ebc1c16cfc8af725c7dcfaf5b3555f46f5147955a13fc0f1a4b3e32701de49b1

Analysis

max time kernel
148s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/09/2024, 07:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eacfc76a6544d26e1bd3c91bae428486_JaffaCakes118.apk
Size

16.8MB
MD5

eacfc76a6544d26e1bd3c91bae428486
SHA1

a2ebb8333e333f3d092caec27fd2b341a535099e
SHA256

ebc1c16cfc8af725c7dcfaf5b3555f46f5147955a13fc0f1a4b3e32701de49b1
SHA512

ae5f63345881f84a1b0626f31c9408aa990aae2216291033414d9f4c5c9702030ef979a50b4f74cfadad64854b5ea038ae1ef8f4fa53082457de1e7dfb026468
SSDEEP

393216:HYmWc0+pxiXzJgpFrVAO6VCtP1cmE9dl2poDncPb/8Fk47:HYmWTYslgplVr6EtP1cnPIti

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lingquanmelqm.app
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lingquanmelqm.app:pushcore

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lingquanmelqm.app
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lingquanmelqm.app:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lingquanmelqm.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lingquanmelqm.app

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lingquanmelqm.app
Framework service call	android.app.IActivityManager.registerReceiver	com.lingquanmelqm.app:pushcore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lingquanmelqm.app
Framework API call	javax.crypto.Cipher.doFinal	com.lingquanmelqm.app:pushcore

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lingquanmelqm.app

com.lingquanmelqm.app
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4274

com.lingquanmelqm.app:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4312

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lingquanmelqm.app/app_SGLib/app_1726729365/main/libsgmainso-5.4.171.so.tmp.4274

Filesize
728KB

MD5
ae30df9cbb58e60b596ec81cb5f1b5ac

SHA1
11b17e8a54a4d69e3a766673b572c3b128601546

SHA256
356112f7abaebedf441350d595822a1e7881e535664069ff2e82a0ced3a213e8

SHA512
dde7121b0c82cd118080f3a767dad7fa1dda82eac947721f82766eb36b7850d3efed30ddaa9562bf9c9b8d170293febed31417c201c08f5d4eb66d3e2242a984

Download Submit
/data/data/com.lingquanmelqm.app/app_SGLib/app_1726729365/main/libsgsecuritybodyso-5.4.99.so.tmp.4274

Filesize
214KB

MD5
61432799cd61bf9e5cb7151e7ab624c3

SHA1
ecf6168d2dd6bbd37880e0e9ae9aba3eb7140eab

SHA256
2c302d03706e99433638301c288a05784c32fa2ec5d42dbe9aad9ef3b8f0ef0b

SHA512
d848b7e384d37139d37b558a08d8dad3750543a40d1b9eb40430dcc38bdcc6ad8f5bb03eb0881d544e25ace61064f4ed194f3925ec6793f69f600c1c8ad40856

Download Submit
/data/data/com.lingquanmelqm.app/app_SGLib/app_1726729365/main/main_312768000.pkgInfo.tmp

Filesize
296B

MD5
8b9a070a4756c4e75a9c094c16c2fba5

SHA1
684bf86ccb234e587560e22aefc2b659998ef149

SHA256
7de9841149d5bc7f2ac97621e366806b30d42967a9e23ef1ee438ff087087d1a

SHA512
2effa207b703bd3aaa3c2e780a39205dd33c07a45dcd7052ede4d24b4ed820fdc1c9f8712ee7f9c18be4846ec4d1c7b9eada9e2bf0157a4a51445b8ec04ce30b

Download Submit
/data/data/com.lingquanmelqm.app/app_SGLib/app_1726729365/main/securitybody_312768000.pkgInfo.tmp

Filesize
223B

MD5
2962e3ea9187a8fc1f66d77eda2c766e

SHA1
20fbffb2687124a8e8733d9a766275fcc4289aab

SHA256
dc5f7701ad3b726d180b0fe0278cbbd4fb4b665db9814af2f8de70d6ba2bc785

SHA512
44aebc257188c34b7f57c2578378e95d73db0e35cd76420bfeb85fd28fcbf0b9a5153482ddada35ea35887365de7429299fd13e15be609d74da1ee287361ff41

Download Submit
/data/data/com.lingquanmelqm.app/app_SGLib/app_1726729365/main/sgmiddletier_312768000.pkgInfo.tmp

Filesize
254B

MD5
c235e74ea719e9a6f773b8d8352d99e1

SHA1
f31095aef8e9c3286edad127293ce700b1fdfd75

SHA256
feee3cfba46a15b807bfbf99c7fcd85bb8ebfb6862a9f5b476d67241e3ce9993

SHA512
a448f296cb9d3b3a25d898ae0485199f7bdd7597fa75be719a16bb30bc90fc10f636c805830a8c53add346b12a556e71155536febb9801c847725c577dabc384

Download Submit
/data/data/com.lingquanmelqm.app/app_tbs/core_private/download_upload

Filesize
56B

MD5
3d9f3d1fee088275b0e8c3dd7d9bca7a

SHA1
9059ec1aa5541141b62df051b58f3a142bf10081

SHA256
679071685e9f94ecb6b5ebb4032dbc72ecb90d272fb91e7b1be76fd3e1f870b0

SHA512
dd503c9f4d36f7de43b21fbe4b1829ff019a8d191cd1abf912a788add72f9c743b15c6e293f873f9c7766ac2c118beda72f42af1b681cacfb5ec5aa4609caf06

Download Submit
/data/data/com.lingquanmelqm.app/app_tbs/core_private/download_upload

Filesize
56B

MD5
702425339ed5f74a09d933eb5022e24f

SHA1
5b16fd820c9a2f5cae4b6ef25d69fc233ab51ecf

SHA256
0a906779d4854ea0f9f9ba617db200657bc132bfcb89928e21b6d6538cc18b2e

SHA512
0e308b026e43f3ffc2973958a1262fb008ea17e38d678f0244ca87fef5ecbfe107b5f030b6d4707717353ffdac23659fac6e00197dea7746d37f5e5c3d1a7fe9

Download Submit
/data/data/com.lingquanmelqm.app/app_tbs/core_private/download_upload

Filesize
84B

MD5
1f30745f693ba2b702e007d82976be5d

SHA1
c5300264252709c268303b74887242f86e6171f3

SHA256
4d85ff8ccaa2110cb27b4fdf7870c62030f2b777bdcea1ead6709015e30795fb

SHA512
38d9a610d6e15348919bfb335d62e68a0b241fb860622dfd4cc638f7e0dc461ff3dd0160e3232d5ba786da90e4e480a416264e976fdf55cfcdeba1feb840c0fe

Download Submit
/data/data/com.lingquanmelqm.app/databases/ut.db-journal

Filesize
512B

MD5
a2cae2eb3c0e3d0042068b1d9c0e1d00

SHA1
a78b2aca98697519cc41a6e546efdf97229a3bc7

SHA256
e62a5c8e6f4ca9f4ce48917b933f75b16468d826d769b076c0eb3dd71d1ece53

SHA512
9ffafc31ea33266e011e9ae40d49e173284099bd920ea10264d73da4c6c2f84eba2c8de97d48f869c3ba1823a401f83c00d9cd8fd5f3215d759a9504f8b9bb6c

Download Submit
/data/data/com.lingquanmelqm.app/files/JX0WDG83P1ZN.txt10b2

Filesize
1KB

MD5
e5fdd63cb4c799c9927f00462bf52f91

SHA1
ebf8404abe534d23198df2f58c8a0466b8359cc1

SHA256
8763e284b2d1a691106b53eb4d56e02e66a770f595e7e5ae6633f608fdf7c84b

SHA512
c9d83574d3de6bf8cd61e647d4e18ed0eb34ff6a18280a8ff6b35286cc9faf6f2795be198d9736c6e0ac7d35ba3b9ff2f035e8b23d1ab36bbdf766c6e97fba3c

Download Submit
/data/data/com.lingquanmelqm.app/files/SGMANAGER_DATA2.tmp

Filesize
45B

MD5
fcfcac64592b0b1a602c4c9bbd2922fe

SHA1
0010a99ef28001df99db57f51d68db1cb4621b30

SHA256
586c6d65960ef74510a741b15619e79af595ef888ea7164be6f456fee8fc4acf

SHA512
96cc56124384d3d8f0c82bad11c58c75bc7a8ac710fe154bc43105c83f68e83ec4dbcff0b814f7f3e8a5a0663e45ef7e8ac67b606662b8d25f3ca5de99bbe4d2

Download Submit
/data/data/com.lingquanmelqm.app/files/SGMANAGER_DATA2.tmp

Filesize
89B

MD5
f73512e61248913688481a4170b738b3

SHA1
4253834e966243917efc39f3b16d0d0ee56a528c

SHA256
c6f4d2454f6ec13d3978fd0b84c55e3275c0d5b6e46a47decdb4a830a52e3e71

SHA512
f7c5caf7796061d7a9a0c02a3b99a1642762443d60cb9bef9d084ab1acd4264b43e604abe06bd826f3ac28d772966bb5f9f1ec921b9c9dd202c07c73901676c2

Download Submit
/data/data/com.lingquanmelqm.app/files/bc_config

Filesize
8KB

MD5
6f9333a10e219883ef6d57ee82f32864

SHA1
2b725177af6e0ca7fea8503aa059e18ef269c88a

SHA256
fc3aaace39d154b05c6c1a99333dc13cfe526ae13f3babb80839e9f19debb668

SHA512
b6adc2e57d6518a45d61ff96a43e18a21cf30a8ba92277cf125ef38539ddb4bf909ebcce1fc1374111b8fc4728cc385f5990a07cbcfee425dad84dab40e24271

Download Submit
/data/data/com.lingquanmelqm.app/files/dccf595801edd75623

Filesize
5KB

MD5
a86dfd7a465778b86aa21d5d5a26c7af

SHA1
60db617b6ed9313cc23f4b41aaed121b65a72107

SHA256
7256f1fb64cf5130f0e0810c8f5be73d46f881f38de5bc6405c92d6d21ce1276

SHA512
dd31946acd018c2e9b5e54c486ff5f3bd134c4bd1f2c2b3b957f4dfc82cf2115287b6e2ed8b3723ad86c0ce679a88467d2db8bcc0e5071563f6d96cf36907a10

Download Submit
/data/data/com.lingquanmelqm.app/files/libcuid.so

Filesize
109B

MD5
3de845f8ce27997859d8504ab3cab133

SHA1
f5f373f3cadca4da4f1732f69a2a84f7270c8191

SHA256
eab1b116fc388b17080968cc635c1b1f7b0844dad3739462138c23b5d9454c71

SHA512
1b57636468e84b13999d7d16b31602fd5839c4fb295904d9b11f490845a03ea20db2422f47a17b7599ef6c112ec76756b003c590f38c61002ea0f95d7d229478

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
159B

MD5
98e93d7472d0397e08b66ff0d07b4a55

SHA1
30b105d05b8042879bc0f1426a5080bf53091e81

SHA256
48cd935f9387af77c1a31ce1f857da6101c390f9a728bc0ac0041e7a010ee182

SHA512
04923d6a8c04a69a4f3c429eec10a12ffb5237598c578a2305e43f50bad310420352c325c3dd3eb5ddcb6466a56e1be88f16db67e522bd131c1697dffd575518

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
7604070abc4837545e3da231c80fa6d2

SHA1
00322aeb8b59e870568357a18d5e00d805030a05

SHA256
f0f16b3f576585d78e58239c193594584359b1631f196bf44f3c5621e25132d2

SHA512
aeeab1463b026b98b9128fda70013eea0397b3715c2865e724ccb5c2b4cdd994885c0f2a162295e783e44cde1c19a922358bdd048d010b67a665ab26d5c1a067

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
170B

MD5
0278436c3f15d5935818f7409748ef4e

SHA1
25b877ec8a2e193fa04522b087ac1f11dfee14de

SHA256
696ad4d5af8e33c9dd75fa2c288cf97146eb16501cf33a6bdfdb521bb69af6be

SHA512
9c16f17eb8711abde9113e5f89a49034fa76d68ef5ad695aa426fa8a0a13ba8815f9baeceafa630b9dbbcdaf0dfe977a66582e87bb471d6c325109f80178e90b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
e497c9c8783d8d9b41061f2a2f340148

SHA1
ff4f526fe31e9002114e92c4604e045186bca661

SHA256
09e90fb7f5fabdd6ad6113bed055a415e9c57f8887fc362cff7517c105325e5d

SHA512
c60100ee54e02478ee06d6ef29d2ecd272a04cab4d8821584cf9bcf98318d9773016e67eaa73e2783306d1c7a6e2da8091628d8ab24dedf4be1742ba7ec931e7

Download Submit
/storage/emulated/0/Android/data/com.lingquanmelqm.app/files/tbslog/tbslog.txt

Filesize
6KB

MD5
64235dccaa32c07a0173bd9f89e18759

SHA1
ba20bd26dcb111f4526b1cd7ac82d74eda54b943

SHA256
47234e672fd7422d453fff2b38067d041aedb401fe20cb07f704ffb8b9f43a5a

SHA512
2808622caff0bf52f1ef47baacae7239dcebbcdc4d2a6e12444ca8eae875214aebd74099ba3537cdd1b840ccfad8c60c4fae347ecc17a35eb84728e07a1b3550

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
64B

MD5
a33945e0aa793f95ffd8d94d02194360

SHA1
013eceb79f95d05a047ef31c390739ab124eb09f

SHA256
d48e9ffe2ce2c009219ee4dcd3205f9a7c07452e59ab240b0eb8c4eb2415b7d9

SHA512
6ec8130bfa5f1112e0a570b773d1f834392a478de2547b2f5867e3c25e067d9093429c6e7b952e73cf948b6ea0a457e549098f0f993467c017f424e4b6bc498c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads