Malware Analysis Report

2024-12-08 03:07

Sample ID 240510-v6bs7shc2w
Target 3040bc6608d3686b9584147c0b046f19_JaffaCakes118
SHA256 4f4edc543ef1d32480dacccd44a9bde9e91cc3afb71606193ffb9496707d18a1
Tags
discovery evasion impact persistence privateloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4f4edc543ef1d32480dacccd44a9bde9e91cc3afb71606193ffb9496707d18a1

Threat Level: Known bad

The file 3040bc6608d3686b9584147c0b046f19_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery evasion impact persistence privateloader

Privateloader family

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Queries the mobile country code (MCC)

Loads dropped Dex/Jar

Checks CPU information

Checks memory information

Acquires the wake lock

Checks if the internet connection is available

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 17:35

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 17:35

Reported

2024-05-10 17:38

Platform

android-x86-arm-20240506-en

Max time kernel

144s

Max time network

154s

Command Line

com.orangenose.suila.mg

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.orangenose.suila.mg

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk --output-vdex-fd=65 --oat-fd=66 --oat-location=/data/user/0/com.orangenose.suila.mg/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk --output-vdex-fd=97 --oat-fd=98 --oat-location=/data/user/0/com.orangenose.suila.mg/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 coding.net udp
CN 81.69.167.241:443 coding.net tcp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
NL 20.33.39.105:443 sdkconfig.ad.xiaomi.com tcp
NL 20.33.39.105:443 sdkconfig.ad.xiaomi.com tcp
US 1.1.1.1:53 zeus.ad.xiaomi.com udp
US 1.1.1.1:53 f5.market.xiaomi.com udp
NL 20.47.97.231:443 zeus.ad.xiaomi.com tcp
US 1.1.1.1:53 file.market.xiaomi.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 152.199.21.175:443 f5.market.xiaomi.com tcp
GB 88.221.134.19:80 file.market.xiaomi.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 88.221.134.19:443 file.market.xiaomi.com tcp
US 1.1.1.1:53 f4.market.mi-img.com udp
DE 163.181.92.231:443 f4.market.mi-img.com tcp
US 1.1.1.1:53 sdkconfig.ad.intl.xiaomi.com udp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.104:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.104:443 sdkconfig.ad.intl.xiaomi.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
CN 175.24.154.130:443 coding.net tcp
US 1.1.1.1:53 diagnosis.ad.intl.xiaomi.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 42.192.175.15:443 coding.net tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 ogserver-prod.appspot.com udp
GB 142.250.179.244:80 ogserver-prod.appspot.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 ads.mp.mydas.mobi udp
US 1.1.1.1:53 analytics.localytics.com udp
US 52.6.115.28:443 analytics.localytics.com tcp
US 52.6.115.28:443 analytics.localytics.com tcp
US 1.1.1.1:53 androidsdk.ads.mp.mydas.mobi udp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp
GB 87.248.114.11:443 androidsdk.ads.mp.mydas.mobi tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 1.1.1.1:53 21998.engine.mobileapptracking.com udp
US 13.225.78.40:443 21998.engine.mobileapptracking.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 androidsdk.ads.mp.mydas.mobi udp
GB 87.248.114.11:80 androidsdk.ads.mp.mydas.mobi tcp

Files

/data/data/com.orangenose.suila.mg/app_mimo/mimo_asset.apk

MD5 2878419a97a0ba893c8fcfcc63af1710
SHA1 9b0e4080e7ddda556b00cbab897ca325773f7d6d
SHA256 37b5b7b4efec4ce91eec09409f0689bed89051864fdb67e29013fc563efefaa2
SHA512 e2a6179083d5a425c8311f95cec54a956a3e116e08dce3c77244a955ef33d38930961b0698d7392a6b7596c1c99d03551f4e949ca85df63f51fd4eec11626fb8

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 8e0f12336c0369fa39bee9ffcef419af
SHA1 68af82f3c1a868ee09bb589c9283b33d8ba5c7ce
SHA256 0d1d5aa1359a57eeecf807c84c3670be5d63a05fdebc8ca1b4ddd4af66924e5a
SHA512 af91c74618e1cf3331d9504f12ebd6fd0c1ede22876195462a61aa6a0cb71e3a6e14e6592bc5520457ba75900909dcc4d990e68c03b359794e9679a78c56c212

/data/data/com.orangenose.suila.mg/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-wal

MD5 d1e203bf4c91abe4aece1ce622b438d5
SHA1 261acd5bd7485377edd52b4882b20db81a7e5f44
SHA256 a8a97da6fd22865f1c254c39cc4cfa9c4f35408022a1673230e6780876f55d02
SHA512 63ca84bbe578b98556fd6a085fb35696ea7386f2ab59ce5014e35e3755ead95f02959c8646f1ecc95ec420dff396318d4d7ea2ade1d677ce5ad4622a97487fff

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 8276a6b06510e8605395a5895f089a50
SHA1 979f2f531fd21f99283e9126e91175051b3f1a64
SHA256 08d9c33f8c0bf515b8f0e70eb0ba9a8a899abbf8347aac89ce4d7535392d1bbc
SHA512 de5da21e094c53522b1cd5e1c7e8affc8c2b31bc40f21988fdcc345180c43076f993716b21f5eb61ffb1e558146aff78ab98bc02c63b8cf0f9eb1b12fe58c683

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 58d00b06acfdc6e476c3d94cb672ab14
SHA1 67d10f80809a07d973d66c060f7f7f4418469565
SHA256 ff38dc220958e7e1a37851d1ecffe073b0f2c6738e017afc21afb4ed9f9ac61e
SHA512 e8f0f4d6e5c6cd0a443b747faa50e40dde960088aba690ac7971bc0f623902d78a1bfec9415d5be05a958f4583c5c68e885fe986e7da33f783f0bd17974d3136

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 8b7b56a4a2d7e3db72e3c3e7148cdb11
SHA1 e58ab79644b0297e83e091f25dae1701d0a5bb1c
SHA256 e4116ca2f18e3cd77ad41caa68dc3655e920128a2f54ba094e2f62a2dc468878
SHA512 1df01da44a572bc01ef0356cc0ac947a3fd52ee9ae041207fe5ae338c7b2ffb8249d252f537786f0dc8ceb6f594bd35b533629e87dbf7cce5792d81993b9be86

/data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk

MD5 125960ff6760ac511b7b84b40d7cee77
SHA1 34406b1db2e0e14a147ebb2b57d888befa2a66be
SHA256 7033faf2e195a2b8200f570f54db3bc7b25f790cd422766d9b1f34117b140e75
SHA512 2a7912b90220c8d5eb65a1854ef38a2bbfb669b85093e70130506c4cbff3f1f63c47e0ff24a04dfbeed473928d3407fce11524a0e9086b61242914fbcbd985ca

/data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk

MD5 fb3a4df493763bec44f25c81c4d4cdc3
SHA1 236d84375278053edf8814ce0a36f88d61f9cb2a
SHA256 974c20f248aadf19238f58394904f25c641f764a3f891b0af479b78db9697615
SHA512 0b12074355206501d5ce193acfdd219ae4034287c22df488697b36d88afda2204c8eebb375026ef0fa95e726666bc7d6212ca782974ebe9b1f7360d7d559caa2

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 a375d4acb141f16b671b9d3a8dd06807
SHA1 d137b3d0f9988856a258206e2312d7f3f082de3b
SHA256 87464286e3d838b886023375d71f375dfba6ae288c04d05ff11417e7417ef8bd
SHA512 f24dd8c66bcdddcf96924e1700f4446fa6d4fcc06d0c3b18a3ef8f96ddf1103b6fb97d01096f465654956af43b7846a024b62a268c3d68aa41b18cdf909395ea

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 744514bee11fcf2124cdb7ec2a57066b
SHA1 3febb1591aef44a5ec9213ecfa8f1d8ec4a242bd
SHA256 39226beff3c56e5b0e345d9119f73a0ff457d0bdb5fd00d945edabcdf8945943
SHA512 504579569c1ed8aa0b3fa8de241cdfba86d06ec25a9cec92ac1323381a2312b872dd6b72fab3f5c8b10b33ed2720349a875948e886fc194c45f52569af596fc4

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 fa5b9dcd3193dbdfad291fe24198a2d2
SHA1 ad66f3422f2dbea88b7e931eb687d50d114bf9fc
SHA256 9e33b156426c22bcd008b17b10809ce01a0d6ceec2582428c7f98eceb063513a
SHA512 0b55e94339cb2e09df20c401c5cdad174d9f3dc511c266ef4f67af463a0b84db7494d285b8d0c2ccd87ecee8abbe8cd56b54ad2afc124eb7905bec9d8da90dd3

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 cb3dee2516c42cba018afec25ae0ddc2
SHA1 018b5088c7f59d3e727466f2b582cda15c3b271c
SHA256 161ff506814874381e1dba2567953eb0def449cc7caf93b03e1f728fb64f7174
SHA512 19ee4a48c866d5972784ad25e9c6a06ac5dad574acc5428e11c4c630db915d6a3ae38fb6953aabe90bd1a54f99e2a696a60c40c8713a4f0e752b4f709ac1bf00

/data/data/com.orangenose.suila.mg/files/umeng_it.cache

MD5 51ba5b9d3ae183514ba587a8dd48b2e9
SHA1 bd7eedb1a7344466f7c7abba9a7013de0399b01d
SHA256 5b17e3047bd7517130ca519dbd1ffbdf488dc9a33e338aa9374df278531c0681
SHA512 6f159658a6f2b300002b068b72d0e7002cf3dcff67377b7ed93db28c1d67590c50972ea7795fcb5f5b27fffdfc2a5f0bfb342b4da38c14ab4fcfdd45cdfeb30d

/data/data/com.orangenose.suila.mg/files/.umeng/exchangeIdentity.json

MD5 c620288f1992c4115f9019832f022f7c
SHA1 31778b1c7e116e7fe727d583c4e5b683b37a5c48
SHA256 bf9213624f2dcd9eaa047e9d284f1b9ab7d8c9071d9af41f00bad58f26988920
SHA512 29f478abe031b697d9cedc7fb8c8d4d3c44cb62536fcc96e78aa7b5eb7f9ff587fc2f63321b10315a90ece66601db248f67ba601ae2165688f5eccbe411efd29

/data/data/com.orangenose.suila.mg/files/exid.dat

MD5 bcd64f87a29c972e2e803cf49a411bb5
SHA1 6cadbde407a70285ef462b5c15f00b94e028d120
SHA256 d07cd44022382ca4453b81c024ebfb8a83aff0c486f6f25507ab27f4f075a8ac
SHA512 500886ecb117f8f1d20f55694972fe1b5f08b940b7011166378372110d977efab9896c1461744985db95cd13df715bf67df60050427d0c721136224270c73de6

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 d122af1af29ceb029ddefc909786b006
SHA1 5808cf93491097141571b47407558e5f52fd2c21
SHA256 97cee771eb168e612e596385f1633780817ec6f9f73248191737567b37000637
SHA512 6a2b584577125c2e0b09d3be80546d9663fadc6cbc16773f3ea8a1bdf4b46eff0dac47a3c40f3062a18fe19082e8f1667228b2c522dff9743ca921be5871c899

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-wal

MD5 61e3a41c5dab0b4dbabd1058e742d8dc
SHA1 76bf6c8f490b52f78a291d7c8de2e31f453de82b
SHA256 cccef80749597e9db7016e1eb860526e7daa5092fd407c4361d9e1ce4ea8d9df
SHA512 d04b91ec3e245e81d215848c9ca68da373b430fa19c19783e5c83ae8fc7ac5830d3b939841e3ae77dc98fa8d76b4faeb239c574a6b428840aa440f6dbd9402f9

/data/data/com.orangenose.suila.mg/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.orangenose.suila.mg/app_analytics/analytics.apk.tmp

MD5 96cd1d0d3869ba9c0268093f42a43f2a
SHA1 3ba56396229842edea57e2505ceb13f69a17a659
SHA256 eaa7c018cfc3eab41e841f1b8442e55b9a658cc77ce7d56df1b7f0cc29f66c4a
SHA512 6e60aa3601d7021d195c1c6d37b0872823e3f1adfd44fe38acc1f69ac95b0bd5a675c2d33bad2055c1dfb037e233bc60d2b801aea7bc245654284ae29a30eb30

/data/data/com.orangenose.suila.mg/app_mimo/mimo_download.apk.tmp

MD5 3e86b24cfe8ea3644e3a6bb2f3bc75a1
SHA1 7881136fb412166d04ad5b6c4fdb9550a66fd99f
SHA256 1b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7
SHA512 40ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b

/data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk

MD5 28e256fef0da12d810df08f5379a640d
SHA1 a3a9631a794835c0efe6b3c908e38f643b37f1f4
SHA256 4099dce40d646f9e919daf80c3da81a24df6b2cd36692993a4691e7816185951
SHA512 9cef729667d321dff65ab5a84984b457a0c222a229ede1f5dd129f757ea6c9b8e34296d4963c5efa3f145113890fbf48a5fa7bdfa715ef2f6400c6b89123b0c5

/data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk

MD5 20c7472b502cc862addd90ec2ebf5424
SHA1 9aa0f9fac368fd05f74405650f66c517562d5a59
SHA256 fb466bbab06f86b73513c24b315bac76c328a6e828e04e03fc2917f49a325bbe
SHA512 da881952744c326c40b4e9492b42cddae9bf2a3a745e06932c496b86e1b66b4a28edec0b0cf17f3cdaaba571789e7a046a2061786dc7dcc225f5f3e4547fe7dd

/data/data/com.orangenose.suila.mg/databases/analytics.db-journal

MD5 8d35e846b1e23db8027af7f2c2823ce6
SHA1 3eabc015afe102e4f3da33625cc73d162ef6379c
SHA256 2471bc9982b59491fee13f4ebf5cb46e0a223564a49303b4292610251d1ba35a
SHA512 c68d3c12b99b12a4d4376c0e57a4fe3f79f95b48b56345f366ec2b62bd10f57d637a3f4ee0264f06b25afc00ecf4c02e683d52e88e0de6d7ab153809bdb55ab0

/data/data/com.orangenose.suila.mg/databases/analytics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.orangenose.suila.mg/databases/analytics.db-wal

MD5 03f6af7897f467764507de8e61a38196
SHA1 c828212680c0adcc9469c61b752a5ceba1fc641f
SHA256 a4a1e642f1a5bceb9dc5967322015e1d0821efeead304c9164361ffc36fab51c
SHA512 20133d84c02f41943ed25b83c01b8694be55178469cfcb20a0f42f8d9a8dad6076d6f90c25f9e8de2bda6e8f4f3a4a11253204e07ca458a57c0d65b776d0dea3

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db-journal

MD5 fb3a3b642649e97f4f87fe54240b0251
SHA1 b25a2ad481400be39bde27acc34eaaa2af061fec
SHA256 c791d3dd28e61f79da502079d1088805149f3a21f04e2a1786f4ba991a0fb576
SHA512 0dd2f4b97bf41f3a0a1d3e3b0fa1194f93e291621f85569df0dc4b973198a81e5b12719d99aa0f5c79b4ef03cedb32a50fd6ab48eccb9cf110945abdd5d38ff6

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db-wal

MD5 1436a3a8063080643911d7b583ba0cd4
SHA1 5aeee35e9bf4d7704fe7243c420c7c39eb1e20fe
SHA256 f7b91877881cfc91e0e5f0a2fc8a7f02eb1c76651ca1296e0f7aeef844070775
SHA512 e9b4c08238ee410e279ca5358045905a4e5b3a4fc58592894db7509261553757aecc0f62d268932b60b0cac1101e7ca794e87b9bd5b4093905d176b52f27d031

/data/data/com.orangenose.suila.mg/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 f0326dac3bd2b30f8d216ca46622eb2e
SHA1 e34cdf9529a96288d206b07c5078afb012be5b7e
SHA256 c59de2f2197323aae35f444e18f7f5d7ae2967cc486b0297bceaf329ef8dfcb7
SHA512 b91250a4e5cc4c2464657d7d625a3d19144b321fbc091041bae340dd8f7a27712dbc0c5961d50bc039471014c568fb06df9b8305f20e4ad08c65894e56b4c49b

/data/data/com.orangenose.suila.mg/databases/requests.db-journal

MD5 91bb8231d81ffefc541960722f9fb37d
SHA1 dec8a4758f6360cda81f61a8fb95539947fb7266
SHA256 37e46b2e0bfe88dd26307ca5cea0d5ef65c9706dfa44a3f37b23e129164befcb
SHA512 a39af35aca6fa05777a35622c27ef879c7598e01eac7bd877e8f3eaa9de39cff1b12998f0e5da1db86600c6fef585bc5c57b0b9a8a9a5afa9357d534e6036757

/data/data/com.orangenose.suila.mg/databases/requests.db-wal

MD5 8049dc235fc8454a01ce99bf8b705195
SHA1 a7cfc9c36338f1251dc14e883b8c05c9e56ed632
SHA256 e2d522a308e235b2b22856e178be687546b9fb37fe2a3e17ff1e434c62707fd3
SHA512 e81e20d3ad0bfd32f817ec38759c5253e356c7e753c462e76b8c0ec1cb852c2c38c8856a6c6b4325a71eff8482b7f6f99b93a0b6b414daf03344f965db70aafe

/data/data/com.orangenose.suila.mg/files/a194a0a7214f6cbda0672045c51505d1/policy.cache

MD5 04ecedd182ec514d1a60d8d2ac199148
SHA1 3cc41071881e11ef4a5e8500ba83eb91e0502aed
SHA256 690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf
SHA512 27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 fe7fbe46c329a1569a62dedede1a194b
SHA1 09302f8b884712bb462552c6db4a9dbe22246b58
SHA256 ac1c4a95cf8d35659aeaabace8f48c514be576cb21a0e1628672513a2a788940
SHA512 5a8e6925b0325b387a7d369e84ded2cf61c7aaae07ead4ffb88337d77647b0a1dcffb4d5ed5181386107b044717b09c309e25a2e4d18bf7adfbb28d5ed2d2a82

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-wal

MD5 c6cd13233ca96b0a21bf8c838d8e0e16
SHA1 cdf681336ff4befad5e2693756b543059a730c4c
SHA256 abe641a590c3001dd664a414f4ade131b1636b998ce6e184b32e6f62f8591077
SHA512 1d45f859bf03ecb961fead0d646f5d5c3f46567e0a1ec399863865b1e123b28f458f8a4707678a63ada0562cf8039412e3c763086696dc892add92448b49b337

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 db2f4bdf4e6b20b4761db3a5adcdf19f
SHA1 2ccfc81b87ec276be0e7c3216dac331e851cbdc5
SHA256 3070c2d7cbed2f89eedc1d99c5e74e918e7549ed9351e17bffb9db3d7614aa4f
SHA512 f87a76a61e46ceea970ae788041aa1d89655be7e08a34f10b42e75cd6246694a51d7eb80bab3c057d91cf333b07c5fff7f71e3eb37e93b003c92455219e6ba86

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 eae4c3d15c157d07af727067210d2706
SHA1 7f026ca8c8c19d66816087d43602dd80f5459684
SHA256 5c4776ae9a11f2095e22319d21e3762e7c35fbcdf830521847f8e9692ca4198b
SHA512 a133a284c3617c90eb5d55880d42168b7b788861821a0e36e72fcc47adac54f09f0c1b58d8407c022f7cb4ee6b21659aa3556d3f71d04ab4d99910d114f434bd

/data/data/com.orangenose.suila.mg/databases/ua.db-wal

MD5 8062d74c743a5774e0540be9b9188c6e
SHA1 ab3a48ad8f8625dcf5aea22515ecaa144845e1c1
SHA256 8bda981fcf4d4fa22bceaee2609d7d20526c9c4e3f2d560ae3a0e4298423eaf5
SHA512 8f696544929364f53aac409e0723c9b3cfd77bb7b3298fe0d6273caede44436536cfc43174ff942979895eb4d0dd44a56bc2453e16d9b0931c048e67a7a8b7f8

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 93ca628400f09c5718473524ad8abae3
SHA1 dafc50570916e2919d2512c36d1f289f20884ff6
SHA256 35253895a7cff82feac3c9d444f26e88d3692dd932964dd559445c60b489d49a
SHA512 1aa2f31247e9967eb4be6da7a0a73042b85f16dc346d5f9d8e11f4cdb7fe6e02e39cd379a32d961e3fb8316dc0b0df7fe51ed0da2f7d0b5d33f38a27d952dbd8

/storage/emulated/0/Android/data/com.orangenose.suila.mg/files/Datastores/GameDb.xml

MD5 c36bc49b010a4ebd0acd69a7ad49c83a
SHA1 e6a417e27e1c436ec2f65d56fbafd3a2aac5b2cf
SHA256 a37a91ecb7dc2559339a2903fac812601c68ecf3d2aa677eb78df5ff523dccea
SHA512 77e6d157ec4a68ae23070cd1256d304acf8e9800cc477e61c32bce5982fb220c78d90f2f7c13e914659fcd5048d45d9c1fd26039dd3424bd6842d170d06f0c2a

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.analytics.sqlite-journal

MD5 a79aa03c18875373448bf5c12c8b93f7
SHA1 3303e2897aaf2518b3477c70309e3bd2cc2ce550
SHA256 c536a8a78f63efb4dc604a991716a67b8ac54da7f818819962133121a0f64972
SHA512 dd2919501c9ca76cf9eb00902d599d96d55c2950a29625fed1a7912c517c5f74205ba802e460dc1f7cf90ea675347326a39f37a3c16c8d9915afe8d9ac3026a4

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.profile.sqlite-journal

MD5 da175f8e739208cbfaa38464b6d172c5
SHA1 d2538b582f2f54f76b8f0ffed1550c45c17b0fe4
SHA256 5a4ce55f434f593ab6778752176444ca7c683cd6a4918a2026299b5331e659c3
SHA512 0e5fbb84fc9e504323bff5a91d5f78328aefa9b43cc0ba2bb0aee1b752843b9b4d290c15dab1c78b8c15a3d615b24fb96867dcc8e662807e97a833c7aec1baec

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.in-app.sqlite-journal

MD5 9208dde9ec229d30587f4d0f5e8d0afc
SHA1 9152b849ebb1d0ea3c59eed2d6e6240851095f0a
SHA256 027fc0a4be06624f6f52fd776168a891acfd42ec26adc3b6e8de500e45f0c68a
SHA512 68b1369740ecd6d8257174971156ef889d114030d13e1b75b6c866bfb1307097e5b64535f7279ae7b5c84e608d700b80a778b2be617535f455e405eca6cf3c75

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.analytics.sqlite-wal

MD5 661dff037fb14fb27dc65c8f17c6284d
SHA1 82a8363708dca1d981b6ba1d8e9032ef1297dc61
SHA256 74be8ac78315ba94463538ade9081ef5067b3cafa316df4a5990ddf661f2a6d6
SHA512 2ca9eea57494f86f7bc95c7a431b1aa2e3901399ccec3882f20b9c7dfb2c3bdf4eac2a267beaf1f1091d78a1be290c955c8d0faa260361b1f9172c0c70dcbe24

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.profile.sqlite-wal

MD5 53d7f84ddf93189cdd62a5c1414cf1c7
SHA1 5ca3c2750d49457361a2d441d5d0f526390c009b
SHA256 b671e6aef7729ce7558cb670fa7a485271553919f995c3677a2fa3455a149530
SHA512 adaeb1af4a072ed114323ea42c933c3d155e7db67a86610d24e76400ebeb35ccae7d5fd6eaa1444520947929bfad69d96d66361446aa5af66db333ba9cbc26ec

/data/data/com.orangenose.suila.mg/databases/com.localytics.android.a144e1526d48fbb1a6cc9fdf57670fec9153a163352fa03798b140872afa77b.in-app.sqlite-wal

MD5 c1d93e7e30ccd7335f7d7b49ef419256
SHA1 d70078d45f426e66e7553f5150ee1d997620b179
SHA256 469319e3efe608e21f8cbbae554a8eb90bc4e00671e0cc0032a01a9b7d0b2139
SHA512 3e8b5b1a7efb394527deddd7691cb564ad0325ea5a92380f5772cbd4faf14213eaa5221ea5728dcf91c1f96258380fa1d46f6012fc2f2ea31cc52141376be3b4

/data/data/com.orangenose.suila.mg/app_analytics/oat/analytics.apk.cur.prof

MD5 bf5dce3f401c666f78f74aea0a6d351e
SHA1 e3bf5e8f136be7e85b02899efed6da82e1bee6ad
SHA256 079bcddb31f6537bcf76e23643f448b14855f070314a5da8fde9698c44499d58
SHA512 01d3ed362dcfb9281550572167c158fef25d994c000c7b7a6e349f20115322275422ae423f1d93450c4b9ba5b39cbca30f528de0f86b6368602221fe3463987d

/data/data/com.orangenose.suila.mg/app_mimo/oat/mimo_asset.apk.cur.prof

MD5 e5349f884cccf7479d07bfc6ca167c25
SHA1 831c3d9ee97d9d455743cedf7ae7697056db84c3
SHA256 046cc591df4e54238e3093abc4d914c28b955bfa17e096d3bc283bded4cdc73c
SHA512 4ac776f518cac396bac2ade5631c1ec5fa228cffac2caa604fe2301ea2beed92c4b3e7dfdbe86e76e767f607077ee9cd788a6af890486ecfc526973d21aae1cc

/data/data/com.orangenose.suila.mg/files/.um/um_cache_1715362700242.env

MD5 31fc45643e44c40a97961ae3b70b82b8
SHA1 ffbdedc8be0098961afb9de16d21afd56f05df3e
SHA256 d4639dba5162f5f56d05e9fb2b23d6356811736757435fe0997a0aff5599cae6
SHA512 7c88967886dc5d24dfa9e821901c0dce97d12329cecee42f6bf501936ed34e71d2916816b6794aa970093e51dfcaca2a99dd6a7449795020a8124fa34a85e935

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 17:35

Reported

2024-05-10 17:38

Platform

android-x64-20240506-en

Max time kernel

155s

Max time network

151s

Command Line

com.orangenose.suila.mg

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk N/A N/A
N/A /data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.orangenose.suila.mg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 coding.net udp
CN 81.69.167.241:443 coding.net tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
US 1.1.1.1:53 zeus.ad.xiaomi.com udp
NL 20.47.97.231:443 zeus.ad.xiaomi.com tcp
US 1.1.1.1:53 f2.market.xiaomi.com udp
US 1.1.1.1:53 f4.market.xiaomi.com udp
US 152.199.21.175:443 f4.market.xiaomi.com tcp
US 1.1.1.1:53 file.market.xiaomi.com udp
GB 92.123.143.233:80 file.market.xiaomi.com tcp
GB 92.123.143.233:443 file.market.xiaomi.com tcp
US 152.199.21.175:443 f4.market.xiaomi.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 sdkconfig.ad.intl.xiaomi.com udp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.99:443 sdkconfig.ad.intl.xiaomi.com tcp
US 1.1.1.1:53 diagnosis.ad.intl.xiaomi.com udp
CN 175.24.154.130:443 coding.net tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 42.192.175.15:443 coding.net tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.78:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp

Files

/data/data/com.orangenose.suila.mg/app_mimo/mimo_asset.apk

MD5 2878419a97a0ba893c8fcfcc63af1710
SHA1 9b0e4080e7ddda556b00cbab897ca325773f7d6d
SHA256 37b5b7b4efec4ce91eec09409f0689bed89051864fdb67e29013fc563efefaa2
SHA512 e2a6179083d5a425c8311f95cec54a956a3e116e08dce3c77244a955ef33d38930961b0698d7392a6b7596c1c99d03551f4e949ca85df63f51fd4eec11626fb8

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 157fce1c13988c4add7b2bde129f2453
SHA1 047d36003f47ebaa6d927388eadd57d6375b3508
SHA256 4226981194243f2532617eb9bf0f40214c7eeb8fa19c652e37dc9962f8c54a8a
SHA512 082344a1c577c5ccdff2b27aab21c7d69d69c05664d7c70469e794a706d69e4b91ca00b111c55e30fd09c07bb679c966daa367787a777829063a018a7065cdb7

/data/data/com.orangenose.suila.mg/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 952aaccbfc4d378477066f88a799603f
SHA1 7df1c1c02e450749ca5cb8a234ead10998cde620
SHA256 064ca6ee6803ac426804ca03d9c6ad9d4df7e54b35287cc6ab25b628df876c8d
SHA512 af7f12d7b04b6dc6faf1d632c2278c31067358425a190194f47b0db4a57933f554abe24859831edc39a357ba1193f4abb6af16ed1051bce6e59a0788aab01985

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 7a610464c9962d8968ca684493ef1938
SHA1 69aa97013ca1581b20555be09ea3dcc4ec38f641
SHA256 0cdd0061826b076aa53ddc05df44e1c61d6aa5998a650a0abb67d9ff9dbba679
SHA512 846d0ad0f8dd598c4eb728fd7b1b3507279e349c54dcf19173a8b6901e9379b5e6ba0d9d5be2ec0d79db277bf52c58af3938bf9dfac9d7e8b442ce6df6d07cad

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 bc7a1c06a509c0d2e61e337867f0d78d
SHA1 57e861819dcbaa0161212530e36f2394bcd17ff7
SHA256 2e677ed1d8545eb31cbd8f2a931e2737e3a4ad9c4385c5b1cc0833fe548408ef
SHA512 86de4faef91c99b9f66d92f223f928d289566574f61ceb5904c5666668b08a9f008442f6ec2caab2bdd3f5ed48afc8850fce8113736add4e2a7e081293cc628d

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 731106bc8247e949ca21e6347174c603
SHA1 3059e066559ef875c95bc19710e5d690a0766ae5
SHA256 c2f3edb4c88e7681375006b7ffa57af3345979058199b67bb2850640370ad158
SHA512 59ba272391156669dc3624fbc9e5c96b50e41a8226fc2ce050377d3d93307d28053808442db693b525456143510fec08aff407505cc8f64c755ceab65189bda7

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 0477b94940e99f2336ab9f3357d279f5
SHA1 ff52847cf73dfb58944de090ffd8cfa9a7d337cc
SHA256 b79a9145e871aa2f430d9af5fe9d1f71b4a734c926621e0158c642721b25b746
SHA512 665309e6ec1f8845ee7b5b8945e57f2e86d81aa77de7809d36d6a3b51af09c573cf5194d2e1147f9610bc5594a4e6a0d6ed02df044588fc19af8b22391232cc2

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 6b9e388a36a0cdf7d2c9913e7c9e6236
SHA1 6daa7285fd879e536cfab11732fcadf29c9b49ff
SHA256 15bced997dde4c639c14f0cf0b4229c23a8638a114aab06470e6376529678252
SHA512 dc26304485324971ec1eafc47959ce953a26ebb284aa8265976a9e4982db55e813867733fac290c082027156103f54f78756f2ae5d8733075666afa4277e992c

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 d687faaabb18c9f306862427c900c533
SHA1 3493285236be0d8bed8c165815a5867e31f7af0f
SHA256 f6501d4fc215c6f12a5039e28ad42dabea7f39070d0b50cba0e705b23ff3e93d
SHA512 a5a07c743e210b9ecb7dc432335284d2b3c67b6bf91ba54c41e826bfead0d269c3a04d490b93a222050c93573f26c1e0dc4220fca962dbf3c687d95c5313d38a

/data/user/0/com.orangenose.suila.mg/app_mimo/mimo_asset.apk

MD5 125960ff6760ac511b7b84b40d7cee77
SHA1 34406b1db2e0e14a147ebb2b57d888befa2a66be
SHA256 7033faf2e195a2b8200f570f54db3bc7b25f790cd422766d9b1f34117b140e75
SHA512 2a7912b90220c8d5eb65a1854ef38a2bbfb669b85093e70130506c4cbff3f1f63c47e0ff24a04dfbeed473928d3407fce11524a0e9086b61242914fbcbd985ca

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 dd767f449b4d824f8efec998e795531a
SHA1 3cca4a9ba0d303df040a1451cd7232c9350c6085
SHA256 12338212884964ab5bc4dd2cdfd3fa00e78368e71477381e4bbd012592a42f3b
SHA512 49155d9463a896841727666df83cc1263136b412306af10209a5141f2e64b7c8b7fdf8d931a4ebaac780dbacbff853b5a8bd30d50fd8dc60c475ec11add16727

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 4e70d1a2d7332805e2b4ab7484c885f1
SHA1 1fd2e7b7b420c320fcba5ac2f64d001f26121310
SHA256 351ad389d15245f78460f451d32f0b001c1034ba65036013701e375000d6d1f1
SHA512 76e064c293bdd76d8a570e399237ca48217a72094ba22bd0ad8d7c22478fdfc020c813d2c5772cffac49fe2640a80c06918a601ffc6321eec628f260a2f10253

/data/data/com.orangenose.suila.mg/databases/ua.db-journal

MD5 f3da5b0efd0d858ead3515242abf4f7d
SHA1 04b7dfb1c6b5f9a13928460fe0638ccfbe690215
SHA256 cf233cf0b096de7c21b012e845b6df02be5ca2e18102c2425c3c102be3563d42
SHA512 d93338f1a408d8d9690a2c465191f0d1fa7d36e6e7cff9aa41aea4cfad7c5c9a1586bd9c0bf747f7ccfcb37d29f3c010ab766a07c7d126d9433140cf836753ae

/data/data/com.orangenose.suila.mg/files/umeng_it.cache

MD5 a92e4678ed55f01459239da9c98a80c6
SHA1 55c26e23753e6f1b30a9f372933e9e63708be868
SHA256 68d5c8eb0d83b430007e5689940ff952eb3eca4bf922ff9c70842ca23d5cb2d5
SHA512 416c7e5b696fec002faa3a398a264a641bc49c4677100ce92be1d18dc00555636d4debf9d45430b7c233a542624ead36129210bcc3379a039abbbcbd533304dc

/data/data/com.orangenose.suila.mg/files/.umeng/exchangeIdentity.json

MD5 2ea28f8a82f09b499691e2aada41b86e
SHA1 c9079b57393ab1e9dc3ee60cf627be1712c71268
SHA256 8d0eb8e00c3d7b5ba626f1db49c4bb987796885b9f59ecf1299f7f4b01e418be
SHA512 72ebf5e911ac94fb471c090c14f03c6666036ab014dbd1c06d89537dfee3bbda82975bdf013c5dd5c0ada744c315839ac7f688fe3a652d6a874d9d8a58ddcada

/data/data/com.orangenose.suila.mg/files/exid.dat

MD5 bcd64f87a29c972e2e803cf49a411bb5
SHA1 6cadbde407a70285ef462b5c15f00b94e028d120
SHA256 d07cd44022382ca4453b81c024ebfb8a83aff0c486f6f25507ab27f4f075a8ac
SHA512 500886ecb117f8f1d20f55694972fe1b5f08b940b7011166378372110d977efab9896c1461744985db95cd13df715bf67df60050427d0c721136224270c73de6

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 d4aa9ece6328579081b1e15d1987d3fd
SHA1 a2b5afe9c0ee7967336d55116f5d23335c453878
SHA256 fa5140568beb67357c0a441eb4decc9b64a015c2d7c4ea441d1cdc32057dc6d4
SHA512 e018c93d36712de842cdd381fc58fd16acf8e975e89338080fae903b67a2224a8081e77318a89d906e9a5f3b3c596d66c9824ec4f5f169e8eaa52fa74d587a97

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 a161b71b989bb02a680407508ca9eca6
SHA1 82e99031e16b09a494e2caba56530dfef369e058
SHA256 80d30d92facc781439aa5baafa3c44139aa8eab4acf0ccb2bdb7cf172af08f23
SHA512 b5d7bc914ae146251edd99a40c0fa33d88cdb5b125774380b12d4bfb6dc98f7bc03ec732c65908cb6cb06a63bd87301c81f68a52518ecba2ef1de29a1795207d

/data/data/com.orangenose.suila.mg/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 2d90fce9c0871656cacd294da52762c1
SHA1 836ed8013d0f49873c07b681ad30b604395cb8e3
SHA256 4576b5c15c904dc48a378e9028e76e15b493fa0f22344fc8f83d9063a33fbfe0
SHA512 c1aa3e4ccd067bc5b19a704b58bf7d0db55ef225d14c7e1d19530100a36a5e944aca1750f27f439644d3183729601da4db1c57ba05b82e60457a8201d530ddbc

/data/data/com.orangenose.suila.mg/databases/cc/cc.db-journal

MD5 d9f4a24a3741df456d5bb3dc78e741c8
SHA1 c8290eafc47ccb17f1b5a0525887dd571afaa24a
SHA256 b262f851fde9b6e0e4825658a83757066b7dbb47a1d69b7d08c0da476a3f32f1
SHA512 f6dda590c594c2a654fc14dc722d7f22fc3a149473d9fec15c014c2810c480e10c1e4c0b8219d479f8c89b30229fc7626323e22d40f827d6512892c6d1e1ad0d

/data/data/com.orangenose.suila.mg/app_analytics/analytics.apk.tmp

MD5 96cd1d0d3869ba9c0268093f42a43f2a
SHA1 3ba56396229842edea57e2505ceb13f69a17a659
SHA256 eaa7c018cfc3eab41e841f1b8442e55b9a658cc77ce7d56df1b7f0cc29f66c4a
SHA512 6e60aa3601d7021d195c1c6d37b0872823e3f1adfd44fe38acc1f69ac95b0bd5a675c2d33bad2055c1dfb037e233bc60d2b801aea7bc245654284ae29a30eb30

/data/user/0/com.orangenose.suila.mg/app_analytics/analytics.apk

MD5 28e256fef0da12d810df08f5379a640d
SHA1 a3a9631a794835c0efe6b3c908e38f643b37f1f4
SHA256 4099dce40d646f9e919daf80c3da81a24df6b2cd36692993a4691e7816185951
SHA512 9cef729667d321dff65ab5a84984b457a0c222a229ede1f5dd129f757ea6c9b8e34296d4963c5efa3f145113890fbf48a5fa7bdfa715ef2f6400c6b89123b0c5

/data/data/com.orangenose.suila.mg/app_mimo/mimo_download.apk.tmp

MD5 3e86b24cfe8ea3644e3a6bb2f3bc75a1
SHA1 7881136fb412166d04ad5b6c4fdb9550a66fd99f
SHA256 1b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7
SHA512 40ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b

/data/data/com.orangenose.suila.mg/databases/analytics.db-journal

MD5 eaac5803d4a43de721845bc4eb4b772f
SHA1 a16f0da11958b9867ff5cc3929d33966213648c0
SHA256 47267f142a02bf69348c77f0c76dc79022ee4c5d3c73021f3931291cc0f07186
SHA512 3dacea747fa2bd34a17be39740591d76a22a877b9c862b7b972fb1b4b9ee7946bb08cfefbf15e4d116a1e871e9899dae828d160c74f77909491248b4ab6ab062

/data/data/com.orangenose.suila.mg/databases/analytics.db

MD5 073f7c58631744de7c031d7bff36c381
SHA1 9c8750dd3f9c8a83663f642446967e122aef9a71
SHA256 3acfd405afc0d5a596e6138b9a6a258d93aedb6c577515d9c1b3633cc7f0402d
SHA512 e07baf004aef22ae5b32e6d541d4fc192ff998add308f67652345b4ac59ded722758df5a5107ff8e290ce96554987b58bef17d5e0e1e3e4b3ebae33322cea7b9

/data/data/com.orangenose.suila.mg/databases/analytics.db-journal

MD5 8e98c96d0f19fe5adfca98794edb06d3
SHA1 0ab2152117d4d806060174c5d6dfc4c232e98555
SHA256 9d263e0153f5744cb706023fbf01049568b883376defd22ed633906d50c48038
SHA512 41072ff7971ea8b85d379a5b682950feb15c3d4049abceb37adeccbe231087e00116a3a3809141e985c189c447501fe66de93173789d65f9a72ec8c1397c3e0e

/data/data/com.orangenose.suila.mg/databases/analytics.db-journal

MD5 6ec1982a9d5a4d37c75282ec3ab4af5d
SHA1 acb1ca8b4e1d9ea22406d58956fa0befb3d9d199
SHA256 923dc5344dd02e084be53af12663cba48d6427e0cdfed9761a3fc7637518ffce
SHA512 48154998becba00e27c3da194ade6fc4140337ed8d4fc6f45e32b7253797b7994738b5e0c7f3ff14408aaa93e4c23cdc7c1114b7341aba310aceb29cbddcd0e1

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db-journal

MD5 2fa7ebdbbb20b920c66421a7ec961c66
SHA1 bd9356f9a4f74581f8019146025c749fa233983b
SHA256 be2afdff63b8d0ccca9c3ab3b2508b2f5b7e73a4d1526cdb2d03bb24f8e70ed8
SHA512 76ec9f0a91cda102c7906785aebb5a6a7791fb97a860def580edceb8aa608fc97e63e06b9a51409abfec6a43474e161879bf1b818f40da9612833d5fbfbed102

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db

MD5 17404cd61fb219220a6a314c7513faa7
SHA1 c9d8f189f39b14ca5a0ee2fd8fee939c54abc741
SHA256 79f61a99a2a4045362a92345e1edc227b6216126eb0b2ca193cda8ac6ec8c1a7
SHA512 2b05e3ff2c3d1c41cd6398933b4efc01106a702c60ed7e6854edcd96605889415d4910f91241cff65281981d8ddcd0da352c31d98ab49fa9ca3930723c16fc75

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db-journal

MD5 3363623da716930f0ce4d2333bded846
SHA1 b9b1b2ce2052dbb42327c209c42e4a04ed804ce3
SHA256 4dee2c220f7976903d79d854261bddb71f2f44b32ae5d36122d6b1956d21873c
SHA512 41b2ea8a9a520cc006b9d4091b700e14f681b85e0cf4d3699d4130850ae178be219eb217523ead677b8d1a25e6f28e93374877ab1854c94e8e047292356a3015

/data/data/com.orangenose.suila.mg/databases/analyticsv2.db-journal

MD5 55ba495d50ea7b0af01de7f30ed6ac92
SHA1 c07b08d726571fb4bd72152a1c41dec701d66607
SHA256 43f0e4da1f6a2a50f97cc9a351ee10959860d5fb435f37aa4e839a65360b75c3
SHA512 14755faf69080f136e7d6d0d8c35e016da0d043f34c9554512ebadb3f1c70c0069b748120e450e867c2671a69de629511381235a7f9e29560868b2ac43869582

/data/data/com.orangenose.suila.mg/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 f0326dac3bd2b30f8d216ca46622eb2e
SHA1 e34cdf9529a96288d206b07c5078afb012be5b7e
SHA256 c59de2f2197323aae35f444e18f7f5d7ae2967cc486b0297bceaf329ef8dfcb7
SHA512 b91250a4e5cc4c2464657d7d625a3d19144b321fbc091041bae340dd8f7a27712dbc0c5961d50bc039471014c568fb06df9b8305f20e4ad08c65894e56b4c49b

/data/data/com.orangenose.suila.mg/databases/requests.db-journal

MD5 08c9fb68b2db6dd0003ce56ca4a2b2c0
SHA1 3c00c711f46ae8ca482f2ad7ec1500c69c17efd4
SHA256 fcb2cd44701b6cb783b4fc4fa0bfb94be945c9d9361ef4fd53e351931bd4daa8
SHA512 529330e7345e5d74909cfe329420d647ad6943b48c03f74a46d2d7c2144c8de2eef5103ccb20f787a27abb6787fa88706a07604a729c59af85e2480c6325210e

/data/data/com.orangenose.suila.mg/databases/requests.db

MD5 46e6d260aad4939e6578fa547c8128a2
SHA1 389dfa55d720f3f8255a87e019855ecdd4a31590
SHA256 ef19573174dd62a5a63a6aa2db6bdd508173cbd8ead7b34d338d91a7ae9308c6
SHA512 107e4dfe13bab1e70011db5f56415a886f06664336dfa8ef2884556ad1c0e18fed156be320bbc12282642de4b1125756757ec22e225ac3b47c1a7e17b823a581

/data/data/com.orangenose.suila.mg/databases/requests.db-journal

MD5 5a902db4550da4bb853146580ffa1334
SHA1 5ddfecc9e69936a702b4a9d5966782c7f580b52f
SHA256 3d1709ce5d3284f6bab52938264bd50201a4ca4567c3f9094df0c603a64f313f
SHA512 76d1d1eefdfb66431e05bb33286e9e9c259e39fc003a589b94d589df183ad31f06fcc373605c89630540f1e0f532124688414461a31d20f6138233d57e2943ac

/data/data/com.orangenose.suila.mg/databases/requests.db-journal

MD5 71390c0082b3c546aa3ae1f617f4fc6c
SHA1 0848ba03d82e2d27ad6111dbb0acaa467a61fa87
SHA256 94190602705e6d48f2d457c424633a4bf75df19c75316d3b3ba03d76cf416ba2
SHA512 142ed88f8ff7afaf8828e84b7a0af4ff63cf16e35c5189b4d3697d250d1b4e5d8669aeda1478fbaf89c052059cf95b6d0a9d422ca45b0d5c819cbc72f68dcfb6

/data/data/com.orangenose.suila.mg/files/a194a0a7214f6cbda0672045c51505d1/policy.cache

MD5 04ecedd182ec514d1a60d8d2ac199148
SHA1 3cc41071881e11ef4a5e8500ba83eb91e0502aed
SHA256 690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf
SHA512 27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 414ca7f57d3812578a28e16b0566270d
SHA1 aacf8a18d01311a64949aa89c7290296d2d7a7b9
SHA256 60567d9df4fde931fa220be207442734f4ce16fd361f963720c2b56771f05814
SHA512 ef5bc001db7689989581e77f65af83c83c8b3da27f4655f98a2968ac0bd771ba39058cf129246d9d4bb29d57c068429adeb7646afcfd5beb21dfd060470ac22b

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db

MD5 1ae4ec5ff862378343fc1bd7e3db4ed3
SHA1 48bce7c9c8d5a4d72e9ac139f55a10d5d1873926
SHA256 1dd8b9882c7f882228615c95c7702ca298829b518d0b381265609f7e83396a47
SHA512 97d4ae89b982c344e33be4c391f06ddde0627ef2523e43dd13c201c0ce4b1756921f042adffe84c93fd1b721ff87a51947d7e96e0fac165b16e2a290b09b2939

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 9359004a72ccc2f989b344954031ad61
SHA1 73ca4a5c025d2b3faee44b2f95f0b71b49e7e5d5
SHA256 ab9eca92434cbb6cb5d4f8653175f5c92911634040b72df37690152addffe7dc
SHA512 5ac8c1122ff01ada311da932bc86cecc69db04d6442c2ede6f7ebdc77f8fe6d375c74bb295356891c895e70d6b574617130dec5f1208191c682f00c65005709a

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 d52eba06af921878d9a8e5ecf0fa5584
SHA1 28be868d777ce62cd409803b016c96861c3437de
SHA256 ce8cd5a0a08c5876c3ebad45de21ef98831de7772135ee4ebe18667b62baa05b
SHA512 408c8e4d939ba3c2a5af13cccbee7681667078b468f8991449bb027556294fd29843a3a071a9ae61c4cdc9fe022c88a439718e7540e755a88dcf2b95771cd4e0

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 1bc7cdde474222421549e8da76a9debf
SHA1 c738ff16220903960228df13cec6011b44a7f192
SHA256 4046576e816a245649d4d04fc31a19961e2724becc74bc99ced4c28ad9c66676
SHA512 8921751c8ad5d1a2ef21a42df6edbc00cb3f243c522b5c204a1f001f51fd2a6652b86f5014c0e341e93fcb29b02b8b44bf97249ec508d249f07b570843cfe276

/data/data/com.orangenose.suila.mg/databases/reportServiceDB.db-journal

MD5 8c176826517b64e36e5db9a1f1a378c2
SHA1 f65f0d528f860967a6e731b8ca135e8924cbedf8
SHA256 076446a112ee66a39ea3a08a2f2f7072ff495c544b4c6abdd8a2d2823710e9e0
SHA512 65fee9772cf1b163acf651626486883b34747dea3b825544859e275dc6348d1fe6a88bd5c0d5c35b141f77555020ac89632b3f6a9106193c75fb3a3f390f53b9

/data/data/com.orangenose.suila.mg/databases/analytics.db-journal

MD5 1cc9732515d2fd9cbba0a035af203228
SHA1 8ec7dbb948d2dc7c4623344e4fc4a452c1080909
SHA256 1ed0c32f25a3f374e15b7299c29aaaaa8cd6f2747322b972ef0451ba05f78fb1
SHA512 afe9521f4be9bdfd1fdebf686d2d56775e74ef4885a3778b1fb1db800c18b368cf4fcf8f16fa5fd3cdbc02d54c8c372c5a5adea42fb8ff983be99e6574c1758d

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 c9344a4420e17dfa300016c450019304
SHA1 e3a8964e8c2cfdf9d94703113c5faf98a399c5f0
SHA256 46b8aa990b50edc868c8a9066d7896335c328461fdf53059b562adaab56f9b96
SHA512 047da101979ecb9fa931c55bbf7e0e7ad29ff55e2c3d4666f3c80b882460004eba7d25836aa14fc10035b751ccf2bb1bbbdfb29550cecc3285efe91c78d7b303

/data/data/com.orangenose.suila.mg/databases/ua.db

MD5 057256eb744c27695ec4a557398bd4b0
SHA1 bca3fede7f2d752b58d36cffc6775a911c802923
SHA256 fb7c1e7fa04e18af6e785b012e4aaacc8ef13e43e9480af9aa2690cdc319a42c
SHA512 e25ec3a55b462f15d2cadd3589e6c711564ec0ee1901b090c1696308caa2e2f4930bd7dca5724ffd078a2ca8eae2779f50375b3c8abf19db83a9b09f1ccea540

/data/data/com.orangenose.suila.mg/app_mimo/oat/mimo_asset.apk.cur.prof

MD5 f58608a4b7514e388c93d6cce01d3fea
SHA1 2bb2a0291a122b9113eb1780c88b9ddad4345442
SHA256 c9e1ab269e5570e9f310ae8f474ae4f978933fe384dd3495d4873eaf1c246e37
SHA512 6e32419eb1bc712cd40d58f40f2fd8da25fa46833a6715d4f251efafc4f0233e30c8c98ae00c379959137abdf6540d737e9995a863f8f4b295a8f60246c0b80f

/data/data/com.orangenose.suila.mg/files/.um/um_cache_1715362696208.env

MD5 ca7a3e4c4d9be9115f5253906377e348
SHA1 86a7504a2d735c6672c27d7701e15df1e84fa781
SHA256 9818f0bf6e0a415a4f33a254914b3bc5f50f42f00daf9e8899a9082c0a179045
SHA512 593ca5169a0f03eb22d1d0e95b4b1c2ec92cf487aa974108af355fc5ec7c5e72a8e002164a9432420ae2abfea0f0e1a7415d8bf369da3bdd5348b4ced8675583

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 17:35

Reported

2024-05-10 17:38

Platform

android-x86-arm-20240506-en

Max time kernel

8s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 17:35

Reported

2024-05-10 17:38

Platform

android-x64-20240506-en

Max time kernel

9s

Max time network

144s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.201.98:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-10 17:35

Reported

2024-05-10 17:38

Platform

android-x64-arm64-20240506-en

Max time kernel

9s

Max time network

134s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A