047843420a597820fd67d7b1f80358bc854bd4910ba2905ed5915f9ac42cbd40

Analysis

max time kernel
152s
max time network
160s
platform
android_x64
resource
android-33-x64-arm64-20240508-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240508-enlocale:en-usos:android-13-x64system
submitted
08-05-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

242b02d87036fbdf2906de91c30ec1b0_JaffaCakes118.apk
Size

27.2MB
MD5

242b02d87036fbdf2906de91c30ec1b0
SHA1

c564ea3dba76fbc38a548a010761823c14f6e0de
SHA256

047843420a597820fd67d7b1f80358bc854bd4910ba2905ed5915f9ac42cbd40
SHA512

057d7225385c0399c25e6b4ec6292a3ef7a553f79aa5a816de238d2471a7b08a17cdab068c1be172486860e9524f93a8c39818678618c9a06d8a49edd55ecd33
SSDEEP

393216:F7aHMc0auZnmeOpodv5JpcNVMVGyt6ItZQbdYT0MbdYT0iBjZOmWQue4caCPP/gn:4sdnmeOaFd0586IUSwBjZpbcikwOnb

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.piggy.qichuxing

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.piggy.qichuxing

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex	4198	com.piggy.qichuxing
/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex!classes2.dex	4198	com.piggy.qichuxing
/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex	4537	com.piggy.qichuxing:channel
/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex!classes2.dex	4537	com.piggy.qichuxing:channel

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.piggy.qichuxing
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.piggy.qichuxing:channel

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.piggy.qichuxing
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.piggy.qichuxing:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.piggy.qichuxing:channel

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.piggy.qichuxing

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.piggy.qichuxing
Framework API call	javax.crypto.Cipher.doFinal	com.piggy.qichuxing:channel

com.piggy.qichuxing
1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4198

com.piggy.qichuxing:channel
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4537

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex

Filesize
6.7MB

MD5
3be670d7fee07326c7eca39483b0861a

SHA1
4eab99517ef09526a98caa82ea12065cd994efa7

SHA256
b8ef200ab297bf5b43079ba73199ab48b02d798510711a848168116367f941c6

SHA512
cc86a068c35d40ab9bcb016abeccc50abf6306205354a09e6c479ddaa4c97066f78039308a5ca48936eb7a7bfcaaa506f1765e3dd4a0e38e5146d9d026e790c1

Download Submit
/data/user/0/com.piggy.qichuxing/.jiagu/classes.dex!classes2.dex

Filesize
4.7MB

MD5
ef05eebc9faf4d5126a152891c3b1d12

SHA1
a0f4b7f794e5134d5924cd5e35f64b4d9ee0d57b

SHA256
fc4350ecf1eae15aecb8134afcb0f6f0471e2f0886b2ff4baaff5cf288ca4b3b

SHA512
69aa618eaf606246dd0a1027020fd0fac38c2f6f9033cfd539abf82d7f4b4eba08b325a0d7d1483e4c850ec54887cee7b682f72bd471056b37e0bf314e4d5393

Download Submit
/data/user/0/com.piggy.qichuxing/.jiagu/libjiagu.so

Filesize
475KB

MD5
dd192b6fcda06a2c6eaa391d3aa4050d

SHA1
c66cc224c4fd08ccacc4832090c5385ffc96a6cc

SHA256
37e90f35ef332d2c152d6d7da63fdb45035a49e4a9066125c448eae4230a9309

SHA512
30c5660107641aa85009706b82c6fc4270f6edc16bf89b9f295b87e5246e580a33e49e627c8a7b8115b5bf02c79cae474fad84f9bb5ee51af2dc0ef74496364a

Download Submit
/data/user/0/com.piggy.qichuxing/.jiagu/libjiagu_64.so

Filesize
510KB

MD5
4bdf484111394815a4fe505e914ea3ae

SHA1
dcfe7a62d561bfc231fa8dc592c3fcf326b0037e

SHA256
e868e1d629b87b6f78a8dbf094644ef6dfdcb47fffd96e82489a926062c1ae30

SHA512
ac78893297f40fe9e3ba46bd8984dbae3f1aba175cc39d6cef02686c38a2150a5691cd358dc7b40e18a2d1ca40e1a3fb4919e74882e00b6ed0ebd15bba98c1c0

Download Submit
/data/user/0/com.piggy.qichuxing/app_crashrecord/1004

Filesize
228B

MD5
078217ede718c8c689edcb8110972949

SHA1
19cc53907a6ed0ddf4220c1bc1813e4e1a23d7f7

SHA256
7d76e82b7006da2a1285360769f10217f2a1fc054d04d21c3e8f9c8e65e338e6

SHA512
59db52dc3460bb6c1349354c6cc099e6a94a644225ab555d03206cbec1d741f07825ec2af1b3a5151e108f28eb56bbc3dcb121d379ec296747a446ab4629f376

Download Submit
/data/user/0/com.piggy.qichuxing/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db

Filesize
36KB

MD5
a31e1b54a6f910b24039d374e389ba51

SHA1
4feed869d592ac4a895294e7ec2ae70d8efb2ce4

SHA256
de85bab30e3e9903ccbec1ef13f6dd1cdc768ae1de60363a367996374af0810c

SHA512
20502d5ef64427127ea5f49f06b7c96195a3b10f4ac7563e664ced562c90e047c88a3265115792525ed5f8bcfb44b6ae800aa824d71072bd041bfd04679e56d2

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
8KB

MD5
88c44665e82275d6ae8e02f8fac7cf54

SHA1
0f7fb554facd6472aa6ee46e07bedd659e748f9a

SHA256
b38a89672c504cd0147682d2c275740031f4c5584377486769e528836125e87d

SHA512
ceb2fd0261b4a128d90e60ee582c6ab2da89133d536d7b3ed04debb72e8fd08ac7ce6a623e9637fc224b3e3df0015259da8818960b3a2c93974d39289935fc42

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
8KB

MD5
1d7e825cb8631a9d24791f06566b4a20

SHA1
edfd0dc35639ea52748cbd7d3fa0041b36289850

SHA256
17e69672ccff373535aea3f5fb93a10f27e3bf6e0af92220081f972e55490568

SHA512
befdecd33f9ebf2cb415b3d3a5e8d66809f67db62ca6d6c4b95b85af0e79428df7539a6c3f6d976bad4f97839fb21e0dd3fec0698b9423e2646a44f82f91ebdc

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
12KB

MD5
c77b0df7dc59f0845b725b171de1bf59

SHA1
5464b0e64bd5dcece1983eb1c48b63d1ce36c8fe

SHA256
b0cad2577e36cca43a38b4478db99e9b7135a7698303508f73a65ea938d77b1a

SHA512
80dcf4f7a7c13d1731b343a09d02a3161f001d21c43861697fb3a114fd7871361d6b15b0b964fa480c2caa2ac3634c0719473f9b5b7a42531831dd8d292bb43a

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
12KB

MD5
57b013a1c6459ad1667a0f938451f8f5

SHA1
a32a9b7afffba5ab4fcf8dee4c5f6dab4e33f3e9

SHA256
f75fba1a477b9463677a410e1fbf9d67ce16b70b0714cbf232172cc85df8b83f

SHA512
9a413b7261a8d901d53c9d3de461513823136790e1be72777ebcfcfeb427e599697701fb01574814d2753f856a766bb41c532309d72d9fe19bf960f182efd65a

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
12KB

MD5
ae565720ec270cd8b01bcc5a0d8353ed

SHA1
edf264f68e7f65943f70072c4bb4c0c642832f8a

SHA256
fce897f438713e1eb40929031e36ef9b3e030178912d1d97b9170448cdd843ee

SHA512
30571c21b4821cfd22c287d87e7fea7070c3033c75070e49b053fe71a2d1c156e7f9f619b542e3ba4fc01c764d93fc0c0d4fdff9350d67c07e57678b5d437334

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
8KB

MD5
8bd4801b90283585ebdd4a8a4bbf765b

SHA1
1e677ea0788f43137366afc315f45d883258d562

SHA256
e9da7638547c4c44ae834bd02a71d107fe98b14a89b8b13ae664d2b1194636cb

SHA512
50cce05e019d18be3da74bdff2027d2556fbced00b59b40629446c7c8779cfa01d32d73f2a94c01673cafc4972a952bdb0fb4afc9d17a85e69fafdd04f33ff48

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MsgLogStore.db

Filesize
56KB

MD5
12a7d379e17bbd9dfb425607991f4814

SHA1
bc7c5ed79c42863755432f9adf05ffc1848b0a81

SHA256
6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f

SHA512
18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MsgLogStore.db-journal

Filesize
512B

MD5
cb92aa7c5eaf71b9d339f88b728f4187

SHA1
bfca07dcad7a45cef6afc8de43db3b98b08b37d4

SHA256
56183e8c823ff7c599c17f71227af818bf818b18f9794888fb276cecaa929cfb

SHA512
d371736ed1c3a6ef90f73439fbd505eb6713756272ba14b34d666821442f36c16fe4d05a22f6a963dec03625e6ba21f9971a1a5b6dbce80e4a1f59a15631384f

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
9613611eaa278f8bd55384bd75df74a0

SHA1
ae91db25c38216e65d45913acfd64c0ecaf89f48

SHA256
afb5a8950819d6ff9aab4a841690cb9374b6c5f4135685ffc323bf5706b05888

SHA512
9fae64bf8efed8da8a3ac46aa26b67a068ab7b686fb215f0b179cfa3fa3e27aab82d993a7bc03dd700b57c3a75ce86b6545ad7d04e022fe2b0c2b53ca418a94c

Download Submit
/data/user/0/com.piggy.qichuxing/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
516a69dc96946270b7f89f68227ebf38

SHA1
c56ac73d756c1e27f1b75409b80f99e303dcf9fb

SHA256
6d5695f6b47bfb32a4cc7b23fffc81f337bb5e0ab55125893ce7423ff21792d5

SHA512
f4e210cef55a29b533d6f5b86cecc2aa6ac828cb8143934a847226789e493ea0249d609a2b013480b7ab52a09b8804504db7cc41f74fc1df7b6b3bc68caa6456

Download Submit
/data/user/0/com.piggy.qichuxing/databases/accs.db

Filesize
20KB

MD5
558105926688c7d4f4788f6b593bcebf

SHA1
d16091461bb6ba14d9de002f0e32feeb35fda9dc

SHA256
51b2b66764ca441ef1a110abc89f5b8251be8522e0a9bda462a9375d18594616

SHA512
1e7c7947765f949be950a73be089c256b52def43f6621357548a88449ffb6cb128f99bee382cfe8c8c786c3e9ac2a907c08f38e2ff9e1e37fc9138360533b55a

Download Submit
/data/user/0/com.piggy.qichuxing/databases/accs.db-journal

Filesize
512B

MD5
eeb7b00500a4b24c2d0957d2ff5ae80f

SHA1
7b98144f4d74253193ff148f7c18ca68fbc883bc

SHA256
11acd234d9fb9b29abeb52594586caf77de6328fb0818a77061dfcdf0a7250b1

SHA512
29cac887bc4d6283ba6581565b8322599637cde08bad81f53f67cd1287dac922f8dc797f1723bc9bf72685c390276c4d43782bbd1aa27a102df0904124c4ba53

Download Submit
/data/user/0/com.piggy.qichuxing/databases/accs.db-journal

Filesize
8KB

MD5
4060c2e458218e14812c20a47dca3eb9

SHA1
0ee7f64a325068a5e5ce81eccd5f7484c8b9d0bd

SHA256
b47d514b925e872b98630ca7c8095e06f61d7b6b623d848ca44fbc2a7206933f

SHA512
0e940aea38de82fa67e19d3598aa46f4925f2a456fcfa9d56e20ab8a0209b71d66a54995360840b818c30a843c120773dbcfddc3b14fd97b574a1b1454cff954

Download Submit
/data/user/0/com.piggy.qichuxing/databases/accs.db-journal

Filesize
8KB

MD5
e9e8d946feace5041b430f3670387267

SHA1
332bca76b8c936048164637cab261cb28a7f7a5f

SHA256
343b4d87ddd4aa73dc163fa6783d5beff2cba1d51f5bc962fea5469bd616f6c1

SHA512
6f028d35902d826fa3bb419c42346d89ea5e0289ff2b82aafaa6053e953e054fc2f69429b92e21341f68025dae661602db5d4b71ea238fe6d32dedc5e02fc9ff

Download Submit
/data/user/0/com.piggy.qichuxing/databases/bugly_db_

Filesize
52KB

MD5
494e597ca7f6d13e9f970d7a505831e8

SHA1
3460671041d0b0bd2e467cac33f66e4dad88a025

SHA256
010616741fa40000c2550212c937d6f4e78f534856e41b2907b6f15d6d1cd2d3

SHA512
4251f8d2d551ea6a3e1c5cd7718be4b954512501068c7ca2903fb50ca8950d4ce2c5bfbbed51cd0658e6b8553ff8641daafa17bbe13da60fb60ad9b96100b578

Download Submit
/data/user/0/com.piggy.qichuxing/databases/bugly_db_-journal

Filesize
512B

MD5
49f559cd4116ecc70b31c825b3a009d9

SHA1
1a395c6a9bbc5e08ff013f755f350f175ccc5e04

SHA256
2797a8d71d57701503116b7cca1f8f249b6573ee12e05335d5c16ba63c0cf6f2

SHA512
b454ea625e06a69bb3987619eddccc76db941a7d278485bdc7e8fea469dccbced3b5995aa72085ad9d6a9b36a7b365c1dc4e7bbdf8826798809df7be6188652b

Download Submit
/data/user/0/com.piggy.qichuxing/databases/bugly_db_-journal

Filesize
8KB

MD5
186164c72971df46b88461c0edd51ef9

SHA1
ea68846e058f974ef0992b711ee980c78f2cbda0

SHA256
6c343209cf93f107a3657648faba804da7f4ab2df68455766717b3c392b4fcac

SHA512
623dbc9473a98cd9a8a7dfbd437bed1affbb19f4641651551812e402f2234101e4545891a429ec6fd33b65a763a09bd07f51357e4f6af281518358763fc2a78f

Download Submit
/data/user/0/com.piggy.qichuxing/databases/bugly_db_-journal

Filesize
8KB

MD5
f38140ca5c6ffb87f8fc10577067a681

SHA1
f1f79b699089e3401c7daf42fadcf2138a3e19f4

SHA256
05e279f661545790632fbd4f7862193311f428f612a865b473166ec925b0b318

SHA512
fc8c884fc626e21c9f15ac381ea8ef7f64ac73972893c9226a931deffa37b384050a87dc4c6f46a201aecf076d04d8115a6a5bb0c0ca757d0b75a77566ca8d8c

Download Submit
/data/user/0/com.piggy.qichuxing/databases/bugly_db_-journal

Filesize
8KB

MD5
cf3aca294032782ad177e8a92fc2a96d

SHA1
08c08ece44d1d544b5d48aa01e97123bbd0302c8

SHA256
9f9b5a904d534e9b1da74a51aa7daa23fd73e58e5f6e026a59377472b64d3c30

SHA512
d29aa15008c7bd045964878eae7e077a1cb5fbf53e25ff909157d9073a8c41aa4848b87370f1499f1d4dffa769aed8d959ee6397ed382cc9afc3e9ba59b604e0

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.ac

Filesize
32B

MD5
2eb57f95638a5e35eb9daa4df0955f30

SHA1
e884fc59b6e75022d0036ad9b94ce69a711a1e84

SHA256
b83a47beba1eda868ad283fb2d1f99965b85d16458cfab5eecc89fd7d9cf8f91

SHA512
68dc24130de592751cf448aead227f07e087b810bcf72e1665b7c87d599998ee9295bc5982fde1558a271a64c08e1277341a89c89a25411b5dea122648b1f625

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.ic

Filesize
32B

MD5
d2bd09e36e84882a3e6b2587f440ade7

SHA1
51367bd0eb89021e32969971c1a5afca39c37232

SHA256
99ca44b739f76dffe4c9194633bbea38cc7175f1e689332abb5bae7aae037091

SHA512
309885ed58789a25fc9ed53959caad118dbe1e61768392ea38ca2b8c223f45ffbb17ab8855304704d13acab5a21611a2f72ed2ca29460dfc7a22cab6f60f87ba

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.rd

Filesize
36KB

MD5
8667c540902807cb0150ee8fec9f07c7

SHA1
1a0cc595caaee104b2209d5e3f6757f2aca8b4c0

SHA256
4cbe86bf14b5cba7e82b4c126ca2d7b4e10fb1760936c3a785dcc360863003a4

SHA512
665e0106bd09c25d061b77acf933db23d8a4ae6a2f608a41a0cc1eeaa4842605e96b60dbbda1f5fb85f0de5523a15280a593e1f1562ad8e2bface32ab5ec9c62

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.ri

Filesize
307B

MD5
20440102afac0fd8d813f4b51b51304c

SHA1
f7357ad8dc7245d29edd1bef405c417071121cfd

SHA256
80c904234fe49cc7759470da85ebd4657adab5faa391154faf775bb3a6c035ec

SHA512
dd245706ba2965c776158f02c1353a76a0b66d5c1a5ab34bff1a98ece29fa6696991b12f4f4f1e82f0892fac88567412f1a0ab6958d2a43df80d45e100ec7976

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.ri

Filesize
314B

MD5
594ca46107dc087f072d48057e0eec1d

SHA1
6f6b58303fc06d3453d2a9613cfd41a6befc973c

SHA256
4c3a8fb10057112e0e4d22aeebbbc22507237a3c780404ad716f4cf4eb44a01e

SHA512
79df11bedff58342faaf2e57ba562374e8535bafff81901424cd810a4aa0795f4b07a3ccb664f0696b1571b3cef7629fbde9341df9f53020668d171c9a2b234a

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jglogs/.jg.store.report_pid

Filesize
512B

MD5
e67aa626fc1a53ed19ae1dc957180509

SHA1
bc5ad27a932951eeff2a016df696cb94f11c9bd5

SHA256
e31cc79e95d3bba73e6c4eb11ef38fce535ea8150518ec4ab028dee6993bc07b

SHA512
1306be27c52a5ab6ece77d3d87a01c014dcc3b5f97950c56147b17ca2dc4a439e644b5600a798bbd65183e734a5c0d7bbbcb272757407d30d3b129084ad6ecaa

Download Submit
/data/user/0/com.piggy.qichuxing/files/.jiagu.lock

Filesize
27B

MD5
4d762f02bde665f3636bdbc0c46351e2

SHA1
f43fedc04f0fadecd92c88dc45ffd736ab86effa

SHA256
24474b1cb4f6ef4767bf0d69d302a46dfba5aaf171829b0f20728fc773253971

SHA512
25a7cfe2be2bd7d1e373586fd68bd0381f693cf6dab41f082ba87e8b52e0e6e6ede2239d709649d4f3e82918f6793269a4a9a0335fdbffe18cfc80e468677649

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
f097aa42ede2508a5abc913906bf852e

SHA1
adf09efb443480a25e718626ce73533c7ce687f1

SHA256
9b57e1ebf06203f2146db225cb44c64a32c38b4c0931e04dba68b478309a0681

SHA512
afd621e6aaaac31c0d57539105cb9c8bdf8ed8ec29d492aa580eb43f1002466ad1f15c81640b103503a264dbb89ceec7f574c643743a30c1d7dfd26c437d4997

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
9a1385e024cb300cfcc70155190cf713

SHA1
f9409d2555f0d0463f847b13d39a9d7f3f68a9a1

SHA256
496b8a194bb48352248c3a15afac90ff5092918c4f88c4bc74c19b150d5e1751

SHA512
7032383930288140a006e045e84795c16214bed3441e1cfae54c7d45936d11d15fb61d833eefdecc2781de148b05a138f5e856f179ebfb55fe87f96d5d5c5b79

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
5cb42919bf23a22bf51734084ada8354

SHA1
7c48a07e15abc5a78fd19a7d1be8f08ca6018f60

SHA256
5f63acb851a94ea398a27f65ae4f844d64e6be0468bacb25d0e494532cc6e578

SHA512
0ad0f793e86846350fd89868721f59169d0b6058e9b263e31439a9b2aca0904b859d8228eb3427d02d17efdb4a3bb9737e3788125956ecffd15d48ec6eadb276

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
bc4ff08806b65fdad4c80f044ccaca4b

SHA1
99e16a51b02be5655fd6127c30604d495012ba69

SHA256
5ea140fda46d9db48ea707b0f6c883eed4aeefdc1c93bd2cbbbe62e6e4cf671e

SHA512
42147ba56beaf86d6e61d358dc294232f2b7376ae01efabb0b247db42cad508ddc40d40f8b92dca5be9366f0d85c888bf4143e9a31caf0f328a67c061c668f59

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads