Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-sbnheada78
Target 50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118
SHA256 f05c16eb969304b72f9ff3aa0701e4061484ba93734fea92ee3e88f681460442
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f05c16eb969304b72f9ff3aa0701e4061484ba93734fea92ee3e88f681460442

Threat Level: Likely malicious

The file 50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Queries information about the current Wi-Fi connection

Checks memory information

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Checks CPU information

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 14:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x64-20240514-en

Max time kernel

177s

Max time network

189s

Command Line

ibuger.nnjm

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ibuger.nnjm

ibuger.nnjm:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
US 1.1.1.1:53 v1.opencom.cn udp
US 1.1.1.1:53 api2.sharesdk.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 139.159.137.254:80 s.jpush.cn udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
US 1.1.1.1:53 pingma.qq.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 119.45.78.184:80 pingma.qq.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
US 1.1.1.1:53 api.yunapi.org udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.60.31.166:80 easytomessage.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.42:80 rqd.uu.qq.com tcp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 139.159.137.254:19000 sis.jpush.io udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 www.google.com udp
CN 139.159.137.254:80 sis.jpush.io udp
CN 123.60.31.166:19000 easytomessage.com udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 cf.opencom.cn udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 139.9.34.75:80 cf.opencom.cn tcp
CN 123.60.31.166:80 easytomessage.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:80 sis.jpush.io udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 123.60.31.166:80 easytomessage.com udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 139.9.34.75:80 cf.opencom.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 119.3.253.130:80 s.jpush.cn udp
CN 123.60.31.166:19000 s.jpush.cn udp
CN 123.60.31.166:80 s.jpush.cn udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
US 1.1.1.1:53 api2.sharesdk.cn udp
US 1.1.1.1:53 api2.sharesdk.cn udp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 119.3.253.130:80 s.jpush.cn udp
CN 139.9.34.75:80 cf.opencom.cn tcp
CN 123.60.31.166:19000 s.jpush.cn udp
CN 123.60.31.166:80 s.jpush.cn udp
CN 1.94.119.240:19000 sis.jpush.io udp

Files

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 27f951435315f510937855852ebf12f7
SHA1 f165993b7a53742abcfcdb796bf706cdb6aa2caa
SHA256 f941fbcbe9f2a50d907dfba21a2bf4d4483fbde89c25a9b73ab0219b05f0304c
SHA512 1a11f9d33fa2d6b8b0bd17cf1fd57e7f405842c60cdfca7d7d7ae986a626a969e209b697a380388b4179c2869c847728c4f0b26c6df9e513c74be6b3becea22e

/data/data/ibuger.nnjm/databases/bugly_db_

MD5 91064c4f50df30ef458cc6cf46f93caf
SHA1 56f42d0b338a742f06db02541f07eb7e7c7cdadc
SHA256 eefe6b703fa2a17591195b27e0f9786e061d95846f32af6f5bbc2c872274f61e
SHA512 e95c3b5b27d0e0ba634e170a29ee862a3d916b61c53756baa25895dd8311e9f0113d212d5b48d96df938ce2e63d66e5cd5eeea8b2a7fb131d343c9b310a21113

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 64eec9763112dee10ebde7fb892766de
SHA1 264e4ce6b416e00e483fae10c74c68e1e21bf944
SHA256 ba5de1e12afc20902c99dc043b8ba03e767bc14a1d305f937bf7f0688e9a25d5
SHA512 10a05023174b4484c1fad439bb2eec0746035f9f36717471087ba83d40ce6c250e1d2707307279372d19fdd0bc78ac490d79aa50a4fc74b969ee6734e9441ba9

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 cd047a7f329133c0f9509de3161d1b20
SHA1 572947ddf9db7a2111545bafdbc2f5be4144aa85
SHA256 ab90f2806743f87a7e623c0d7410374e9cf1c0aec91187947a7f097a2cd648ce
SHA512 76694845950c1d585d5e59d70789a07be0e27fdb9ea10720b2a9f96eda6ecd0da2c93471bfb2f96293cb22944e22713ff8d219e3c70d48147f13c9759fd97d0b

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 e7951c23a5b8cc7df8ae15745f688cf1
SHA1 4dd52811aba39e317aa1929ef7eeb4229a194fcd
SHA256 d0a357c87c54a0d78195c32fe341734c0289bf288af93b90e048d9f69cb8e11a
SHA512 92412e07da70bb856caa2dde23711045de03d1c8330e1f76127ddf26850563fc8f0f69a408c61565f61d79575a06353486d6e17d183c733b772bdff854103bfa

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

MD5 0e594effe00ee7cfd184285f4c33c424
SHA1 8196875ff3aec9d91fc7a8e9fb68390f3150f07a
SHA256 22c455211c7ccc5410c5ccfca703308957f51383c372f8e27235896aa1bb7a4b
SHA512 5c3f0f3c3f846393468d4fe164a0ae146f40fd29311c568164cb642c72f0e52fe504b429b0f99a87137f1252c2f4daa8df932a2544d49af4232a1f588f8bae39

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db

MD5 c71634fbe3fa4c2a3fdec8963b8c68ba
SHA1 ffa6e1faf67cbe324ea5cb5817b0985f1f95352d
SHA256 e31584c7efca5d9f5f6051f6214e9723107a330d10d3d7b3f383cdcf34d08563
SHA512 525ce789e28685e1d36fe03980252284aeb512fc42ed4ea8b7fc9ed1a5f4162a2f1cfde9d253a04a6e924e5b4c83a757b04b5c605ac098802ac5b526a0a3c5f5

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

MD5 4b2449fbf977833b29926c3049608165
SHA1 89648e7bfb7a2afc7d4e93e7581afbb44872b5fa
SHA256 075c8f920f19c9176686be10fa05c8c0826c3541aedd4a5295406f587541de00
SHA512 c0e84d79e39ec7fc5b8e475d2bf47d719ec61e829ed708d5e0f3196742cebb6bf52480d9255d5207023cf2702576fd9b02bf78154d0484dedf2ba02dffbfc873

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

MD5 d4e0270f4440039ae491fa782b9c9ead
SHA1 317f997938d08047a1ccd4a3bf90fb5de1330752
SHA256 38e03b84e4e42cf8c0bb5c873fdfdffbbcaf0df78f0c3537d73b729f921b0e0b
SHA512 ed3aebe82caa603597124d2024033efadddc95e8dd2a0483f58bb6e76da37e14982c3f3b37c9cd0b8cad117278b38164d46d957702d0709cfaebcdafffb4b87a

/data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

MD5 ada4bb502d28f75c6c5627b82f6b836a
SHA1 03f6827885f29b782095f475dde67b2a391b4e57
SHA256 9a53dd56f32b4abce786e8af6397d9a5b9319f204f03669e4c68016b0ac55f5f
SHA512 78daa788a5b8f9111692026f8f4ee57ee3efee61130ec5ebf8a3543090a0a661ef45159f11b9207cac1f04ca0d70f66e9d4ce941ab3facdbfc7afd27314fb477

/data/data/ibuger.nnjm/databases/tencent_analysis.db

MD5 df867fe981aa4edb4dd0f2a61c93dd87
SHA1 101b127610f3adef21d4d50e4b50f228935c58a0
SHA256 55178018cbcf6a2d6c59b5ea83cd58c540056caae15ef6e405acd18ca5faa212
SHA512 d88413a3738b1d0db90db0b18eb4e8f9f7b11611ef9cfc4a7f5721a871ef5fe570902e797a9cf1fcd72eda70f6306393b90f6039ea0ee4386d2329dc9670010f

/data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

MD5 839dafc03574a69bf8b63202ca7282d3
SHA1 83ce73005174aeb18929c35e436fd5c0438e491f
SHA256 343bf900115cdd7a27a6bf8848e510922f36e4757b49e14ac722f3241c4c8d36
SHA512 2fc51d7b50d4cfa9083077f77dfd3338cf8e36fec4c9bd40fd03840d9fc70b5ef30c5253ae08401adff90999dfe56b07af3b3894e122a1490513fcc766434169

/data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

MD5 41a5f1d66d0f306f16e1c51bb3a00e0c
SHA1 00ba69a2e7546b50010ce362656764fba569f445
SHA256 895a926f532272d8d980bcaaf414e96a9537117670b15b75dd4af28c3c07f5eb
SHA512 911aeb3a91b9e86cbbf2ae7c826c8008558eedb902308f57b3509d0474f91b0034931edfb6d9230fb2d2a4f6cbc558ab15c1ebf2e62aa12e1b3a1c2e854d6285

/data/data/ibuger.nnjm/databases/rep.db-journal

MD5 3d89e16bb29f83e55edbe2b3753effcb
SHA1 41109242464a31e9932c14ea5d621acbbf3dff32
SHA256 b55c1ceded64a7c2a74060d7bf4624bda542a957e2e095855bdf85c26565fdc0
SHA512 87712735e588b1f5871c67c15a9ff766af83830b8b189a4bac0f2f95426963b14f8556ecda3ddc41580e76008654fa3701fd0d06125db4c15865a47100ba5876

/data/data/ibuger.nnjm/databases/rep.db

MD5 8420e02b9403d2df4c3748d8b433c79c
SHA1 6a798a42a8d03f54ad3b53e23475c4391c776d86
SHA256 86a5c5791f2edd4278b89210ab1a02be39ae85bf81f7b05552dba4dffdbc78b6
SHA512 7b9377ae34a0e4e415eb6aae1443b88af8bf6c322e6e04a4203d5c6e77e7f667b01ee0fcc0b9569fcd13ffb19ba0adb9cb0c82a71635897bf7c2fe9ee7e326d9

/data/data/ibuger.nnjm/databases/rep.db-journal

MD5 038b30d15e499bb42c5273dbf076e170
SHA1 cfe54c24f2dc8f513bec46575526a2378cd71d3e
SHA256 4a144fb89d72c05d3bb6bab9c07cced89ea347efed694f86b6ff60a5b0881df8
SHA512 bbbe4bda53c2c609b7750fb604508189144c5119651802e12c8a7bf7e707a2739349666a056ad66f6abe7eee8758375cf60b6b4adcbb677a401b74b39372c2e7

/data/data/ibuger.nnjm/databases/rep.db-journal

MD5 9c1e28e9787520a0142d32df1df3d98b
SHA1 5dc0410bfc0fd031374b79b8daaee9614e230003
SHA256 f633cc40c246a067245220219d864194a947b5f4cb72d784f2d3c9e9238e23eb
SHA512 6ccd6bf47c76e42260c5355d22186ae11e7eed69c2e87db33a9989df01dc9c7db29451d461708e49b2658ea2603a024c0d6e50a744f395123a669e046def8399

/data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

MD5 c4701e8c65f16d9e61cd942523ff806b
SHA1 78a81fc90e307aafde572a0448889c0a22bd6d9e
SHA256 ac34363311e5b74d3b151d06995abf6379c5e14d0f9cd6fe15c9b184dc1b487d
SHA512 b3399313480875da2d303babe745e2e035076cfb86116462f262eedefe1f1dbf98965216ebe3e2c6cee3000f99168929b0af087c85f0ddd3d6885d7f06548223

/storage/emulated/0/ShareSDK/.dk

MD5 893bb9930a6efdd3211826f4114b5a29
SHA1 57b8895adcc3bbfec87268d5f004cdaa6caee8cd
SHA256 45e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21
SHA512 78f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010

/storage/emulated/0/Android/data/ibuger.nnjm/cache/WCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/ibuger.nnjm/files/umeng_it.cache

MD5 aa64e043ce4165baf389ca6796f00895
SHA1 72077e1f8d65195c757825abe6e7281789bb3dbc
SHA256 bf1125d896b128096a7a62d41b194f9380d7740676680061d1f9f435e8babcf8
SHA512 883549d07e6e5ef6c2fb70e9b1908c543363d81b8aa5127ce726ca0fa7a80cf34c057ce4c7277cacc209ad4da2536f2defd75495638341ad07fb30b8b791f3ba

/data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

MD5 26e203e6206d2a66be5870366073e516
SHA1 1b9ea10af37da2e46913f626d88c2170f9612796
SHA256 3d62b1c5b8a2c5f00b185262e58d92de1783f2d26a5f40c3b7bb809d02af5b31
SHA512 f837850ae93938bacba5b3b6d62b9d992c1077c968b618b24d533c79e0859aa108445e49f61f107c68152c4ed3d3c4d4e76066310b1bcc601f3ff7720c850405

/data/data/ibuger.nnjm/databases/ibuger_nnjm

MD5 152f6f4c70442b4d3e50cb5d0c53c852
SHA1 0d62a969c0c646422a41d5d040d446d624bf7c3c
SHA256 01308369e2b54ed1159bf115553704139b0919cffa0be12285463f5c29c93573
SHA512 378f2bcb74a25d89d9b0597441ea76ec16bd32d439e7b453aabf730708c50b09ddde628e49ecef73b037a65a4b8d0864910b3db5a93e5609d5e12822440a9dde

/data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

MD5 1522efec63d702bea9cb364b6a2688dd
SHA1 acd57576a7f734145a5537cb64406173b7d89a8b
SHA256 e8bee61e4b48d63653e0597d46daeab801527ece833e1dc869473bd3bab634e3
SHA512 6b3bf1b76a2fef542ce6c295aad4c8a4e9164a610b5c5a331c1bf1aa4e1df4dbeb7ea317bef430defe409c262d88004b24c1d3cbb483813b2ffa60b8ff4c2b40

/data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

MD5 6d993eafe4aed9935d7255463980f64b
SHA1 59f8aac924b2f4f49d68786caf67578572e9df9d
SHA256 128d2e48b4491926dfd3719d3d6f6506ed363aa07380310fbe59ebec2cac9418
SHA512 9e62ad2c27051c8ac28c00a00d23999c81949e216120944f79969e98fc67512daa04767b1c7dc5e4b70f64f5c4db16b818bc6193b6fe0865542c2f1d98243652

/data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

MD5 04cae6381db373fcff612b9c705f6a12
SHA1 82612615eebc446240cbfc241c0b1d4ce7756609
SHA256 f7e2709a3ea61034c689cea1ab63af92e19798299ec923a2d37eb33c452e37d3
SHA512 fd6887a5c5c82e3220af5ac66bf05aa3511bbbf42f1b2596f3e254a4ca94ddbb1d1bb33a074a172059dc2753fbebe27f77823158c3da0a4ca4058c8925b9637b

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 4be5d258b29eefbf66b5be3a4a848539
SHA1 bb1ba70d562eb2087be8edbda9680633573e89ed
SHA256 5865e43ec0d738b620045b2095bf2293f7769cde14cf2ac7d42d4c0ac5840f3a
SHA512 ca72adb146bd7a6fbc355114603bd0cbb0a6b555e54becf92c3aa1007e4d3c82367120e79900fb828adb2bd64a6524f799aac533ce8f5cbb0888f41a7adbe9c8

/data/data/ibuger.nnjm/databases/xUtils.db

MD5 1c3bd979796e4d6ed035db63813de0a8
SHA1 bc551c6389f13c88176e066c855d5f086bca7c9b
SHA256 730a0dd205c42a7f501092300ecc531fe4753becfc0f8495a01b414ae4ddd29e
SHA512 a39516c0a8b86ed664653778e20fbd23007f05bddbcc85970cdc306a9457c9cc43de7cfc323530f5ca483f197a47bed88c5a2f414498006f4d8ae17b9607fc88

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 1a795425d6cc21cfe713e85c4f7db2e7
SHA1 2d4db92c645c40906fcfe5080b32949ec4241790
SHA256 347b216ec082eebc5273641ebcc6c3d69f1065303027312f6b5b27c8da365fc5
SHA512 67b0d239a5f9c9eae90037e45a3e29fd470af447d48817c8fe18a66df4ff17d97cf0378969f692413b3d49c3d2c324e2639929425b70c12334cf8bf04cba6335

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 8f0bd1b8454d3443fb4fdc89b7a59e75
SHA1 d23c6ec4ac5be158408b624faf24c0d5ac87db12
SHA256 1e82fba2dc81ce3e421f46fe2ef4ff837f52cd3cfbd412e4d66cd295fd868df6
SHA512 17a0c4f1eb55e3ed91b42a48f709c351e621c80d9fac0e5752e6c80527b4936b44cc6603162004ecab49299c5aaeff46bad3cf37d4e1d07fe0746958a58c3877

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 4ca6f981eabfbbb3b6d4746682c1999e
SHA1 34782458bc37466d616de82370f0bb42b6a7d19d
SHA256 62b7cb56ad96825a4af4b5ffd2ce2b9badb29cb3e5a174535685da26b9fea09b
SHA512 b2da5c0096db747ed947e3ebba292048cf0707f90339bf0b2b3c7ec049459b4a1d169b5517f86e889d63abac7e647d3390a5f545611302b2ca9672fb23a1a2d5

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 6c934ef2c938c4d24ca4dba652511cbd
SHA1 2a2175ae5cdc91187e62eec8e2a19c7cd82f15ca
SHA256 e60f361c10ec17ace002808d25752fc5d83b9a7f34173e0bca49e8a7e27657b3
SHA512 1945f4e7453003207b742bb55ee6487f5974292fa8f4769e50fa4556cc09c65dadc28ddc2d64c5d180140be01dc898f092fe18b902ab5f9cfa2c11255bcaf700

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 2aed83dcd66f29529d27e6e22d59ccfc
SHA1 6a39b369ad16a0ed5c81821bb9c3d5e2ceafab3f
SHA256 f5a413500b479b59e7079cf8e26197baa193b28086e335d8c613a1bf2e80cd64
SHA512 0312f42a7a75444c8d8141d78f9ca18291ad0474e9e6bbab65dfe590b7d7faf7ce133ff34fe1c2ee613a0f0392a271dacabb84b5801b143199f6a5e9b31c3402

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 f9f5a69935b43c500628dfded77d661a
SHA1 920d979fe9df2fed6f82e586e648002feee15a46
SHA256 62711c726946c783ec04de789585f33aa7e8e3f5000db20e9d4edf5474503b98
SHA512 8027f16af9d08c1e5e9d1dfaa815234a86f2742a98bfb3031db994cb39457f32a4ea320a6b98b9d4bc504623b47c7031433ca6a25bf669884a20c22ee7c7a349

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 90a884156ed777cd37e46f146f5de443
SHA1 29013a094cdfcac97d8e1dbc6127a41360ddda34
SHA256 0acb775aff5fcb60d9e1e37ad856b42683246b5561e6d927efc6e3a5a739ec65
SHA512 8d0428ab0e5f2a38cca62edac984d29d609638c9d179dddb789b3733d5d5637c72ad142f4c93bb871dad0e182eeb89bfada2d8258579104d13f69e4f51e1f576

/data/data/ibuger.nnjm/files/.um/um_cache_1715957963618.env

MD5 34441be3c13ddf3e514b40b063cba7bf
SHA1 fb9dd0ce96408af442d6e2e85cf6cbe9aed09301
SHA256 0db0af625d4d181a4c74ee92a6d5c4064d3a95ce6ce24db81f815a54231c20c9
SHA512 975fd8afd1b19f23abdef7ac12d3d9881bf83b32cf2ea86474dff70df92056260c81f4dc21403510c330d51e6eccd8b4381ac643c359c09086ce5ae8851fa073

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

187s

Command Line

ibuger.nnjm

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ibuger.nnjm

ibuger.nnjm:remote

Network

Country Destination Domain Proto
GB 172.217.169.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 116.205.165.66:19000 s.jpush.cn udp
US 1.1.1.1:53 v1.opencom.cn udp
US 1.1.1.1:53 api2.sharesdk.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 116.205.165.66:80 s.jpush.cn udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 api.yunapi.org udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 110.41.162.127:80 easytomessage.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:80 easytomessage.com udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 110.41.162.127:80 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
US 1.1.1.1:53 cf.opencom.cn udp
CN 139.9.34.75:80 cf.opencom.cn tcp
CN 1.94.119.240:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:80 easytomessage.com udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 110.41.162.127:80 sis.jpush.io udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 123.60.89.60:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
CN 113.31.17.106:3000 tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 116.205.165.66:80 easytomessage.com udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 139.9.34.75:80 cf.opencom.cn tcp
CN 110.41.162.127:80 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 123.60.89.60:80 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:80 udp
US 1.1.1.1:53 api2.sharesdk.cn udp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 115.227.43.65:80 api2.sharesdk.cn tcp
CN 113.31.17.106:3000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 123.60.92.210:80 s.jpush.cn udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 139.9.34.75:80 cf.opencom.cn tcp
CN 110.41.162.127:80 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp

Files

/data/data/ibuger.nnjm/databases/bugly_db_-journal

MD5 b8e92aadda897e679bc29c8830066dbd
SHA1 6c01cc71b8d7def308049ff4010854d4fcafd124
SHA256 da452fc67a4f21d80906141f9c0eec972ad1d5f3a662eb56fdb3ea0c3b46c6d2
SHA512 5a7f119f54e2d6fdc0dce377e2b4c70f267f502028c4aa2ae6444efebed8ce136bfb64a1c1f3caa7b45c6bab84b9ed1fa784fd2633f90d569827015901b22769

/data/data/ibuger.nnjm/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ibuger.nnjm/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ibuger.nnjm/databases/bugly_db_-wal

MD5 ca7f1ff30e585635ee63546ccad3a2e1
SHA1 c1c81080587cb78546cadccc81709ba4490e468a
SHA256 9a07eed8370c9b2c1fb951724bcdd0920ff0dbf98c947a52a95d7478d4daacd6
SHA512 6cab95192c032ec2b4421ea8a035362f7a076b922f9c9891510431cfe7cf47999c6428527ced9a11db132b36da5f6e970a4f34e39e11cf6e66959da48b978d3f

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-journal

MD5 bb97a750c0883b6b5e47d9e685b6f5f1
SHA1 b034bad5770eee35e8ef01053ebf8face15e7212
SHA256 895cdd3973752944c243e785794b988da1fbbe5bc24a92ffd8452af806bde687
SHA512 d5a542ec6ea827e3b982d1cb1f935eebd4fea6a0ddc4ebe7195d3b966fa2a9838aaff28ec586ca1e3652aa911f2206b09f78b3ae0dc242b2a4e067a19804a086

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-shm

MD5 71cfb79a4a6769233c41123cf4c55987
SHA1 893e154b6303c6b78af3d97ec9ba6a407d17e434
SHA256 2e6ebf71146bc1d74edde7474fc13a3fafb65a0554c9779967b46fea646460b6
SHA512 6326d7baf9225b8a5e430ceeb3445c131e35f13ffa6986f5f4d334f87db09e6e4adfd0527392c86f3ed94c79427850f61859f378c78fc78f53024cc083862abd

/data/data/ibuger.nnjm/databases/pri_tencent_analysis.db-wal

MD5 47fe23cf3e8c1e490bf31b657b2236f5
SHA1 decff12d54b61af4b0ee9bd3198c670b833591a3
SHA256 4f7fece740565c3b21d2dafe3ab2dcf4533c7f4e3ada379e145e442257169174
SHA512 4df5ef654530a391377d3cffb0588bac8d1d353a76d0face8285aee7b42403432d63fc5317c9ff1b444675d926b96935cfe8461a406d380be00095d513423133

/data/data/ibuger.nnjm/databases/tencent_analysis.db-journal

MD5 3dfd250b7df291813c69680d783e3534
SHA1 5e9898d16582da621a658e1b6e3acf9aad3c3ff7
SHA256 f3a7e5b97392e9b31c7c23e1da5b113335e0c3c4c71d7eb1e151f952f51c602d
SHA512 e10ffada24d996cf2e06aff2febd158ee2168e5433735c9df931787773d1edc854808d35799abf44a92cd92e00688a4f3569a521133dae8bf99765e86474132b

/data/data/ibuger.nnjm/databases/tencent_analysis.db-shm

MD5 cfce5ed1a3370cd4df38891414660766
SHA1 cf8453b62be18678e2d2ac69a715d19751c341d4
SHA256 244fc1dee67a5315192948c0cdb7d291d5776faf5a1dbb591537625e5ddf3091
SHA512 2352a82f41ab250e30f5635824395f46e3f604e119e87d3e322e10bea8fe8ee678fbe0ad8439a634de913d3b094df1ecb3dd5c092776be62dc9db4799729bce9

/data/data/ibuger.nnjm/databases/tencent_analysis.db-wal

MD5 460f3507913b83c54f417834ce596669
SHA1 bb112f55bbd606d7744b6febe6a09c240bb29195
SHA256 8e85c6366677482a577751f9473958cc435265df0395ef68a1549e6c9f0c6920
SHA512 1b61b4d076a98fab2ba6bffd585dc0fefe3fa48bafbd155a1bf0bf719f01a3456b621b18af4463f917198d69dc92d07e914eb7d4336d773dfc0bdb923f543ab8

/data/data/ibuger.nnjm/databases/rep.db-journal

MD5 f448b6dddd6fa233c506cca8fb93adaf
SHA1 3c408e5911dbce1b5bab29d292b06f0cfb4237e6
SHA256 5a745ddc2ce91756cc59a389c6748f2a2b4956c3f364cc3479bd29373d02bfd9
SHA512 55aed2efe24dc6eee4d44bc848665cc2063517d113ec42c02baab4683b8a09999db20a779946dc304fd322d01f16022311ceef9ad92b35a73161544c8f591745

/data/data/ibuger.nnjm/databases/rep.db-wal

MD5 5981aee9d03af53296b76cdbdfdf97d0
SHA1 e1034e0e40f88b2e65dc3bb8a45206a41cc5dd78
SHA256 25a4274ce223a91a1a67c1941b98347bc102ce3da822eb76f11e3954d81dec94
SHA512 19d467f11ee4ec046b7aeb10bb98ee00f77f4866680f49236c1f63d8c6ef0b8ad77cf0467af7247d812fd2b5d22bedd2b09ed29077c19eb482b4e1424364d6aa

/storage/emulated/0/ShareSDK/.dk

MD5 c9383021bd97affc44be4db7018c4d7b
SHA1 7e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256 b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA512 7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

/storage/emulated/0/Android/data/ibuger.nnjm/cache/WCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/ibuger.nnjm/files/umeng_it.cache

MD5 6e0ffae3838c7381e7f5994ffb6a84cd
SHA1 c26f45ef55596ccd23f382ab82b3c669d6f5dd59
SHA256 08b86611fdc748337fcca99120ee177be98a93be8e65c9ed5ed49e8f9b4b54c2
SHA512 624b348d4c8c49ca96e4243524850eb3e9b9ad85e2a9d29baaa5cf779dda7bb3179a50b100695bc89a9367567592c533e174dab268af8a413d6613b678bcb042

/data/data/ibuger.nnjm/databases/ibuger_nnjm-journal

MD5 5066201d8eafca9155df39dd61419835
SHA1 22cd396b1415dda33ef4e43f7809942719aa385a
SHA256 6d1517dfe268020e11213d034dec4108e0039b4c5c3e018b6a7ce6077df1f592
SHA512 a14a0b5d2e1f5c9e0262750087a9c19df34982eec66b01b8bf5fa2d63bd9825390184255b9e560908f74dd1712e61d46a38315ee0bba8293bd18ee25040c5e8a

/data/data/ibuger.nnjm/databases/ibuger_nnjm-wal

MD5 f3a16abbd9176a2ce2e76f3bf323ae29
SHA1 8aaf11a29593eb5489811557a733aa007d684f55
SHA256 75d276a6eab5b0a50cb9f2891efa3c64faca01197f48217cd4680823f2ef46d3
SHA512 4b865445ea3803a8bd3856b2d1e3a719049d6ad86a1cc38fba1c17de11764d855821b723b5a1a1de044d8513f6b602ac71aaf10979861eef431c38851b8e828d

/data/data/ibuger.nnjm/databases/xUtils.db-journal

MD5 3b1fe88a5fd4d63aa2e8cdd70180709a
SHA1 3d39b795c79b62e99656e13fbb541ba1dae8b0a5
SHA256 eaccf70339b260e836e58958109ecf2894f029dd618e5bab66fea60f1e8ace1c
SHA512 ebafc4347255abc9f630a48c10f72e7dfafdbcb579c58dc2fb0a94e71faacea2035dbaa37372d2816f9345794747cdc18171f9ce3b73204766733b0abe1bbfa1

/data/data/ibuger.nnjm/databases/xUtils.db-wal

MD5 3e905658bd880eacfe5315ad1c93bbfd
SHA1 4627a073a2c39c6e83a5bbfef8b7d90a23c6b0ce
SHA256 de2186cf7b35edc997fb511c50c3ea8a2fec08b3e443c92ec210ea5d3f58dbd0
SHA512 207138d9217a07b752217200a712f757a8faa4c25b202055f335afe368817675ff09ebe8639e2ab94471ff54f27d56042c848d5df7cbfcb7d168bcde7c626ef0

/data/data/ibuger.nnjm/files/.um/um_cache_1715957987911.env

MD5 84908bc677c45bebd41fd68c4add6ff3
SHA1 b5867d0d54a866f42ad429f48e2d3c65f95640b5
SHA256 bb036d272981a697614af1d144447c63a4f67b881acc03dce82a536325247510
SHA512 8fed407a556fccc0f3f01f3fe2d9b6894bd71bb584abd619d60053a8d9036a55fadfe46ef06f4237880e6f251d8cad37399eafdab6b5678931b9d9826a062868

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x64-arm64-20240514-en

Max time network

138s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.10:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.212.202:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
BE 74.125.71.188:5228 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.187.225:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 aeqjtooledz udp
US 1.1.1.1:53 ydbprbpmljy udp
US 1.1.1.1:53 torffaal udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x86-arm-20240514-en

Max time network

184s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x64-20240514-en

Max time network

148s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.68:443 tcp
GB 216.58.204.74:443 tcp
GB 216.58.204.74:443 tcp
GB 172.217.169.10:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.169.42:443 tcp
BE 74.125.133.188:5228 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x64-arm64-20240514-en

Max time network

176s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 74.125.71.188:5228 tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.179.226:443 tcp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.201.97:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 zsbbonmv udp
US 1.1.1.1:53 lskzejinfdznbly udp
US 1.1.1.1:53 fuwpise udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x86-arm-20240514-en

Max time network

139s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x64-20240514-en

Max time network

151s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x86-arm-20240514-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x64-20240514-en

Max time network

150s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:02

Platform

android-x86-arm-20240514-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.178.3:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x64-arm64-20240514-en

Max time network

163s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 64.233.184.188:5228 tcp
GB 172.217.169.46:443 tcp
GB 216.58.213.2:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 172.217.16.225:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 tqhvtiwl udp
US 1.1.1.1:53 ynbgcko udp
US 1.1.1.1:53 kzqcxrxhmt udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:00

Platform

android-x64-arm64-20240514-en

Max time network

186s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
BE 74.125.206.188:5228 tcp
GB 142.250.180.14:443 tcp
GB 172.217.169.34:443 tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ewtfgoou udp
US 1.1.1.1:53 ffzfbtnfce udp
US 1.1.1.1:53 ropfalkl udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.195:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-17 14:57

Reported

2024-05-17 15:01

Platform

android-x64-20240514-en

Max time network

145s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp

Files

N/A