dc71dd28c88d47cd47d8fb85dced15340d0021c0704bc39f5b4582ba0faf1f51

Analysis

max time kernel
48s
max time network
129s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
07/12/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3cf74fcfef339f4e29ba3361e34422f_JaffaCakes118.apk
Size

10.3MB
MD5

d3cf74fcfef339f4e29ba3361e34422f
SHA1

02a818bc9be6bf6280337f926845848f7058f1a9
SHA256

dc71dd28c88d47cd47d8fb85dced15340d0021c0704bc39f5b4582ba0faf1f51
SHA512

cb2074392af936e2689a554d5229faa36a378e19bbcc6dae6e305e69d3541fe0763ddadea3710f173b829fdde6ebc558f16ef421f0bee10762ec92aa2f79495f
SSDEEP

196608:PLxnqfTin248xoBGLogstTHQB9QvtR9dGvLBhS/NIj4nsBzTR:ThqMmqWolt20R9OrS1Ij4nsh1

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.tencent.qqphonebook
/system/xbin/su	com.tencent.qqphonebook
/sbin/su	com.tencent.qqphonebook

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/raw_contacts	com.tencent.qqphonebook

Reads the content of the call log. 1 TTPs 2 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.tencent.qqphonebook:push
URI accessed for read	content://call_log/calls	com.tencent.qqphonebook

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.qqphonebook

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.qqphonebook:push

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.qqphonebook

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.qqphonebook
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.qqphonebook:push

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.qqphonebook:push
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.qqphonebook

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.qqphonebook:push

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tencent.qqphonebook

com.tencent.qqphonebook
1⤵
- Checks if the Android device is rooted.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4238

com.tencent.qqphonebook:push
1⤵
- Reads the content of the call log.
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4345

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.qqphonebook/databases/common.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.qqphonebook/databases/common.db-journal

Filesize
512B

MD5
f8667192ee62277bfc748b1fc5e69410

SHA1
7db248c06e0c1e861d173faf8fa2775ad8e13b3d

SHA256
326337c78b4c6ce9ba0609b479fbe857d9f03466fc9970aa1179d87056fe76d3

SHA512
3543318af8011497188f2231f186c04e54255b374ccb924b5813a64fc82073fd7f522d64c4e6f600cb4b25ca5d4c8242b864d4d579c8bbc36f1a206f5d26ac4a

Download Submit
/data/data/com.tencent.qqphonebook/databases/common.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.qqphonebook/databases/common.db-wal

Filesize
80KB

MD5
9184f5fc5db6110db3aafd227abf0bd3

SHA1
7ddf82e1b7cdf740e3c98c9df757ba3969905131

SHA256
bdb1ba6eacd4e96d285c944a25b7ca5dfbcc2a039937c08e81d83e7f0139bda0

SHA512
0e644c9ed28b1563a5c4179b425e658fca0e702062a2d6e6428c8e2698098eeb9da960c9a848d1b65a7170b43915fbb34bd29d913a45ca3cc6bc691d6b166ddc

Download Submit
/data/data/com.tencent.qqphonebook/databases/privatemsg.db-journal

Filesize
512B

MD5
803a66897508ac01c5b7286f3030078c

SHA1
5a3dcaebe4ca9a697efa43b7bb69ecb3a109471c

SHA256
4db8cefdda51455798f5a0a71cc96ee0c6ee73c93ee326b862249a7b77abc987

SHA512
7382c954f139529b85063af81cfddd1f7f475d0fc700bc226effa8029282ab34852e20773766504e45d62ac0d26b4be246cbd7e012ec1263dc0733485cfdc662

Download Submit
/data/data/com.tencent.qqphonebook/databases/privatemsg.db-wal

Filesize
40KB

MD5
1c996a4224919db5cd52ebe202a2ecfd

SHA1
b9adb70d1a2b1aebbf9ce719c1c96ab8e5216535

SHA256
1cad46bf8ebbbae53197c4f02e2ee84a54a5a56a1f335962a5389ded633465a6

SHA512
47a7bf27f2b2200957c60ad63bfe24bb75b89113877b7a4ade48ff5bdfdf89317a86e65e9d27dac079b708d528c97113dc02c54abfb1f14acffa6970aada5e1c

Download Submit
/data/data/com.tencent.qqphonebook/databases/qqpimsecure.db-journal

Filesize
512B

MD5
848cedef6274e2ddf04ca96478c37b81

SHA1
c2476796b33b17ed709ee685b3b514fb0a27f127

SHA256
8b757052fc0139cb9e6588b97fe4be9139c2385df850adc8b01476e67cd664d8

SHA512
987f81187773b966c99c68121516e25076f03158a4a0e0878c4afb1cb985ad171cbbbcf4c3debeb1da8e2290ce42177cda5064843f8b556239f6331e9ed8383e

Download Submit
/data/data/com.tencent.qqphonebook/databases/qqpimsecure.db-wal

Filesize
56KB

MD5
6efabcb1571740cdf89a81e07dfd7062

SHA1
cbabd5da56c8024285f29df956699fefe467546a

SHA256
df04e408f7cd2319b07e7557dfc4324adb4b9a008459b715ccc37ea52b19827b

SHA512
8e43c8c1411da0ee54555b4771d05467b4276bc2e03f0194616548619f4fd590056261b6934a80ff19f701b52b63c31555dfeb17617ce737212d149cd8d38d28

Download Submit
/data/data/com.tencent.qqphonebook/databases/quickdial.db-journal

Filesize
512B

MD5
20ba7f140c835b6f3fc2faf2c1b2087a

SHA1
4f711d78119532386aa6407b957baafb47a022bd

SHA256
ccce070c76778ec2e253f8ccad4b9550956c76eb9a6f30172cedfa8029e005f4

SHA512
ce57bd88474383672dd2cf5930830be804a865c8618b748dd21cdf93d0306508d365fd9b967a55590b2fd287d417a5d7d0bc1080897c5a319af434129ba9c4eb

Download Submit
/data/data/com.tencent.qqphonebook/databases/quickdial.db-wal

Filesize
28KB

MD5
2315cae41abab75d47fcd198409ef673

SHA1
2bf32c018abe03f344c3e393331ca6c138794233

SHA256
3f8fc0cbdc2ff0a47ed1d1c7ef25decda152841da047440b42b23554ffabf3e6

SHA512
6648829134599cc3097be1986aa5191425bccbe70d7bd0c112c4256443168dcd202e5323d89846b664b9a31b11f3365aa584079a66390b1a9a071c8ee3b12ff5

Download Submit
/data/data/com.tencent.qqphonebook/files/host/short.wecall.qq.com

Filesize
74B

MD5
960072d6a44dfc00da41461310454e29

SHA1
09bbbb96ce247efd655d38be441b2a39cf448e91

SHA256
6057e1db4182e6ef79670bd553943061adb41cbce9b8585b58f0f63c26298d0a

SHA512
39773aad4f552327da47a4fc4d770bc9ff2d5df11e905872ac19a648febd3b9f25a90dc5d177267a2a3f592ceb63283d5e163b1932d89f6a2c0665e8d44b3d77

Download Submit
/data/data/com.tencent.qqphonebook/files/imei.cache

Filesize
15B

MD5
748d9beeaa1899252a7365b780b95fb0

SHA1
2158cbe9044f2b138df0094615afe6616e526c9d

SHA256
59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8

SHA512
cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

Download Submit
/data/data/com.tencent.qqphonebook/files/nldb.sdb

Filesize
147KB

MD5
a9c996272d30e7222761d4fda345d448

SHA1
28faa362eed1171dcc3e1e5f515817bb83018eb2

SHA256
db3c7ca9c9b14c6bc1d65ca83d737fe1dcf3eafb1855730d9ff297389fdf6567

SHA512
d696b16963be256358ccb292f6828320f4f6bafa0e54d005fcbe5346fb8917ed75dfa51158952efdf2a844e8560324b09deff1ade990244462d0de496680f74f

Download Submit
/data/data/com.tencent.qqphonebook/files/properties.txt

Filesize
59B

MD5
37cc73377e77294d226234a81a847dc5

SHA1
cf8b8d0dc19a7e98a1013eb9413aae600a637579

SHA256
bb3ec151aa6987bea722566eb19c4bc592fef395b4c40eb61482a0fdeeb4b662

SHA512
1d635d93ae16f2b5ab0403b337e246ff3f5159b612c9d49b208eeae12d44f4f395990025806ce6da839b77ca38cfa6a507316ec5368a0438a7f6a68508d39181

Download Submit
/data/data/com.tencent.qqphonebook/files/rule_store.sys

Filesize
47KB

MD5
209e7fa08b84b63094d29b5c93b42652

SHA1
7e812df7d7fc44acb8ec2461276eb0c76a0ae810

SHA256
2684db22830267afd139515eea2a84c8c76401ad2cae2749fe467af36c6406a3

SHA512
47e32a145ddc53e5061732305135befcd6cbeea7532781bce6bebce60c1414ab9ae8e3790d8f40f57d9aae43f433bbd142652ea03d5fdd902064cfa33351c88d

Download Submit
/data/data/com.tencent.qqphonebook/files/yd.sdb

Filesize
18KB

MD5
22aeabf18c7aabd0751255c27629cd6b

SHA1
e73b12fecd0b0b6227d629817564db9ab7dac3de

SHA256
a76ca12c531747353899882a622c7fbbf86b9daa42cc49d49b55edb91d6d18a9

SHA512
af522281add1733c0126831610dbf4481ac7ac06e6ee5d7737e9fc8ea0b82178c44682b4be63cca5602d7020fa6d010e8ad4b014916fd169ef0694ebd0565b27

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads