Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    04/11/2024, 00:44

General

  • Target

    8e4f0417b800a1b40aa28f0ce75a0f96_JaffaCakes118.apk

  • Size

    9.4MB

  • MD5

    8e4f0417b800a1b40aa28f0ce75a0f96

  • SHA1

    96056e376caca098fa0962b6ec2b3a33c1ec1abf

  • SHA256

    1b9fa7f8894a0bcb86d013827af6981fce558d8f835fd6d99508c4a3f1366275

  • SHA512

    b4dc35ce44a4e3653f895b426e12146fc327cef0b50461e3ebaa67f0e015f95bdf1e3098802b3c342f22c22029b0d338b55b8464ac01448d2136f5199ea26c42

  • SSDEEP

    196608:Byk8rZcpxLzC4SnBrXdCFiMQPJrwd/d9VA1C8l0r/JyC2Fpe/:Bt8ipzC4aBrXsFlQPJ0n9VA1Cu0SFY/

Malware Config

Signatures

Processes

  • cn.kuwo.tingshu
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4997

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cn.kuwo.tingshu/databases/UmengLocalNotificationStore.db

    Filesize

    28KB

    MD5

    000875e1a2106f82b0f0ead4e052747e

    SHA1

    5cf90b842489c3e12c9faef7ddbdf20d009a4291

    SHA256

    f338cd34759dc56064be9758b8f028b0013f70bb2e14baa81de9b1085842062c

    SHA512

    1dfdd9f99426e7592ba7958b5f37cd95c2cecd45bbcfd8823506718e5a48b73f691f5f5755618994d8fbe7118caf6c45fadecdac26763530b405be6fc39d4eba

  • /data/data/cn.kuwo.tingshu/databases/UmengLocalNotificationStore.db-journal

    Filesize

    512B

    MD5

    84cf1e1de8c58eab7fd80ba0eba8e667

    SHA1

    7d945b4aece55bf55933638434205b9d7221ca7c

    SHA256

    ba9786ee92ae954ba1d4e0e54ae8f770eb9a188c68c848ff19bbf2c4a7ee1edc

    SHA512

    187eab591f1588d9ce45ad5fbf5fc8f7eaf91807cb302d91cecc286ac2a23241f2f3833c8f2fb88181f01c458a31d17dcb07d8698e2be0ee5e3aca8746da59f9

  • /data/data/cn.kuwo.tingshu/databases/UmengLocalNotificationStore.db-journal

    Filesize

    8KB

    MD5

    2155eb9c7a6da0a24b421ca5feb399c8

    SHA1

    8d738561360ab2f292253b0f1ad93534bf255850

    SHA256

    6bc7d40d02f3590c5cc91afb0bfa8fa5efd36dba39650a0977167d58a3480581

    SHA512

    c9cb6e42f2c7c64317741729735652e80210030dd662a97347303ceed1422b66b1b2e160e3ee885ac3e2b9c6d0eb1e1220b189f0abfa87e9e10b1b6d8a8b9342

  • /data/data/cn.kuwo.tingshu/databases/UmengLocalNotificationStore.db-journal

    Filesize

    8KB

    MD5

    b50df369612123346a3169b83c88c2df

    SHA1

    67e4fdfbeb0cd0aca67879c1ad25ae44da8b4033

    SHA256

    a11fe8619119556c255d86c65563fde6f4918c8c3020e351a4d9d706ca1c46ec

    SHA512

    93c498520565e8548f54627456d7819400748ad48e87fd7fec36b974367011b1684745cb3827396cce373abaec1a58b31994ab4f0195e2a52cc68dee15c12eea

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db

    Filesize

    36KB

    MD5

    0908e924aa236931dc7166fef6e00862

    SHA1

    7782648d6d8f6e835bd47058d4852932c096a467

    SHA256

    38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

    SHA512

    3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db

    Filesize

    36KB

    MD5

    67c12933d1e0e63d9801a6aa43092ce7

    SHA1

    b6936908554e4a1986b8eb08289e2d3545e8ff74

    SHA256

    abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

    SHA512

    db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    87e039f74ba60af93a1e1b163e5c1cda

    SHA1

    8ef472ddf30bbab9690e017ef50062caa92428bd

    SHA256

    76058b9d3e693af022096b0aaac78910af5387b1623074707af0bb7dcbd6d7ae

    SHA512

    d2dee428e4ef65049a7b6092e30192e824c74aa273880850bc42eaa25b8178609c61c5b27d42d395ecc5f83d698f45ed8d5cd33255c2d26b7510a9f4efb52dcc

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    7d882ee2e82e92508e3b1526c9d65f29

    SHA1

    07c2f0176f7ea7a643e976364fcc873488e38b6f

    SHA256

    e2ce16857eb73f1390201d3627e51a330d221d064e5a20cf7dbde03efa766175

    SHA512

    f588d78a61e4c3b2ab0d483dc724e453f71af46dbcd79a03efc9466b3c4ccd790a425818c7d50a02ed51d3dddb83d744d0af4b138e131802f290cec8a26848c7

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    af62b1a6885180beccacfaa4e371bb74

    SHA1

    ebc9a655f1f0c3943b1df872a9161e5639188905

    SHA256

    c9addb34d75e0e66f485b1703780fabf499017d04fb1452b73c123f11023e4ea

    SHA512

    75cdf8514f606815b863e17dd9d698dfbed069afa82653108b9c46640350428e6d3062d52114f29182a773b1d7968e2da0035da2943c95f4b95d3736c6c16a92

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    0c942d34c3298c75d68694df42dad882

    SHA1

    fa51e1f8fa3c98123c0621c1d52c1bacbc21689f

    SHA256

    bac056b726da2aaf4ad7d32ea7b796cec127617417c5e232a25c666194399700

    SHA512

    6fcd47284036beb83dc27ae66175b5a18ecb38b1cf7b9cc10ba23daba2ece6023fbf8cfe236acf413c134b667c1f3e4948cc4d72f92309fff3ed6db0dfd6667c

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    c94767564436fbf508947d3bd609173e

    SHA1

    8b3f9010f42c8d06e2753a00f02f977cc873e04c

    SHA256

    ae4be84a0275e8605d8ff8497c73f77576078d7cce156d3024adac07ced0d263

    SHA512

    97792f8fbd0baf05204990605f025d80e9da1b5091d7ba7ca485bca38f61daf742dd37be62eb32b7e37345ba3ad0ab0caadb88782770e302c8ea3d9d06b03ba3

  • /data/data/cn.kuwo.tingshu/databases/cc/cc.db-journal

    Filesize

    12KB

    MD5

    6131389d6e99120eefb2dc8ad53d6536

    SHA1

    15102051bc641316416a3c798bf0ecae876003cc

    SHA256

    108ac538eaaa795ce4e78cab71c772789d6d80d251616721bf692110816af18a

    SHA512

    3cefffb1f6ce4b070c6dfbc88a9f68e3c1894d6dd0d81a99a39a03ec2d4ece19e266ba32edad665939d8dc5030e11492a9b64e5e7b14a22f95fc1f295b1832ff

  • /data/data/cn.kuwo.tingshu/databases/kw_tingshu.db

    Filesize

    104KB

    MD5

    2d8ae20436e2e0d7f8ffbe4ac2b9401d

    SHA1

    df122e0daa81dab5df5a1be04bc1595894ec35d7

    SHA256

    3fa762e7a5e8742bda4b552608f4aecfa97e4b06d2e7d2b949f29f48f6819fc7

    SHA512

    e37c88d760fa9629d5606c88af4c0838909d4f9bf9f2c47423eb8366bf8fb64e3a5df862b5ce4c77dcf31d2b1be686d9d7c0a472660431f11d792f7c3959678a

  • /data/data/cn.kuwo.tingshu/databases/kw_tingshu.db-journal

    Filesize

    512B

    MD5

    9f1d129a45e2ffb57e798a4a043ed83f

    SHA1

    414bb8ec19be887c0f38ca37d3de545efe39bb08

    SHA256

    3e82a1aefc3efecdc95f19f69ca1ef6833c1fc3b5a0002341ac072960937f2d5

    SHA512

    9fd309387dfc2ee997049b1a555b21026f0382510c3557f815fdd8386119e880d534a336a34022e13c68c081909ba9f6325fef37d98bcd7b16675727953199e3

  • /data/data/cn.kuwo.tingshu/databases/kw_tingshu.db-journal

    Filesize

    8KB

    MD5

    4caa84b225944248a6b04e2995e5db79

    SHA1

    c57cb67d2349ad3734c39e83c6368a52d2c69465

    SHA256

    62a62b9cc87b5a90e28a4387df055b31336626c72186191e139f76f913e2ad80

    SHA512

    6414199dbf6a2ffe9533e078ca071a9832844c7a22005fbd5f5659fe18220539d91d347e17fe07c1d788c5d49af3ef30f90fb57a214a1bbd9e10bfaa873108f2

  • /data/data/cn.kuwo.tingshu/databases/kw_tingshu.db-journal

    Filesize

    8KB

    MD5

    beeea616a3ea61160954fc371acc2c2c

    SHA1

    46eb878b9d419c8ae77fa81106d10a84e6cf21f1

    SHA256

    1e3869e71b2b235c845e202ac27e1bdec9c876e13d1442ad8429c72a3ba18425

    SHA512

    98315164023bbd584c73203d89e86c9151523b2d490456344e3965e405e435e0cc5afe2efa4221a8c60433e4b6f01959c9b153415ad9af760b915f064e60ba70

  • /data/data/cn.kuwo.tingshu/files/.um/um_cache_1730681187573.env

    Filesize

    1KB

    MD5

    0e24cdcb3369a5c3256fa5f16873398d

    SHA1

    5621d815108a781161fac2ebe4c72296c8f037e6

    SHA256

    12353c03715c787468c4c2a444d4549bde7abdb5533cc3a74d5c34019f3ef092

    SHA512

    1c79138b0ed23e9a192f2e708be51765e0cd8226c49dd7619d3f2b5770105c29ff7934408f9334d55e41e741ddf916ffe5df00865ccdfef93dd0ea477ad38b54

  • /data/data/cn.kuwo.tingshu/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    82db9661740b2bc4e198a3e5d328763d

    SHA1

    57f3798e4263bc9e7fa6170f2fe0f41d1061bcab

    SHA256

    5e1ddfe14ba3b9d465485f715abf8ba8e9525b811498d3bb54db289e3c4749f4

    SHA512

    263f769b45750766dfc6c1b66ad09643f0537a0fb6912d0c01f4da3b036ec50e0df929e3c417dccf74ffd3f829e5fd15a5d1e695c5fb31e279e5196f10ae42b7

  • /data/data/cn.kuwo.tingshu/files/exid.dat

    Filesize

    55B

    MD5

    4adc8920459f83f2cbb4d03e9634fbb5

    SHA1

    2f14d50623b67fa2e79d439dcc526c2dfac39a0f

    SHA256

    2fa7ae5e0195f3e5086fa5f2911759677166f88fa164ddc05a644509c4633e8b

    SHA512

    750f309f40ed8cb3b00ae3f401b276f4859b478eb00faaec8543d170ee7eadfbcd6d740f4aa19c267d0d30544a295c3ed377419cfc1cbbf635033ad9e6d9dd16

  • /data/data/cn.kuwo.tingshu/files/umeng_it.cache

    Filesize

    435B

    MD5

    39dc7abe13566ae368af39d371261a41

    SHA1

    93e3b0c80663ea3a1145c779fb053908273011bd

    SHA256

    556c5ecb51b87db392b7b17c8cc1d6fb3bef6aac3c07582730037f13b9dd725c

    SHA512

    970b0df5d37a5f4312b1227a78e9f5af14886e64ea93b86929ec5c57aca9ff34cdaaad92a1c180f9924f8aa5ed3549975066071c3623635eadee0d170538e757

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    5864abd9604dea4bd6d2c19313b81b3a

    SHA1

    bc58cf68d874e1efb8d63fd1f1c36c48d886293d

    SHA256

    fbbfaf104ce15399a980e11f8b8f211b5f5399c15fea5650131a3fcddcb639a1

    SHA512

    2059e00bca3b84a70086bea842b223c968e32c17e6755870712cf304a6f6827e18dd1687777b39bd4a9673b4b4262625d715f8f75122522185f6b7f33dc2dd13

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    5fc75582f54fcb5dce5412a1346eaba7

    SHA1

    a64b018cbe96050c390e5d3c6d725d1413252780

    SHA256

    e632c5a98286f0fa60da3f56eafdedb941464ecfd8f3ea6ffca90276be317b87

    SHA512

    bb45d4c15093131cd635e3c9bd718841d409eee96f00d3f8ea17185a452fe3dffd08d6944d383891e5edb22b893f5162a6f998bc36a6e5878fad5f89457aac49

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    408B

    MD5

    ae707d2819f70ec92a953f91fbd8e1fd

    SHA1

    1ae22be191c473b5737495d709afc4a8247745cb

    SHA256

    05686161c22caacb47e9ed2a232d12d49500cd99d0b180eb39c4400bc84099bf

    SHA512

    65d375be0faccf78a90b83bfd913ad794b0fe2acd85b9259a434260d15290344cdd21d0b4beb3e9fdcee5215a4e133e43eff9c50b11d3d6eed990cd94a410d19

  • /storage/emulated/0/.adm_cookie

    Filesize

    61B

    MD5

    01df832c7825e8c53f365aaaf7518aec

    SHA1

    1fb9ec65239019896f77e7d0612f2b75b631e18f

    SHA256

    6e37901044c022009a51ac828335ab2b138a68ec47a7b52ebddc5cbbcaa42787

    SHA512

    a0acc9a3c680dafa426f9ada46b83e1410ff41da3c99a5ec0a259b89d6e985aa4ae6ce853abd04f2fb794118ebd12494c03beb8942542a3e5fcf482279992d97

  • /storage/emulated/0/.adm_cookie

    Filesize

    104B

    MD5

    6317af345175fcae1b69ef6d34735800

    SHA1

    18a09e7033d68cc1c14308000525e22698d149ae

    SHA256

    8fcbc22f3d4f39d451ddf1ace099c51d4fd909a8d36d93255bff8074943b023e

    SHA512

    4aeccbcbad0d3537373228b24bd563d4f2052026d392b072dba38715379b5b9ccb1eb2efe7ad9cc00d40422a5a08c067f005936fba0cce6fe0479e93b51a30e8

  • /storage/emulated/0/.adm_cookie

    Filesize

    137B

    MD5

    7687adade03ab4a43b0e7cd46eeb0dff

    SHA1

    4f2f52ddbbb15032eddb17e40f6ff031cc01cb18

    SHA256

    acd451d8f297e2e3087169e3f530b685548e388a4a267f65a0c3d010eb1a351f

    SHA512

    b1d81ca9f0c22c2e15241bdaf1958328b3c851e380454eb2829b712676c622ffb4507730ce0e6d779d213e333a7a514911cf8c3e69709a5c6cd73975b3a0699a

  • /storage/emulated/0/.adm_cookie

    Filesize

    197B

    MD5

    68bcc6771f635882d3d219ea0100bc92

    SHA1

    f59ab25281c37ca5d0c3c3a99c586c6cd280835a

    SHA256

    58ee18be452ec507e3b55816b778994d7391d179e72a9b7e7ef06d4bafd084eb

    SHA512

    614b7bc574d54e835ac7e8f27f9fb780409a29ba240ec1d896521c942e2fa2055dac7b0fe98c77d6ab1487d6c6c05e94e5d73ec74b602b06deeba8081966e98c

  • /storage/emulated/0/.adm_cookie

    Filesize

    230B

    MD5

    200c52ef49edc3bd4aeb42ab3e7fd201

    SHA1

    5ed6b4b8e3c81025142e8311a6dac0a587d3d858

    SHA256

    5fbbc0a10f9fb3e2d80e6fd430689b2bbf59e03ac757833f3cfd1e4f08d93a72

    SHA512

    bfc23d13057b784cb3f3170dd3f4949c72f7eaeccf2b1728b8a4bdb622be7b4a90e6981b7b8ed6ff1a4792c82160707464e1897fc16441e95262a8c0edc3627c

  • /storage/emulated/0/KwTingShu/.id

    Filesize

    11B

    MD5

    07a43a5269b10cab7c33fdf11a2d760d

    SHA1

    60064af5fb699de20ffdb5a6ec242a8b55038936

    SHA256

    333f017201c02b770ec195e65bbb39aac60611729361b67c8099aedece8577d6

    SHA512

    66aa58c875a3c8c48c5758f6199b4fc5308f2aa7dd263b133b363c3f6403b66fa1c2a80cc674fb5a5227b1ac1b5c6d67e175bd540806b9aeaa90bec4131ab2c2

  • /storage/emulated/0/KwTingShu/playcache/test.aac

    Filesize

    14KB

    MD5

    5bc9d569cb424f60ca236e2238f8dc16

    SHA1

    98ee40a9f4c5fabe8afee6a9c0025e81050de615

    SHA256

    a2b09fe3ea5ccc8f7d4c9a564395718cb1e0e9b993997a7d9a58f861acbe6347

    SHA512

    960ed83e7ddd4c9fb595600c8565a4dc8439874efde26465a4ffe81e6e0168e2db90f490b31930d5945acff29e9e5044c830537d67bd6241d6d0d3822258e9ba