Malware Analysis Report

2025-01-02 07:35

Sample ID 240510-hl48ssgg2w
Target 2ddf7ac55b28a74b390b9ff70abbdbf0_JaffaCakes118
SHA256 216e04ebbd089ec576aeca2c5a199868b05a20a7ef214e90542fcaeba6de2ba7
Tags
privateloader banker discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

216e04ebbd089ec576aeca2c5a199868b05a20a7ef214e90542fcaeba6de2ba7

Threat Level: Known bad

The file 2ddf7ac55b28a74b390b9ff70abbdbf0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader banker discovery evasion impact persistence

Privateloader family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks memory information

Queries information about running processes on the device

Checks CPU information

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 06:50

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 06:50

Reported

2024-05-10 06:53

Platform

android-x64-20240506-en

Max time kernel

8s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.78:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-10 06:50

Reported

2024-05-10 06:53

Platform

android-x64-arm64-20240506-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.4:443 tcp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 06:50

Reported

2024-05-10 06:53

Platform

android-x86-arm-20240506-en

Max time kernel

127s

Max time network

148s

Command Line

com.GalacticThumb.BouncyCats.off

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex N/A N/A
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.GalacticThumb.BouncyCats.off

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 ads.heyzap.com udp
US 1.1.1.1:53 med.heyzap.com udp
US 1.1.1.1:53 radiuscraft.com udp
US 89.116.133.8:80 radiuscraft.com tcp
US 89.116.133.8:80 radiuscraft.com tcp
US 89.116.133.8:443 radiuscraft.com tcp
US 89.116.133.8:443 radiuscraft.com tcp
US 1.1.1.1:53 api.uca.cloud.unity3d.com udp
US 34.107.172.168:443 api.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp

Files

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex

MD5 8e3216943300c0192df48b91eb4bb24f
SHA1 1dfe01369e5a229266dac2959ddcaf248ecd0081
SHA256 1883e6b6a6d87dc4872f79bfd53070d375292e6d532d53b6d8f71bf90a890733
SHA512 e0c2272e28ab7bbe5c997ca5ef0b0683d203751a27a188227ca352016bd56d9cdd26bf78b09dc75ccc0126c877c8c47e7086c30555f7cf43f77f273a10d8072f

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex

MD5 27e8d4a78d66bd0e9c58fea6d55adebc
SHA1 c0e5a911f30ee5bd24fa19a0d5fa6097dee706fa
SHA256 bb2cf0acd7f6dd9aa88e8d56dc31fac745406d06a169bed596f56e3c671c5408
SHA512 fb99bf75dc2c88e73cc7e4ae7dfdbc41646825f8fb1bfb729ec5c9731477e94e13848db4584b0e7e736d0fb4abe250bf24754b2212d9f3258372ef94148926d7

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri

MD5 c18a19674f0f77a8073059911045824c
SHA1 d42e53de30cbaeb10e86773c56b0e119d096ac54
SHA256 fc4bcadba54317e0d26cf9034f4da93ac65309874b12bf446a54d83b323ca865
SHA512 09e5ea04b1db12c4cb518f8ab7d39fb3b3c6f4f1c5c05fab0483eda039d217f2774966d8899cac3e56d431680ae55a96a62e6dfb6a93b2ccb58b5d338f49808b

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri

MD5 1f233675ab2ef895d13e529446a41021
SHA1 d54fbb69f9e42f50661bb6d59563c74a99e5995e
SHA256 f1785770388b22dd66fe5a0d35fb99daf34a9845ed13634b8edbe4c9bd25f13d
SHA512 3759a8d4e2c7180694a8a90cb21e3c871b9d76bf463f3ca99cac20233a377df2eb6f775a4979c2e968025eedec4cc36298cef67a542dd0316451be687afd87f5

/data/data/com.GalacticThumb.BouncyCats.off/files/.jiagu.lock

MD5 74494ca53edf34c15814eebaa4d14801
SHA1 6d3284819f2c96b14c126596b49fb6dc6acd4d1a
SHA256 7d5dce9b8ab65dc484a18256b2b8bb8f09a94c516f9b7ebee2c63e1be46c4963
SHA512 4b75b88857936da253f03b4135aed5b8a7456e3c7bec6226f92faa59642128fa15fd06653f3948e38cc7b373d7711ddaf183a61bd3f9ef69bf2bdf965d7f9501

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.rd

MD5 a44ca61c3e81275423f29ce641dfe352
SHA1 4942fdf330457e4995c5fd7eba61ae868d7b771a
SHA256 7eccb85a2e4e2d336498e1b41421621b5dbbc10cf0680128433f5a9e9ffd17a9
SHA512 ba17a7472a339693c5ca734842120e6bff2a07940735eb963b19d880dade3da6119cb2092e3fd1a31fc1452a644a6143d0ad49292aa05c40a4cc5f951112d048

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_cf

MD5 46c4be8038c15bf3702dead409476237
SHA1 29f3f5c27927030760cf7f1f77c84b6926480d85
SHA256 0a8f3bc515788c69a1094ae14a4b15bf32b49c4ab65d84b04f2649e54663f01b
SHA512 2a981ddf55359dea0c90a123f14e8c0a987629cd11cbe04a71365bc1155833c19168746e679a9476238aaaf022ed3c58bc0d4bdf7250327a7b8f79cdc3988459

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_pid

MD5 0ae98e92dcc3e6f9eb6deacf8b6c32fc
SHA1 3b933724f5c75b9b006f9ff386fa461e4e5fed4d
SHA256 1339782501e68d0169e4b19569881d3504a52309a6eb339c28d06e64a409d7d7
SHA512 80c5ca6546fb345bda982f5b90a8c624ff66507999b65835794b27d9766ece89c1b780773b5bf7170caf561e58739c65a9c39b43cf447fb65eda534907a887b0

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri

MD5 50b3df7668ff536a17b94c93971da78e
SHA1 888bcd8a58016e24f56b923c806bbb24b007fff7
SHA256 20c7706fc8424f8c869e4cbec461a86565f1bee47257fcfcd1a412e0400c4ad0
SHA512 e7af1fda9f45495ae3290e639051bae5e96b3d75117da7414013db806eb01f2dded2ccd83616fcfd8716f45cf2d13a5fff44234609b9e36d0a6ad839512711ea

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk.h

MD5 2c50f0beed7a93259b681f0e1c5f5dfc
SHA1 8071a2fc3ec267b8403e19b05ca871e01994de00
SHA256 a6663e04aa9585e30eb83508906cc5f6ba51bdb1b4bc9784541037027a096f3e
SHA512 fc4b1873eb2a68e0bd6448f516d9247de921d1838c713bcbf75b4d131e676e575c11bd96747dd4c5e79bdea24d10bd2624e5830ea9ea1e232388aedf244d78ae

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk

MD5 1fe7100669686892ae637baf7ece367d
SHA1 de22335ccbd19e788a05122e154e519b47e0f789
SHA256 176c4048d86864a0320d333213c532e46353eae2d13f4b080d15a365d87f42f1
SHA512 fda3fd5b83fb79360f985cc9fcf100fc35056815cb2acab8d3a5b56c36d1f639fee3b2733eb74d41aa07d5f0628fe11ace1d935136c1d8de4cb891fe4a8da262

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ac

MD5 abbee5d48ff8260d8171ac2105c1737f
SHA1 8d6311c25445f7275e4d55ea060506989220b066
SHA256 25659bafd905211b8b94246e76938db52c33f32c1bda003e8d6cdde669d9058e
SHA512 698b5e3950677399ddf7837b63b952ea84f345ded10c09cba2429516df55feddb994958da9a5c809f21933d26733ff12e8380f75a8c3a0fff352f954cec48390

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ic

MD5 6b985cd5a1ad7db98823464650354039
SHA1 87cc99bf59b1250f39a825ada8d97e7cffa03c98
SHA256 9415f8bd4024adf5611c1229bb692feae2f82f0b5682d284455b19e26f2ab11d
SHA512 eb72174c13f10bfca7bbca94e5a0f2de559b60d590635f0bb3aa93edab04156de1864ba0ad3778d6b93ee01113e6982821bc14ff457fe3916db5a9a25d5dcb5a

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tv

MD5 4b21fe9e2fab7b11e96223ae860b5a8b
SHA1 23ff3a2ed3ad9ed7e4034f6317670c75833683e0
SHA256 cabb9067f64c02de93632d8b0d64696179c7335ade7afb655deb385f58874be4
SHA512 6bab6d67d82a8aedab7905690c16bc8cf78b32690037ee05931a5c58e7950b71b72ea8a683d159c7c663845bb767b45b9418378e43cdc2d78b33f9a7df347db9

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/as/cheuu

MD5 6bfde945515d1ca0846ae84d9d7513e1
SHA1 95b0005cf3e4f1f5b94cc8d1cb4812dea35f4d3e
SHA256 80e9be1c5268a810dd3ee43e7065e7286c69930b20f85b1e239d2e4bc5176934
SHA512 21108a40028bd0d572d09b50e3a6ab7e4ab482940ef37cde1a90e6e0e3cfe9d73ab4da3c7c565b1968dbb7da430644d644bc6a0a8f23b265b36e4587d9d9e335

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tmd

MD5 519687c508c1ae9a83136d64442feaf8
SHA1 a52d4f6cb5da9fec4bbf0a8ab80a79108c0b314a
SHA256 d55aa8cf3b293b3ac718b8a3b88054e9a3ed10fa3bcf7efed7eb29c8c3e7f20f
SHA512 fc1ed4bfc711cd16a7669243c04359ec652b5cfb46ae7c5b6b100f2c4153ec3782e90463502e2fab2353368c808d2ceed192679a993c4692473d8ff22d17da81

/data/data/com.GalacticThumb.BouncyCats.off/app_ebody/res/xmtok/37765/uuloi

MD5 09fe76567e87ec409dab8c7878fd0f5d
SHA1 22328b8f8acc573e171dcdbb4a40a5b29c5664f0
SHA256 6bbefb01d899ba0327d8496a401d733d7b56dbd36c3b434acefcb61162e45f62
SHA512 f3726ab75eda1769b76bfde9994f9c97f2114898df6895cf158ca38f552ac934edea4c79e44f9ebb33c0b4c0ce5dc0a948bb19bbede4047122e29ae2951d982a

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva

MD5 d62b0ef424a685dc10247d8d18bfc925
SHA1 ce0306f35c01aa3a147c9af2463c5a518a7a6df6
SHA256 3701d0d89e10f85a387fd4f0fb1a16e8f22e512f046c9a1bd2e0bc3330f66ed4
SHA512 0acf384d5382b9985f39d588fa316a47ebb17cc2cb5a719f772a3db85bc5418e068f5155f6e6c5b7cb15420bfa0cd8c477d138dd587b3dd0d72a0d89dd3f6275

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar

MD5 0678252839f270b481227769afef0bd8
SHA1 599ecbb2b3db05f38b20cc2edc5ed56c1bfb1ee7
SHA256 83619625399621480aee892f741376137bfe37d968f8ea18f123d583cb29aa4d
SHA512 bc19c2fe4455d32198dda3cc3fc80b96d8534a6fbf32b176358ef3a6baf04dd3ba9d69046a17457c6241d6e0c8ea6aac9e68d18228a4478f35f1ac45388ce59c

/data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar

MD5 a884fb4c088c73a805344c46102f7779
SHA1 17d1e3c01dc090198c2e0f113b4a4d0eb64be394
SHA256 0cef1e149112392bc908bee25b157a5ae15e04cc68b8d0c509cd39227813536d
SHA512 8f0890edcddd8da5e77ec74513839ef172dff333933bf5fce4f9cff244cc94b3475d1f67a8ff47555b7532ede88832a0785a36838215d711f2f41d8750446817

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal

MD5 af39610c602e3778de8f460c532f40f7
SHA1 13595cde760cebd919528c470daa09d7df3af68f
SHA256 a17b7886782346537016105c84d2c189a5580ee07b16c55a1ccf1c70fd6d7fc0
SHA512 074eabced3cc66f8fdbe5259283e9b9ed2cd2da9035a4c3966c5327a0a777c1f8496f56cf5565fde6f870afe291f7f6f3a20a1fb300eb15dc653817b7f13e9fb

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-wal

MD5 6cfc9034d7030c59bf087a0fcf6de4bf
SHA1 db40b1be7e575c319b771889624f06121bf35246
SHA256 68fff9829e6fe46df1a92a9afd079792ff409ae8f42416b2530e0cb1032967e7
SHA512 b19020a76d58e03de7c9d3c553e0221e6b7617f8882cfe5865950ded7a5e4cb8dfaee05f6b40327bbebb703c3e0dd9526b472990884f52ef86c7f9068fc58763

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/oat/vva.jar.cur.prof

MD5 af3104e04a1b65783614f4543f0be4ec
SHA1 c0bb9d69f9351b3238e0b4fc856fb693a1b5da24
SHA256 8d169f03e76a9618695abd05f9b1a3fbe39db64a48bbac86f584813be23a6572
SHA512 fd05871bad38da298433a57f3c4f1b6bf02d24353911c7b9af31caf3ac779c68cea8f4008ad601996acae8957e428dbf049254859092f80f5122fe7dba099224

/data/data/com.GalacticThumb.BouncyCats.off/cache/com.heyzap.sdk/entries.json

MD5 9abb23440eb098329d40e2c2ab91f020
SHA1 3f804b1a0b720796c9ba9e9e4365f31094c51b24
SHA256 619232d578647cd5da389f8f52723df7347cbace501fdd160869ec53addfab54
SHA512 0ee0813d36e7e060fc2b6f48acd10c7ddd1eace15cd39daf4903d91382a00b6aa9199be424c13bc1bb420689cb57904a90c77aefcb4bad1605045eb6d24151e2

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.48a0cd3e/e

MD5 ccafef3a5d1071ae70645d84ec788891
SHA1 9740b126a26dde5ca8c95102e16ed867a2dfb9d9
SHA256 900136dc70baf5f0ca0483851e35af042ec41a719693e11da7600e05bf64994b
SHA512 7405e1dad2726a5627ff23117bd8fa864a0dfe4bcfd999867808d21f1f6e29f3696fbb7f16214ecefd3406cccb32b0c1929e6d840bee9bd39f6f171967e67217

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/values

MD5 5a9ce2a0fbdd36a05ed8ac3cdd298fde
SHA1 f017a2e8d411fe2ea86c46fd8f3a9aa5372c0bd6
SHA256 21d265fc70671a5982eb539212cdaa723838c49472ff5ac7e2cde6fc253d50bd
SHA512 fb95a21cae26750c21b8aac2a4414ca33a3250f9df181102dda8d970a3cf9e714cf2fd2ca5a0f2fa20057949748f2550e65a89c07a429f53fd359793f9cda540

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.48a0cd3e/s

MD5 31aa1c8492f3e79a262decad8e01a426
SHA1 fba378977993664b5424ed40a6799e5043bf7a63
SHA256 c822aa3c5262a1751df6843a2290b79b1e72384d597b9788d1936652725237a3
SHA512 f6b4d091eba45f3e3f3fccf643a9eba4c5998fc1b62a4f865e04e7f492befc0c3e3e3f01d7e23458ee67783ae2fd953bdf795967f711c75c13d05ceb2bf06169

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500001.48a0cd3e/e

MD5 64096b2e4a78219afc0f237c3d97b7dc
SHA1 3875ef29a34590c39ffa39d1b12032a3693a83d5
SHA256 440eed7d19ccd94db13f51ad467f8d2887f15e8d250389dae9853b16f264f3e3
SHA512 bd419d63e50a9f70aba5c2dfd09b8ca9caaf1c9f6a16511b432422907f485d1ad28b81c66bc92ed12db162603812c6f1146057baad689f57773fe8516dd01540

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.48a0cd3e/e

MD5 2afe7c85cdb6830aeae5aa1aaaf66958
SHA1 942c65839144c5cc1f0643a4e889dc1335c352ef
SHA256 55df8f16d74c682d02aca8d89aa7f71a003a8cad504664ae95e5357f057fda4a
SHA512 54bf414a8794f17707ac5fea03241e6e2eff7d5cbfb52bcaf26a589e7577db57954c5e761291b63aba1577ad0f5e82713d3f14d80010b71ce3be9c5d5aa06712

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.48a0cd3e/e

MD5 1ac089f943a3b40ec775c19d1a093b3d
SHA1 465e67bdfd573bd4d4c53093839e99808afbba14
SHA256 0dddbbc0a19bf8ac2b5c81589f372bd9524b716140af72e5b25a08f42be83da5
SHA512 73863a9e86fee3071a9f081c34ea594464752350600bada5191cfe5396609daa953bf42c6bc885e490d4ba3334809d74facafbfb50bf5efb793d859cb862f051

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Settings.txt

MD5 dbb89453bc1faba723affb86a86864d9
SHA1 98059d4a01632762a8312244c45e1a221a389ab7
SHA256 bd729197752d5b0db6d658a23ea99013684ccdad0ebc5f587b5ce903429d5575
SHA512 59283e3df498d69aa23503382103d7892f637850e8385fea579f99da85ccee61f4160b1bbec0d4b4b3fcaa645a8739d00dc008c53a51e29d219e28ebda08dca1

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 06:50

Reported

2024-05-10 06:53

Platform

android-x64-20240506-en

Max time kernel

134s

Max time network

160s

Command Line

com.GalacticThumb.BouncyCats.off

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex N/A N/A
N/A /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.GalacticThumb.BouncyCats.off

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 172.217.169.78:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.212.202:443 tcp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 stats.unity3d.com udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 1.1.1.1:53 ads.heyzap.com udp
US 1.1.1.1:53 med.heyzap.com udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 radiuscraft.com udp
US 89.116.133.8:80 radiuscraft.com tcp
US 89.116.133.8:80 radiuscraft.com tcp
US 89.116.133.8:443 radiuscraft.com tcp
US 89.116.133.8:443 radiuscraft.com tcp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 api.uca.cloud.unity3d.com udp
US 34.107.172.168:443 api.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp

Files

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex

MD5 8e3216943300c0192df48b91eb4bb24f
SHA1 1dfe01369e5a229266dac2959ddcaf248ecd0081
SHA256 1883e6b6a6d87dc4872f79bfd53070d375292e6d532d53b6d8f71bf90a890733
SHA512 e0c2272e28ab7bbe5c997ca5ef0b0683d203751a27a188227ca352016bd56d9cdd26bf78b09dc75ccc0126c877c8c47e7086c30555f7cf43f77f273a10d8072f

/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex

MD5 27e8d4a78d66bd0e9c58fea6d55adebc
SHA1 c0e5a911f30ee5bd24fa19a0d5fa6097dee706fa
SHA256 bb2cf0acd7f6dd9aa88e8d56dc31fac745406d06a169bed596f56e3c671c5408
SHA512 fb99bf75dc2c88e73cc7e4ae7dfdbc41646825f8fb1bfb729ec5c9731477e94e13848db4584b0e7e736d0fb4abe250bf24754b2212d9f3258372ef94148926d7

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri

MD5 d6b5cb58cd868ddd962ed10d7cd3c4fb
SHA1 465c761e761998cbccf155dba6921a210e0aa100
SHA256 2dd9cf4a41116bd8b53a8dd8fcbe649c5376cd3ebc111fbcbf5b887aef7edd73
SHA512 41e95838a838e445c733c2c2680e503e7cb8105027f7ba5a0f0b5c928fe8a3fa6c20acd1f548d91aa8aca00b86e3c3b5514d9d535f91f9a320d5b011b4c11147

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri

MD5 27982f940fedf5afd4053c31d13fc5f3
SHA1 fc8bb8423e00b2304d7211520488dc34f0268626
SHA256 c04208eaeb84e60aef1288fc1fbea9d404023930d84bc4f7836293acd6d57aba
SHA512 01c06d303be7dfc7f134feddad6caf133adba933901f6efc0b55b2244039bc57a7a10f6854861cd8412977fb7540c77c5179bab9b25145b62402f19e27353f3a

/data/data/com.GalacticThumb.BouncyCats.off/files/.jiagu.lock

MD5 4a0a056d8ffaaa5a12abf5c413323180
SHA1 9e4421623fab0bc10b2170043331d6c79bc98ace
SHA256 3518f953a02b45b0f743a22b4f6dd5681bd9279255ecaee6c4aec715e45d18b0
SHA512 4ee777e8c80ba83a568238964aebeaa84587666f6167689faa2541dcc28a1fd5e15310a9f582d0cea3f547c58565f2d8db31f6915f6af32852d026e313b11f14

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.rd

MD5 a44ca61c3e81275423f29ce641dfe352
SHA1 4942fdf330457e4995c5fd7eba61ae868d7b771a
SHA256 7eccb85a2e4e2d336498e1b41421621b5dbbc10cf0680128433f5a9e9ffd17a9
SHA512 ba17a7472a339693c5ca734842120e6bff2a07940735eb963b19d880dade3da6119cb2092e3fd1a31fc1452a644a6143d0ad49292aa05c40a4cc5f951112d048

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_pid

MD5 0ae98e92dcc3e6f9eb6deacf8b6c32fc
SHA1 3b933724f5c75b9b006f9ff386fa461e4e5fed4d
SHA256 1339782501e68d0169e4b19569881d3504a52309a6eb339c28d06e64a409d7d7
SHA512 80c5ca6546fb345bda982f5b90a8c624ff66507999b65835794b27d9766ece89c1b780773b5bf7170caf561e58739c65a9c39b43cf447fb65eda534907a887b0

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk.h

MD5 2c50f0beed7a93259b681f0e1c5f5dfc
SHA1 8071a2fc3ec267b8403e19b05ca871e01994de00
SHA256 a6663e04aa9585e30eb83508906cc5f6ba51bdb1b4bc9784541037027a096f3e
SHA512 fc4b1873eb2a68e0bd6448f516d9247de921d1838c713bcbf75b4d131e676e575c11bd96747dd4c5e79bdea24d10bd2624e5830ea9ea1e232388aedf244d78ae

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk

MD5 1fe7100669686892ae637baf7ece367d
SHA1 de22335ccbd19e788a05122e154e519b47e0f789
SHA256 176c4048d86864a0320d333213c532e46353eae2d13f4b080d15a365d87f42f1
SHA512 fda3fd5b83fb79360f985cc9fcf100fc35056815cb2acab8d3a5b56c36d1f639fee3b2733eb74d41aa07d5f0628fe11ace1d935136c1d8de4cb891fe4a8da262

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ac

MD5 abbee5d48ff8260d8171ac2105c1737f
SHA1 8d6311c25445f7275e4d55ea060506989220b066
SHA256 25659bafd905211b8b94246e76938db52c33f32c1bda003e8d6cdde669d9058e
SHA512 698b5e3950677399ddf7837b63b952ea84f345ded10c09cba2429516df55feddb994958da9a5c809f21933d26733ff12e8380f75a8c3a0fff352f954cec48390

/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ic

MD5 6b985cd5a1ad7db98823464650354039
SHA1 87cc99bf59b1250f39a825ada8d97e7cffa03c98
SHA256 9415f8bd4024adf5611c1229bb692feae2f82f0b5682d284455b19e26f2ab11d
SHA512 eb72174c13f10bfca7bbca94e5a0f2de559b60d590635f0bb3aa93edab04156de1864ba0ad3778d6b93ee01113e6982821bc14ff457fe3916db5a9a25d5dcb5a

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tv

MD5 4b21fe9e2fab7b11e96223ae860b5a8b
SHA1 23ff3a2ed3ad9ed7e4034f6317670c75833683e0
SHA256 cabb9067f64c02de93632d8b0d64696179c7335ade7afb655deb385f58874be4
SHA512 6bab6d67d82a8aedab7905690c16bc8cf78b32690037ee05931a5c58e7950b71b72ea8a683d159c7c663845bb767b45b9418378e43cdc2d78b33f9a7df347db9

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/as/cheuu

MD5 30cb72a6d62a0466e2f4f31d3fbf399e
SHA1 80dde809990b52a3f69372499dd787e07c1fd01e
SHA256 6be1349884484fc5e93b3fb8be0f360ef6be909758607b010fd1317dd8aae118
SHA512 f68471be7a800a3dc8cce92ab6bd54a14da5ea7abb9501aa6d55a777a2d9ec4347420ca43084bb2558fcca5cd2546b340f4f74853ec5d0cfcfa45ce88b9ae2d7

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tmd

MD5 519687c508c1ae9a83136d64442feaf8
SHA1 a52d4f6cb5da9fec4bbf0a8ab80a79108c0b314a
SHA256 d55aa8cf3b293b3ac718b8a3b88054e9a3ed10fa3bcf7efed7eb29c8c3e7f20f
SHA512 fc1ed4bfc711cd16a7669243c04359ec652b5cfb46ae7c5b6b100f2c4153ec3782e90463502e2fab2353368c808d2ceed192679a993c4692473d8ff22d17da81

/data/data/com.GalacticThumb.BouncyCats.off/app_ebody/res/xmtok/37765/uuloi

MD5 09fe76567e87ec409dab8c7878fd0f5d
SHA1 22328b8f8acc573e171dcdbb4a40a5b29c5664f0
SHA256 6bbefb01d899ba0327d8496a401d733d7b56dbd36c3b434acefcb61162e45f62
SHA512 f3726ab75eda1769b76bfde9994f9c97f2114898df6895cf158ca38f552ac934edea4c79e44f9ebb33c0b4c0ce5dc0a948bb19bbede4047122e29ae2951d982a

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva

MD5 d62b0ef424a685dc10247d8d18bfc925
SHA1 ce0306f35c01aa3a147c9af2463c5a518a7a6df6
SHA256 3701d0d89e10f85a387fd4f0fb1a16e8f22e512f046c9a1bd2e0bc3330f66ed4
SHA512 0acf384d5382b9985f39d588fa316a47ebb17cc2cb5a719f772a3db85bc5418e068f5155f6e6c5b7cb15420bfa0cd8c477d138dd587b3dd0d72a0d89dd3f6275

/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar

MD5 0678252839f270b481227769afef0bd8
SHA1 599ecbb2b3db05f38b20cc2edc5ed56c1bfb1ee7
SHA256 83619625399621480aee892f741376137bfe37d968f8ea18f123d583cb29aa4d
SHA512 bc19c2fe4455d32198dda3cc3fc80b96d8534a6fbf32b176358ef3a6baf04dd3ba9d69046a17457c6241d6e0c8ea6aac9e68d18228a4478f35f1ac45388ce59c

/data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar

MD5 a884fb4c088c73a805344c46102f7779
SHA1 17d1e3c01dc090198c2e0f113b4a4d0eb64be394
SHA256 0cef1e149112392bc908bee25b157a5ae15e04cc68b8d0c509cd39227813536d
SHA512 8f0890edcddd8da5e77ec74513839ef172dff333933bf5fce4f9cff244cc94b3475d1f67a8ff47555b7532ede88832a0785a36838215d711f2f41d8750446817

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal

MD5 67857b717859639d212d89eba819e5ec
SHA1 8af852041317bc13d054adb054b23bf018eed4ca
SHA256 9f6f2e4bef499885965a5e86460570c21fe7396a1ffc3b963df42191cd6d01f4
SHA512 63cebb418212b47a0890c9e92723dd4f4cd3b384acd877000b07d0a4add176eec62cf65e70a0f6b5df1523be83884a8826320660b483ce3008804e26fb944bf4

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal

MD5 d3ad6f8bae72e9bfa542059a16a31acf
SHA1 f79c8cf5b8d5dda3a40b3503ef051ad99e544e9b
SHA256 a45d668cf08571509105b807b58128a8c076441c08081d8955cf362f36ad715b
SHA512 d9d4023ed4b6611e3066b1ba26cdc3ad93b3d3109b21d4a8480a3069f355d07720294e9dc3bdf29442ccd42f66bea26bccb7bf9ad730dd775a2a03bfa5172c90

/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal

MD5 f6428fed6d7c04a6338f2dbb3c59efe0
SHA1 e46199362f94f485d6b23383d33cc6eb7ecc7548
SHA256 520f5f06dcd0bcb0f5468194bc63b80c746f6860966be055a03ada5659f12728
SHA512 f6c767b4492f4fed1f69c8f546ee77f9642e3e329ab576e95e344874ad2838e2a26f86f66657daeec8f0b6c026d91a9a75f8f6ab6d81f38b83d468c1b13eac34

/data/data/com.GalacticThumb.BouncyCats.off/cache/com.heyzap.sdk/entries.json

MD5 9abb23440eb098329d40e2c2ab91f020
SHA1 3f804b1a0b720796c9ba9e9e4365f31094c51b24
SHA256 619232d578647cd5da389f8f52723df7347cbace501fdd160869ec53addfab54
SHA512 0ee0813d36e7e060fc2b6f48acd10c7ddd1eace15cd39daf4903d91382a00b6aa9199be424c13bc1bb420689cb57904a90c77aefcb4bad1605045eb6d24151e2

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/SettingsCrossPromo.txt

MD5 dbb89453bc1faba723affb86a86864d9
SHA1 98059d4a01632762a8312244c45e1a221a389ab7
SHA256 bd729197752d5b0db6d658a23ea99013684ccdad0ebc5f587b5ce903429d5575
SHA512 59283e3df498d69aa23503382103d7892f637850e8385fea579f99da85ccee61f4160b1bbec0d4b4b3fcaa645a8739d00dc008c53a51e29d219e28ebda08dca1

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.f49be86b/e

MD5 62501d783fc4f8a1b3c0c99e5923b1a7
SHA1 a257eb7dc38ba4eaaa81104de2e57c65d31a3be8
SHA256 9127a0c81e2349ae87671d63438bded9fc0cb9ef42905da6ea6cfa38aa405c3a
SHA512 20620ad87f8ebb59834cb230cbb3f6c3da2a06b6e13d6398734f7508266d6778347d6eec1f7eae046373a3d58254768de5282996fbb8bd05fc1cee6ba44ba94e

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.f49be86b/s

MD5 b1a25b9e0e1329539f3a7c8c3e1dfeb7
SHA1 243b7325fe9059f727953f90cfd15c5f58fd220f
SHA256 b9b6a7805623bca9ead585804a1caab05acf56e5a64b3f7f3dc1f325bd086565
SHA512 373ae5507ea6ffb2f9b6a620106db1616a311569da3246217b0c635ffe230c17dc929428348b8393b5673ac073ad164e3be3e26020268122918eba4cd9c39e3a

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500001.f49be86b/e

MD5 ffeeff8a3a134c32d42372b0a15ddbb3
SHA1 ed96003c70d11b83b414413fbfffe276ad7850e5
SHA256 7f50007dee9c5bad4ede41fe8708101c13f51c6317fae5fee7e6073d59f063d9
SHA512 d282f6e66f555f08e3f4410d41712f486c4cfd897ad96dfc5dc6a1403d383bd5d3b0c6f8c97fa580ca8bd2a67282e87b2252597f2c904f81fe8f59c762a213e2

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.f49be86b/e

MD5 a52b2059743216413c15429d6a0ec29a
SHA1 9f329a643b023343ade901381975742185fd5f84
SHA256 8ca9116cae6a5642fa529838f5fa0debe3f97b1187df8d65647a61bc062f2b9c
SHA512 e28b438253ee0c95d7442fd84552be9771fe3040dd387b3090dcf47a2bf93dc757230ee1bdef3738415429151d5ed4a92d85171ff2a4c202046ddfb8d01c9c8b

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/values

MD5 a9b53b73794fa55d8e04f4e232cab66e
SHA1 031531ac57a524ad2dfaced18d4448fcda9ddc64
SHA256 6509bd5a09805d73b6c2f509a60fb306a49f483eb2e1075b7f8e3654520a6fbc
SHA512 d5959c76bcae59c0e460eda1acad7b8ea261b69c2c7891d7bdd57936b73d3f8b7b1f5ef9ae38cffdce29f0c9ec39348ce20ac2ee8627e5bf0561822a6af39e15

/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.f49be86b/e

MD5 3ae4a5fe978b95c3cdcc698311919790
SHA1 fcc6e5ac74275e74b10ac239858c03385e850c8a
SHA256 44f0eddd07e70527a61487f7c35a3170422220c02a5f1b68654a6cf49a77315a
SHA512 d4bdbe5103e476a74136c54167058bb1086dcfb4d223aff313d84d9d430c4269fec1733bfd0fd9647869d6296573ca89c0feae1b0218d14f024eac08de093b10

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 06:50

Reported

2024-05-10 06:53

Platform

android-x86-arm-20240506-en

Max time kernel

7s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

N/A