Analysis Overview
SHA256
216e04ebbd089ec576aeca2c5a199868b05a20a7ef214e90542fcaeba6de2ba7
Threat Level: Known bad
The file 2ddf7ac55b28a74b390b9ff70abbdbf0_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks memory information
Queries information about running processes on the device
Checks CPU information
Loads dropped Dex/Jar
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
Checks if the internet connection is available
Queries the unique device ID (IMEI, MEID, IMSI)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 06:50
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-10 06:50
Reported
2024-05-10 06:53
Platform
android-x64-20240506-en
Max time kernel
8s
Max time network
131s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.78:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-10 06:50
Reported
2024-05-10 06:53
Platform
android-x64-arm64-20240506-en
Max time kernel
8s
Max time network
132s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 06:50
Reported
2024-05-10 06:53
Platform
android-x86-arm-20240506-en
Max time kernel
127s
Max time network
148s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.GalacticThumb.BouncyCats.off
cat /sys/class/net/wlan0/address
cat /sys/class/net/wlan0/address
sh -c ps -ef
ps -ef
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | a.dan665.com | udp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | game.62game.com | udp |
| CN | 47.107.234.67:8001 | game.62game.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | ads.heyzap.com | udp |
| US | 1.1.1.1:53 | med.heyzap.com | udp |
| US | 1.1.1.1:53 | radiuscraft.com | udp |
| US | 89.116.133.8:80 | radiuscraft.com | tcp |
| US | 89.116.133.8:80 | radiuscraft.com | tcp |
| US | 89.116.133.8:443 | radiuscraft.com | tcp |
| US | 89.116.133.8:443 | radiuscraft.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/libjiagu.so
| MD5 | de685970891708f6edfd18f03c6557ba |
| SHA1 | ac50f88327652a72df73d43e9260faf169283c34 |
| SHA256 | b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e |
| SHA512 | cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0 |
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex
| MD5 | 8e3216943300c0192df48b91eb4bb24f |
| SHA1 | 1dfe01369e5a229266dac2959ddcaf248ecd0081 |
| SHA256 | 1883e6b6a6d87dc4872f79bfd53070d375292e6d532d53b6d8f71bf90a890733 |
| SHA512 | e0c2272e28ab7bbe5c997ca5ef0b0683d203751a27a188227ca352016bd56d9cdd26bf78b09dc75ccc0126c877c8c47e7086c30555f7cf43f77f273a10d8072f |
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex
| MD5 | 27e8d4a78d66bd0e9c58fea6d55adebc |
| SHA1 | c0e5a911f30ee5bd24fa19a0d5fa6097dee706fa |
| SHA256 | bb2cf0acd7f6dd9aa88e8d56dc31fac745406d06a169bed596f56e3c671c5408 |
| SHA512 | fb99bf75dc2c88e73cc7e4ae7dfdbc41646825f8fb1bfb729ec5c9731477e94e13848db4584b0e7e736d0fb4abe250bf24754b2212d9f3258372ef94148926d7 |
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri
| MD5 | c18a19674f0f77a8073059911045824c |
| SHA1 | d42e53de30cbaeb10e86773c56b0e119d096ac54 |
| SHA256 | fc4bcadba54317e0d26cf9034f4da93ac65309874b12bf446a54d83b323ca865 |
| SHA512 | 09e5ea04b1db12c4cb518f8ab7d39fb3b3c6f4f1c5c05fab0483eda039d217f2774966d8899cac3e56d431680ae55a96a62e6dfb6a93b2ccb58b5d338f49808b |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri
| MD5 | 1f233675ab2ef895d13e529446a41021 |
| SHA1 | d54fbb69f9e42f50661bb6d59563c74a99e5995e |
| SHA256 | f1785770388b22dd66fe5a0d35fb99daf34a9845ed13634b8edbe4c9bd25f13d |
| SHA512 | 3759a8d4e2c7180694a8a90cb21e3c871b9d76bf463f3ca99cac20233a377df2eb6f775a4979c2e968025eedec4cc36298cef67a542dd0316451be687afd87f5 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jiagu.lock
| MD5 | 74494ca53edf34c15814eebaa4d14801 |
| SHA1 | 6d3284819f2c96b14c126596b49fb6dc6acd4d1a |
| SHA256 | 7d5dce9b8ab65dc484a18256b2b8bb8f09a94c516f9b7ebee2c63e1be46c4963 |
| SHA512 | 4b75b88857936da253f03b4135aed5b8a7456e3c7bec6226f92faa59642128fa15fd06653f3948e38cc7b373d7711ddaf183a61bd3f9ef69bf2bdf965d7f9501 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.rd
| MD5 | a44ca61c3e81275423f29ce641dfe352 |
| SHA1 | 4942fdf330457e4995c5fd7eba61ae868d7b771a |
| SHA256 | 7eccb85a2e4e2d336498e1b41421621b5dbbc10cf0680128433f5a9e9ffd17a9 |
| SHA512 | ba17a7472a339693c5ca734842120e6bff2a07940735eb963b19d880dade3da6119cb2092e3fd1a31fc1452a644a6143d0ad49292aa05c40a4cc5f951112d048 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_cf
| MD5 | 46c4be8038c15bf3702dead409476237 |
| SHA1 | 29f3f5c27927030760cf7f1f77c84b6926480d85 |
| SHA256 | 0a8f3bc515788c69a1094ae14a4b15bf32b49c4ab65d84b04f2649e54663f01b |
| SHA512 | 2a981ddf55359dea0c90a123f14e8c0a987629cd11cbe04a71365bc1155833c19168746e679a9476238aaaf022ed3c58bc0d4bdf7250327a7b8f79cdc3988459 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_pid
| MD5 | 0ae98e92dcc3e6f9eb6deacf8b6c32fc |
| SHA1 | 3b933724f5c75b9b006f9ff386fa461e4e5fed4d |
| SHA256 | 1339782501e68d0169e4b19569881d3504a52309a6eb339c28d06e64a409d7d7 |
| SHA512 | 80c5ca6546fb345bda982f5b90a8c624ff66507999b65835794b27d9766ece89c1b780773b5bf7170caf561e58739c65a9c39b43cf447fb65eda534907a887b0 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri
| MD5 | 50b3df7668ff536a17b94c93971da78e |
| SHA1 | 888bcd8a58016e24f56b923c806bbb24b007fff7 |
| SHA256 | 20c7706fc8424f8c869e4cbec461a86565f1bee47257fcfcd1a412e0400c4ad0 |
| SHA512 | e7af1fda9f45495ae3290e639051bae5e96b3d75117da7414013db806eb01f2dded2ccd83616fcfd8716f45cf2d13a5fff44234609b9e36d0a6ad839512711ea |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk.h
| MD5 | 2c50f0beed7a93259b681f0e1c5f5dfc |
| SHA1 | 8071a2fc3ec267b8403e19b05ca871e01994de00 |
| SHA256 | a6663e04aa9585e30eb83508906cc5f6ba51bdb1b4bc9784541037027a096f3e |
| SHA512 | fc4b1873eb2a68e0bd6448f516d9247de921d1838c713bcbf75b4d131e676e575c11bd96747dd4c5e79bdea24d10bd2624e5830ea9ea1e232388aedf244d78ae |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk
| MD5 | 1fe7100669686892ae637baf7ece367d |
| SHA1 | de22335ccbd19e788a05122e154e519b47e0f789 |
| SHA256 | 176c4048d86864a0320d333213c532e46353eae2d13f4b080d15a365d87f42f1 |
| SHA512 | fda3fd5b83fb79360f985cc9fcf100fc35056815cb2acab8d3a5b56c36d1f639fee3b2733eb74d41aa07d5f0628fe11ace1d935136c1d8de4cb891fe4a8da262 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ac
| MD5 | abbee5d48ff8260d8171ac2105c1737f |
| SHA1 | 8d6311c25445f7275e4d55ea060506989220b066 |
| SHA256 | 25659bafd905211b8b94246e76938db52c33f32c1bda003e8d6cdde669d9058e |
| SHA512 | 698b5e3950677399ddf7837b63b952ea84f345ded10c09cba2429516df55feddb994958da9a5c809f21933d26733ff12e8380f75a8c3a0fff352f954cec48390 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ic
| MD5 | 6b985cd5a1ad7db98823464650354039 |
| SHA1 | 87cc99bf59b1250f39a825ada8d97e7cffa03c98 |
| SHA256 | 9415f8bd4024adf5611c1229bb692feae2f82f0b5682d284455b19e26f2ab11d |
| SHA512 | eb72174c13f10bfca7bbca94e5a0f2de559b60d590635f0bb3aa93edab04156de1864ba0ad3778d6b93ee01113e6982821bc14ff457fe3916db5a9a25d5dcb5a |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tv
| MD5 | 4b21fe9e2fab7b11e96223ae860b5a8b |
| SHA1 | 23ff3a2ed3ad9ed7e4034f6317670c75833683e0 |
| SHA256 | cabb9067f64c02de93632d8b0d64696179c7335ade7afb655deb385f58874be4 |
| SHA512 | 6bab6d67d82a8aedab7905690c16bc8cf78b32690037ee05931a5c58e7950b71b72ea8a683d159c7c663845bb767b45b9418378e43cdc2d78b33f9a7df347db9 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/as/cheuu
| MD5 | 6bfde945515d1ca0846ae84d9d7513e1 |
| SHA1 | 95b0005cf3e4f1f5b94cc8d1cb4812dea35f4d3e |
| SHA256 | 80e9be1c5268a810dd3ee43e7065e7286c69930b20f85b1e239d2e4bc5176934 |
| SHA512 | 21108a40028bd0d572d09b50e3a6ab7e4ab482940ef37cde1a90e6e0e3cfe9d73ab4da3c7c565b1968dbb7da430644d644bc6a0a8f23b265b36e4587d9d9e335 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tmd
| MD5 | 519687c508c1ae9a83136d64442feaf8 |
| SHA1 | a52d4f6cb5da9fec4bbf0a8ab80a79108c0b314a |
| SHA256 | d55aa8cf3b293b3ac718b8a3b88054e9a3ed10fa3bcf7efed7eb29c8c3e7f20f |
| SHA512 | fc1ed4bfc711cd16a7669243c04359ec652b5cfb46ae7c5b6b100f2c4153ec3782e90463502e2fab2353368c808d2ceed192679a993c4692473d8ff22d17da81 |
/data/data/com.GalacticThumb.BouncyCats.off/app_ebody/res/xmtok/37765/uuloi
| MD5 | 09fe76567e87ec409dab8c7878fd0f5d |
| SHA1 | 22328b8f8acc573e171dcdbb4a40a5b29c5664f0 |
| SHA256 | 6bbefb01d899ba0327d8496a401d733d7b56dbd36c3b434acefcb61162e45f62 |
| SHA512 | f3726ab75eda1769b76bfde9994f9c97f2114898df6895cf158ca38f552ac934edea4c79e44f9ebb33c0b4c0ce5dc0a948bb19bbede4047122e29ae2951d982a |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva
| MD5 | d62b0ef424a685dc10247d8d18bfc925 |
| SHA1 | ce0306f35c01aa3a147c9af2463c5a518a7a6df6 |
| SHA256 | 3701d0d89e10f85a387fd4f0fb1a16e8f22e512f046c9a1bd2e0bc3330f66ed4 |
| SHA512 | 0acf384d5382b9985f39d588fa316a47ebb17cc2cb5a719f772a3db85bc5418e068f5155f6e6c5b7cb15420bfa0cd8c477d138dd587b3dd0d72a0d89dd3f6275 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar
| MD5 | 0678252839f270b481227769afef0bd8 |
| SHA1 | 599ecbb2b3db05f38b20cc2edc5ed56c1bfb1ee7 |
| SHA256 | 83619625399621480aee892f741376137bfe37d968f8ea18f123d583cb29aa4d |
| SHA512 | bc19c2fe4455d32198dda3cc3fc80b96d8534a6fbf32b176358ef3a6baf04dd3ba9d69046a17457c6241d6e0c8ea6aac9e68d18228a4478f35f1ac45388ce59c |
/data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar
| MD5 | a884fb4c088c73a805344c46102f7779 |
| SHA1 | 17d1e3c01dc090198c2e0f113b4a4d0eb64be394 |
| SHA256 | 0cef1e149112392bc908bee25b157a5ae15e04cc68b8d0c509cd39227813536d |
| SHA512 | 8f0890edcddd8da5e77ec74513839ef172dff333933bf5fce4f9cff244cc94b3475d1f67a8ff47555b7532ede88832a0785a36838215d711f2f41d8750446817 |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal
| MD5 | af39610c602e3778de8f460c532f40f7 |
| SHA1 | 13595cde760cebd919528c470daa09d7df3af68f |
| SHA256 | a17b7886782346537016105c84d2c189a5580ee07b16c55a1ccf1c70fd6d7fc0 |
| SHA512 | 074eabced3cc66f8fdbe5259283e9b9ed2cd2da9035a4c3966c5327a0a777c1f8496f56cf5565fde6f870afe291f7f6f3a20a1fb300eb15dc653817b7f13e9fb |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-wal
| MD5 | 6cfc9034d7030c59bf087a0fcf6de4bf |
| SHA1 | db40b1be7e575c319b771889624f06121bf35246 |
| SHA256 | 68fff9829e6fe46df1a92a9afd079792ff409ae8f42416b2530e0cb1032967e7 |
| SHA512 | b19020a76d58e03de7c9d3c553e0221e6b7617f8882cfe5865950ded7a5e4cb8dfaee05f6b40327bbebb703c3e0dd9526b472990884f52ef86c7f9068fc58763 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/oat/vva.jar.cur.prof
| MD5 | af3104e04a1b65783614f4543f0be4ec |
| SHA1 | c0bb9d69f9351b3238e0b4fc856fb693a1b5da24 |
| SHA256 | 8d169f03e76a9618695abd05f9b1a3fbe39db64a48bbac86f584813be23a6572 |
| SHA512 | fd05871bad38da298433a57f3c4f1b6bf02d24353911c7b9af31caf3ac779c68cea8f4008ad601996acae8957e428dbf049254859092f80f5122fe7dba099224 |
/data/data/com.GalacticThumb.BouncyCats.off/cache/com.heyzap.sdk/entries.json
| MD5 | 9abb23440eb098329d40e2c2ab91f020 |
| SHA1 | 3f804b1a0b720796c9ba9e9e4365f31094c51b24 |
| SHA256 | 619232d578647cd5da389f8f52723df7347cbace501fdd160869ec53addfab54 |
| SHA512 | 0ee0813d36e7e060fc2b6f48acd10c7ddd1eace15cd39daf4903d91382a00b6aa9199be424c13bc1bb420689cb57904a90c77aefcb4bad1605045eb6d24151e2 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.48a0cd3e/e
| MD5 | ccafef3a5d1071ae70645d84ec788891 |
| SHA1 | 9740b126a26dde5ca8c95102e16ed867a2dfb9d9 |
| SHA256 | 900136dc70baf5f0ca0483851e35af042ec41a719693e11da7600e05bf64994b |
| SHA512 | 7405e1dad2726a5627ff23117bd8fa864a0dfe4bcfd999867808d21f1f6e29f3696fbb7f16214ecefd3406cccb32b0c1929e6d840bee9bd39f6f171967e67217 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/values
| MD5 | 5a9ce2a0fbdd36a05ed8ac3cdd298fde |
| SHA1 | f017a2e8d411fe2ea86c46fd8f3a9aa5372c0bd6 |
| SHA256 | 21d265fc70671a5982eb539212cdaa723838c49472ff5ac7e2cde6fc253d50bd |
| SHA512 | fb95a21cae26750c21b8aac2a4414ca33a3250f9df181102dda8d970a3cf9e714cf2fd2ca5a0f2fa20057949748f2550e65a89c07a429f53fd359793f9cda540 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.48a0cd3e/s
| MD5 | 31aa1c8492f3e79a262decad8e01a426 |
| SHA1 | fba378977993664b5424ed40a6799e5043bf7a63 |
| SHA256 | c822aa3c5262a1751df6843a2290b79b1e72384d597b9788d1936652725237a3 |
| SHA512 | f6b4d091eba45f3e3f3fccf643a9eba4c5998fc1b62a4f865e04e7f492befc0c3e3e3f01d7e23458ee67783ae2fd953bdf795967f711c75c13d05ceb2bf06169 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500001.48a0cd3e/e
| MD5 | 64096b2e4a78219afc0f237c3d97b7dc |
| SHA1 | 3875ef29a34590c39ffa39d1b12032a3693a83d5 |
| SHA256 | 440eed7d19ccd94db13f51ad467f8d2887f15e8d250389dae9853b16f264f3e3 |
| SHA512 | bd419d63e50a9f70aba5c2dfd09b8ca9caaf1c9f6a16511b432422907f485d1ad28b81c66bc92ed12db162603812c6f1146057baad689f57773fe8516dd01540 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.48a0cd3e/e
| MD5 | 2afe7c85cdb6830aeae5aa1aaaf66958 |
| SHA1 | 942c65839144c5cc1f0643a4e889dc1335c352ef |
| SHA256 | 55df8f16d74c682d02aca8d89aa7f71a003a8cad504664ae95e5357f057fda4a |
| SHA512 | 54bf414a8794f17707ac5fea03241e6e2eff7d5cbfb52bcaf26a589e7577db57954c5e761291b63aba1577ad0f5e82713d3f14d80010b71ce3be9c5d5aa06712 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.48a0cd3e/e
| MD5 | 1ac089f943a3b40ec775c19d1a093b3d |
| SHA1 | 465e67bdfd573bd4d4c53093839e99808afbba14 |
| SHA256 | 0dddbbc0a19bf8ac2b5c81589f372bd9524b716140af72e5b25a08f42be83da5 |
| SHA512 | 73863a9e86fee3071a9f081c34ea594464752350600bada5191cfe5396609daa953bf42c6bc885e490d4ba3334809d74facafbfb50bf5efb793d859cb862f051 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Settings.txt
| MD5 | dbb89453bc1faba723affb86a86864d9 |
| SHA1 | 98059d4a01632762a8312244c45e1a221a389ab7 |
| SHA256 | bd729197752d5b0db6d658a23ea99013684ccdad0ebc5f587b5ce903429d5575 |
| SHA512 | 59283e3df498d69aa23503382103d7892f637850e8385fea579f99da85ccee61f4160b1bbec0d4b4b3fcaa645a8739d00dc008c53a51e29d219e28ebda08dca1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 06:50
Reported
2024-05-10 06:53
Platform
android-x64-20240506-en
Max time kernel
134s
Max time network
160s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.GalacticThumb.BouncyCats.off
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | a.dan665.com | udp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | game.62game.com | udp |
| CN | 47.107.234.67:8001 | game.62game.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| CN | 39.108.120.165:9127 | a.dan665.com | tcp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 1.1.1.1:53 | ads.heyzap.com | udp |
| US | 1.1.1.1:53 | med.heyzap.com | udp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | radiuscraft.com | udp |
| US | 89.116.133.8:80 | radiuscraft.com | tcp |
| US | 89.116.133.8:80 | radiuscraft.com | tcp |
| US | 89.116.133.8:443 | radiuscraft.com | tcp |
| US | 89.116.133.8:443 | radiuscraft.com | tcp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/libjiagu.so
| MD5 | de685970891708f6edfd18f03c6557ba |
| SHA1 | ac50f88327652a72df73d43e9260faf169283c34 |
| SHA256 | b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e |
| SHA512 | cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0 |
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex
| MD5 | 8e3216943300c0192df48b91eb4bb24f |
| SHA1 | 1dfe01369e5a229266dac2959ddcaf248ecd0081 |
| SHA256 | 1883e6b6a6d87dc4872f79bfd53070d375292e6d532d53b6d8f71bf90a890733 |
| SHA512 | e0c2272e28ab7bbe5c997ca5ef0b0683d203751a27a188227ca352016bd56d9cdd26bf78b09dc75ccc0126c877c8c47e7086c30555f7cf43f77f273a10d8072f |
/data/data/com.GalacticThumb.BouncyCats.off/.jiagu/classes.dex!classes2.dex
| MD5 | 27e8d4a78d66bd0e9c58fea6d55adebc |
| SHA1 | c0e5a911f30ee5bd24fa19a0d5fa6097dee706fa |
| SHA256 | bb2cf0acd7f6dd9aa88e8d56dc31fac745406d06a169bed596f56e3c671c5408 |
| SHA512 | fb99bf75dc2c88e73cc7e4ae7dfdbc41646825f8fb1bfb729ec5c9731477e94e13848db4584b0e7e736d0fb4abe250bf24754b2212d9f3258372ef94148926d7 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri
| MD5 | d6b5cb58cd868ddd962ed10d7cd3c4fb |
| SHA1 | 465c761e761998cbccf155dba6921a210e0aa100 |
| SHA256 | 2dd9cf4a41116bd8b53a8dd8fcbe649c5376cd3ebc111fbcbf5b887aef7edd73 |
| SHA512 | 41e95838a838e445c733c2c2680e503e7cb8105027f7ba5a0f0b5c928fe8a3fa6c20acd1f548d91aa8aca00b86e3c3b5514d9d535f91f9a320d5b011b4c11147 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ri
| MD5 | 27982f940fedf5afd4053c31d13fc5f3 |
| SHA1 | fc8bb8423e00b2304d7211520488dc34f0268626 |
| SHA256 | c04208eaeb84e60aef1288fc1fbea9d404023930d84bc4f7836293acd6d57aba |
| SHA512 | 01c06d303be7dfc7f134feddad6caf133adba933901f6efc0b55b2244039bc57a7a10f6854861cd8412977fb7540c77c5179bab9b25145b62402f19e27353f3a |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jiagu.lock
| MD5 | 4a0a056d8ffaaa5a12abf5c413323180 |
| SHA1 | 9e4421623fab0bc10b2170043331d6c79bc98ace |
| SHA256 | 3518f953a02b45b0f743a22b4f6dd5681bd9279255ecaee6c4aec715e45d18b0 |
| SHA512 | 4ee777e8c80ba83a568238964aebeaa84587666f6167689faa2541dcc28a1fd5e15310a9f582d0cea3f547c58565f2d8db31f6915f6af32852d026e313b11f14 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.rd
| MD5 | a44ca61c3e81275423f29ce641dfe352 |
| SHA1 | 4942fdf330457e4995c5fd7eba61ae868d7b771a |
| SHA256 | 7eccb85a2e4e2d336498e1b41421621b5dbbc10cf0680128433f5a9e9ffd17a9 |
| SHA512 | ba17a7472a339693c5ca734842120e6bff2a07940735eb963b19d880dade3da6119cb2092e3fd1a31fc1452a644a6143d0ad49292aa05c40a4cc5f951112d048 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.store.report_pid
| MD5 | 0ae98e92dcc3e6f9eb6deacf8b6c32fc |
| SHA1 | 3b933724f5c75b9b006f9ff386fa461e4e5fed4d |
| SHA256 | 1339782501e68d0169e4b19569881d3504a52309a6eb339c28d06e64a409d7d7 |
| SHA512 | 80c5ca6546fb345bda982f5b90a8c624ff66507999b65835794b27d9766ece89c1b780773b5bf7170caf561e58739c65a9c39b43cf447fb65eda534907a887b0 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk.h
| MD5 | 2c50f0beed7a93259b681f0e1c5f5dfc |
| SHA1 | 8071a2fc3ec267b8403e19b05ca871e01994de00 |
| SHA256 | a6663e04aa9585e30eb83508906cc5f6ba51bdb1b4bc9784541037027a096f3e |
| SHA512 | fc4b1873eb2a68e0bd6448f516d9247de921d1838c713bcbf75b4d131e676e575c11bd96747dd4c5e79bdea24d10bd2624e5830ea9ea1e232388aedf244d78ae |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.pk
| MD5 | 1fe7100669686892ae637baf7ece367d |
| SHA1 | de22335ccbd19e788a05122e154e519b47e0f789 |
| SHA256 | 176c4048d86864a0320d333213c532e46353eae2d13f4b080d15a365d87f42f1 |
| SHA512 | fda3fd5b83fb79360f985cc9fcf100fc35056815cb2acab8d3a5b56c36d1f639fee3b2733eb74d41aa07d5f0628fe11ace1d935136c1d8de4cb891fe4a8da262 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ac
| MD5 | abbee5d48ff8260d8171ac2105c1737f |
| SHA1 | 8d6311c25445f7275e4d55ea060506989220b066 |
| SHA256 | 25659bafd905211b8b94246e76938db52c33f32c1bda003e8d6cdde669d9058e |
| SHA512 | 698b5e3950677399ddf7837b63b952ea84f345ded10c09cba2429516df55feddb994958da9a5c809f21933d26733ff12e8380f75a8c3a0fff352f954cec48390 |
/data/data/com.GalacticThumb.BouncyCats.off/files/.jglogs/.jg.ic
| MD5 | 6b985cd5a1ad7db98823464650354039 |
| SHA1 | 87cc99bf59b1250f39a825ada8d97e7cffa03c98 |
| SHA256 | 9415f8bd4024adf5611c1229bb692feae2f82f0b5682d284455b19e26f2ab11d |
| SHA512 | eb72174c13f10bfca7bbca94e5a0f2de559b60d590635f0bb3aa93edab04156de1864ba0ad3778d6b93ee01113e6982821bc14ff457fe3916db5a9a25d5dcb5a |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tv
| MD5 | 4b21fe9e2fab7b11e96223ae860b5a8b |
| SHA1 | 23ff3a2ed3ad9ed7e4034f6317670c75833683e0 |
| SHA256 | cabb9067f64c02de93632d8b0d64696179c7335ade7afb655deb385f58874be4 |
| SHA512 | 6bab6d67d82a8aedab7905690c16bc8cf78b32690037ee05931a5c58e7950b71b72ea8a683d159c7c663845bb767b45b9418378e43cdc2d78b33f9a7df347db9 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/as/cheuu
| MD5 | 30cb72a6d62a0466e2f4f31d3fbf399e |
| SHA1 | 80dde809990b52a3f69372499dd787e07c1fd01e |
| SHA256 | 6be1349884484fc5e93b3fb8be0f360ef6be909758607b010fd1317dd8aae118 |
| SHA512 | f68471be7a800a3dc8cce92ab6bd54a14da5ea7abb9501aa6d55a777a2d9ec4347420ca43084bb2558fcca5cd2546b340f4f74853ec5d0cfcfa45ce88b9ae2d7 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/seey/tmd
| MD5 | 519687c508c1ae9a83136d64442feaf8 |
| SHA1 | a52d4f6cb5da9fec4bbf0a8ab80a79108c0b314a |
| SHA256 | d55aa8cf3b293b3ac718b8a3b88054e9a3ed10fa3bcf7efed7eb29c8c3e7f20f |
| SHA512 | fc1ed4bfc711cd16a7669243c04359ec652b5cfb46ae7c5b6b100f2c4153ec3782e90463502e2fab2353368c808d2ceed192679a993c4692473d8ff22d17da81 |
/data/data/com.GalacticThumb.BouncyCats.off/app_ebody/res/xmtok/37765/uuloi
| MD5 | 09fe76567e87ec409dab8c7878fd0f5d |
| SHA1 | 22328b8f8acc573e171dcdbb4a40a5b29c5664f0 |
| SHA256 | 6bbefb01d899ba0327d8496a401d733d7b56dbd36c3b434acefcb61162e45f62 |
| SHA512 | f3726ab75eda1769b76bfde9994f9c97f2114898df6895cf158ca38f552ac934edea4c79e44f9ebb33c0b4c0ce5dc0a948bb19bbede4047122e29ae2951d982a |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva
| MD5 | d62b0ef424a685dc10247d8d18bfc925 |
| SHA1 | ce0306f35c01aa3a147c9af2463c5a518a7a6df6 |
| SHA256 | 3701d0d89e10f85a387fd4f0fb1a16e8f22e512f046c9a1bd2e0bc3330f66ed4 |
| SHA512 | 0acf384d5382b9985f39d588fa316a47ebb17cc2cb5a719f772a3db85bc5418e068f5155f6e6c5b7cb15420bfa0cd8c477d138dd587b3dd0d72a0d89dd3f6275 |
/data/data/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar
| MD5 | 0678252839f270b481227769afef0bd8 |
| SHA1 | 599ecbb2b3db05f38b20cc2edc5ed56c1bfb1ee7 |
| SHA256 | 83619625399621480aee892f741376137bfe37d968f8ea18f123d583cb29aa4d |
| SHA512 | bc19c2fe4455d32198dda3cc3fc80b96d8534a6fbf32b176358ef3a6baf04dd3ba9d69046a17457c6241d6e0c8ea6aac9e68d18228a4478f35f1ac45388ce59c |
/data/user/0/com.GalacticThumb.BouncyCats.off/files/ebody/res/37765/vva.jar
| MD5 | a884fb4c088c73a805344c46102f7779 |
| SHA1 | 17d1e3c01dc090198c2e0f113b4a4d0eb64be394 |
| SHA256 | 0cef1e149112392bc908bee25b157a5ae15e04cc68b8d0c509cd39227813536d |
| SHA512 | 8f0890edcddd8da5e77ec74513839ef172dff333933bf5fce4f9cff244cc94b3475d1f67a8ff47555b7532ede88832a0785a36838215d711f2f41d8750446817 |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal
| MD5 | 67857b717859639d212d89eba819e5ec |
| SHA1 | 8af852041317bc13d054adb054b23bf018eed4ca |
| SHA256 | 9f6f2e4bef499885965a5e86460570c21fe7396a1ffc3b963df42191cd6d01f4 |
| SHA512 | 63cebb418212b47a0890c9e92723dd4f4cd3b384acd877000b07d0a4add176eec62cf65e70a0f6b5df1523be83884a8826320660b483ce3008804e26fb944bf4 |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal
| MD5 | d3ad6f8bae72e9bfa542059a16a31acf |
| SHA1 | f79c8cf5b8d5dda3a40b3503ef051ad99e544e9b |
| SHA256 | a45d668cf08571509105b807b58128a8c076441c08081d8955cf362f36ad715b |
| SHA512 | d9d4023ed4b6611e3066b1ba26cdc3ad93b3d3109b21d4a8480a3069f355d07720294e9dc3bdf29442ccd42f66bea26bccb7bf9ad730dd775a2a03bfa5172c90 |
/data/data/com.GalacticThumb.BouncyCats.off/databases/cc/cc.db-journal
| MD5 | f6428fed6d7c04a6338f2dbb3c59efe0 |
| SHA1 | e46199362f94f485d6b23383d33cc6eb7ecc7548 |
| SHA256 | 520f5f06dcd0bcb0f5468194bc63b80c746f6860966be055a03ada5659f12728 |
| SHA512 | f6c767b4492f4fed1f69c8f546ee77f9642e3e329ab576e95e344874ad2838e2a26f86f66657daeec8f0b6c026d91a9a75f8f6ab6d81f38b83d468c1b13eac34 |
/data/data/com.GalacticThumb.BouncyCats.off/cache/com.heyzap.sdk/entries.json
| MD5 | 9abb23440eb098329d40e2c2ab91f020 |
| SHA1 | 3f804b1a0b720796c9ba9e9e4365f31094c51b24 |
| SHA256 | 619232d578647cd5da389f8f52723df7347cbace501fdd160869ec53addfab54 |
| SHA512 | 0ee0813d36e7e060fc2b6f48acd10c7ddd1eace15cd39daf4903d91382a00b6aa9199be424c13bc1bb420689cb57904a90c77aefcb4bad1605045eb6d24151e2 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/SettingsCrossPromo.txt
| MD5 | dbb89453bc1faba723affb86a86864d9 |
| SHA1 | 98059d4a01632762a8312244c45e1a221a389ab7 |
| SHA256 | bd729197752d5b0db6d658a23ea99013684ccdad0ebc5f587b5ce903429d5575 |
| SHA512 | 59283e3df498d69aa23503382103d7892f637850e8385fea579f99da85ccee61f4160b1bbec0d4b4b3fcaa645a8739d00dc008c53a51e29d219e28ebda08dca1 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.f49be86b/e
| MD5 | 62501d783fc4f8a1b3c0c99e5923b1a7 |
| SHA1 | a257eb7dc38ba4eaaa81104de2e57c65d31a3be8 |
| SHA256 | 9127a0c81e2349ae87671d63438bded9fc0cb9ef42905da6ea6cfa38aa405c3a |
| SHA512 | 20620ad87f8ebb59834cb230cbb3f6c3da2a06b6e13d6398734f7508266d6778347d6eec1f7eae046373a3d58254768de5282996fbb8bd05fc1cee6ba44ba94e |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500000.f49be86b/s
| MD5 | b1a25b9e0e1329539f3a7c8c3e1dfeb7 |
| SHA1 | 243b7325fe9059f727953f90cfd15c5f58fd220f |
| SHA256 | b9b6a7805623bca9ead585804a1caab05acf56e5a64b3f7f3dc1f325bd086565 |
| SHA512 | 373ae5507ea6ffb2f9b6a620106db1616a311569da3246217b0c635ffe230c17dc929428348b8393b5673ac073ad164e3be3e26020268122918eba4cd9c39e3a |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500001.f49be86b/e
| MD5 | ffeeff8a3a134c32d42372b0a15ddbb3 |
| SHA1 | ed96003c70d11b83b414413fbfffe276ad7850e5 |
| SHA256 | 7f50007dee9c5bad4ede41fe8708101c13f51c6317fae5fee7e6073d59f063d9 |
| SHA512 | d282f6e66f555f08e3f4410d41712f486c4cfd897ad96dfc5dc6a1403d383bd5d3b0c6f8c97fa580ca8bd2a67282e87b2252597f2c904f81fe8f59c762a213e2 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.f49be86b/e
| MD5 | a52b2059743216413c15429d6a0ec29a |
| SHA1 | 9f329a643b023343ade901381975742185fd5f84 |
| SHA256 | 8ca9116cae6a5642fa529838f5fa0debe3f97b1187df8d65647a61bc062f2b9c |
| SHA512 | e28b438253ee0c95d7442fd84552be9771fe3040dd387b3090dcf47a2bf93dc757230ee1bdef3738415429151d5ed4a92d85171ff2a4c202046ddfb8d01c9c8b |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/values
| MD5 | a9b53b73794fa55d8e04f4e232cab66e |
| SHA1 | 031531ac57a524ad2dfaced18d4448fcda9ddc64 |
| SHA256 | 6509bd5a09805d73b6c2f509a60fb306a49f483eb2e1075b7f8e3654520a6fbc |
| SHA512 | d5959c76bcae59c0e460eda1acad7b8ea261b69c2c7891d7bdd57936b73d3f8b7b1f5ef9ae38cffdce29f0c9ec39348ce20ac2ee8627e5bf0561822a6af39e15 |
/storage/emulated/0/Android/data/com.GalacticThumb.BouncyCats.off/files/Unity/local.ff37f21ed80cc18439ba16d91343b04a/Analytics/ArchivedEvents/171532390500002.f49be86b/e
| MD5 | 3ae4a5fe978b95c3cdcc698311919790 |
| SHA1 | fcc6e5ac74275e74b10ac239858c03385e850c8a |
| SHA256 | 44f0eddd07e70527a61487f7c35a3170422220c02a5f1b68654a6cf49a77315a |
| SHA512 | d4bdbe5103e476a74136c54167058bb1086dcfb4d223aff313d84d9d430c4269fec1733bfd0fd9647869d6296573ca89c0feae1b0218d14f024eac08de093b10 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-10 06:50
Reported
2024-05-10 06:53
Platform
android-x86-arm-20240506-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Processes
com.miui.ad.mimo.plugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |