Malware Analysis Report

2025-01-19 05:19

Sample ID 240817-pmbq7svfrg
Target 70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02.apk
SHA256 70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02
Tags
banker collection discovery evasion execution persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02

Threat Level: Likely malicious

The file 70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02.apk was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution persistence stealth trojan

Removes its main activity from the application launcher

Requests cell location

Reads the content of the calendar entry data.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the contacts stored on the device.

Reads the content of the call log.

Queries account information for other applications stored on the device

Declares services with permission to bind to the system

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries information about active data network

Reads information about phone network operator.

Acquires the wake lock

Requests enabling of the accessibility settings.

Schedules tasks to execute at a specified time

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-17 12:26

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-17 12:26

Reported

2024-08-17 12:29

Platform

android-x86-arm-20240624-en

Max time kernel

165s

Max time network

131s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

com.tencent.mm:remote76

com.tencent.mm:remote2

com.tencent.mm:remote675

com.tencent.mm:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 trendsjoy.biz udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 www.geoip-db.com udp

Files

/data/data/com.tencent.mm/no_backup/com.google.InstanceId.properties

MD5 98d7981196123d26dbc0dfc0c0b1e32a
SHA1 c034725b5492678844a60464206267b90e4e3e21
SHA256 d027a13ac9117d9226515a5bc34fc4e136a3ebc27081cd78349dd73bbd9b7d0d
SHA512 dbac95a11e216ca0efc4fcf611fc0af70bae2da76f431edc223ea6104fb2333273d82c81f75c71093eb576863afd5bee38baeaae27464e83a356e46d8a794f54

/data/data/com.tencent.mm/databases/Dname-journal

MD5 ce7b592fb55789ea656f5372dd6dd2fd
SHA1 13a8b36c223ba4d245d827dd8a43eb3db3becc70
SHA256 6096acd8045f28d8ea8cb4172665bce9195bca01da45544e2dd59c800e9eb78a
SHA512 f8e8de64c056af34d6e5e764fae2641b3833cad8557161ff7c9f581b6609d578bac57c5ab7a21ef21a6eba775bce2f5c1c919427bb31888dc4497cd4047df28d

/data/data/com.tencent.mm/databases/Dname

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/databases/Dname-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 af00062a7ca6fb99b0821e509b16e549
SHA1 9e00c79544bb22f0019471485a158758b6080f59
SHA256 ce42602a1c6bb3eb081b2ea29cb783c97e14cf0a0be5f431660871d14ccd7fdc
SHA512 d514077466adfcbe61d3cd9ecdade8cbe5c2c8aa781d6ce39e0153d83136924ef1f601c48f0928c7616508e914f562ebc231be0f12c28a8f0ec56be5c8d2185d

/data/data/com.tencent.mm/files/Tree.txt

MD5 91bd52f4107d5d9b8e6d7f0a588f3fe3
SHA1 684b3d3baaff81b943f13e88f34d617dc68a115a
SHA256 cbe172d250080ac727c64125e09e7f18f6325a84eac24803d008d86d76b84781
SHA512 26af7c7a7565a7220ec8fa21961ca6926df83540c9adef710c3dafbe85b2cc4aea8842cb613b7947aecfa696e102cfc7a235b5b50cb4e440eafd15464808e3c9

/data/data/com.tencent.mm/files/GP.txt

MD5 fd746374d9f150b11fd9b00a97eefc26
SHA1 7bdccc1704443f760136cdeea72143d7e5568405
SHA256 cc10b5e22e4bcacf4b27efba2a4034f52daa6d7c76cc7338e63002da65b260ca
SHA512 68ab1fc75f635fc4aba74ae27de6d1106ae4845ef41f47281a8c4d443130abbe5db35f9c4f01674fe66b76109c95f04f58853190324d19ca863259e765e64842

/data/data/com.tencent.mm/files/GP.txt

MD5 02ef5960114c52b3680f4b47dce5d0a5
SHA1 f3feaf6952c16c312dcd6dd6ed652f9e0f00ef22
SHA256 4197a16e6cdb1c2e40ff383481c6e7a3015231c4c7fac21ead7bb530524122f7
SHA512 272bc30061badb790338a900a04414bef31e622f72f971b00fe24d5ee048da8d630f3a61b2abe1652e5ae395ce4ccf8c0c1da066ab1d1689474788ce22255b74

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 23ee6b0dc09bc9b0b1600646e365f5cc
SHA1 1a5ae651c8ac079858aaee189f30005023938d86
SHA256 c06c8a73595929c7752b6dbc6baea01816670b9976a8c4dd92f42cef5045b2e5
SHA512 904e61f0e446063dc17ab7e53a0a360061d24bca5641848b253f67ccbc6879dac82316b77c85276628c95f98ac502e4e5130933f469299f3b676a23dd759cb3f

/data/data/com.tencent.mm/files/GP.txt

MD5 5420fa41cdee302ea847eebc3f72f761
SHA1 a7f88005b0a79e2063649bde51e3026c7fc94afd
SHA256 681336926991f107468645835a5913d7303e88b5cf5ff3f79b6183beb66999f9
SHA512 7b7faf199a911bae2fefd587cd337f3ec9f70fee5abae3d3ad0cae96f7692f84f30380df84f4f9ea801894f2741335588ef691e1f77d3f57e8ea5edf25c9ac8b

/data/data/com.tencent.mm/files/GP.txt

MD5 d704ffe00fafb812478f8e578736879d
SHA1 924c9ade582a6426820e2c9b217985a8dc83f368
SHA256 19a6b8b82228bdd75d2c82ca34022856ed034fb3045eebbf4a8300ca4a5750e0
SHA512 b8a1e06b0f410d82042b956b7c6ff9002f8a6ae3d866fb23e9d9664695ad9b5ec15ea2f779bb2b9dc7c9b053d9990123cae7bfc677bb595a70c39821e5fcab31

/data/data/com.tencent.mm/files/GP.txt

MD5 b4f3227c061600f0730a8cfebcb26ec3
SHA1 d776aadcdcf3493d147fae49be00c7ce0d25aa30
SHA256 fd29421d8675eaee8aed7ada3a28a3339d2cda751a4497675a9f033ac788742e
SHA512 df598ab530aa3e492a3795e25ef1975f87243031ba0bdb33b3a458c9d9c5439552073e41078cfb5c2fa95395f33907f592083350821f1eb25c2cf6ad4c296cf7

/data/data/com.tencent.mm/files/GP.txt

MD5 12bd12fa85f4c321ec34a172468803a2
SHA1 dded08ad6324f97135979a4f7aaeb83a7e3d6e76
SHA256 3fdef1a118530857a91895fb5f7eb3a061a4b6fd1f9abbdd803de0fd44733187
SHA512 b77c9a89ac2101aaf40d5b81df9e46086c5104b546ca01f0c8fda7f6c670c5d28fa04323fd3f222255305d2a4fe88b6437beca01b8da50023c18d0743fd0922b

/data/data/com.tencent.mm/files/netinfo.txt

MD5 18b1a92cf10f3b553374865c055c9a92
SHA1 df880ec86eeba2ec3f96dfbd47ee970a44c5bcfb
SHA256 a6d961887256912617d84c567b9ae955be869bf6f53d7e06d1bc566a313af8b4
SHA512 b87252a4f5587e3a115159abb4b528cf8ad364e18fd4fffa3717f38e3d109e6567d3c939edfa289a306f58aa90fd5fb611d62cb26324ef309e81cbe06176c6da

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-17 12:26

Reported

2024-08-17 12:29

Platform

android-x64-20240624-en

Max time kernel

166s

Max time network

149s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

com.tencent.mm:remote76

com.tencent.mm:remote2

com.tencent.mm:remote675

com.tencent.mm:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 trendsjoy.biz udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 www.geoip-db.com udp

Files

/data/data/com.tencent.mm/no_backup/com.google.InstanceId.properties

MD5 5778139acf09d4b3515ad7f709cff909
SHA1 87fac5eb4f410723d0f3d58a6fc92a2b7ba30c4b
SHA256 974b612e176bf1fae25dbb7b69ce089ae2391946ca073e8eb4413ff16fe83725
SHA512 ffe4cf4060f8b9d6917a39ccb300ffa05a94f6c6df8fba18e6354226c162c5e2a1a3597c56196f4834ae456af2ad1e661fd5a89f0efb2d00902b620e9176d80f

/data/data/com.tencent.mm/databases/Dname-journal

MD5 6a587acfadc33c4e5d30088ffc8aaf9c
SHA1 e625816fe1da840359c66baa52c627a24f2f356b
SHA256 2cee242ed4ba0f28df8d0df76b5c83fbb1911f825438cfd9bb87a71bfcc13965
SHA512 e266daeead5a4ac6384e7cac68f2f0d81c235da7b07f0f15ed2a61d92da83667633a64242b354069ec5083d0c31a09d0c2cf6b52845b877a6dad32eedcb06492

/data/data/com.tencent.mm/databases/Dname

MD5 7de3503c76fb71b8cfbd627b643f99ba
SHA1 0d44390db7ab65fc9f17d05aaf3516b9337c13f0
SHA256 56a2200528e879caccdd12ffb39aac8672095c05a7e6498b98cf5755d0149146
SHA512 21e3ca0d3c4007f089bf9c1a349f523645d3939b89cd47309a8385390de70553ff1a153c3729efbe6272c3886193c50acd80ef1994e567209dacbe9a4fe5150c

/data/data/com.tencent.mm/databases/Dname-journal

MD5 64669451dfb3a49aa17a66656dd27d09
SHA1 d4ba845dc057fdf0b3b5d8a447c7111cc4ab3b73
SHA256 0045a635ea80db88f509ea97a87a224794e6d4c8627f58f71801f2d13784b851
SHA512 d45bc0a9e4bba943727d5edb4f46575801890b7e926f1f10c2836a633ca87ddf8d29d72ca4c01629810206c08b12d1a6adc289767fc2fcfb3e2122453d6b7d74

/data/data/com.tencent.mm/databases/Dname-journal

MD5 6c85c84b63b7b5eb95ecabb4a0b61086
SHA1 136b072e7bf3d968f78d3d0c2cdedf711e9a7ec6
SHA256 4360837738d59d7ace20e8c8b83ac2dae9e52a8c32aed8bba7c03f77ad0527c2
SHA512 12f0d08ecd4f56854880a557c6d65dab0dbda41de89610ebccb88a3eb6c71dc7384e61801be3c6b54cca96110eb91943b2707e38a0c359e373341f85aa0271f1

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 8f9bc4561c1d3e048e118c27abd898eb
SHA1 cdc2c2895373fa85089c6eabde1079478f3e5b61
SHA256 bf6a58518535f84c5789e9e972267d3983ead674e04a95fd9800dada1bbb9710
SHA512 3bfa84d49f40238921a10c7460f06b27e422afd3944da29f19f5e19abf6cccbc28c883bc63a38f19a7be83fdbb2a9ca9a80f8f3955e73ad814b8663231a98f94

/data/data/com.tencent.mm/files/Tree.txt

MD5 36a3156fa38ab152afa661eeff3c812c
SHA1 6ed25daf1009fc1f700c1ccbd5db9292407af0a1
SHA256 29d97d21792b1e5e034a2589fe8ebebf2e94efae506046a696d58aa68f24a9bc
SHA512 273b266372afb9205616995e4ee2180d1b757f1d385de3da17a5c4111654d5c605f22c42d3cdae87bd8aaeb72b6e54f10b73683372a52d5841581bbf4c9ea362

/data/data/com.tencent.mm/files/GP.txt

MD5 864fc25fb18a84738e4f3137e15bb88f
SHA1 faa88aeebe245d10eebac25692c6e123bade3949
SHA256 c313839593681593bd8b38a49ea86c5c99ef991c9bb84f31760f73ecfbb78a52
SHA512 601bb30d40f97b6b4b7d6eb5f9963e19012d1cd0b8bccc934da183754b617280baeefc05c2e141f448a7e82b8776fc0ead67c66c298009a152b59142c2206d3e

/data/data/com.tencent.mm/files/GP.txt

MD5 02ef5960114c52b3680f4b47dce5d0a5
SHA1 f3feaf6952c16c312dcd6dd6ed652f9e0f00ef22
SHA256 4197a16e6cdb1c2e40ff383481c6e7a3015231c4c7fac21ead7bb530524122f7
SHA512 272bc30061badb790338a900a04414bef31e622f72f971b00fe24d5ee048da8d630f3a61b2abe1652e5ae395ce4ccf8c0c1da066ab1d1689474788ce22255b74

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 da3d3c698011084d1cdd66d3576f78c8
SHA1 69ea35e448bc9643c85b49483110d10f82018663
SHA256 3001c8956ee43c66475f64a15f471a848ea879b22bd5c9f1801accb3d4b24762
SHA512 bb1002aabc7102d86fafbf6108dacb006e502422da2ff1a39e2f278f31c4a38d61afe821f2d3e2b2eb3a9663b30dde15d1494027245f212297952535cce57214

/data/data/com.tencent.mm/files/GP.txt

MD5 5dceda974fdfac2e5457a8c7e231342a
SHA1 a22663a8088614db627a57d4cc6b69449d9d7f1d
SHA256 e44159844049e0666a81a4546b5b91ed252bdad84019b82116b90316e0a53d85
SHA512 11300eb5b987b7130408458837fc56c8068a0386931e9ba5aa72766bcebd1e3d2d07a39757c1ba6b035999daad91f77f2dcb9ab04fe022c5f7470334130b01b5

/data/data/com.tencent.mm/files/GP.txt

MD5 d704ffe00fafb812478f8e578736879d
SHA1 924c9ade582a6426820e2c9b217985a8dc83f368
SHA256 19a6b8b82228bdd75d2c82ca34022856ed034fb3045eebbf4a8300ca4a5750e0
SHA512 b8a1e06b0f410d82042b956b7c6ff9002f8a6ae3d866fb23e9d9664695ad9b5ec15ea2f779bb2b9dc7c9b053d9990123cae7bfc677bb595a70c39821e5fcab31

/data/data/com.tencent.mm/files/GP.txt

MD5 4f31a09a6b6af3d1bc3e2b2637e290a0
SHA1 ee47888a88a97f6e815419d95795553c4395a465
SHA256 2fba2c0a276e484a0c4e74606aa159ed7b61c859de5b9c32f7df81e1c6e3b825
SHA512 2ca8d62679e07548bf3bb47ab6287c15a38986401dd245046931b432bd6590a9ce54c3145cbebc619a95a90a4934339e0a1753958037680be39afc728eb76f0d

/data/data/com.tencent.mm/files/GP.txt

MD5 bfaa4805d264286a8ad468b404b8f802
SHA1 54b3cbe4f08e95bf0c583ab0e3323d9e14c537bd
SHA256 241ae6e9d2ef54fb58d7484ff2e4a9b59725a7344cefa798f0e5be8d11fd9efe
SHA512 305703f51614a22137af44b5ceee451fe550081ad4e6f7a08f8b5f88ae2818d22490b9584ab2cd44adbce83d6bcac9b4a293f0a88477ee764c3df8164cbfd489

/data/data/com.tencent.mm/files/netinfo.txt

MD5 32ff36287fdb1259e397b4e35f052ad5
SHA1 0187888b277c62e577387c8483de4c4006c8ddd0
SHA256 af692102773295972d4dbd7e76a38c0672ed26671887141a0c7feebed883c14f
SHA512 0bd47c0d300f164d9d0e97577506530b74eb6b1eece4b37f768a61ea827cf62a891cd57fa60c79fae2e9de9a3d301d4ab159851e1b7af70a07aaeca1a13de96d

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-17 12:26

Reported

2024-08-17 12:27

Platform

android-x64-arm64-20240624-en

Max time kernel

66s

Max time network

68s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

com.tencent.mm:remote76

com.tencent.mm:remote2

com.tencent.mm:remote675

com.tencent.mm:remote

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 trendsjoy.biz udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp

Files

/data/user/0/com.tencent.mm/no_backup/com.google.InstanceId.properties

MD5 2ac1f2d77abc68cb9d4bc9568caa2f14
SHA1 ea72138333091ad07d2de2349c242c4bc0c68230
SHA256 0da4a3197ceb3c43205c39f236369bf9bda6e66bdd894521edf08e7fd9a2e94c
SHA512 69e8f1f71068799bced78293f5ece9d2ff40ec5792d24a7124cbbf6ea3ef8f4ca2f9180527cd1f2e465c3e93f508f69ed1c4cfe38d7550022819c2e72826c000

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 56dae587f0cae17546f4cc36e8852fd5
SHA1 45ba68d29bf91463c2e9e53355e83b84668f46f5
SHA256 ac5161b15c5afe50ae64155f6647268977c62f81ae15647a879f227cfad78741
SHA512 3a7e7a48c7e296d8f08bcd0a6cfb77a463e9ed3903baa3a7fbf48c42b08c90424d355f1efae56892f948c4668fb4bcbf1219eafe862920676f86216c4ba18297

/data/user/0/com.tencent.mm/databases/Dname

MD5 474ffcee6a6e9a7f817986d33e7e1940
SHA1 d26b46a2ea0e5afa871c2f458186a2b9c859d665
SHA256 1f75d33b3b5bba68665f76ac0e4145da0e82afad7438136b0cbed2acdf06ae1d
SHA512 670bcb73fc832197ae363ef1e9d6311c04e14ba7d3d526251b45e1072a0e5920956aadc3601071e3b843f37009f0c2e29bfe399f6382c80e5dbef3ab6acada21

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 464713766dbc62602ec5759c3dab31b5
SHA1 3b64ce8ea2db20296f8f41e814b220c873c06de0
SHA256 a9ce6c0abe76c6d192e203a1159fe0ac01e37c96739974dd5f6cf8e3c5f8c469
SHA512 de4104a7f78ff6e7919649ea650606b7dfc6eb2dbe046adf5c3b0170f09ccf254f4be594d28151fabf474a0b4195def1ea3ee3c03bb15080b34718de6db58539

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 61f65a72fefd7fee230ccb34beed07a3
SHA1 c4cf85f9b84e6ef473b0bd1a5a46e7cb8a5f888a
SHA256 57365dd477aa0075ed4196a0468be53fb80f876b4c00ded3401b512eee3d2721
SHA512 72c265bbb93e122cc8d1cae6287b8890bf9c4efd6fa48a46bf5f9d6310bc8e2d0bab18e89410f825be313d73a88b2fd16563db48bcbe6b95bd7792d43e3a2be3

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 83e13930f14b2b264def7d52ee757372
SHA1 84f2c519b8c0164f94521beac4c477c86760bb4d
SHA256 84f8459ad5b08ac6fca2eb179a276fd744fb51e71a4822247a8fd4b92f8bdaad
SHA512 6240f2fd6ef5e3219d8b62ab1869a0c9e1dc3362ef3078532ea70fd0224200bd074f8a1d409e4c7bb0451f7d102286754067bd9da693307702d244d25dd9af5e

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 2ddbe0f93a8cb5cb226c1f57fc3647bf
SHA1 9e27664f7dd9d2ec51a2af8bc670a1699b9b9719
SHA256 f358a1707aea904bb1ff48c44ad0e1e6ea6c96e9de825e9f761c567a57f67548
SHA512 6855fccac1554cf938c019162d7996369ac1ce0e6ec5bfc92a6efa89dc8dc9495f2099cfeb152723256190bd5e6812e793222b4ffd915fad80b70e71a8524ee2

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 b510a8a3a71944bd6e8f7cfe61805f2c
SHA1 244c58da9a14cf26a66e89ce9f0d4b941daab4f1
SHA256 981d7535ef08a24108f5b9575d68396cb7d8c65476d666a43d4d78578fae59f9
SHA512 a278f3dcd85f48ebf4295cca7b1b3470a8f615b86f0f72ec1fbf5c4acc03af86972bf6fd0fdae4cd947258be734c3067448c318ee07f66d7d9668243ab8cfa6e

/data/user/0/com.tencent.mm/files/GP.txt

MD5 170cb7ec1fb7ad744bc7d9585fb35381
SHA1 61b4c7b626e7798a3fb0c6232235033a5b86a42f
SHA256 1fcc943eb407bcbe72aa7f3b5872664bb878f72548eb97438b2604d95e385790
SHA512 9ed6eebedd45d01fbe3307dfeecb8382900850f6977b64f67cf9441c1c051db7cc8ec0357472534872e22c4d5249e44f84641317e066c1846481994b14f08b93

/data/user/0/com.tencent.mm/files/GP.txt

MD5 f7fc5282f088d753362f5254af471d3c
SHA1 ca2cfae24b4345b168fb52ef37a9711e8cdd7d31
SHA256 188866675cc51d44551b23ea4101d38598a8616d5c0caec805f1e5af7117b64f
SHA512 c4d1bf3023b3d1dc7d5a03d116e03fa6920fc2b16de15edc2874eef3068ca6a47c690ebfc9409fb3fcf9d9ffba40ec0ce2f09a13986d5f27f15ef862671b963c

/data/user/0/com.tencent.mm/files/GP.txt

MD5 1150dae8b421881b9861e597eb25ca96
SHA1 d57c81df613fc66321e043a0e406d75c1f01b78c
SHA256 fd1a8ad16c7bbd4a9aaa7a94bfaf415d1f3e0823e164127bca05efd5379b7347
SHA512 08f4cd2c999eeb6ce6322aa4f52e649d5761ca08216851b4c6dcf6e6300db77eb0e45485117bf763b4e5f1f186a94dc317445029f049653ac8a307f84fd1d5af

/data/user/0/com.tencent.mm/files/GP.txt

MD5 a2e8b73822fc18d013753b1fc9aeef5b
SHA1 a30708d33abd8b5456ef874a8236616496591a5a
SHA256 c73e0e4498201ce5b2ff068400663c1254556afc2973182fba35b5e73c5f4d6a
SHA512 8e1f01cfc6471b9d39d807df3c632abc5c455819291780a85af2286371e70f45768a622df9839bd95c4f33ca1a1868e1afee36054c8e0d1b038cc9bc9ca38b6a

/data/user/0/com.tencent.mm/files/GP.txt

MD5 e9baf8ea7dd60014056d5e9864ea35f0
SHA1 d6d3e36e7163bc7a6cd3c0f79509523483b8430e
SHA256 21149a3e8c5b94aa10f1bc8ea84cecabb067ffa46961a31406cfb717be37cd27
SHA512 1b33a5a862607bb5f8bec8711da39465cdb4e30af9b9522c8b0cb93265461a406d95df41e48bf1c3e5cc3be16267191f499096adc4adb6108dfd360c66cf7071

/data/user/0/com.tencent.mm/files/GP.txt

MD5 39e80a69fa40c209f3d2b35ff936ddb3
SHA1 5ef3f3ccfb5b5295254310e30301a8d2142ac729
SHA256 527fad8908ba475c116151f663720d117998419f641ab24d4e0b0278c035151c
SHA512 ae5108132c993eeaa213c44d2ac1f39db652efccf4d466dab3716473552aac67fe76dd903702909dfad49f6902cc21a7fd46ba7bfd81f837ff9832b1c72b7f07