e9fb62920c54a342d12d3f0336f5b44eb26a9b03d0115268dff7abe95ac9eb80 | Triage

Analysis

max time kernel
65s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-09-2024 06:53

Sharing

Report Analysis Logs

General

Target

eacc3240988966d620d5569813aa87d7_JaffaCakes118.apk
Size

10.9MB
MD5

eacc3240988966d620d5569813aa87d7
SHA1

fe3dbbfef57d57fb1dd3e6b8d756eac3bdd147e2
SHA256

e9fb62920c54a342d12d3f0336f5b44eb26a9b03d0115268dff7abe95ac9eb80
SHA512

82700d53df245d17e859892c5192316622fcfa93958b347629a1a2a5b7e5563fcbb0defbdab741ceafb7c6edf6ebf42b3e59e28a5e898dc9c225c219e20a070e
SSDEEP

196608:2+OHyONrYXNJXuZLOt4fyXKgVJt19ErYDGqetuc0zcGGLxQRgKMUBlF2n62joXIB:bNdHGEaqeXQRdfUn/AI8WQasCf

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
13	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tc168.qq16

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

User Evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tc168.qq16

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tc168.qq16

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tc168.qq16

Checks CPU information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tc168.qq16

com.tc168.qq16
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4253

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tc168.qq16/databases/RKStorage

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tc168.qq16/databases/RKStorage-journal

Filesize
512B

MD5
bcd909e5641abc75bebf632c38efd123

SHA1
f67b067ce5e06ab08113feb396095b02a86d76b0

SHA256
51dbb39fc004fdd3f6ce243dd93f88a61451d70ca0a6b52c720737806bd6b219

SHA512
e6b4d8800cef5c9527b279d4b6db69079079420b772135856f89e48469adf5f63d8ddf65ef35f9a4cf8db04a5e26d0eb152e71242fceb5726264c1d01f6f0e29

Download Submit
/data/data/com.tc168.qq16/databases/RKStorage-wal

Filesize
72KB

MD5
7eae966ed17d3d83c5a001cb802da497

SHA1
017658b04c2497273e5a869c4381e05dd115b2e9

SHA256
fec5c9bbf0d6e1756dc338ea3d1a915455c25d35152090ae74e89e57fefe3a83

SHA512
00ac41031441a97bb5431992df364b985bea1fc22ee8c51abf3d94eec8e164b009412de010ab02d57262023b8e078b2ed95d7986fd8d4f6ae21d66bb73541b19

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db-journal

Filesize
512B

MD5
6deeb83557b182ae6fbe2d8093a15fbc

SHA1
b287e77df7c61d6bcdc6df2cf74c8d2119266d81

SHA256
e276b92a04a983ff7ec785e6f15db8649e0386b81327e150801b95c420335a1b

SHA512
4c799887207180f257ee7788813395d1bda32a8726f6aa51eb8327e4084ca8e0718a8be7419e1eab1b0a2cdc59af2584e0a66786908487938cd88c9577e224a5

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db-wal

Filesize
48KB

MD5
b94770ce6349cf3fcfe81f759162053b

SHA1
572b22af6f065630c5c26ada8da49a1c10595f7f

SHA256
81ce700af844562d2bb09a469b7a1b1a16a319c89bd323e005276adcc8064b0f

SHA512
8a7598aff79e8cb28032fdf2d51a5fecc473c742d98ffcdb49c767e80f6e6470ee8e6d5ee2a2925a11b27477319afffcd8507856afae540f5d237867ebaa5eb2

Download Submit
/data/data/com.tc168.qq16/databases/cc/cc.db-wal

Filesize
16KB

MD5
f939bd2877b5c1a1d1286f65d880d4ef

SHA1
67d1657d9438b17b8c6d37b12d14a11959f5cf34

SHA256
d0c773e8c70579f6e7aeade784488164a50ec94c9fa813c26f9b4f47dbc798f6

SHA512
dff65105861f97f2bdb53bfb688d3ae546fe75d58e8d38d8ce661c6b4f28ca9d4206cec8b3b253a2a0330bdbb06175ac0950fb93b4c6f6e1944a76f98dde0f54

Download Submit
/data/data/com.tc168.qq16/databases/ua.db

Filesize
32KB

MD5
bb86ca8789203ca88f6ff479c10dd0b6

SHA1
48bf62c7791057d9704becf49ddb4aae8d92b664

SHA256
a3d49b45ecefd5167b6984bea7e01a2688ead63d5fc718a8d071f1f7a7e63166

SHA512
2832e2191e57aa496a4f351a3b284e8347517c454e79c94e970a6dc79d372ac4b46e9a9dde0fe0763c73ad21842e702bf08afa18b83ebe481101cf3c650b552e

Download Submit
/data/data/com.tc168.qq16/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.tc168.qq16/databases/ua.db-journal

Filesize
512B

MD5
ffd3a86b6ead388fd147452998e4216d

SHA1
b6ad045c0e087d9515d45dc642849f7e18f7240c

SHA256
065ea370b4e604f2c2f1e81bdce62a8dac1ec5727b303de9a7ec2386a6905cc9

SHA512
d3c9f7db1061d9549e27365ea204382ea006fcb9f7427dc6d16fb1b26a823ca267b8b4dc113baeb19174f0b131d632f8737836ea4c971deb057de5ece1add478

Download Submit
/data/data/com.tc168.qq16/databases/ua.db-wal

Filesize
56KB

MD5
6f068e29ce790424275f2b846bd0368f

SHA1
24e20d5d3e0dd78995f3179a2bd3451ed0e76621

SHA256
638c4bbbdcb7428e3c3a63374ed7c46ce9e64c4315305d6f160a9202ed7d97e0

SHA512
6d36aa296976e7a0bd0496c262ed6439a82774256947b03a2c670d601c53374a91e02aa85c78ed3cbdf004282b31b19f5f7dda8515fc8bdee41aef79654b4937

Download Submit
/data/data/com.tc168.qq16/databases/ua.db-wal

Filesize
8KB

MD5
a64a563e3da67e4f714171b71e02bc82

SHA1
9ca49598ff953a820bfa476754717d30ec5feb77

SHA256
be85f86027e217cd39799f9597d4b3a01be2dbee96c17246506805045e1a2f5a

SHA512
147a9c4f6ec1cd2a2605e113320406b051402a1a8ee380861c26dd0ec0c30dd37df1f269e2aa73d4d75719ac354eb24c4814b1c7e27078a04deea9737762b1bf

Download Submit
/data/data/com.tc168.qq16/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
a7840cf71ec1a9327c1441d1b1c955a3

SHA1
7d55af93c8dd9ff14d71bd33fb6b6b5010ee9407

SHA256
212c2552e313dc2ccbbf5e2f93f77eb4ec1efdbd72a5f9d389271c1a72fdcafe

SHA512
73dba57ddb38115acf7f2dde01c3246fc350a0b6fbb80a93a2d8670f03f66ad44d3878f095a8b335ef5e0a37a124769da7534a0e08e800c676f06f5e1a8381c7

Download Submit
/data/data/com.tc168.qq16/files/exid.dat

Filesize
54B

MD5
5aed41eb9256e04c747040c70a4ca655

SHA1
aebe570559e3ff043f7727aa42be5b60d25de52e

SHA256
37572bf92add2f72425a3cecb1a783c3a7ba190b4ff2b8f4a4731f800821464b

SHA512
001b458f9bc60f5e697e95665f2e466791f6e52302ab92beb4bc8fd54e9265856a1a067d83bb4e53ef525d11201499755cf4eaedf33cd2c729911a0cfec0a8b0

Download Submit
/data/data/com.tc168.qq16/files/umeng_it.cache

Filesize
415B

MD5
93829243f5040848c42356f94f7dcafb

SHA1
0e651c255532cef0dbccca9b1377d46a24aaa735

SHA256
3222a57aa637b287f8aff26db28bb83b3a197eb4f94854da8bf623e3d1c6f6f9

SHA512
fcd2b31621b84c195c9d7cbf8da3e00dc9788fac802949f59746740bebf4316014bc27a8ddb06cde92ed0b2d5ce3f4594a6e5d6eaa3f795e847a51a31579dffa

Download Submit
/data/data/com.tc168.qq16/lib-main/dso_deps

Filesize
136B

MD5
9b8ad8159119608362a2c7aab53ee579

SHA1
ad85dad2fc86deb36f6e0adbbf8341460547552e

SHA256
f7b0fc4fcf1723a84b2ca5a90dc6d8f736b79f479d1f22d7a64a3edb395cbf18

SHA512
607c3f797e8a7ed8175900f1907fba54a12c51af7fad9da3ecca400b7f1ff0d84a7e38cf2b94e9cdc32384af3665cfe9d586425de772697be643cc9f3dfb8ce6

Download Submit
/data/data/com.tc168.qq16/lib-main/dso_manifest

Filesize
93B

MD5
9de7c36a2bfe4ab3831524d25f891039

SHA1
1e60ec96456f7152a6971ab8460664391a15d997

SHA256
cbb1c3da4a763d2acd1d3249710dd499806f9ba355e4abf1c8c99e6de8f23dd1

SHA512
59546c698aeaa51bc6e2c5edb6d665fdd282208cf199ee755670e48995ecdf5e76e19dd81b5a9ef5f89daa60f7d78d56456d701e8ad4f4da9f7698e2fba30dee

Download Submit
/data/data/com.tc168.qq16/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.tc168.qq16/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.tc168.qq16/lib-main/libjcore110.so

Filesize
77KB

MD5
304c4775c940633d9bcd763ef3c59ff6

SHA1
88cec29d0123a91bd5fc01adf460d75137592998

SHA256
718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad

SHA512
8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43

Download Submit
/storage/emulated/0/JXCP/aff/com.tc168.qq16

Filesize
7B

MD5
bc1ca8d5038ac431095eafa5f7729704

SHA1
c9418d3137fb922f68a0232b0bb9213e35337b52

SHA256
117212a39d5a6a1c9b8484e022b17dbd8561ab063316830ca3e5e71697111ce2

SHA512
890de224c7979f55332d900999e378e10e341127ee4544fb7b8a24d5cbec44c73887959ac3d9c6043ae192ff2b5de55e8747c109f4be60dcc947e24e7ac65e6b

Download Submit