Malware Analysis Report

2025-08-10 23:55

Sample ID 240517-snzq7sde7y
Target 502956d43c093218bd35b3cd6e6a933e_JaffaCakes118
SHA256 9c93f65607c03961c02682c00844000fa4d7ce93b0458188622604ef2bbd92d9
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9c93f65607c03961c02682c00844000fa4d7ce93b0458188622604ef2bbd92d9

Threat Level: Likely malicious

The file 502956d43c093218bd35b3cd6e6a933e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about the current Wi-Fi connection

Checks CPU information

Queries information about running processes on the device

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Reads information about phone network operator.

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 15:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:20

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

189s

Command Line

com.cronlygames.hanzi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cronlygames.hanzi

com.cronlygames.hanzi:remote

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 api1.appshare.cn udp
US 1.1.1.1:53 api.appshare.cn udp
US 1.1.1.1:53 utop.umengcloud.com udp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.org udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp

Files

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 adc32f90266b9bf5850ba1133d5f0720
SHA1 e9e231a3362aae70e019c133fea85930020e0e2a
SHA256 af718736b670a2322007edd6a55c6fdd0a4820e0f6ca5e6a4817226297a89483
SHA512 0cce05f83fa09986ac3253f0ecc7001b8691c4dca67ed6b2b735e56e0c0a9fe607874b4a5be54e680abefadb05a5435bfc0507c0289a0c094ac2645deeb33a29

/storage/emulated/0/aps/common/deviceInfo.data

MD5 3920d846e4d318287e786a05663cbeaf
SHA1 7811c0696f5a1f263860f0e471c3206d6f8242d1
SHA256 2047bd026a78a02e0e16ad496e02e9ebfe984e3bf4ab5c6d1abb121ca1f27352
SHA512 45b9e3c72e7b900fdd5471862b568706eb50955628661b6221cf12b71352cb6a3120f0e83c355e7b33e6a70ac84c392060febf2933f43884034e68f356fc6df0

/data/data/com.cronlygames.hanzi/files/TDtcagent.db

MD5 2e3ec93a9ba018be98894d179b83b311
SHA1 041df81fb0f2eb1c21e1354da2f4ac9b7339d034
SHA256 3e144e1f55018336b3351fd2253fff650a8a42a48ce3b632728d7f609e5beabe
SHA512 83bcaf13c8f53fe2acfb6b1a749cf2e3e909b4fc312b3931020e865c0b18e0c303cbc882a5a8ff07a25bdecc985805dca259ed53f15b207b64b59e10c4337547

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-shm

MD5 1fa61727dc5959908580916ac2ab991a
SHA1 680392a2ada7af08d8ed76a761403841362125fb
SHA256 dde72c80f66603d0543edcf4f748e8f3fa2c79356013333be1bffcfaed469c44
SHA512 5b6913d80fc9e78a6172852b32be39b12c7f0754f4b35fccdcc1e92f251845f703586cf87c2eef9fe559f33fd3260702931acfe08986da8b4b06aaf3e933b0ae

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-wal

MD5 afd55b75e6ae3a6574cbbf0af1e17801
SHA1 83fbef23b0ab87cc787318e462ab15700bd72678
SHA256 1d2249abd57c91eb74e1ccedbc57f79d7d0c89ad21571784a4083dcbc8e437ca
SHA512 430e06b074d3e7343b9479c2abf1e48dc259d924db03b5c55d1f35e93c551ff411d4d8cb631290b2eeb6075af9f94a6a60b630967680ff76cb78af3c178741d6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/data/com.cronlygames.hanzi/hanzi.db

MD5 39534a58a3b44544d6bced0cdbbb007f
SHA1 5a6d7252a63a760124b05f23445be4b149639198
SHA256 a5663dc77da04fc906369f76bfbaaa750c369d1a1ad94536529c03da6d32d802
SHA512 59ac3e9299ed01438b8eb25ffc190d3a5b463ecc690c677c5401c69e52abafa492d1a398441ec88afc723485605f921df6c58b2254b286bc13603b1d4eddf6e8

/data/data/com.cronlygames.hanzi/hanzi.db-journal

MD5 68f711f91b30322b47afb13a62dabcca
SHA1 16aaf6995838b2c090b7317a5d0a99272e7eed7c
SHA256 6cab9382a7c3c49c504a816ba12e7e9acb7ec15cf8d2c50e240d71441045851c
SHA512 b8cd731ef55363336babe0f8907b3a91e8efbbd6e1eb900be6689b74908331ffd6ca6c899df1bc7a8193fea1f67aafaff21bb66cba578f207e327cfd03796459

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/storage/emulated/0/aps/common/deviceInfo.data

MD5 e33152c71592b2d918f0b87e9d7c2f02
SHA1 623428b133f94f72b8c0f82318d3448d3472c808
SHA256 91af58d88a622cc2aba757a6caf70de245f3662dad2b43dc4ecefbadf1cbadf9
SHA512 3f6fcf7e01fe94e8d4ed0071994dc7ab4a9799af0a517d2a250197537b69e7614e407f52d4992a53fb47169808ac6b79270b626d63f59f0009a99b6c73ea1e5a

/data/data/com.cronlygames.hanzi/hanzi.db

MD5 5002415067af2cc04eac2643b11a85a1
SHA1 1f84e584a72db002820943715eb02e72e6b8d601
SHA256 0de0bb50addc524a216691d2503f0143682067a1985e727126fd8a0acd8902bc
SHA512 4b4701fa61e10abd8a600e9e4f849219bd3acccfd8f738fe3d2016218179aac3960725b9a9ffa4a5cae0f4af717013b912eb1fa15ced8c4e4bb4051cbd102cb1

/data/data/com.cronlygames.hanzi/hanzi.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cronlygames.hanzi/hanzi.db-wal

MD5 06e503ad7fcd664a11915840347c8325
SHA1 e47cfba4b05489944be3b1d6e1e94cf008b89f35
SHA256 b6582eb794db24ed7a2ab80f263609658ad4238ab91f576fec13b49cff7d7f5e
SHA512 1ee4264d3b7750241a7635858d4655a4c2d54a36d3e0fcbb4bd7ac7a8917e3550c38ff1c06cf5824cfe13784b0ce3ae0a1e4b1a9351b4997323815e5c118f54f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 0be70c96e256603192d4a1c228471583
SHA1 4f143caf9657a3f3fa8e7dd2b5bebea829f670b1
SHA256 005259813e7c2ba08553d175e1914fc61e4d2ecec0286c0af8793e51723c5eca
SHA512 88bc2b8bfacd4e354de11c40915524fd1674209298f2a21b10b8b11500dbd9a0a97c244eece3a0f93b0ad8c79f9cfadf4ca99827a2ec4b200b6d054c19b74626

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d1c99e4df6b6643d0b5b88e908837f19
SHA1 8732c8d43ec5257c245f758f1e371d5662a14102
SHA256 e2d9f9ba47bfcfafae3d9ce52884eb9552fdce09c875a247ca637966416638b3
SHA512 a54c7246095ebf6a94cdee8ee124a23690ce5e27462a6fccd579e122c0701cce755bc7c600ad36f2f7207f04a87d762cfd5310bb0aa305ea3c1f6ff14ee6dab8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 04a8bf1d057b1bf91fd529fddc696b47
SHA1 8ee96e0cb4a5fd840f7127e4cf442f68ce9b5f2f
SHA256 b43b1c3a39a10576613edf2018cd88f54a6c3a2e1a4059e763e408854f65b7c4
SHA512 6d3cde4742d1c54814e57aa943666cc2251912ec6dd55a21687f59184e4351348fa2798415fa1ffc4352122a975e75731daa3cf2fdb9076dd46eeab64761bc76

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-wal

MD5 3e97902b22923a51341c582be7a693d4
SHA1 2da9ebac8dcd7b5cf8352d550f17905f019f907b
SHA256 90c27c2e6e09f939ba8fece2155b09849fa667a67a203364b9b7eb85f433ed51
SHA512 aa958d9ccd7d8bc641b16e4dc53eafff599bde7f980eddcae0ff4bef06515a80df346839c9830b95855a73a99f2590d84f9bb14ecfe27751c261ea69443bd2d4

/data/data/com.cronlygames.hanzi/files/TDtcagent.db

MD5 dbaf65666d0060ef3265ad60d3021a92
SHA1 637ae4ec743b16ff72c3964199b778c2381d1b2d
SHA256 2770b8a343e965bb6517a3c91e1f0f9fed61bbd7005710bbadf530f547ceb749
SHA512 642b2d1fccd996dac18adfc38090ab1471aeaab5d86ebd72dcb36d8d723d3a5ddd697e1798990f49fa1cc998220dc789c33ee1ffa23b8a51d94c701499871f92

/data/data/com.cronlygames.hanzi/files/umeng_it.cache

MD5 87ecdac3e07c5bafdf0ebc8d82fd2627
SHA1 5617f924e11d8c14008801144414de2f4248d63e
SHA256 70e7099dbc0cc24d74da51d6d4b3567ff1f06066a1eabd4bf789492e3eb40348
SHA512 c6dc2427a0596ebff77a44a4cbcdec6dfc0bd5838df1c2019a88ae3e28f85cbc88176f9f3dc2c19803a1e7861fdd4718c186a663ed02ea2c87dcd22f42080934

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 52939a0de0dd9182d3764803a0554a14
SHA1 74553e05ee7e42399f7503ead951a3f6c399cc5c
SHA256 37dadb9cb3b57164e9ac10c24a12e1601be7ff04321aeb83a9af5f07ad2b20d9
SHA512 2a0704d3bfe000d82d9f55380751d2ee8700a9f98d2194b7a772ca8992f29b008fba93a1008552bcaa1613ffc4ff9af568e0d0a01c2f0543d4b2aff53c253c9f

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-wal

MD5 d7608a78653524e4313b2bf4110104b5
SHA1 9f95bd4193f1c7d5e6e33ff232b42a0ad895290c
SHA256 8e70f275d05b74e8a461683df9272606b3e53c46577d3985c91c31cec1d10a09
SHA512 23368a7cec672f92493f07d249fd9e6e1fdac7a667294e070d13f1d47c30c6803cccf55a302cfaf7f719722d6a10e662839ab7a2ca3f76ed01ac624ccd320fc3

/data/data/com.cronlygames.hanzi/files/TDtcagent.db

MD5 6116b0aa94f80f5734d8ef461062aa76
SHA1 7ee44b3cecfb8415cccd7d546d2a744f77e44e42
SHA256 0ff24167063dbd1905de4d364b74615d6094531583cfd1de1133385a026f5be5
SHA512 d0bd561fea0a0a5773783b8c734679c73835390eeecad41bbcab601a6f9f355904b2c2451ecfab8dc2f2dd082fd2d41323814e3a2b3dbab849608f8717a71f75

/data/data/com.cronlygames.hanzi/files/TDtcagent.db-wal

MD5 a74b686b8d1cf9d08589d10561d91d17
SHA1 5404e7aed268f6ebef2a03f758db53e12943d5ff
SHA256 264048a9f39901cbdcf552e9902cb2afd9bdd405c1367c77d9a485ea179da3e5
SHA512 dd8dfd95be69cea4f110bd341781caf64aa8c1cbdd971267461ee4ec31cb280f6c56fad870c202291c8e4380a807154a9904ea19af9a9a73e99f186b18c4da6a

/data/data/com.cronlygames.hanzi/files/TDtcagent.db

MD5 1a311323600c2400668593cce6de6a7a
SHA1 c2ee70857c97d926cdca4e5d193bccc3b02f28de
SHA256 fea3e42d5edcb30cc94db7f8bb0f59c225a7d5b4bf2088c73ee3742c4efcc9d8
SHA512 44596c24636081af3e8f5649549f0d6182661d12b4e7b1544b8e3543f96453dabc96ad2406a2c15b6e16e5d837c0e4d1d8341a9b8a0464a6e5b3461026c45cc4

/data/data/com.cronlygames.hanzi/files/mobclick_agent_sealed_com.cronlygames.hanzi

MD5 d70e1b5e07e595d20f64ca2ee4093e31
SHA1 fac52bfe216be43bb49ab11e9e54013e3432316e
SHA256 6ef977288d3f44def1765c805c1613a453f768f2a1846b9962c500092bb50a21
SHA512 b6ce5691a814809e4309a594a9a2b82608d1dc78868e846818c3d6b27e9058ccc51ee0a035e315ef80b227d6864f6defb2c621a87153d4f5753f6280572cf8cb

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:20

Platform

android-x64-20240514-en

Max time kernel

122s

Max time network

193s

Command Line

com.cronlygames.hanzi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cronlygames.hanzi

com.cronlygames.hanzi:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 api1.appshare.cn udp
US 1.1.1.1:53 api.appshare.cn udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 64.32.10.13:80 api.appshare.cn tcp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.org udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.178.10:443 g.tenor.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 72190d0555fd739c53e8ac8cf4c32398
SHA1 f924f75eeed8e6f6ba39a578a7fd9550022c24e4
SHA256 16d1227f4456e4ffed1ca31d934d4e136cb74fc2092cb838cb32c78153e59151
SHA512 4167fa87b735798d73434027ab4984bab0c7aa6f3562f240ee19af5f32f24f011a532aff874f645575ce5650ee62be3cb5336f98007024cbeecbd90581249472

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7172aa8fde54d6d710bb1158db818c85
SHA1 072f2bb1f5d3335a93d21a0b05de6d73c9d0b556
SHA256 cbcf6cd8c9408033d069d6c31e0168397a50f7318c59ec7ec82035ac52f21c35
SHA512 1760e29ad7ccebb6a143c3702f45edfa6fc5d260b15d7a2b8c351fa14cd0916f77b6f6d4e8cd7b4b16b8c38375d1ccc35a37fb655a0b30aec95f7f3355a7c2d3

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 2472da640eb6780cb015bcc38a3e50a7
SHA1 766548232eace7b743b1594a872dca68c28e773e
SHA256 1fd40b28966ddafeead81b117c6174f469a5bc70ed27f67286d58a9ce68ef06b
SHA512 3fa68b311cd341204c234e4699369ea20ab6af970b93d9da77793c27704a00559ecc4ced56100be249d9db1c689ae735c0bb59a0ce2aa4c711c25f00cef81644

/storage/emulated/0/baidu/tempdata/ls.db

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 7f9f62cc98beae86ae6383e11a345c6a
SHA1 44cde701dc08ec8498ab459dbf5367b1d201d8dc
SHA256 2df7c983c461569507b015feddcd6426e86ed8c6ad0b52211746c34b4296993d
SHA512 ac8c4f555037ebf0663c2e197528e3f7e20bf8b98efb8e20e666d55fd75f23e0a0c682ef0ee3425d6ef5c593bec0d4c0dc7bad79b434ddbdd71b7585445817ff

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 820ae4ec57c689ff31bb32f968f6ba9d
SHA1 a750b20b4938880c6c80ce0853052f0abea1521e
SHA256 2a5b5bfcdd4070cd17853c50d7035321517fd730674b962f84428631e47a9a82
SHA512 36ffa710af37eb00381ce293c715e05d0ef8521b0a164b1297eccf3b5d9f56635a3910e71a33ff6de533d0db4b3df247cee8f257fcb854a51fd1e4c4f8a89224

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 629efbb0788ab9701b0762a664e1e0bc
SHA1 ed3bc6c215f225bee08238eeb26169afcac6a077
SHA256 2ed849b5c35304a485da14ad130633b4e4f8541d0c906a2fd62e95f041a70d32
SHA512 b489a9cd9fb6da78b2519a801014b0caa5a286426395c91ea26f5489d1783852b0e840040cf27e0f8c4888f1fb51f44fc46b9fda9525e45a861f20626b1b3a82

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 0e64c49a1d3a662b8b5429429477dfac
SHA1 32f5cdf452271173671fd5366693aab1484b122d
SHA256 80cc44d4741c37c8655badd6c2f0391219f463849e7ae2fe7c1d6f76414b05d4
SHA512 9804b348862dd970264eac9e465eba6ace9ddcde07dda14ada26252a16cbbdb4fc9a3081059f0247115fc56d0b262aef296581d3e3412151634c474ac161d4c2

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 6b5cf7d86689048102904198e294b187
SHA1 01dc724b220415b3d6a67e82b1ae0f3e2ba6654b
SHA256 fc410250582bbec34284db36adf0cdf3f6b512f4478175ab8a0b94ed438850a6
SHA512 7b75ab313000d0425853ab34f595935744f742ae592ba6c188ad590e67bd788d6a03b1c3e8e9707f1f47ac097b2a4df7c7c13886934cfe4af7366bfd37940c26

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:20

Platform

android-x64-arm64-20240514-en

Max time kernel

180s

Max time network

190s

Command Line

com.cronlygames.hanzi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cronlygames.hanzi

com.cronlygames.hanzi:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api1.appshare.cn udp
US 64.32.10.13:80 api1.appshare.cn tcp
US 1.1.1.1:53 api.appshare.cn udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 utop.umengcloud.com udp
US 1.1.1.1:53 alog.umeng.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
US 64.32.10.13:80 api.appshare.cn tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 cfg.adsmogo.org udp
US 64.32.10.13:80 api.appshare.cn tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.net udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 cfg.adsmogo.com udp
US 1.1.1.1:53 cfg.adsmogo.net udp
US 1.1.1.1:53 cfg.adsmogo.mobi udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp

Files

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 37a3d85eecfe9d9fed082f5ab82f0764
SHA1 7a520f59babd1da7b2e44c2df1f8b1d37d40816e
SHA256 3ac6d3c6d4afdca17353d8268c0915aadc886019842c71b6d83b30ad232bd502
SHA512 0d51afe388cb942653a691e75448b3146108d8f054566c535db418b0fd1b493670b759068699cde248f9c401b882f3a8f622cff864c757ae1c1bcb54f3830005

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db

MD5 2cce8f37713094e7274dda98f5cf7331
SHA1 50ca012c886bee9475f363456dde593d191faf72
SHA256 d4837f95e0bcea112973dc6efc1121053b5fdcd87f7351af8eebcd904f6b9cca
SHA512 6df0767c1ee03af4f9c4372b0f4180bacb2e057c021508221ecabe16571bdcac4c78c447ee1c37a8628e0529df73f5b85ac42fee213564acf766d2658851bbfc

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 41b7ab128ff3d65ec20731c5aa0362f1
SHA1 fab14d84e928470caf0cf597e8a87c09af2fc90f
SHA256 8eb067f262e897acfc48eed8a32ed6328959d1aadf749c89f64d88b45cdb14f7
SHA512 4c763ef09d6384b5ddeaf252529279f401e9a6a3332b3507429e7c96069dc2d6175beadde6808ef4b1d8340e3907142227ca65921207087132d47af556613f51

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 6bfdc64c509e2d7f6831622fabb3ab29
SHA1 44a656fd54724f5041b5eac3078769748ba92e42
SHA256 8e3486a67ef99de591a6bad752926d049583536b339d6a6e307a175f437374c8
SHA512 e4945b93e69f5de136dafe1d242b6cad53d7e532a01eda205178ae771e93757a5afa439a5a9c1a7d8db0afb185ff896420f4f11ef352253cf6817879690c61a2

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 e2c58b77c8409b969743565ec4a39d38
SHA1 cf67fd7fe48b4c0d371c7038953d96ae66cee0a4
SHA256 56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c
SHA512 768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 a5eb80184a68826ad144498262c671cb
SHA1 bd9fb74601d80e17e22e8142942051a4f2fcf038
SHA256 20909ded4e0b62c93ff897efb0496d997eb90c433cb714d8e3d002fe32ceac46
SHA512 33fb2611986c3e75b650f7181e1802c74b126005fc1e0db8d4f18ed592657a08aa3c56a5cb8b59bc1fc37807279992bb3301aeabe50cc9178837d512b36519b8

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db-journal

MD5 ce4780fe652a5782b2ad6f04f3091e0f
SHA1 edc13d445e38f3e1df5f70a185c050e2592fe64d
SHA256 264d11860a42505684f3ce811ce59e5b9b48ba940ed1e679adc814b9cf82e5ae
SHA512 c9d91329be506f9b57ca66bc993957f27e65726fb5cdb9cb49966fff89a4d82c9facc5375db820d37e91abee438dc5441996848180b2895de97a631c5a52dbdc

/data/data/com.cronlygames.hanzi/hanzi.db

MD5 210c93d911d1a5a3feb6b660a39b5b94
SHA1 7de0999fb86afbbe808cf1d50b39583c50fdc2ab
SHA256 e6f34f6e67adfd2c801c2018812ee4cd34adcecdd8c4318388bd7b3b8e28adf8
SHA512 be1a1f83909da45b73360d8642fa68dedf3b82b30ea93c07c9762c4a2f2caf14b148bd06e19992fac09e7643bd039cd5470e8cd1d02ef7b01aaa789aa0704429

/data/data/com.cronlygames.hanzi/hanzi.db-journal

MD5 059ffb4fb1143538615078fc0416cbd5
SHA1 1834e3f7f1a447e04b04e916f411b22cc18dca37
SHA256 7a714f67eaf5cbe0445f5188fca0b30493dc59a3a86a1edf4ac4114f514aef7e
SHA512 943ab3a8bf826e0d9495d170d28776ce5141f7b05220a5c01bb6b8dfad04b4998283f175fa6d09aa9c81b2fe0ab30bb949c4aaa105710a7ecbb6e485e7a8dd83

/data/data/com.cronlygames.hanzi/hanzi.db

MD5 e8f91314ad1b0d2b006bece9f8ab3f87
SHA1 217f8b41f6c7d3caeb61393cef673f78a0fe99b4
SHA256 4b4aa0b28f86c19d3dcfd9ee7d31315462c052762a3e09644e71ec3de0889e9d
SHA512 e4965d64b4d7545889b8ef3741b2d789c00887c7b900d80e9409b83683efd4ebe828784664cfad368eede62bc62b35cb3700c3fa327775b6d010f96ab2c4cc7f

/data/data/com.cronlygames.hanzi/hanzi.db-journal

MD5 b20476edd13d24b63d1fde3d1a3d7fe1
SHA1 ebf433ec7c7082a0a0b91a50d4e6b05d1125d350
SHA256 899610c2c0de7775d4cae46e4b4ba3ebcb2ae55f05a378f530a1880ec34cda0f
SHA512 96ab8066a6b00ad03b86b7bd0e5e33decade8f176425fdfb90df87c1de922eb7bdf3d91fb3a3ac5e240e63024a7553f0f5c434b4f09db5f762efc619659f6c6b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3f28e36f7b7694ab56204c4b74b3cee9
SHA1 517dfd95f4d98c8ba890e39e69f89486a725f9f3
SHA256 49727069c324f3fd8d739e028ca09610dbc8d8f94caf199ec3dfd0e716d98fa3
SHA512 1a7c364281f404f622fddddfa962ca9466f5a8908a4f13e1edd375114280f6b69a9dc68ba4ca0c19565256569fe70f599176a5df40cea8b96709cd97e8f6394a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 26433758475838ce09b499ae47488577
SHA1 c7993d09f6f992f00dce3bafc19e32dc84cf2ee3
SHA256 69cc1a4dd281bd27912667234892a630475f8575a4123cc4ed19e7ebc536002c
SHA512 a90163540575c5a0632579f70ec3da65ee3da2d0a5de154266035944962f72a89b89cc9e33575bfc6424d7b31d5228e5db08b388c4cabd4d393c514784a403b7

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db

MD5 d5300eb5e0ec66ccc6e66e50048f8679
SHA1 9eebd4f6084c905066b419ac12e9223fdea0a317
SHA256 a708caf0d5dee9622e0ad973ffc98648bb2d4790e2108dfab0571b150e920ee0
SHA512 87ad05188cb69fdf7285bbcc8783f63f766c17b784d8e4fcbf53ab6b2763589d368263c53caaa15677ea63642b94d9534a7a6ab43971eafc7cb39b8bad62ae4e

/data/user/0/com.cronlygames.hanzi/files/umeng_it.cache

MD5 f3ba0712e470cc687170b34dd31e7740
SHA1 fb85801e3b3b90a6efc2ee91986aa921dcb04deb
SHA256 84960f72ab303d5f896ce16d91162e8afd26833c37274292dbf44b721da4ae31
SHA512 4db21bf6700badbf670638ae6e54a57390e66d6905cf0258059b5b6fb33bd1a9e82c7991852bc91bb5ee6d24e8b7241b19eb1eb4e178bdd7d52dbabb7c39912d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml (deleted)

MD5 905837c0b925e429fb39f0a190f53454
SHA1 d86a909e171f31f7264125587827cffe72fea272
SHA256 113e13f375cbe770b7f904cc0d276c15dde7acb7149e2f2da43ab837430b5b71
SHA512 41f4f3ecf4d641e973f8d150f891d7a1397d9a2c1f638b0e887a631c2167c7ea94cc6aa7249904845b24007aaa54d94e7a744e8f4ad046145b7e04ecc92138d3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 49a88d20545e16b055c48848b45f6e5f
SHA1 69717627465aeacc06f2a41bbd7e01d2b302c32b
SHA256 96519bb3c6c194b53ce6ed590258677426597be6736d53d9ebab63cfaef923e8
SHA512 3ee3ffe493e199ae384cde2c66935541fb46e8b46cc684f6411664183765a79ec046ff1612eff98249828bbd7b2b6865a2ecd2f20563c24c795b36a765e5308b

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db

MD5 fe0a5589c05e41e7c4dbdcd5060f7dd3
SHA1 b9234101768f376e3ea3feccea66f0df65b91f53
SHA256 4a1804ceb49343febcd97f761f29645f8741352de932114c908fe8f527abc4de
SHA512 7506d86f546d16241804433f9a11a1aafba04132fee607494b48a4e96627f30f54bc5288bcab92a45f37bdab48b9cb24401293d6e0d542cfde73eac7b1a71689

/data/user/0/com.cronlygames.hanzi/files/TDtcagent.db

MD5 53e93f7bba08a0163237a6d60f79dba0
SHA1 24db24d0940b801f98891f3e204d975640c451a9
SHA256 365b96dafa18fa37bade10afc0833e44b6a667580387ced001bb30e772251e35
SHA512 1c6fbd68304aeca0803ac93a95a30a0dad6afd391016eb6930146081958f0b4d9ca2a98d0e595d213ed50c9403e4b2ebb0e37facff9399726186266b4c831203

/data/user/0/com.cronlygames.hanzi/files/mobclick_agent_sealed_com.cronlygames.hanzi

MD5 adcc306628d8bd2c582e336f3e3c415f
SHA1 9d0029431fbff259c150fa918ad2123b78274c22
SHA256 0cb46d91c9788a404830ec6dd96db99d68973b598f2abbef00cc2be226ce96e3
SHA512 146d1107035fdc6da5dccd97e4bc432b5f53df4914c99497582edb6c12a9491b9c24610394b136f75c7f0ce41e83db263b65607202293fde2dfb58a5661e5299

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-17 15:16

Reported

2024-05-17 15:17

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A