4976d7df0b90bccac497404008ad8efb6b8e6173b60f4a579bd9e1a3549089bcc23a9861dbd2ced867f9dfc27c0ee8cfbc16d92f0868f2d2806fad52d4404b60 |
/data/data/com.app.tanqo/files/cfg/h/trafficstyle.sty
| MD5 | 28d2d5ad01ab7f972300fe9c1bbd136e |
| SHA1 | c3c9861d7af8274436eda1f794fdc2ea938494ff |
| SHA256 | 812a376ab7b20b8434ae5e2086a4942ab719450df7b7af9444e0996d71a6aea2 |
| SHA512 | 9aeb4cd6c34a48c4bb79dd12cc1525984204d885df1675808c85afe77ad42a4e1346d562bd095404c36524a095866d38e806e736ce66df71ce9cf4b352490ab7 |
/data/data/com.app.tanqo/files/cfg/h/DVDirectory.cfg
| MD5 | cdc4650029686d82e393023120a36dbc |
| SHA1 | 0850a6f2256470fe6adf1206c681aa5ab8bdd655 |
| SHA256 | af482880f07b7384dd1357f9e52f6f7d5b5838c6218850f6b79e5c5472a2c164 |
| SHA512 | 4314d3ecb7119a123f711b19ecf8c251e29fcde532e7cc0207533c711b9a93354d6d17c1aebd36e91ff47e64d02e47704b5cfb0b738558adedb16341f1b3828d |
/storage/emulated/0/baidu/tempdata/ls.db
| MD5 | fe644bf9ae47accfbd71fa1e06969618 |
| SHA1 | 2465930b7fdcafce7053a971db30604e0c930d9a |
| SHA256 | 0679994901623e8a1338396703863fe9945b809980146bd343ab13db096c4776 |
| SHA512 | 7d7ef4767e5b27adf9ffed163ff2eff605934afd40ef04cb07a1e9257e2f9062632c77f8b3045e400dad9dee90db4a849438e6f2b1a17bc185bbcff2996cd886 |
/storage/emulated/0/baidu/tempdata/ls.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 11:24
Reported
2024-06-18 11:27
Platform
android-x86-arm-20240611.1-en
Max time kernel
2s
Max time network
170s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |