Malware Analysis Report

2025-01-19 05:43

Sample ID 210831-6z2zm3s3ex
Target 0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c.apk
SHA256 0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c
Tags
flubot banker infostealer obfuscation ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c

Threat Level: Known bad

The file 0013a9dd488055df0660bddd24a2c9fdbcb77baef8dd43607bfbcfa31f2e271c.apk was found to be: Known bad.

Malicious Activity Summary

flubot banker infostealer obfuscation ransomware trojan

FluBot

FluBot Payload

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Reads name of network operator

Uses Crypto APIs (Might try to encrypt user data).

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-31 12:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-31 12:08

Reported

2021-08-31 12:11

Platform

android-x64

Max time kernel

2619265s

Max time network

124s

Command Line

com.UCMobile.intl

Signatures

FluBot

banker trojan infostealer flubot

FluBot Payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.UCMobile.intl/app_apkprotector_dex/wqREaBpK.skp N/A N/A
N/A /data/user/0/com.UCMobile.intl/app_apkprotector_dex/wqREaBpK.skp N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Reads name of network operator

Description Indicator Process Target
Framework API call android.telephony.TelephonyManager.getNetworkOperatorName N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows N/A N/A N/A
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.UCMobile.intl

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 216.239.35.4:123 time.android.com udp
N/A 1.1.1.1:853 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 104.16.249.249:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 8.8.8.8:443 tcp
N/A 223.5.5.5:443 tcp
N/A 104.16.249.249:443 tcp
N/A 104.16.249.249:443 tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp
N/A 115.88.24.202:80 dxhphkbvtdecrss.ru tcp

Files

/data/user/0/com.UCMobile.intl/app_apkprotector_dex/wqREaBpK.skp

MD5 d3f3730aac781a7c4c0089456014e00d
SHA1 95e8e6e9cd61f449306eedcdeb68cd37643fb247
SHA256 bbb036b64426545f39842f9008158b6c7ac3ca1a36c3c04d08917b4b65ba1d97
SHA512 135ff02d29c070ed2da57d3d084615af96356f44afd3ce5f4b65a623cc002d1a8904860e7e131746fcdd7326945fad9eff1f796ded5422a919d150c65eaed032

/data/user/0/com.UCMobile.intl/app_apkprotector_dex/wqREaBpK.skp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.UCMobile.intl/app_apkprotector_dex/wqREaBpK.skp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.UCMobile.intl/shared_prefs/Voicemail.xml

MD5 039d69334f264da8080f731e5516c822
SHA1 ebe41731d4c187c943ba698ddddbc505f733f0a8
SHA256 885fd4ad4768f85270f32c2b0e277e5964bcafbaddf0659e69db3b5df441f6a5
SHA512 5c248ec6fc6819a8c276abbbd0555fc460fe780f3319a074e6dffca7f55954d411489ffa0e6434e8849a3b9692c9e63de850af591f26eefe7c4d7de5b8addb33

/data/user/0/com.UCMobile.intl/shared_prefs/Voicemail.xml

MD5 e881e3872daacf48286249bd5a921e5c
SHA1 c97e50554d06bc7b611bb21d009592444aa2be01
SHA256 2fb07a252d9a6feff250d26ae3d68d5e05164ea103d730576478833ce4f944cb
SHA512 84f0946812d9dde5c6bc6edc3aeb727f51d68db43c4e8f5ae9be9b65466438c9cb506b43d9b669fbde1e4c3af59e05fdd05ea35cd740c98ecf4cd202460e6fa5