Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

5236e9578f...2b.apk

android-9-x86

7

5236e9578f...2b.apk

android-11-x64

7

Analysis

  • max time kernel
    2206819s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    19/12/2023, 15:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5236e9578f69a043ec568f1d81732a2b.apk

  • Size

    12.9MB

  • MD5

    5236e9578f69a043ec568f1d81732a2b

  • SHA1

    63a2c6ab8480a9233f9dc0bb353625d23b0f2457

  • SHA256

    9562b63f2a35decfeff1277d31d97e62531f787760577a1deab86f506882efc9

  • SHA512

    9433d49c7a817d7f1834292fca010cab85db3146ec3805e14cfeeec07aa9719dc1b692a66d5f432cba25db38ccd980695d8e99e704226ab0c5c7b40643207c3c

  • SSDEEP

    393216:At/g0mFRAbz0Vne8mMzSWtbe0Yp+Mfe/Lwyv60GQ2jvo2:At/g0mvAqXZJbe0Yp5eDlv60GQf2

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 9 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.DGDSbt20190601
    1⤵
    • Loads dropped Dex/Jar
    PID:4249
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.DGDSbt20190601/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.DGDSbt20190601/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4280
  • com.DGDSbt20190601:pushcore
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4338

Network

  • flag-us
    DNS
    api.exc.mob.com
    Remote address:
    1.1.1.1:53
    Request
    api.exc.mob.com
    IN A
    Response
    api.exc.mob.com
    IN CNAME
    dcpsb.hs.gslb.mob.com
    dcpsb.hs.gslb.mob.com
    IN A
    45.113.201.242
  • flag-us
    DNS
    android.bugly.qq.com
    Remote address:
    1.1.1.1:53
    Request
    android.bugly.qq.com
    IN A
    Response
    android.bugly.qq.com
    IN CNAME
    ins-9fciednc.ias.tencent-cloud.net
    ins-9fciednc.ias.tencent-cloud.net
    IN A
    129.226.103.12
    ins-9fciednc.ias.tencent-cloud.net
    IN A
    129.226.103.217
  • flag-hk
    POST
    http://android.bugly.qq.com/rqd/async?aid=07553a38-c071-41f8-b160-9e990109959b
    Remote address:
    129.226.103.12:80
    Request
    POST /rqd/async?aid=07553a38-c071-41f8-b160-9e990109959b HTTP/1.1
    wup_version: 3.0
    raKey: RgMoJbVp6zM0ljoFuNI8Tf8wlSpDWqqpguwwigxMQ03NmnDejmwCtSfewvESjbhg2JhZCJspW9Fz%0AAOZBxMPCrOEtoil2eupIu4W5HzqRszbANBwMb0whaNrRcpBqwsGhPp1d7mNm%2B%2B9IfOO0Nr19u%2BYo%0AI3sgHyQCmkAD8PLdaYM%3D%0A
    strategylastUpdateTime: 0
    appVer: 1.0.2
    bundleId: com.DGDSbt20190601
    sdkVer: 3.0.0
    prodId: 0785b70a94
    cmd: 840
    platformId: 1
    A37: LTE
    A38: LTE
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; AOSP on IA Emulator Build/PSR1.180720.122)
    Host: android.bugly.qq.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Content-Length: 1043
    Response
    HTTP/1.1 200 OK
    Date: Tue, 19 Dec 2023 19:22:18 GMT
    Content-Length: 335
    Connection: keep-alive
    Server: Resin/4.0.27
    Bugly-Version: bugly/1.0
    status: 0
    nstat: 0
  • flag-us
    DNS
    log.tbs.qq.com
    Remote address:
    1.1.1.1:53
    Request
    log.tbs.qq.com
    IN A
    Response
    log.tbs.qq.com
    IN CNAME
    ins-d94v3bvj.ias.tencent-cloud.net
    ins-d94v3bvj.ias.tencent-cloud.net
    IN A
    129.226.107.80
    ins-d94v3bvj.ias.tencent-cloud.net
    IN A
    129.226.106.211
  • flag-hk
    POST
    http://log.tbs.qq.com/ajax?c=dl&k=43d6d66f9921f7ebd2b70564ef3e301b
    Remote address:
    129.226.107.80:80
    Request
    POST /ajax?c=dl&k=43d6d66f9921f7ebd2b70564ef3e301b HTTP/1.1
    Connection: close
    Content-Length: 344
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; AOSP on IA Emulator Build/PSR1.180720.122)
    Host: log.tbs.qq.com
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Tue, 19 Dec 2023 19:22:18 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 7
    Connection: close
    Set-Cookie: tgw_l7_route=f7cfd3c55b0105ee8598b5d3700d8ca0; Expires=Tue, 19-Dec-2023 19:52:18 GMT; Path=/
  • flag-us
    DNS
    m.data.mob.com
    Remote address:
    1.1.1.1:53
    Request
    m.data.mob.com
    IN A
    Response
    m.data.mob.com
    IN CNAME
    dcpxf.hs.gslb.mob.com
    dcpxf.hs.gslb.mob.com
    IN A
    45.113.201.243
  • flag-us
    DNS
    www.avqp8.com
    Remote address:
    1.1.1.1:53
    Request
    www.avqp8.com
    IN A
    Response
    www.avqp8.com
    IN A
    45.116.165.102
  • flag-hk
    POST
    http://www.avqp8.com/jeesite/f/guestbook/androidAPI
    Remote address:
    45.116.165.102:80
    Request
    POST /jeesite/f/guestbook/androidAPI HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Connection: Keep-Alive
    Charset: UTF-8
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; AOSP on IA Emulator Build/PSR1.180720.122)
    Host: www.avqp8.com
    Accept-Encoding: gzip
    Content-Length: 67
    Response
    HTTP/1.1 200
    Content-Type: application/json;charset=UTF-8
    Transfer-Encoding: chunked
    Date: Tue, 19 Dec 2023 19:22:27 GMT
  • flag-us
    DNS
    ip.taobao.com
    Remote address:
    1.1.1.1:53
    Request
    ip.taobao.com
    IN A
    Response
    ip.taobao.com
    IN CNAME
    na61-na62.wagbridge.alibaba.taobao.com
    na61-na62.wagbridge.alibaba.taobao.com
    IN CNAME
    na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.com
    na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.com
    IN A
    59.82.120.12
  • flag-us
    DNS
    s.jpush.cn
    Remote address:
    1.1.1.1:53
    Request
    s.jpush.cn
    IN A
    Response
    s.jpush.cn
    IN A
    139.9.46.117
    s.jpush.cn
    IN A
    139.159.213.203
    s.jpush.cn
    IN A
    139.159.233.59
    s.jpush.cn
    IN A
    121.36.15.222
    s.jpush.cn
    IN A
    120.46.141.4
    s.jpush.cn
    IN A
    139.159.176.70
    s.jpush.cn
    IN A
    123.60.79.150
    s.jpush.cn
    IN A
    123.60.105.23
    s.jpush.cn
    IN A
    121.37.236.12
    s.jpush.cn
    IN A
    124.70.159.59
    s.jpush.cn
    IN A
    123.60.47.42
    s.jpush.cn
    IN A
    121.36.99.230
    s.jpush.cn
    IN A
    121.37.214.240
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.180.14
  • flag-us
    DNS
    cn.bing.com
    Remote address:
    1.1.1.1:53
    Request
    cn.bing.com
    IN A
    Response
    cn.bing.com
    IN CNAME
    cn-bing-com.cn.a-0001.a-msedge.net
    cn-bing-com.cn.a-0001.a-msedge.net
    IN CNAME
    a-0001.a-msedge.net
    a-0001.a-msedge.net
    IN A
    13.107.21.200
    a-0001.a-msedge.net
    IN A
    204.79.197.200
  • flag-us
    DNS
    apicloud.mob.com
    Remote address:
    1.1.1.1:53
    Request
    apicloud.mob.com
    IN A
    Response
  • flag-us
    GET
    http://cn.bing.com/HPImageArchive.aspx?format=js&idx=0&n=1
    Remote address:
    13.107.21.200:80
    Request
    GET /HPImageArchive.aspx?format=js&idx=0&n=1 HTTP/1.1
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Host: cn.bing.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.9.1
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Length: 571
    Content-Type: application/json; charset=utf-8
    Content-Encoding: gzip
    Vary: Accept-Encoding
    P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
    Set-Cookie: MUID=311DEBCDBEAA6135352EF821BF4A6029; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/
    Set-Cookie: MUIDB=311DEBCDBEAA6135352EF821BF4A6029; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/; HttpOnly
    Set-Cookie: _EDGE_S=F=1&SID=1919A3C10CD5682539D0B02D0D3569EB; domain=.bing.com; path=/; HttpOnly
    Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/; HttpOnly
    Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/
    Set-Cookie: SRCHUID=V=2&GUID=712128BEF86344628F457455F179B43E&dmnchg=1; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/
    Set-Cookie: SRCHUSR=DOB=20231219; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/
    Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sun, 12-Jan-2025 19:22:27 GMT; path=/
    Set-Cookie: _SS=SID=1919A3C10CD5682539D0B02D0D3569EB; domain=.bing.com; path=/
    X-EventID: 6581ed73c6d94884b79ade82d419854c
    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
    X-Cache: CONFIG_NOCACHE
    X-MSEdge-Ref: Ref A: AC070F7A2A40440E9483C5DC955D5323 Ref B: LON04EDGE1221 Ref C: 2023-12-19T19:22:27Z
    Date: Tue, 19 Dec 2023 19:22:26 GMT
  • flag-us
    GET
    http://cn.bing.com/th?id=OHR.WarsawChristmas_EN-GB5947863010_720x1280.jpg
    Remote address:
    13.107.21.200:80
    Request
    GET /th?id=OHR.WarsawChristmas_EN-GB5947863010_720x1280.jpg HTTP/1.1
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Host: cn.bing.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.9.1
    Response
    HTTP/1.1 200 OK
    Cache-Control: public, max-age=691200
    Content-Length: 183870
    Content-Type: image/jpeg
    X-Cache: TCP_MISS
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Headers: *
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Timing-Allow-Origin: *
    Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    X-MSEdge-Ref: Ref A: F34BA60FBBDA4586B6B49A40AB168A54 Ref B: LON04EDGE1221 Ref C: 2023-12-19T19:22:28Z
    Date: Tue, 19 Dec 2023 19:22:27 GMT
  • flag-us
    DNS
    www.juzimi.com
    Remote address:
    1.1.1.1:53
    Request
    www.juzimi.com
    IN A
    Response
  • flag-us
    DNS
    sis.jpush.io
    Remote address:
    1.1.1.1:53
    Request
    sis.jpush.io
    IN A
    Response
    sis.jpush.io
    IN A
    139.159.213.203
    sis.jpush.io
    IN A
    139.159.176.70
    sis.jpush.io
    IN A
    121.36.99.230
    sis.jpush.io
    IN A
    121.36.15.222
    sis.jpush.io
    IN A
    121.37.214.240
    sis.jpush.io
    IN A
    123.60.79.150
    sis.jpush.io
    IN A
    139.159.233.59
    sis.jpush.io
    IN A
    121.37.236.12
    sis.jpush.io
    IN A
    139.9.46.117
    sis.jpush.io
    IN A
    123.60.105.23
    sis.jpush.io
    IN A
    123.60.47.42
    sis.jpush.io
    IN A
    120.46.141.4
    sis.jpush.io
    IN A
    124.70.159.59
  • flag-us
    DNS
    easytomessage.com
    Remote address:
    1.1.1.1:53
    Request
    easytomessage.com
    IN A
    Response
    easytomessage.com
    IN A
    121.36.99.230
    easytomessage.com
    IN A
    123.60.79.150
    easytomessage.com
    IN A
    123.60.47.42
    easytomessage.com
    IN A
    139.159.233.59
    easytomessage.com
    IN A
    123.60.105.23
    easytomessage.com
    IN A
    124.70.159.59
    easytomessage.com
    IN A
    139.159.176.70
    easytomessage.com
    IN A
    121.37.236.12
    easytomessage.com
    IN A
    139.159.213.203
    easytomessage.com
    IN A
    139.9.46.117
    easytomessage.com
    IN A
    121.37.214.240
    easytomessage.com
    IN A
    121.36.15.222
    easytomessage.com
    IN A
    120.46.141.4
  • flag-us
    DNS
    m.data.mob.com
    Remote address:
    1.1.1.1:53
    Request
    m.data.mob.com
    IN A
    Response
    m.data.mob.com
    IN CNAME
    dcpxf.hs.gslb.mob.com
    dcpxf.hs.gslb.mob.com
    IN A
    45.113.201.243
  • flag-us
    DNS
    im64.jpush.cn
    Remote address:
    1.1.1.1:53
    Request
    im64.jpush.cn
    IN A
    Response
    im64.jpush.cn
    IN CNAME
    bjim64.jpush.cn
    bjim64.jpush.cn
    IN A
    119.3.188.193
    bjim64.jpush.cn
    IN A
    139.9.119.173
    bjim64.jpush.cn
    IN A
    139.9.138.15
    bjim64.jpush.cn
    IN A
    139.9.135.156
  • flag-us
    DNS
    m.data.mob.com
    Remote address:
    1.1.1.1:53
    Request
    m.data.mob.com
    IN A
    Response
    m.data.mob.com
    IN CNAME
    dcpxf.hs.gslb.mob.com
    dcpxf.hs.gslb.mob.com
    IN A
    45.113.201.243
  • flag-us
    DNS
    m.data.mob.com
    Remote address:
    1.1.1.1:53
    Request
    m.data.mob.com
    IN A
    Response
    m.data.mob.com
    IN CNAME
    dcpxf.hs.gslb.mob.com
    dcpxf.hs.gslb.mob.com
    IN A
    45.113.201.243
  • flag-us
    DNS
    m.data.mob.com
    Remote address:
    1.1.1.1:53
    Request
    m.data.mob.com
    IN A
    Response
    m.data.mob.com
    IN CNAME
    dcpxf.hs.gslb.mob.com
    dcpxf.hs.gslb.mob.com
    IN A
    45.113.201.243
  • 45.113.201.242:80
    api.exc.mob.com
    120 B
     2
  • 45.113.201.242:80
    api.exc.mob.com
    240 B
     4
  • 129.226.103.12:80
    http://android.bugly.qq.com/rqd/async?aid=07553a38-c071-41f8-b160-9e990109959b
    http
    1.9kB
     717 B
     5
    5

    HTTP Request

    POST http://android.bugly.qq.com/rqd/async?aid=07553a38-c071-41f8-b160-9e990109959b

    HTTP Response

    200
  • 129.226.107.80:80
    http://log.tbs.qq.com/ajax?c=dl&k=43d6d66f9921f7ebd2b70564ef3e301b
    http
    852 B
     459 B
     5
    5

    HTTP Request

    POST http://log.tbs.qq.com/ajax?c=dl&k=43d6d66f9921f7ebd2b70564ef3e301b

    HTTP Response

    200
  • 45.113.201.243:80
    m.data.mob.com
    300 B
     5
  • 45.113.201.242:80
    api.exc.mob.com
    240 B
     4
  • 45.116.165.102:80
    http://www.avqp8.com/jeesite/f/guestbook/androidAPI
    http
    680 B
     1.1kB
     6
    4

    HTTP Request

    POST http://www.avqp8.com/jeesite/f/guestbook/androidAPI

    HTTP Response

    200
  • 216.58.201.110:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.180.14:443
    android.apis.google.com
    tls
    4.8kB
     8.8kB
     17
    24
  • 59.82.120.12:80
    ip.taobao.com
    180 B
     3
  • 13.107.21.200:80
    http://cn.bing.com/th?id=OHR.WarsawChristmas_EN-GB5947863010_720x1280.jpg
    http
    3.0kB
     191.6kB
     60
    121

    HTTP Request

    GET http://cn.bing.com/HPImageArchive.aspx?format=js&idx=0&n=1

    HTTP Response

    200

    HTTP Request

    GET http://cn.bing.com/th?id=OHR.WarsawChristmas_EN-GB5947863010_720x1280.jpg

    HTTP Response

    200
  • 45.113.201.243:80
    m.data.mob.com
    300 B
     5
  • 119.3.188.193:7002
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7000
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7008
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7005
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7004
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7006
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7003
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7009
    im64.jpush.cn
    180 B
     3
  • 45.113.201.243:80
    m.data.mob.com
    300 B
     5
  • 119.3.188.193:7007
    im64.jpush.cn
    180 B
     3
  • 45.113.201.243:80
    m.data.mob.com
    300 B
     5
  • 119.3.188.193:7008
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7007
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7006
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7005
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7003
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7009
    im64.jpush.cn
    180 B
     3
  • 45.113.201.243:80
    m.data.mob.com
    300 B
     5
  • 119.3.188.193:7000
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7002
    im64.jpush.cn
    180 B
     3
  • 119.3.188.193:7004
    im64.jpush.cn
    180 B
     3
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    api.exc.mob.com
    dns
    61 B
     105 B
     1
    1

    DNS Request

    api.exc.mob.com

    DNS Response

    45.113.201.242

  • 1.1.1.1:53
    android.bugly.qq.com
    dns
    66 B
     146 B
     1
    1

    DNS Request

    android.bugly.qq.com

    DNS Response

    129.226.103.12
    129.226.103.217

  • 1.1.1.1:53
    log.tbs.qq.com
    dns
    60 B
     140 B
     1
    1

    DNS Request

    log.tbs.qq.com

    DNS Response

    129.226.107.80
    129.226.106.211

  • 1.1.1.1:53
    m.data.mob.com
    dns
    60 B
     104 B
     1
    1

    DNS Request

    m.data.mob.com

    DNS Response

    45.113.201.243

  • 1.1.1.1:53
    www.avqp8.com
    dns
    59 B
     75 B
     1
    1

    DNS Request

    www.avqp8.com

    DNS Response

    45.116.165.102

  • 1.1.1.1:53
    ip.taobao.com
    dns
    59 B
     185 B
     1
    1

    DNS Request

    ip.taobao.com

    DNS Response

    59.82.120.12

  • 1.1.1.1:53
    s.jpush.cn
    dns
    56 B
     264 B
     1
    1

    DNS Request

    s.jpush.cn

    DNS Response

    139.9.46.117
    139.159.213.203
    139.159.233.59
    121.36.15.222
    120.46.141.4
    139.159.176.70
    123.60.79.150
    123.60.105.23
    121.37.236.12
    124.70.159.59
    123.60.47.42
    121.36.99.230
    121.37.214.240

  • 139.9.46.117:19000
    s.jpush.cn
    134 B
     1
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.180.14

  • 1.1.1.1:53
    cn.bing.com
    dns
    57 B
     151 B
     1
    1

    DNS Request

    cn.bing.com

    DNS Response

    13.107.21.200
    204.79.197.200

  • 1.1.1.1:53
    apicloud.mob.com
    dns
    62 B
     135 B
     1
    1

    DNS Request

    apicloud.mob.com

  • 1.1.1.1:53
    www.juzimi.com
    dns
    60 B
     120 B
     1
    1

    DNS Request

    www.juzimi.com

  • 1.1.1.1:53
    sis.jpush.io
    dns
    58 B
     266 B
     1
    1

    DNS Request

    sis.jpush.io

    DNS Response

    139.159.213.203
    139.159.176.70
    121.36.99.230
    121.36.15.222
    121.37.214.240
    123.60.79.150
    139.159.233.59
    121.37.236.12
    139.9.46.117
    123.60.105.23
    123.60.47.42
    120.46.141.4
    124.70.159.59

  • 139.159.213.203:19000
    sis.jpush.io
    134 B
     1
  • 1.1.1.1:53
    easytomessage.com
    dns
    63 B
     271 B
     1
    1

    DNS Request

    easytomessage.com

    DNS Response

    121.36.99.230
    123.60.79.150
    123.60.47.42
    139.159.233.59
    123.60.105.23
    124.70.159.59
    139.159.176.70
    121.37.236.12
    139.159.213.203
    139.9.46.117
    121.37.214.240
    121.36.15.222
    120.46.141.4

  • 121.36.99.230:19000
    easytomessage.com
    134 B
     1
  • 123.196.118.23:19000
    134 B
     1
  • 103.229.215.60:19000
    134 B
     1
  • 1.1.1.1:53
    m.data.mob.com
    dns
    60 B
     104 B
     1
    1

    DNS Request

    m.data.mob.com

    DNS Response

    45.113.201.243

  • 117.121.49.100:19000
    134 B
     1
  • 1.1.1.1:53
    im64.jpush.cn
    dns
    59 B
     144 B
     1
    1

    DNS Request

    im64.jpush.cn

    DNS Response

    119.3.188.193
    139.9.119.173
    139.9.138.15
    139.9.135.156

  • 1.1.1.1:53
    m.data.mob.com
    dns
    60 B
     104 B
     1
    1

    DNS Request

    m.data.mob.com

    DNS Response

    45.113.201.243

  • 139.9.46.117:19000
    easytomessage.com
    134 B
     1
  • 139.159.213.203:19000
    easytomessage.com
    134 B
     1
  • 121.36.99.230:19000
    easytomessage.com
    134 B
     1
  • 123.196.118.23:19000
    134 B
     1
  • 1.1.1.1:53
    m.data.mob.com
    dns
    60 B
     104 B
     1
    1

    DNS Request

    m.data.mob.com

    DNS Response

    45.113.201.243

  • 103.229.215.60:19000
    134 B
     1
  • 117.121.49.100:19000
    134 B
     1
  • 1.1.1.1:53
    m.data.mob.com
    dns
    60 B
     104 B
     1
    1

    DNS Request

    m.data.mob.com

    DNS Response

    45.113.201.243

  • 139.9.46.117:19000
    easytomessage.com
    134 B
     1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.DGDSbt20190601/.jiagu/classes.dex
    Filesize

    7.1MB

    MD5

    c5d8cdcb19d4e48912783779c0df8dcd

    SHA1

    e83eda287e975098d73dedc2ba4d9ad2df59690d

    SHA256

    fba585f716a069ae95527927155da5280122cc73aad462bbe4dcf486e1292eb9

    SHA512

    5daa2241c4e6f8ee287604d78d78d8a7a421b4999ec83a307a7b24b455f34ae9a77ccd6c55866f535b4c05cc42ae00c8c77efb78a5d8eb210e8a53c0e29a59aa

    Download Submit

  • /data/data/com.DGDSbt20190601/.jiagu/classes.dex!classes2.dex
    Filesize

    6.8MB

    MD5

    7866b5a670ea87fac6ebab21b71916e6

    SHA1

    6e817ea1e737bf5ded715f22cc83967ba4721c60

    SHA256

    0e143255bf50484d845f8abd1117af018fe9ba9773f92a75dacc6829db85c628

    SHA512

    aba97d1e211832f18f3f2e3268e6c3fb376181b922c4215747c3e6f01936f7c6124f9bda9e5ff9f9d07d5bef6cd0956bb1d17f75159b1ce95d6380514eca2246

    Download Submit

  • /data/data/com.DGDSbt20190601/.jiagu/libjiagu.so
    Filesize

    482KB

    MD5

    f380717bd1e3916c7b697fab8d46c5d8

    SHA1

    04f51f0d16097214e38be517d93be44cb0603a88

    SHA256

    8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

    SHA512

    b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

    Download Submit

  • /data/data/com.DGDSbt20190601/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit

  • /data/data/com.DGDSbt20190601/app_crashrecord/1004
    Filesize

    227B

    MD5

    fc5efc2b3d4fc5c51053ec5cd6883e61

    SHA1

    17ba5aaca8c6d449a4b80c7987198c71b94ed91c

    SHA256

    4187ccf785cb6d03a207fba2d05e0c70af278e6f3cbcaa015af1e2661f8e5153

    SHA512

    389c8a3ec3a6035d865e9df70cf73df0a352687f78a2cd68ab47554b574db796b25e80d93764b9496f5915ba59bce4eca44a5924571f57c21410f98a6131ebfa

    Download Submit

  • /data/data/com.DGDSbt20190601/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/com.DGDSbt20190601/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.DGDSbt20190601/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    ce7e0c407af2a25be58e39ecbf1ff427

    SHA1

    74742d3f64618d005b0b3250f75fea2418161168

    SHA256

    4ade8407fb89df2d1f0ea61d287bdc95993bed08d891a1a8580e2e7070ad92d1

    SHA512

    b2bed0c477e8e18dcb111d6e6ceb09f6479e8fd4371116473243b3cae10c7653427bfe6df2e5852f5202683d9bbad95f5e72a545b1d3c93fbdc688f76cf0fff9

    Download Submit

  • /data/data/com.DGDSbt20190601/databases/bugly_db_-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.DGDSbt20190601/databases/bugly_db_-wal
    Filesize

    16KB

    MD5

    3b5e1415a75308d9e98bdce26a38d116

    SHA1

    78c2514ff181a78ca2f7feccf0f5019380788199

    SHA256

    7256c45c5e107db03a6cbe2cc6e70d46a1f69cbdd86dd89b8d90bf4525c08e50

    SHA512

    bd90600eae4c885959399f3ea6b771aa418d6ff6121ec881fe842e36518e1a695fefb086790e5879b9633ada42e661d251c2f8685a24ab7429f88afb3a7b15dc

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.ac
    Filesize

    32B

    MD5

    f6e7ef72acabbf7c7fe6dfe30d35ce27

    SHA1

    8b18ff3dc895efcce77378d7812be03ddf694936

    SHA256

    13ef56d8ae48d1852f3e4e6508f013ea4115356aeb4dab7e6a083637642388b5

    SHA512

    cb505cf25ba9b79d32ce09763786074c523cd084983d79ae0609ff9c6eb27624ab76a230e58885437b7a0c6c61e4f0d7346d3701b7e419134d2a30891f445a75

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.di
    Filesize

    340B

    MD5

    94eaa277ce28337b08faecaff7e3d929

    SHA1

    c04557feff71e287735e3f283a4d8de50afc82d2

    SHA256

    d0a2fc0f44545106b32e3eec78a0f86c02db1634490756a7bf5c5676cd09b084

    SHA512

    0dcc5c5f91696e3c298e68a6b839625208a50c08ce4952eacd5d67f3d092c3be77accb9971d47744c1dcd289b91bec6ca2d9f5173a9db091ade558480103b125

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    7bf9b320902a547db56c959583c8dace

    SHA1

    e59c0e46fe9d0dd6ee76354dce94d028eeda4094

    SHA256

    609e32f2cf12e27dbbcb864d33f308d59bb67b7466904dda9ca448b6b573598b

    SHA512

    6ed4c119a469d238f9ca9467c5799d08a743e0d42e65fb470de52c47107765d2b415f141bb46fddb95030e820b20a706256dd9c5ca8dff6c8471e06145113d0c

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.rd
    Filesize

    73B

    MD5

    0aa07f375061425166e82b26abcd5f87

    SHA1

    3187ffa42a0460d2b5947c7cdf19bf0cf7bea169

    SHA256

    b4645ee7a420fa3172fda893533b257b266677b6632d459e08e0b7c2d912269c

    SHA512

    c150ea2a8a41ae94d518f44e8cb8c728cddd1d11eca103f92e7514cae7a5200a0286140864b70d570b75778bc1360225c585811fc20a25c9176a925300af9e26

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    f3c1c3e63c0aed4e7457ea25d35cc381

    SHA1

    1a67e09f95ae5c0bd91d0dcfe60efb7698b6a5fc

    SHA256

    18488f11bf71e88e81204b007aee8fa40134ea52ab2e1681f2ee992803c80e52

    SHA512

    c5ba5c593b4cbf47024a75998a0925454944b7ed71766c87e4defff13a907b6f3d5f963013896294552eafb631de9b866609b0f4d236b411e989f3112c5eedbf

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jglogs/.jg.store
    Filesize

    32B

    MD5

    448e391c59eef34ee1defbe4dee4c41f

    SHA1

    df1f890987371d7d8e6963c68b787856e42bc146

    SHA256

    55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

    SHA512

    ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

    Download Submit

  • /data/data/com.DGDSbt20190601/files/.jiagu.lock
    Filesize

    27B

    MD5

    0edba4728454abcc0c2e2e25ba56e0a9

    SHA1

    727d8b4f95adedd3e3723a6f1d2ef6a3180088dc

    SHA256

    07c0f78c275be8fe5b6b64115e6fb765c3f3761f01ffd5df56d415edff5e5502

    SHA512

    9c0c9566ce407e5e28424c7a3b7b17afd0df4941c2cd78cbf02ae8e9bb9e3e41e1adc289589b85c6bbbb4947d39361095e968994c3a356280174d5105968f408

    Download Submit

  • /data/data/com.DGDSbt20190601/files/jpush_stat_history_pushcore/normal/nowrap/bb2ad96d-b599-4ccb-9b69-9784d9888ab2
    Filesize

    202B

    MD5

    d16eb1344def218f91589693a0e36c17

    SHA1

    24fd503c7e842c6f3df9bfcac1316325be5fe500

    SHA256

    2a4f83e2f0f10223eef0e32c9e6fc6ae8deeec1184a0c9e895d4d721eafb8176

    SHA512

    f1433a9f8c11a945948a2521beb2f6965e02d42cf98dd0002313d78e0014567ec0df55c878c8764d2eedac193053df729758eb9a6a87fe7342bddbeb040deca6

    Download Submit

  • /storage/emulated/0/360/.deviceId
    Filesize

    48B

    MD5

    1d8d16c4e3b19ebf18988530d9b9a757

    SHA1

    bc94c1cce05cd848a53271ecb9c5311e27ffebf5

    SHA256

    abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

    SHA512

    4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

    Download Submit

  • /storage/emulated/0/360/.iddata
    Filesize

    32B

    MD5

    59c529f6be09edec6c71c81359ea2952

    SHA1

    316d1e7f1d8fef4509cb11b9a83824cdf96a13cd

    SHA256

    c6433f19d583fdff4a08d01531451add561bc74d393e3f12aa92e97615c60a1a

    SHA512

    b3cea394b9b619bc12f9303ebe0024908f4dcbd65e1ffc7c42b898d70dab6a4f037a1463d92296e89a191fcd2b53f232d24e0cee66a9f29b279fe5338670ebe8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.