Malware Analysis Report

2024-09-09 16:12

Sample ID 240508-lkm5nsge58
Target 243dc01c29b8a2faf5cad8d9274a2a48_JaffaCakes118
SHA256 fb532bd55a1456131ca48ebccee1e7f556230f9c18f72c025f7cb2ff15bf55a2
Tags
discovery evasion impact persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb532bd55a1456131ca48ebccee1e7f556230f9c18f72c025f7cb2ff15bf55a2

Threat Level: Known bad

The file 243dc01c29b8a2faf5cad8d9274a2a48_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery evasion impact persistence irata

Irata family

Irata payload

Checks CPU information

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-08 09:35

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:38

Platform

android-x86-arm-20240506-en

Max time kernel

150s

Max time network

159s

Command Line

com.nvsip.temp

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nvsip.temp

com.spiny.ma.widerouter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 int.dpool.sina.com.cn udp
US 1.1.1.1:53 www.jovetech.com udp
US 172.233.148.217:80 www.jovetech.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 47.254.93.223:35553 octopus.cloudseeplus.com tcp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 1.1.1.1:53 octopus.cloudseetech.com udp
N/A 10.79.217.129:80 int.dpool.sina.com.cn tcp
US 1.1.1.1:53 octopus.cloudseetech.com udp
US 1.1.1.1:53 xwmediasvr.cloudsee.com udp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 1.1.1.1:53 www.afdvr.com udp
US 172.233.148.217:8090 www.afdvr.com tcp
US 1.1.1.1:53 acct-cn.jovcloud.com udp
US 1.1.1.1:53 acct-cn.jovcloud.com udp
FR 2.2.2.2:6798 acct-cn.jovcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp

Files

/storage/emulated/0/Android/data/com.nvsip.temp/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.nvsip.temp/files/login_guide_video.mp4

MD5 cc900eb425262c17bbbbb45e7eada97b
SHA1 fd5161ea13d197b1f3e729ce76c2883c5ccd0ee5
SHA256 d9f529e466d69f86bd46a22d333054f7170896fbfb5468b77b787998e72c3de4
SHA512 a1c2d254ba932d66d1209d6310b4aa345e660c79db183549489c84e08eba1e75caf9d0a8b6e9e2d1653d7c4ca8c15114f31199820e4259066f1807138252d83e

/data/data/com.nvsip.temp/databases/ua.db-journal

MD5 55367bc093c96ac1d1cf4c72e3967d71
SHA1 0cc1925646750b7311351c92857d99ececb32d6f
SHA256 150c5fa8f1be3d8bee8b00784ae32eef095665e7ccbebad300c7868e8f55eafd
SHA512 f74d7cd5848f7aadd37219e17890e3a7e4c7dab6e61060c65025ca101adaa0b145bbbc02ea12073926f9fb139b22f358cc1770e5ffdca30e10b326313d0ac95f

/data/data/com.nvsip.temp/databases/ua.db

MD5 0b1e80b458f8f04aa45a84180884a01a
SHA1 7add864b97d226d60a1eea2caf65eb8fb9236e24
SHA256 e19dc23acfd071ec7e90bfea5ed000e8f20e697971a6ad1fa649b2690239bd35
SHA512 ecd5d38a77b7738070ad5a8797e90e6a37d194196ca0b91bd8df06c84de29fe5f215461956b7597fcf7462b5dd4409baf1af08ba29dd478b842862bc8ffc4c23

/data/data/com.nvsip.temp/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nvsip.temp/databases/ua.db-wal

MD5 def397a80903000ce57a418efbade3b7
SHA1 bb2e603be978d5b1b0c27059c8f7d9680399b0de
SHA256 ee1bdf62a9dc232119e3d0ef984a7cb1e0cb8e762c52a8eb01ae029cc22cd56b
SHA512 7482be93c8ce22bea9af1c373acb256b85fc4f21196f68d9763cba381fcb2b0ca8a79549b187ce083a3846e4a12054d39951ab696193d2a37e9c24dd8d0031d5

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 58d5609c93ac82dd373d602776ad4cd7
SHA1 096e25a561a2b6c5f7f30919b73de1bcf1f217d3
SHA256 5547c618c66581f6396b4faa1c701df57f33ffa41a95b2eb8ac2cbf203c3bc8c
SHA512 b0f6fc95d376db18ee1b3b2c853702cce50b1d29a5ace98d8666b4069ae2e972aa3e83ec16c93c9f2e6ac5463fcb0b6745651495c1e219fde63fe02be6654c40

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 4399f0b7e5a578ab0d9a9d004c7d09ac
SHA1 6c6bf55994ec759ea01231208ea65e56d33bb6c8
SHA256 d2f61b93b226fd8cbb34b25d9272e8e9adec2908ce225b77a2de5d7c4efee72e
SHA512 40ef3478f1a2afaf8f4a99018cc0882dd6122874dedb2cfe37e2c75fd4b950f5e0fee4bd6160115ba4a9d0b2e8b9f25a8a89d84d1f441818d3a0eab79b4e03c0

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 27b55331109c3f90b4d3c51e53ea20cc
SHA1 e0f28c5fa8cc9fbcf9d9ec2b575aa282e314b587
SHA256 496c07fe05a759c9e78f0ba40444786a8298616ac63b893c01f93c96fa782dfc
SHA512 d406f80edda9c86e55b45a77843e84e5d88c8d829c2e1809dcebf50013b152a9a7048468a22312f6b5dde48ee2d21fb6e73195ca5b73ee747d6f927b9c99b304

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 fd6a8a454b7cfed3e4db60a300f1ba53
SHA1 e29193ab2df7b2147b22f8107b3c49a8656ec567
SHA256 25cec7120724869c96455e42fe1a2da3680b9bd926678759193e496da6abb1f4
SHA512 5679a8facb36c295c02e36533da603a7252e88e787b6cf6bb9d67d70ab138a167d3b7f1e3932d88f9302c29694fd314600fa3cdbbf509282d3591af0f0b68664

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 8fb6721a712e668feea0dee462a38bc8
SHA1 0edede8cca78f9d726eb3e299b418feeeb47156f
SHA256 e5113ba59f176ca689619113ee6f15ab5c41d75560364dac1ea6b28e1dcc3b6e
SHA512 db18b8535a0cbdfc1370bcb2148f3b373f2a1fa2b7efe413ab3f69f860b8b98353789b79eacdfdc129217f97c6abe6aee72cd19ef700637e01d5eaeae5de392f

/storage/emulated/0/NVSIP/log_cloud/2024-05-08.txt

MD5 6ac720c3efb0f37cb904fd060fc975ca
SHA1 9a2a7155e53daf83c1fabd888b9b4585b6fd52a2
SHA256 4f8a602c1daee5e979536d5f0b993f2c8b47e21fc87e4c33ec260870fc90b8ba
SHA512 9e1fb51c4e75094b1923dbbdd5a630da0cf8cb2b16169501ae6157d631c6cec027be52ee84f1a1f6ea144851f7eb0f782458411a6f2f4de31b8b1d9b39215846

/storage/emulated/0/NVSIP/log_cloud/dl.log

MD5 ac0758f4cc7d9a0bbe30f094c5932df9
SHA1 71b42da0249defe311d5e5dd7b0f76a7aa7d2614
SHA256 90d19183fe1bf497780ee8940ca080ab237b10988d9c9b61282eea256b03bf50
SHA512 50c6bf0af8e0cfc15199ec0f42afa72c1113f803218ffee4ba91587acd5113b4891e44ccdcb8240f30d2a15dbd087bdef4d9045a02872081e30909d1d03d81f9

/data/data/com.nvsip.temp/databases/tencent_analysis.db_com.nvsip.temp-journal

MD5 e00a9efcbef15a667da959497b4b2435
SHA1 3a7c48d03865c7851fb4d15aa69e1d137d9439c4
SHA256 599f9de9f776a591d69fc6e6f185c51df02d13efef24186e07ec16f37aa70c9c
SHA512 50a342e9489c7e846c18510a67f6811a1a11ff89638855e8f914293320d3715e25c42a8d86f5eff9b7131addb55e7fed83f1feff9aaa9666d3673ba5fd3d4672

/storage/emulated/0/NVSIP/log_cloud/css_cache

MD5 a604fd353568538d9348b305864d241a
SHA1 7663f762fa1e8a89d39f5bd245dd9cd0bcc05551
SHA256 135856803564cfe79e7bb1e88e4ff892cd20a1ad010411b237287298598f45c8
SHA512 b52ba1e8bf4a476d248fca3696ce43464d73d204c2919bb512cae78f240ce84fbf3519562c079414b929e87fc31c204b8ed9ec00428facea5b8ac7dd350d73cf

/data/data/com.nvsip.temp/databases/tencent_analysis.db_com.nvsip.temp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nvsip.temp/databases/tencent_analysis.db_com.nvsip.temp-wal

MD5 21f30cf25628de5850f74720b9f2fa46
SHA1 5c46e4143fc750081e76b9299e35e342377099f4
SHA256 d4f10286ea4620a12d4ddd402ef5c78584a106aed286aef90b7b62a89664e3ae
SHA512 a6747318700fa51247cc0d43e42b517591dcb5d98ea8948c0c87636d3f3f46ec30384c192c48007e5eb7f06095ccc2f2bf5bffa68ca3951fdb822e671029ce03

/data/data/com.nvsip.temp/databases/pri_tencent_analysis.db_com.nvsip.temp-journal

MD5 9683a10af19bde25f1aa165e16d308b6
SHA1 37e0d7a9510b339a0a807b6f2cd039de94416e13
SHA256 8ffba30823645db96d1b923a673af1b09b8b15784f03da5660c5a291610ed11a
SHA512 f54daf325896405f3c893c9f2ce3b3c4daf07493f2bdd940e51dd3735051808919a33c62da6dccfad80214c82ad187184a7ad5c8f1709e18dddcb89e79d39bcb

/data/data/com.nvsip.temp/databases/pri_tencent_analysis.db_com.nvsip.temp-wal

MD5 346303c4a8c6b7305444cdbe9e0bca92
SHA1 d62981d23cc807f62dbca4e097b2f04ddac685c2
SHA256 6be4325befb5a8913d543f5b3a61a73dc34ca51c512c3a57e85647186d673b8e
SHA512 8e9f88e70924724e6e94845e5c4168c2c60f7076e180ee2ed64943b7d83858a9f324a97f0cb1950344ecd33bc6a06070acb7b4decff99ae0212f1d6502dbd47a

/data/data/com.nvsip.temp/databases/cc/cc.db-journal

MD5 c8f297fe17350b6bda91fa19c44f00f9
SHA1 dd5139f59e10124a732497f6e48515ad1c20fe91
SHA256 2968796f474cb256695bf5809d0cc37f4ed98542f360f3f424f4fa2f1e38558a
SHA512 fe8bcbd3e35345607e27a56d919012aa9361edfe9d4e3a4083056e890e081abcbd9b758b2937e1a6b3b15bcded9f42f52a0e069d26fcdc1f3325a98c05062737

/data/data/com.nvsip.temp/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.nvsip.temp/databases/cc/cc.db-wal

MD5 b377a2628483c89e346dec18735d62de
SHA1 7c80349f415d8f199b818f179db4a820f2403343
SHA256 c6a4916dc01dced6299358c83820b72353c9d2d85383dbed8469e074e89d27b5
SHA512 0fa2642b4f5b462d70657ca7bb4baec90e65f6d2254759461869c159319fb88e8a4b5807fdcb6adc207a7654df15de18a00c8cb28c29c4410fe6ba7e1943e8ef

/storage/emulated/0/NVSIP/log_cloud/yst_connect_log_20240508.txt

MD5 66f6c075a3ef86083b1598c4cdc23402
SHA1 63de611f63a0e83fe3bbb9db9c843003a79d3f5d
SHA256 3dae05b508c770ae15f9d4cf278eb85e0761752b17389ab9da54392d7c23d90b
SHA512 baa28855c36bb4e66c6656a2fb9725338331ae73f71ca24c8d581ca2798061a276df0001894099f567598ed33c74d3ccc92a2edb01ff26ad8a476f581793ba19

/data/data/com.nvsip.temp/databases/ua.db-wal

MD5 c7578f9b3dff8c94725c3a22200e3063
SHA1 23314cb210b12c97b610e06000dd05df220d1b56
SHA256 2952676f3c1340ca27fcda1645d7f46f887a38d9c82373a87f7e94ba7e880c40
SHA512 77b10bea5a9c12dde5d7ed11cfba07aa720d2569e1216a04f9af0b069ce8ae001a7e1c7dd2699f555cc74d9299ebc4da04b8409aa448fdda6b6fba53b760510b

/data/data/com.nvsip.temp/databases/ua.db

MD5 bc5e584341deeefd23a42a6c906d5e2c
SHA1 666b92d2607312eac516fa3d4e982f368096d5a3
SHA256 e5be22b08a2592cb52d3c855e83b986855eedfc06324d00d601c7f408621aba4
SHA512 80e7bb4cfbd0db0b88a3c00b07e262bfc8a541ee4eaa24a9d21ac902acabc6100fda47d36b98c8314ceda54e6bfca68035ad4d242d9b1c9a2c7a8bccb199f25e

/storage/emulated/0/NVSIP/log_accout/2024-05-08.log

MD5 b7a299befbce782fdbf99082606b742a
SHA1 3c178003fc2bce9abbf70d717879362f0a4412da
SHA256 e9cae841291d810d8941336d61b0c742201d78b623fa3c0bcc94fea24a0ac208
SHA512 73b6dc979fc26d3931fc3e003b330072cb3145cb49c80d1b5f3803156ba71f372f46d1574da209f233559a5a1c6218882989a581842dffc456a6daf6352d8d54

/data/data/com.nvsip.temp/databases/ua.db-wal

MD5 b2bdf20fae3961239a43a1ae2eb988b3
SHA1 14f4337b19a7f3291280961913e8e49035438dc5
SHA256 36104977a2e214615157a82f66339bdba4324ee9f7f2daa76016b451dcedddda
SHA512 34711ca9c45680489d53243b2a5518663739704474c3c63f9055015d7740641078d2fc88bd1c72bc9c3d78fb9b5c4bc4341c9702ba0c6d8c8d885acce7e2e8ea

/data/data/com.nvsip.temp/databases/ua.db

MD5 d9701aee5526711e175b581f190a6ea2
SHA1 78d25ee1a8abcf09da61841ed43c1d2d6c3a3367
SHA256 39a6170c5cd73c439ae72b7a618fe8cce7feda88248cfd7a98812b27cfc49092
SHA512 153157f1755b53633ecbca73f0a7c1585e3a4148ac3c14f5f86cbee850bbc6c8263e856107c6fb88dd8e5c4e3ac29b1255c6a21ac2e2728292b52bbdcced8352

/storage/emulated/0/NVSIP/log_cloud/A_index.dat

MD5 96ec69eef4fe04cda7eb0dbbcfabcb8c
SHA1 60e1e6ab3d3c017159f2550966389d5de33bca1b
SHA256 83cde305e37ad1deb17d86f23a39bd2434d6719e30b307adebe5a189a78ff6fb
SHA512 a8bc5a95767b3cadba530f1a5c6201519a6df25a969f86bfca1a46a86641f8bce1d2983f51322314bae5aa841d1db774adf1093a5a3464e0d64eb94b1269ac7b

/data/data/com.nvsip.temp/files/umeng_it.cache

MD5 5606d3a6f9559321097dbdfcaaf65565
SHA1 d17cbd8912b02cecc7a4f42ede43a8b7e294ae98
SHA256 d8b0ac23512f84008043ac8b1ea6e07f1f558c5df977908be8621b72c79fd930
SHA512 87030e368b9257e3c9944052e204b3d463756343b0f4646815974443b1a2a89f4da046ee636faedd32b00a4679f93adf1f8b071d6779802d49a7333ab29afe78

/data/data/com.nvsip.temp/files/.umeng/exchangeIdentity.json

MD5 ca3b2c3cb997252c11a3c98413fccf48
SHA1 7a32207d74417178bde15c9cbd3ebe72a55b8ef1
SHA256 8b87a19fb576ea3804ba958911ba87156931184fe37333bb0bce8917534cc21e
SHA512 1918f57cd647355f22097663b55d1b81ac91a0ae6ab7a56a88d39fd1f10d7461f468d8aa8d4fe559b8dcc0ce196877938601c0dcef81cfec81930756339a8c63

/data/data/com.nvsip.temp/files/exid.dat

MD5 590263ca7f3ad65770682176bc14d208
SHA1 76c042f5e7c6a871d2aed73c6c6221e95ca5a2d4
SHA256 541808c1b79c2d45a04a4e2a30aa6efa37894dae0818c253e90ea3fcb2599d39
SHA512 e0fa14bd0f343294798462444ab5db9f4f2b43954408ccade13f7c0d19b4a1896be60c842b977202a50e85f5ff7710c69d8805e9be0909d11ac7985934547a38

/data/data/com.nvsip.temp/databases/ua.db-wal

MD5 f6e9dc0752d203d137d0b9846d9fe804
SHA1 2d249630e7645bd6d0db4ff4f0dcc6d47bf606a3
SHA256 9c9f1a9afcf302fa5afafff6dfa5abec867d958a93e72990e126720637a0e278
SHA512 4fbc612313c6572569446303af6ff39535ca4ba3c340700c27bc7ff03d14ed8ea791d80048427edac77407117e1a9397b373e7518c04ccf6da23a79885374e45

/data/data/com.nvsip.temp/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.nvsip.temp/databases/cc/cc.db-wal

MD5 81cf361b816cccf3a9bce679071e8dde
SHA1 f840bf39a4f027ec6a660b8a3609de47e6e66b5f
SHA256 1c427645082c786bdee4c606f8af27856422c8d96365e2104b92cafd03589461
SHA512 de8a022a724d7dc6228407415d156ae92ead13dcd920820f95bd72f6a9d89d6ed19eb63c40df16d02e0ea8b93088f228986b1157e80ed0a03f57ccfdb3638528

/data/data/com.nvsip.temp/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/NVSIP/log_accout/2024-05-08.log

MD5 2d32da2a8495b57a8825da65ddad56f2
SHA1 ff4dd2fe24367205c1b8b92cde68c6db362c36fc
SHA256 640ba7dd75117081b587d528229d4605a143a356443a2c8261e6359ac785f1c1
SHA512 3c20ab19cebf2e457d7b27ffe081b1af4d91366557ed7b482709fa241b5d78b8053b9ae9daeee44de41cd5614c34c5258ea8026a9096cae576345c9e258a9517

/storage/emulated/0/NVSIP/log_accout/2024-05-08.log

MD5 cac15f6abc1980c1a042a29f1268505d
SHA1 a6cd08e579c3a051349b68429785330e05f1891a
SHA256 050e46fcd6877d2584f9e3b95441b0783ded75eb1c0d7585008cf21fb4ba3b97
SHA512 53f858537b492a35a51e12174f06bdb438e1ee1e7a3b5e8a39dd3ca99eb0547a71e041141bf719cbd4be8d530c6cc8ce86b040f1f90984c5783859e9c4121bea

/storage/emulated/0/NVSIP/log_accout/2024-05-08.log

MD5 c03eee025ee460301569c1706de80065
SHA1 8162ce365fe0595c1393f090f8a8292b32d8451d
SHA256 d0297daa943aef1b5ce01adb52de19cf36867f19e8acb0f2c21528f9ffda8118
SHA512 28a2ef6002e3260fbb80f7046ec08e31b25b71061937986e36ed9832e4d0092df0cdc905687a6a22daccbb35d58ddee74460fdf1205c87cb10222999d79a070a

/storage/emulated/0/NVSIP/log_accout/2024-05-08.log

MD5 37cf5dae69272cbeddbbb22426caf57d
SHA1 120ea306d50f898e782741c82f75bcff9038b2bf
SHA256 a53416b4ccb811759962a6fcfc889f79ccf772100fa520665c1b2d05bb5a9175
SHA512 d077698b1bccdac4e0797abe74ffa65f8c2754265b9e02c34855d036ba724515ab0d3197618a33916d6ec13988b7eb93df739b37961c936a1999e34f6f73f2ae

/storage/emulated/0/NVSIP/log_cloud/A_yst.dat

MD5 d52328159d40f287fad5b08a3f77aea0
SHA1 04295973e685bf2cc031df99acb4204093fefd15
SHA256 dbec904ed2ad1756e8d468a35b4c7344c8401346005a6e1390abad64357a8318
SHA512 94a647eff08b7c9b5630bbb25515a5a2fcd8c97d75b2acdc5c046f9800195ffe45dc1a7a64e8a5fd21b3ebd8185a307221b47116a3ef1941a7f992ce22d06b2f

/storage/emulated/0/NVSIP/log_cloud/B_yst.dat

MD5 972aa3e942f0cca4c4efd9dab978dfe8
SHA1 c6faae3aeec9ae5650a7decd932ca76edf647505
SHA256 d88ef8a8e5659ea38dee587780ef25d515d58910a2f6743a47fc3c81e37fafba
SHA512 3bd7e64a64d86bf474a686845f3ad93113e2317b6e395200b4e18bb1ce2ea67fdcb29b14cb29f81a94ab7d84dd5c377fbd62d8d86d67fae6b029a2e1da71dd4b

/storage/emulated/0/NVSIP/log_cloud/S_yst.dat

MD5 f0ce11a35f0bcf1a7207e854512ed68d
SHA1 e47e024165b7f8a48e77cb253e1b502050b4b208
SHA256 73c6aca2c9cba7b3f6d1dfe9d933d0a832fa8e54f9fb17ed33ead46084d891df
SHA512 1ac9ed426fcb1f49af8a1029043fc2fb365bf45f725ad09e50bb162bb1a50bb0ae6dc2b33465bcec791810996b811da26eb6bdac6e791d89dc80779390b30015

/storage/emulated/0/NVSIP/log_cloud/SC_yst.dat

MD5 b7e00a0a7607fd25626807581e269b1b
SHA1 3be37d8ebda4a93c3b4c85b7e1185f0b8caf3801
SHA256 495adc5eb4bc69f3cba964aab12c8a4fb59173fb9b07ce7b6ba8d50bf2aceb57
SHA512 49aeeec05e697f9fa0ec461e6599aeeecc266e6903c6589b7d5ce5243426fef443e5d4ef05c4c2cb38e5348dd439672ef4e6063aca0faf305396678740074bad

/storage/emulated/0/NVSIP/log_cloud/SD_yst.dat

MD5 8d501032f2a737ead767b47ef349bc12
SHA1 057aed8d9123459911eba655eceebaaa177a9111
SHA256 d730b29223e1ce9a4b09abc8c20febfbbaea497f7cf649cff6df2495ba78945a
SHA512 7407da024025cd734676838576d4ad2acab0487e27543c117522d914a0efa8d7304871acc1eadcbc42775f06febbda05d2590c4c6a4b7353f33075417ce8d422

/storage/emulated/0/NVSIP/log_cloud/SE_yst.dat

MD5 6b81d6b4add127e8ce151364d174a9e0
SHA1 29d21797f0d2f08e9ec4f9868319e72335fff0fe
SHA256 5910486ea88ba324955b97b06d825860671522857a8702ccf14beb65ccb19f5e
SHA512 3336fffe6bc329766a1c4366d461dba9feed6841c1c033c9c0de6249550e4355dc02915c1e7e7ffc5288e2558dbf8addddf23b17cdac00a0904f0bb581a08b07

/storage/emulated/0/NVSIP/log_cloud/SF_yst.dat

MD5 8689b2b3b03512ae64a38dabb9e53431
SHA1 f74240c7e15f3d7b3ae235e1eaef8b928e6de517
SHA256 2ada6f28b0cd386731f470728548619246541d38bc6a7e64e6235232e09ad5c9
SHA512 ee596d46bb69982576a75220a2e6f647d50fd15df9cb7f097d45973d026486f5ce23c54c55f992392b9520f9ce7ba3a09ef53721e54f1d89131f1576ac022236

/data/data/com.nvsip.temp/files/.um/um_cache_1715161109496.env

MD5 f1f0a376446d9e388e1323025bfeab80
SHA1 17f606aeee24eb6c97a25bdceaffc3d72bdf5b7c
SHA256 db3de7a7ae31435ef1066e2cdb9dff46feb33cbc1dd7be0e16a75f92e89b2ac5
SHA512 034e59b6690b4d353376dbb68d89c5639747dcaa1660430938522050ae7ab1eac9193a830beb30ad4cd0c5d2db40dc365afc0fa7196522096596869a4680a439

/storage/emulated/0/NVSIP/log_cloud/SH_yst.dat

MD5 d6eb7fa0f605c689f254bcf0c4c7753f
SHA1 de81d61641ab292dfe41840efc96b352bdff600e
SHA256 e389fe050ddb56fc5a2d1678461e1860c3feaa1691ffacb07081b6593453b79c
SHA512 9148ec07cb12f757c4f11bee12211981590ef45a7f23bd52cb23e163b1bf73e771b5a76cb4a8874fa205503d500ec4ba23372cce148df52ff9302c7392b9de16

/storage/emulated/0/NVSIP/log_cloud/ST_yst.dat

MD5 78a58ff056bbeca2333dc557dc94acc9
SHA1 4062636cc15a4157dae1c1661f24585fdff1ccb2
SHA256 87ceeb884dc096d6ebea5794e1a774eea87a82367b662cded80d55000978bcbc
SHA512 341008d78b99368926c297305af0919b2f0818a29f76f26e1061f7b32af848276475f8add59743d6b235984c09df89648b50099d0e84582ae47757925049b377

/storage/emulated/0/NVSIP/log_cloud/SK_yst.dat

MD5 b8069b1cb006e99ffb51f352dd0be1ac
SHA1 693e948708b0fa3472a96c318fd4ced18efdda56
SHA256 80e2a35dfeada46720d943b8842a53e339158f36446950eb1ffe0c8e3d2fb67a
SHA512 f257b94b6e103f1e1a345d0e546fc07261ee5c5c561a9f2638cb7cbd6da6b01cd6516c0cbe47d36c916c298bfbab505ee9643baffc9e92ab15163cd53fee9a28

/storage/emulated/0/NVSIP/log_cloud/SL_yst.dat

MD5 83ff3c4794e65dc84c93684dd5578821
SHA1 f6ba7baf664b7ca0f94e54b15c98fb59c59003f6
SHA256 58b8d7703a456c6ba593d569036fff133df498186e39d69c9e2d43d26b830505
SHA512 15842e16e469407bd4ef433ab624bcc65aec6ee40f80529ffa6ffa9acb5170247e714dbcdcc8c0ee85039d7663530f811595a75546b592267b79ca8afec891b5

/storage/emulated/0/NVSIP/log_cloud/SN_yst.dat

MD5 a88d7980fb5f983219dce1dfe26fea5d
SHA1 1b8d44565dd415688eeb9ae3621460e2db763318
SHA256 77fab904a1239385ba87968094349e16ed977543d0d1e8a0b4da40dbf5ecc736
SHA512 72adb306a42dd5a2f5c5a5b7ab67e308228d8a032967813b0a33d7046699af8de5d6cf785dd8c35bd6066b59afa7e3f9a2d7b208cb59f4f9a9821fcf822e4b03

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:35

Platform

android-x86-arm-20240506-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:35

Platform

android-x64-20240506-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:36

Platform

android-x64-arm64-20240506-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:36

Platform

android-x86-arm-20240506-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.3:443 tcp
GB 142.250.200.3:443 tcp
GB 216.58.212.202:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:36

Platform

android-x64-20240506-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-08 09:35

Reported

2024-05-08 09:36

Platform

android-x64-arm64-20240506-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A