f7d4debe1e731290766f6394fa6a85ff895d1e2154caecd8b7c4e0b995af12a4

Analysis

max time kernel
135s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09/05/2024, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28c9d2e00f8c5281b6c09b8663d9c492_JaffaCakes118.apk
Size

16.1MB
MD5

28c9d2e00f8c5281b6c09b8663d9c492
SHA1

3dbcc0577a6076223fb3147d90672cd995752ad1
SHA256

f7d4debe1e731290766f6394fa6a85ff895d1e2154caecd8b7c4e0b995af12a4
SHA512

366e51143c71285c544c499cfa8137cafd8a6a6ed90fcca7c32e952250a5a5768fac42462bb847df94638f286675461136c8fd1af36f5ecbd0d817a94e7aa977
SSDEEP

393216:GvEmpN298+4kd/XhFO22fCXWppAU3Q7PesoeFr:Gve9ZdZf+S6p3gDesoC

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.device	com.codemao.dan
Accessed system property	key: ro.product.name	com.codemao.dan
Accessed system property	key: ro.serialno	com.codemao.dan
Accessed system property	key: ro.product.model	com.codemao.dan
Accessed system property	key: ro.bootloader	com.codemao.dan
Accessed system property	key: ro.bootmode	com.codemao.dan
Accessed system property	key: ro.hardware	com.codemao.dan

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.codemao.dan

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.codemao.dan
Accessed system property	key: init.svc.qemu-props	com.codemao.dan
Accessed system property	key: qemu.hw.mainkeys	com.codemao.dan
Accessed system property	key: qemu.sf.fake_camera	com.codemao.dan
Accessed system property	key: ro.kernel.android.qemud	com.codemao.dan
Accessed system property	key: ro.kernel.qemu.gles	com.codemao.dan
Accessed system property	key: ro.kernel.qemu	com.codemao.dan

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.codemao.dan
/sys/qemu_trace	com.codemao.dan
/system/bin/qemu-props	com.codemao.dan

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.codemao.dan
/dev/qemu_pipe	com.codemao.dan

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.codemao.dan

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.codemao.dan/.jiagu/classes.dex	4244	com.codemao.dan
/data/data/com.codemao.dan/.jiagu/classes.dex!classes2.dex	4244	com.codemao.dan
/data/data/com.codemao.dan/.jiagu/tmp.dex	4244	com.codemao.dan
/data/data/com.codemao.dan/.jiagu/tmp.dex	4328	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.codemao.dan/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.codemao.dan/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.codemao.dan/.jiagu/tmp.dex	4244	com.codemao.dan

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.codemao.dan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.codemao.dan

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.codemao.dan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.codemao.dan

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.codemao.dan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.codemao.dan

com.codemao.dan
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244
- chmod 755 /data/data/com.codemao.dan/.jiagu/libjiagu.so
  2⤵
  PID:4270
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.codemao.dan/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.codemao.dan/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4328
- getprop ro.product.cpu.abi
  2⤵
  PID:4379
- /system/bin/sh -c getprop
  2⤵
  PID:4517
- getprop
  2⤵
  PID:4517
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.codemao.dan/.jiagu/classes.dex --dex-file=/data/data/com.codemao.dan/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.codemao.dan/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4544
- sh -c ps
  2⤵
  PID:4566
- ps
  2⤵
  PID:4566
- ps daemonsu
  2⤵
  PID:4591
- ps | grep su
  2⤵
  PID:4609

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.codemao.dan/.jiagu/.jgck

Filesize
4B

MD5
51fd6085baf8a4aa6f22fcd94d7d29af

SHA1
4b3a7cc969f985cbf26cf38a39325ec7701498fd

SHA256
173120b0f0e3db84836d0a14a65312e372e908a0bef3ab8aa87b2324f9bb43b0

SHA512
aaee66d5604f8fd9423cdc00741e0d849294673303e6dbed1f3b0e9bf6a7c0ea07cb860d6d4afe39f75c77d3d66091d07d5e51db90f803c1c1cb09377d08e389

Download Submit
/data/data/com.codemao.dan/.jiagu/classes.dex

Filesize
6.3MB

MD5
93614771a13677bcf9b43bf6164f34ce

SHA1
3a41668627fe9ae22db3349be288c54082820eec

SHA256
2c519d2483da39836117004e3c37476a23e3ba9dec1585324e4aea4161c8e202

SHA512
f2ecb8ebba6a929057d0d1b91c74a79737463e5a77b1380493994463b0faf0e2b8a4c59e7b828a5d0abcaddf67a4a9cd51536719ef1a349f7348aba38c09bd41

Download Submit
/data/data/com.codemao.dan/.jiagu/classes.dex

Filesize
6.0MB

MD5
1a412fa95d3b88c4b477843e1d6a6f57

SHA1
bf3f80be238d1cb8813e669421c66362774aca80

SHA256
9d3bf18488a6152edfffa146105df60f5226ace1bc5e9d6a8f449fde656eb8dc

SHA512
63967901eda7a6c69a19b8b7599593dbe719cbece16478a483352b6e93b788b4f76da9d94d7c09720c6be1fcc113bd28b383cfb996a46b4ef584cf1ab0b6ab7a

Download Submit
/data/data/com.codemao.dan/.jiagu/classes.dex!classes2.dex

Filesize
6.0MB

MD5
72ced5407d527c2e29dc69730fd9f12c

SHA1
1a5a554e714a86bebf2956628ffc3ac67e1e0928

SHA256
8926a1c51a0acffb10bb31fbc5303271166effc2ee2c460e0b182d7ed3b86bfe

SHA512
ee357b05cbde2b16fbb02a0439ddc8e9e7269611d995210385500802f19a289ed9dacb0ad3e57008db934b497275fb0d8ca26aac9b7631de02fc7c66569cebd4

Download Submit
/data/data/com.codemao.dan/.jiagu/libjiagu.so

Filesize
456KB

MD5
7e7125a1193cfa8a696c1b8a6d2a103e

SHA1
af193df6127a47f455ebb7d5b792d2e982f4e004

SHA256
707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681

SHA512
91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

Download Submit
/data/data/com.codemao.dan/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.codemao.dan/app_crashrecord/1002

Filesize
225B

MD5
40f051c047e21f1dfce5a6ee0ba18fea

SHA1
d13970b03a564b821597b0b91c04026ef0d72934

SHA256
810b1f9bfa153af01abe3ec86cb626315d0f5bd09562636f66490f90e5b7693f

SHA512
14a4b2edae447cd52c849167065fed830ee9ab5c37d0de95970d43773db1340ea94cd5295a0ccadc956808c76fe1de96770e01f6f167a6b76955242a463cd6e8

Download Submit
/data/data/com.codemao.dan/app_crashrecord/1004

Filesize
225B

MD5
32812bfb834f02dd13ba40d7ca3e56d5

SHA1
05ef911e05fece79ba7e581a1312158e537e7e33

SHA256
c1fd83e386eb045adeeaf29f0a36da3bacad208647e3eb586ed16fb301c0bea8

SHA512
427bf021e2a4410e0a73a4d5aff7f0afb1b8b21cfb42c1c80e9187b50f0eb5860e211d4212199d19a77554605e40af77f810b02fe0100a1b9610d5234c3fe8ae

Download Submit
/data/data/com.codemao.dan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.codemao.dan/cache/response/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.codemao.dan/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.codemao.dan/databases/bugly_db_-journal

Filesize
512B

MD5
7905782a7a7a9e2f37a0df2f582152e3

SHA1
ed6350bf869e66debfdc517e3db22aec9a5b081d

SHA256
857b1d060b7798549c90eb2a13d7bcc7fa2cd34b2fac82eb7e539b3e62fc3f77

SHA512
16cb19efdb2d782c7aca2b313a415c94020f31fc0603b5e6af6ea8fa124ac126e5963adca6b9ef370256919e579daa6eee09a00466132d869ec5e1e7bd3deb55

Download Submit
/data/data/com.codemao.dan/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.codemao.dan/databases/bugly_db_-wal

Filesize
80KB

MD5
e95dae616a154cb95bf0b5ab4f6f1f0d

SHA1
fa63d379d97fb591f49961d452b4203b4b692ec8

SHA256
a08b22da459eabe1b56e6f96dd8f0c811791d06c15863c090ca4eac682068e3f

SHA512
95f5898a4f11b827752d4decf80528bee59f634a421e1b384d687a2f1867fb59443be7112082b945200b94ca7539aafe507eddc75455354262c34135737ad4ce

Download Submit
/data/data/com.codemao.dan/databases/growing.db

Filesize
20KB

MD5
b3becdb80a328c2db1e0d9ab242a6cae

SHA1
6d14b5815dce97b645721fd59f7f8b36e5cb1864

SHA256
06139f38fa4122745bc602ab26b9c33972fda22f52ceb68567b3094b312284dd

SHA512
08a54e44da0b43fe38a97085e973de96fd4518325c0a203865277990fc2b6e05530b3f1fe8cd2dd750dcee58c52ec5403d8814bcc06c837defde932a87055f13

Download Submit
/data/data/com.codemao.dan/databases/growing.db

Filesize
16KB

MD5
0fc3fd8b9502f300183e48f837eaccde

SHA1
76f322f4f0fbaae3ac445fb841c1ec03ef351e97

SHA256
9eec26754afab4e19625b40978bdc8e58d676776318fb6dfddff2a8e96dc150c

SHA512
a24020fdb984cc7b75d73f3b5efbae269351cc9cd9a23892439a4bb4bb3279c7eefe6e856dfa63ac2b7bb70de426a43a136767f7bb0645f2924a9e4b6e1eb7a5

Download Submit
/data/data/com.codemao.dan/databases/growing.db-journal

Filesize
512B

MD5
55486d2b5df8d54c78af765d18e13fc2

SHA1
9c189f4eb5517823eaf31edade9fdeb218733b3d

SHA256
1610091e3c12a353ae0bfcad427fda6da571803d122da4d08b41e4cdcfe3dc9b

SHA512
bc464fdc6416d186c8eac47009acb9cd990df07f832f1d140b87b30e2829eca97d05c1d8a504fdb0d8088ff8f02b5e233fa2fd439b12c0f6591d74a8dcd16fbc

Download Submit
/data/data/com.codemao.dan/databases/growing.db-wal

Filesize
80KB

MD5
cc60e39ee61fbf902af34e900dd07a37

SHA1
287f76d78893d701e0b9fbdb94cbb38126d4ab7d

SHA256
23557a700bfaa77a6428292058b6ff312636cd570698c15a48d536f65bcbdc12

SHA512
34650564c9e1764131a6cdeb558fff78f97641c9aa1f74baba688f41c3417376d4a13515e9931febb25890f57ac075734d735b07e2e7392cae153f6b4ee17d5e

Download Submit
/data/data/com.codemao.dan/databases/growing.db-wal

Filesize
12KB

MD5
95495b0054c0e832143963093ed8c2e6

SHA1
3785f6bce008b64de59d1e317a09fd560d257fa4

SHA256
ec939d7d503ae1f29f09aff3b83f00888772e37d7d96312f8399c95b91a03fce

SHA512
1d131c3982fca56710864254496bd3dce872a407569fe4f1a48383551def601873798cc2e645a1c1606d43373b57446085fa0a95e625d6f162e4aca5cca7c2a6

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.ac

Filesize
40B

MD5
6ca6db1391f57fe6cef9e5f15a0c66c9

SHA1
88733afca9b0417e617146b8ef8d5d2dfc5c0645

SHA256
9aad1c1bb27a2bd2b265d39fb49056ffeddf3cb41d91b0394538c5bdccdc58e3

SHA512
f7e54fcdee52ef84ca5d6961956a1c77ab72c2d0ae79ca534a15d67e1deba2eac5dcc99d9e693601043eb4dbd86ca384e62f2aa4f0438fdcabc6c6b6f6354999

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.ac

Filesize
40B

MD5
6da3f5a2fef14809bdc7d0aa8e4d0d8a

SHA1
4762a5e0abe01ef7c13e18e5c57028ba4c108798

SHA256
cc5f9dca65636364797a3dd7d8c67413774e112cf31a7548d9f2067bd25e9d99

SHA512
d5ad2862a61570c9806ad6a85750ca28070b6c10f6017a6e47775657550813b9803f7cbdc50d9ae1a93d36466f066a6618db75cf4984b720819508d031e47e40

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.di

Filesize
340B

MD5
720774cbcbe2aa5122861e314be38907

SHA1
be23a23c4dd6b3f4cfe17521423e5b1dee2e962c

SHA256
a89704a9b4d93fab7553f51c5125a8f64acc9c45b19c073ace605853f8453449

SHA512
38fc3f90058e4cba747e5473dcd55df9fe2b3e88779e8a57fd032b9904d0a6c0d88fe1c97d6d27e32f00ee0eed3d30d4a46b5d52f035d9972db175ec5d4c61b5

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.di

Filesize
340B

MD5
a26c71a0a5ec39120263714e57ff7612

SHA1
a671ee787c83b2b45d5f98ab110c682ec96bd436

SHA256
da00b572820351eab3be7117a7fdcfd280e8b8381ba0ab1211291f1019a5a73d

SHA512
95d0f62ff43b1bd4bf51088a65678d3b3c0401703bff67d0ede8ba88de9a23c5e84a7e757571a04687ea70cce0dee7be140d640d19b95a6c9d96303cd7a13404

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.ic

Filesize
40B

MD5
5ff33e60720b0d6b5b76095c3b6ab804

SHA1
f25c299b71a91e12d342de43202eea4de9793861

SHA256
fb632a9c3076ad10746e3020c77b3a010e1d4f13d475da349acd6f08fc699b4a

SHA512
c2689f03e7a2829237889f85bb03509a1b71ce947be957ab1aac65ca23b9c9e3019278cdfa78d911c0f90708305bfaf43e8d0145316c8db8c8a574740fc88384

Download Submit
/data/data/com.codemao.dan/files/.jglogs/.jg.ri

Filesize
314B

MD5
a243d886b24c73bda1fa06377e5f7534

SHA1
3fbaca32c16acde7a49cce2c27388704bea5e803

SHA256
0736cb464a73ef7ea06942c54f97db659d949b66f7bb49e551a173e8866314cb

SHA512
26c7e0f215101e22b49dfa412e13c6f2cfb70dff969983c54999ba93183e12654035cc474f77858be6751c03d79b6b9f40c99b47676c384c81ee45ee4a7922a1

Download Submit
/data/data/com.codemao.dan/files/.jiagu.lock

Filesize
27B

MD5
9ac7a10061661ad194c26a8cf112ecfa

SHA1
dbed25688e1727f194ecead7ba95d8c021c07b57

SHA256
dfd4211ba40aaa939bc678c5c8755b20e35a908d46fcf4129ef337476b474b01

SHA512
94ecf225271e5288e243937de13ef6f16943a4a2f662a7eea03d0ef86f8cdfa42a1237353f7cbd3f86eae86461b266f4dbd3659ec093a71742cbe7c628b3df44

Download Submit
/data/data/com.codemao.dan/files/codemao.db

Filesize
24B

MD5
a6574431b943e0bf47642c666f3fbbe7

SHA1
79191cabd86accd903f27c523c95ef19933c64d1

SHA256
60692d3a39b5fa2c7ea60c7be7014c2069f7c0a3fedafa269addd8143ec15f6d

SHA512
c438e1cda3bce0de04a34e3f53f17f7cdd235e80c656c31e43a21b37e77dfd90de14c17a5c6719b84a14899ff41107a75790b35306c7ecb1674d6f60de9bbbef

Download Submit
/data/data/com.codemao.dan/files/codemao.db.lock

Filesize
1KB

MD5
ef9bcb7f9debe6ce187ffbfe8c893642

SHA1
157220dc43adf5b4f21ccb0374a95b6a83b63f6a

SHA256
9f01c0871b49c1ebd3630da22bedd3975fb8106724528e21308f6aaab77bc89d

SHA512
1e8885f365b3b9f7b3f2b7778b2d4308f7130df178334490a130be569bbd5e6db04652df0d93a4291216feefee512ccd446829e7b4059a3ecddca9dca1fbd292

Download Submit
/data/data/com.codemao.dan/files/com.tencent.open.config.json.

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
5e16ecdfc51bc3e5653e0d6a486dd344

SHA1
3fbd06e62b575408e521df8c92f406c8f99d7e1a

SHA256
2e80d94bf9ad71bd69ee7bb385150cce1d5d7b316e62cc3ce893b7f2515a2e88

SHA512
61c2c5e48ccb66d4bab74bada7511b16d6f1828442db6af82ef8c0f9cb0ede7722893db20a3f42b10447662adddb29dbd9aad65e7634b9237f0d2da4293af5d5

Download Submit
/storage/emulated/0/Android/data/com.codemao.dan/files/tbslog/tbslog.txt

Filesize
9KB

MD5
b6e904bd489fd63dae0c71249905590f

SHA1
0353063f7c44a52cfaea0b5a588ecaf294c6e54f

SHA256
984dbb9b4fac3fc0c2d4a19981ee9c1bc690f41ae5211da6115ce056359d25f4

SHA512
ea8d3cce700b13ee7e0896106fa3554a71daba63fcbf0479866ffcbaa6cde5dcf21b83f3315ba2cf913a98730f660e07b0ece0ec079da8bad6acece9ef203794

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads