Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-t82xqsha7s
Target 50782829adb6127099f799f794572868_JaffaCakes118
SHA256 4499f7b775d18998fc1ae4a6851e66ebd0f51017a758f8320687a738a16c5771
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4499f7b775d18998fc1ae4a6851e66ebd0f51017a758f8320687a738a16c5771

Threat Level: Likely malicious

The file 50782829adb6127099f799f794572868_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Requests cell location

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Checks CPU information

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 16:44

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:48

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

181s

Command Line

com.syezon.wifi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.syezon.wifi

com.syezon.wifi:remote

com.syezon.wifi:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stwifi.playbobo.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 statistics.playbobo.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.169.14:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 106.11.52.98:80 api.m.taobao.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 106.11.52.98:80 api.m.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e3e14bfddb91d19c64c64525fab6c255
SHA1 f0010d8ece4ca42f99a593e53d7b53ff62d56279
SHA256 efbe9cad4d25e5aeed8e85c550ae518f760e08c60023daaeb97b1556e26ea912
SHA512 3c220e3486361a3a5229f6321609bba825776c33c1bd0c880a12f32e9c57fb2a33b92522f9e5f27a028af07e7b076f28602abc43f1bcfd4bdddebfe0f0f54dfa

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d8e32bb7cecdd844b924faf031593c26
SHA1 b70d59342564e59e8466ce317f7c6f03bc60c213
SHA256 d900379c7c7db0f20ea5c94f4fc4c6d2faf00249676d59475676f489670e6aab
SHA512 aa5886e9e5cfcefc5515d317fd038b6321669610f2a7c40f80b09abcd9b674191c86d0f8da6906fbce1ea83fcda8bdcd63af950046e67fcaceca26e0e779fadb

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2b7e998f4ef5bb5aac10d358f61b6357
SHA1 2b8c6e395c48a17e025bd2fa07e6ae47b2550996
SHA256 907823e2dcf6b322bb137b1bed7c46aa5d6f24428b05a61eed4b4e1cfae76d82
SHA512 9f6264419b9e7d3a42f7092a2471a2c2fe64430c5ce755c28c452ab56117ee20d8fc1482e539726eab845ca4c704f838c375031726e8266bbdcfba63151cc1e9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3889e631580e6a3c3987f481b1d544d2
SHA1 dd7aace74941358e3123acbd4e52f81c64f651c3
SHA256 bdd8daccd0bd30f759331c820525c26ba6719708a784266a6124b7bc14d0be8c
SHA512 7361ff87c135d787a175a8c775dc9ffcf7cc55b7db27d874465b95324acfdfb6d218ffe6c13414ea04607e80b95d6cf634e303489625e5cf68f196af81302746

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 5efc3643a45bb7411d398b10d3993850
SHA1 3b6d679f7472caa7ded20eebb16f54d63a468c1b
SHA256 8cf1e3768c9fd6565b214280156521d30f3a27563afb12398a326a2d0456dc81
SHA512 a1165fc281dfeaafa57b4dc6251fb7018ce125ac4222f5e664ca16a5b41ab1dfa72dff2298234bee8f327ccd95ba3634bd990a63edba0a7c75f48492768ab051

/data/data/com.syezon.wifi/files/umeng_it.cache

MD5 a8a4fc408ad9a31fc48049e3ff794a9b
SHA1 1424f541b6f086799503f32cb2c189449c87649f
SHA256 134113012c79c28769533d568d62462fc76fe0dfc3a0331e222a2a1585a060b0
SHA512 a9ab77f4a13afb7819fbc3a32a2ce86104b140e8acd56320ff298c96ce10c195120622afaf837fa9d60adb7be8dce1ee12b0b48aaa8ab70f0790a8abb030db4b

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

MD5 1acca54aea6f2c54f3c6a7dd75430f99
SHA1 f6e58fc76a78a608cb4efd1d7439856bf2670928
SHA256 a91953e5ac173c43471dc0237bd8b181e1d9b1d885d01af6c4c5bd5605512180
SHA512 07ca0fd4ae880043d1d04cdd6e6d179713c555adfc117e966e8eabf5ed6bdbdfa3c8c9690aa4fb7a070b077a9087a486413ab74f4167c37822fd1d624b14fbb4

/data/data/com.syezon.wifi/files/libcuid.so

MD5 031a24b538506de97f825c0c82b99bfe
SHA1 bdcf439a8ced117f7b8eafc2db438403a43c0080
SHA256 c91d528e718aa9266ea464f9d85d288ecf14decd2b4843750ae7ec13207c2591
SHA512 1440e299f568e8fd275774f359ee42a0cd4ae414c7783250321ffc440b90d634e34f78d474b6321ce60c7e34d8b75869735ba9f5a92140196e9f33f53510ebdc

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 81ced8bd5ce01f214a97d01566727521
SHA1 aef315ef77915839613090d0228e5f263e620043
SHA256 8832dcb27e5df0cb095fb8165c19d4070be02d20c04dde15aa4bfd4b1b8d5e26
SHA512 c0a414692d7a9e3f4469119d2db4f7676c3a6d8d2ae6a5131ccd7917ef6cc65a8d4ce6291c33aac976c580716930250272efeed0a27d46b18052cef83ee6bfc4

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

MD5 d122c4343d09831f9eddf7b441817439
SHA1 13456cec187e226be81e1d0dc051af91bd467e99
SHA256 b341b2e2bdaa18a3df4687b077dd8cfaa2befdb0dc3c5d942d80ac17f796d29c
SHA512 21b6b6ee8a6776f4edf57cfd53b747d8643ea63dd6b621fb786c88b74c3189750a1662c80d1a731e59de873f3ecd2027fee60ba6d3ceb6bb4b5f122d0d955b87

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/init

MD5 66fbdee9a0d38be23fc87d6dcfb7f0b1
SHA1 2f8be483235e789fe7e35f473dc9f0bbf6e3fa0f
SHA256 e1d2bc1262cf4b8e9ad9b292faa9198f997187856876a0660c280896a6491ba9
SHA512 ac1656d7e9792392b324a34635dc761568acb5997683949958340c7c1626398125fc6ea1fd72de9b5ec029f55b73e63f1e9e62cd0bf17d67c56004e452133cc3

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/init

MD5 2bb3bbcea632193f5d3d96315c1e9ae8
SHA1 efe74e0cb424b465944d70e586e11a4bbfe847bb
SHA256 c692d1efb69af98b997cc0c28425e05952b3c033a20f1c1826f623c5aca495d1
SHA512 1ec50c2454e2459f62f439e560712e7b891b6d518cabbeb47dc35af1c79ecbee55ae2dcb8407a3d64aa632ed220e05dc007a70b9d435644ebd9ca58c18c82dcb

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 d8167f2e4d2f45c801f77dddb764b947
SHA1 b4a4a0f6f473f366a787a7f9e87b172e87c09c74
SHA256 531541ee68a2dcbe71b84648dcec4379d9f755693f393b324c15fd8b0bb0f50f
SHA512 55862ce3035d04b3fc1fa874b85d6885d9ba1c3102d64639ba122c0bb1c4d9de8427b15941bbd294ad11ef922b54e38520721b6123ea69b628fd9534e5b500f6

/data/data/com.syezon.wifi/files/ofld/ofl_location.db

MD5 49eefa442e55be8652c7c3c5f28d912e
SHA1 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA256 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512 b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

/data/data/com.syezon.wifi/files/ofld/ofl_location.db-journal

MD5 990270a748f0b96a819bfae8efc62e76
SHA1 45fb27ae8b26d77882020ba80e23ec0a4fdeb3a6
SHA256 7d9a3efea56af448214f9f1cfef2e7ade550e7c1083e0b0a0c3956f974c24bba
SHA512 7c49c7288dbaceeaf244ec5ced4b2eb6d44a56b1f6f4237ecef8d007d1abd8990c20445a3e56df5d0004a3cc64ad8b94b94427abbb4e0892ac103b294d13df24

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 417d311792fa38e35512e50beba0e042
SHA1 d1411be19b5e7735ddcf5e7a5ba4a8113e52f86e
SHA256 8aa0406aead07054365541a08cad60512fa1c7c91579762154f7bae733b64306
SHA512 113a6854b1280ad614ab61fe1de37f8d28fe4a08af5f727a9c25019ba24a65d97453fa236ecc0c44cd38813d01fdda85744f39d5aa9607dec8880975a4803b08

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db

MD5 35e1c0fb9c3da55aa7cbfcffc7507083
SHA1 21e18d4d31b0aea597464b5a29e6919935e8ab3f
SHA256 9b06a584b6e022b185e4822c202d8e28348d377027399b40dcde744efacb34c1
SHA512 8d787a76cf3769bb9b1eb0c9275fae9b3034e739fe6bdeffe67dcd7c19d47ee16631d1f357dd8ec7a4d07c710505a7b517cb76333e3749beb65e6ae72ac35d80

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 000875e1a2106f82b0f0ead4e052747e
SHA1 5cf90b842489c3e12c9faef7ddbdf20d009a4291
SHA256 f338cd34759dc56064be9758b8f028b0013f70bb2e14baa81de9b1085842062c
SHA512 1dfdd9f99426e7592ba7958b5f37cd95c2cecd45bbcfd8823506718e5a48b73f691f5f5755618994d8fbe7118caf6c45fadecdac26763530b405be6fc39d4eba

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 b1e6be0ec8024aac356a20de7cca7aa8
SHA1 780dc838d2fccfe7a55a1dfc16b90a36e23c7737
SHA256 17851d1638eea5d29ddd103166f4ba46600882a7e5c18944859ccb6681d06780
SHA512 6bd47ef973c06288b1d4964461de1f2df80b596eee4b169f83601e35563fc93a032d661fcdc5220e1853fb5ef1fc85b097ced3f7c0a867701301b311be38cb01

/data/data/com.syezon.wifi/databases/wifi.db-journal

MD5 ee140b7dbef467cb054996e1cdd37f7d
SHA1 cdbcc44b74506884130ccf582255b119fc1c3111
SHA256 0ab4725cb9263c0d4046a83c1f256d998008d040766e58ced205ba9235b0c29e
SHA512 e13d4c105816c3f03f3976e3712d2a01156b43f25f20c18248ed4301a57a25b13d4b0081b615ae4a060932b8cd367ac0946d62094939b57292e01e4c50b84957

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 3c74d4cacf78906d2c00858eb20d5986
SHA1 25863a4a6d8c27c72098d11c6c3e35108a008b9a
SHA256 fdab21c3169ee8b17d76b3eb924aed7d8fd26308a5626e130b0a747570107475
SHA512 6ecc256f48c208f5feb461ae9184ffbc9e0ed2b9fc0e02c0f802bd4907d2b00ff7f9bd2954e7cb1d07584f18cd91084a1c44a7cdf1d6d264fd18258c97ac9aaf

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 2d461c02c12c797f2c97cc47768a046a
SHA1 1ce9e3458e6329ba42eb6e934f9a0aa0724ea93e
SHA256 80362863476d26e23bd49fe754612cd138f5936a75f68929a3e33958184de665
SHA512 9d787c89c172fba94728f426986e335b0dc82109ff7a6e6896d6ec4913b3b40cb2353dcafc60943d0a4d2ee880c2b4771ebf626cd4c6b028c3de0e5613c2315a

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-journal

MD5 f1e6764db5e91f62a92e3d207a3fd046
SHA1 d311b6c3b413decd5ffb3e69833a2b67e00c4f79
SHA256 fe4115d7d82934e1829332607ca0fbfa55320dd3f8bb98a64b007f2a94d4f525
SHA512 97722e911facb382bb6ca2c75d9a04d01f5e4a3e4c40f93faecec0987fc60da60515ab4595c309a91a3dfb0f8320c996a13b1b9cb5331797cdb8fe639c73f9da

/data/data/com.syezon.wifi/files/lldt/firll.dat

MD5 904673ee55a42956ab634328c3456f80
SHA1 465fa352ba9f5a88f0465036db5aa0be8b4dadf1
SHA256 0d79fe42527aa94d98c704524123a94c80478a6fff733c50abb23adc1ba780de
SHA512 4eca44ca3df6ea38d9e0e85c331b179bdbb51ef5ec4056c04d8e66a1d6cfd4c03fb55bc9427f1c0ba47a384bbacb3c386acfa8bc9a3e05796b2f35735b39fdce

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 8cb9b705c03bf2f40f65618e6df1a7a5
SHA1 5623b8a36d048d265dfcc007df85cdf0e389b13c
SHA256 029de0737643c2dcf40481d68d2164a453497886450eb73b005391bdb477d986
SHA512 5355b4ae56ffd4886c9923daddb0793f56bc5b1a1f5d24a83c76a1ce9068b8892519407d1e2f89dc3f031a0858cfe5dd3b80f9d4eb0fca58ae0bf3f9a666f542

/data/data/com.syezon.wifi/files/ofld/ofl.config

MD5 174a23244295d4e443627aefba4747f5
SHA1 73d8fcc7f64cd9b7efba2be762625e56e6a485fd
SHA256 2f7397ee1b4b123fbd35f3e171a478b61351ca0c2449a20402c543b022d343f5
SHA512 cc7d57213364d5619d454e4876d56fb08d4fed49be9ef7dda1212bac1b5310955737664c51b0df4a3c3417dd33338f41046829e9d9635c91ec2cfac2f03ce920

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

MD5 054b8147fd56ee5611e9692a8cbc22a0
SHA1 68b20f2316a3e79853d38a61345875a056e85196
SHA256 26e631168b56222a6b7b925525cbf6decfe346c0a9d8447edd9d346b20ebd1c2
SHA512 40f8dfb54b8939f6a3f004ac5e20c1c505ca29adf841cbb7da771e1b5fe01535d224fadf0119f6ebf5c69fd911eb61846b7394089f6e6d24259baf57cc3fc9bb

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

MD5 a37f83f88d854253f311e4d117f7831b
SHA1 180d8f0c94605d57ae73fb4a4e4d4368b2386930
SHA256 1ddb3036b3bdf9ab26c5c71b93c06a7503b7083098200605f8da6be242f7254f
SHA512 ad69943716e3e9d7eac193d75f4df1ee3197e8dd159d7baf65929463b035c63752d317f76d465ccfaefb97b8a31622b8916568020aa5a1c65a596d7747717094

/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

MD5 3cf8ad7249fa09301b0a276b9861e719
SHA1 2e2499c83b1d9629fa4ca2bac1fe18256e03e9d5
SHA256 e2f1cae4f87eb9eb5001c90b2eb03c91f9304e4d59489d6ba27ed0330a8f6979
SHA512 2c69d7705542722d58545b4c487353ec08e8c9e9d0a630a26deb82dbd8203983e63de55be626f40bd77a5a32a312ad255bed162a3f89a03d6b760e9a4a056a51

/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

MD5 575c6ad8090c2e4436db47d670d20bf9
SHA1 939c69d28c9d2d90a47b4106119621c09aacf0cd
SHA256 48f004ea938222f19d7897d4079cbc9a59e65d93487f3cb6b7cce200cbb43d3c
SHA512 95be50ef901b6d60f4840e0777d8116b2e48f6dcdcb983e2184d8a1657260329ac4c6c045586d3ab5e8914c826501bc5161488c436595c2f5c0018f5af2f0ea7

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:47

Platform

android-x64-arm64-20240514-en

Max time network

164s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
BE 74.125.71.188:5228 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.187.193:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 yqoftdm udp
US 1.1.1.1:53 sgjvofrfdjbztk udp
US 1.1.1.1:53 uuemzsv udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:49

Platform

android-x64-arm64-20240514-en

Max time network

161s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 142.250.110.188:5228 tcp
GB 142.250.187.206:443 tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.200.42:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.178.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.178.1:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 ipujzabcueh udp
US 1.1.1.1:53 ahouohdjlgioje udp
US 1.1.1.1:53 dxbgybd udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:46

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:47

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

130s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:47

Platform

android-x64-arm64-20240514-en

Max time kernel

4s

Max time network

133s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:47

Platform

android-x86-arm-20240514-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:48

Platform

android-x64-20240514-en

Max time network

185s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:47

Platform

android-x86-arm-20240514-en

Max time network

130s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:48

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

185s

Command Line

com.syezon.wifi

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.syezon.wifi

com.syezon.wifi:remote

com.syezon.wifi:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stwifi.playbobo.com udp
US 1.1.1.1:53 statistics.playbobo.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.212.227:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 api.m.taobao.com udp
CN 140.205.160.4:80 api.m.taobao.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 140.205.160.4:80 api.m.taobao.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9c331c31b5ed423000fd0057d803bb0e
SHA1 4699f1fef9ceee43fe59fe7f7e96973073132243
SHA256 417c2917925f6ad86bbb02fefd2e38539fdb6dfcdd3add243dc21fecfce3c211
SHA512 565138edf167b709b2892c2a0b8a4929110c1c1f29f7624af9f0bff415015f70177b6cec4b2d0d207865623a763c4b6d0dd80d19992c1a791fab13cbb0fbe8c4

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b834904df2f4e1f2eb4fd35f2e0f4b80
SHA1 6d351e1c9fb912c48b024f5b38d694e2a9014e68
SHA256 d78934d3d2404f375c505619cd8787526ff1e5874553b4d1317431dba6953b3c
SHA512 794a7401ad5b9f36d65c0f23f768269ef594cd4b37679a056081742af6f0b480a0b1252dccc3d999f1523083eb1d67646c2372411475917a7ae1b4c55d120639

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 0abf9bbc8f7cb1e2c045fb5fabb151c2
SHA1 2b2fcf4407b3a9eccc85e2dc8ffe76acaab8b314
SHA256 4ca62dc10cd1613b949ee1de579a09ed4e6ad89fb6c14f095ac4326c8e20f8db
SHA512 00864074389ca562a38f0897432786be86aaf43d7f8130235e45b162eaabbcd4c758fb03640b48ebc670e2d7aefe9577e010c968917b52c1b92c9307e22af08a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 772e4e708b96bc5742e2128a7d317414
SHA1 cb790abe93b45c13219a4df161253c77fa843780
SHA256 3e0f43f5317c71100f42f204a59a95740da3313610dbf7e9b18c85e4034396f2
SHA512 d9cb585bf4fb3ab9a6935c1eb3ddfd889d1f034ffb3d4ca10939c4b4fd18e621dc81306c37395d61054bb8a4e4cdd4819572b9cd71503a758abfd056f793116b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ac40dbf850fb4c83e2965da5c791a566
SHA1 087a05c09a9fbc0793dff85346bd781e8d963bca
SHA256 a78d92c1a9fc447a39f8dcb239679519cbfbb1b4fa41ae674ef6aabcdbe29e1a
SHA512 3ded01afe8162a7463ae77ac2f5a87cf6a91a27a58f5c1ed100dc346a3d17cccfefbdd4c1ef6fa43b5ddd02b2edb94ede1c1b27e6013432f3d4c21fcb45e2376

/data/data/com.syezon.wifi/files/umeng_it.cache

MD5 99d1455a50cfeba05517c654463d01ad
SHA1 753c60699c9a010b426df653278a29371f65cae4
SHA256 e195af14589f6157534c1d7b9fdccff23c6495bbcde88ea1993dab1120176f6f
SHA512 0ecc21fbf0852a4688781585474abb87f43894d67a8eb254c01e317f9b1be685581641ee174bc55ccc19441ff64f341223e293e986ef6760a33a0f4d131cf819

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

MD5 4708d2d22a9a0f14f7401aa3f0529aa1
SHA1 3df9237276ceb5ae067fbc3efb5a5b5813134e1d
SHA256 97e91c1c02e349f7c1f54c1ded5d99bb82a5d34b98215e77b9d947157af3ac68
SHA512 99160f058fd46f6fc6b133f02a4d260cbd90194df046dbf2b0310bb736432d2d3212260abf0f45e6292577eb9c6b9530fedfef0afa31f4f77aff2b0533696631

/data/data/com.syezon.wifi/files/libcuid.so

MD5 d06b1b61e5bbc63fdaea51112bdc187c
SHA1 7ac3a306d4d504577161cb49782c758216fb1be7
SHA256 212e17b333696d2408bd30e08f4e3202225cd5effb6c26b82ed79707adad573c
SHA512 75a21977315fb1790d5cd2925c28c069e0ce6104ad84bf61edcfbf68c21e5798b46607548c4c4ed8d651017c1376e9d06fd85922033ff382baa8df7c5e02ad9a

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 23fc7dc015aa37498939a6be71d1bebb
SHA1 f61319c2c6c55a5c07ef56f9c5fc34d95f51a097
SHA256 3d0010ff3720b7dc8cf97464a9b11797386e8ecaedd70f317795b64fc1d6dd20
SHA512 5efadfaa3f98610743eaefbe84f486362b0fb67dfbda81fca78045466885e45c4d835260d0a4af57e4b373e41c8351e55188d3a99b554595bbd7310fd609ba7b

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/init

MD5 d56668a51ea64aaedb5f76ce3b63f6df
SHA1 d4efc83a56afbb79f93821989fb27d2212bf8c23
SHA256 4c45cabdbbe07772574016fa9f929638973c4eee2e681ab8ec6b2b2e44d82ba7
SHA512 393b2e4b5a782f4c486a62e20345c50f01fcf4dd5d86a7f175112643012fdd68480bbc64aa671fbcebf07032b814fc89d356091e26c0d58d88e58cc7e58c75b9

/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

MD5 a851097be64c43476b1985860235ff6d
SHA1 01aece54ab5470fcb1caa57fc022d746038046b7
SHA256 479cdaeec01d1e5ed83a2997d44035aa2e67907fa1b9118525f3289d6a5b76b3
SHA512 b6472a913e685a9ccc30226dd35fef23c12ea20a3a06b68adf8d9542d2797e3d8d058681ce113e52748730724a4b5b100fe9de9e54f88f1eee6a3b20b197023d

/storage/emulated/0/baidu/tempdata/ls.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-shm

MD5 2e9b9b5fda2d7f5ee2e129d651935078
SHA1 40fca833469eed19251d9fb79a73434576305685
SHA256 d5c0819f926ee69c1f88211e3835994f695be4329a3e444bdd3c7d5c65a9d000
SHA512 dd1131e947565f026bca994f023905c03eddae41ec3506c2dff7d46ef2d169a9a0fdb854711fc787c26af78bd82d5a8cbe045379056b9b9eae19f62f8af1108a

/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-wal

MD5 f05e321ba81081ed0ba752a484636ec4
SHA1 bbcfa21c39562f400a25126f91e4cec83899f8fb
SHA256 23a40b5b4dc067a25d49e6596b04b46333d0a22279c3f42f0f5bb7fe013c806c
SHA512 60f1143d1a17a30225d89cb7756f131c296cc9d93dc6c98da6e11724b777428b5d3c32ba64a0455dad484d6c28031ba0131eaf61059e67d0b7d24cd77aaab96f

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 5f916dbd5ffd3585d29bee68c5f2810e
SHA1 cad4271645229fe9c444e51ec4a61e911f6b87d4
SHA256 2eacbbd18fc246915d44df47840c804f2af456f86241a635f19e892e07db5ee1
SHA512 89500b1d97fec753aca4a9abc3f50e602bd3cc8c476256b3d5e9c3452ee2307885facbb2a9257ba2b0d32583fc753a31c3f2b15fa647571fe376d145c89b6c8c

/data/data/com.syezon.wifi/databases/UmengLocalNotificationStore.db-journal

MD5 6d2a735a349d950d6a8a7b899eef95e1
SHA1 8b9abeaf87b90031aa68da3a40734516da5e8493
SHA256 9406ffbd633b68d131cf2b5989e06ed572ff188e346f786563424696b48676b0
SHA512 2b92c61123097a0817b903912012152ce2249be52f630a6fa01e87bf8f24f7a7516ff9727e36fe450d885f46d393f52cf8856df420517503b18c222d6c7d8650

/data/data/com.syezon.wifi/files/ofld/ofl.config

MD5 a98ddc5fb81d37992477cbe7c3ebd882
SHA1 bb2a01459d5cb2e78ab2936bccec8924936a3644
SHA256 5dc9f69a8a5a5e9c5b0d17076aee58630aa44a8bf89c5b391ba744ee50682e60
SHA512 9508a649f0ffb2e63fec0accb33c7b6a780e172f81bffd787af8d64cc9e82c86deb7b04d9f79575331a543bc9a076f18a7522d4f20f0e6cf295e91d1114de1d3

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

MD5 054b8147fd56ee5611e9692a8cbc22a0
SHA1 68b20f2316a3e79853d38a61345875a056e85196
SHA256 26e631168b56222a6b7b925525cbf6decfe346c0a9d8447edd9d346b20ebd1c2
SHA512 40f8dfb54b8939f6a3f004ac5e20c1c505ca29adf841cbb7da771e1b5fe01535d224fadf0119f6ebf5c69fd911eb61846b7394089f6e6d24259baf57cc3fc9bb

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

MD5 f8a08e083449c66e783001576e1ffc1e
SHA1 a2b6eaf4ad892b4265acca60be0b539698c1c582
SHA256 c820575c3c23936e8e05cf3cf428a08d3688053b0e224631fe85c92c138971a9
SHA512 dedc23db8557a0ea5c6ca1422b5ab1341f486d54e3f02649246b9b4d6831533fb6963e659436c2ceff64ee935c0aa395f8468660340c335d78cd87c3e55b0ac0

/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

MD5 30972347a127ff1c4717bbadab1cf978
SHA1 8905c653fd5f78e9d082cf362bd37c1571de14d5
SHA256 71c486d1312954599009cebf55bcfadb2d6abbde234bcf2becca76f8b7f6187d
SHA512 963319786f3bc07b3849e6f895475a887e3dfbdce20e7fbcbe67571475f1336496722b76524ac3f98def8a8690e5c3ccd09e519d30769d4779738f20381978e9

/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

MD5 ddbb24a072a6ff36925004645f3f0d54
SHA1 729ff8ab70442668d5b1fa679b2ad03f23950731
SHA256 8486d6d15c3d4b2dbdd33e7a02701e407e2c936476e20a350a25a7af815f5cd9
SHA512 0fc3040acccda9d14b10e87ac7033702e4c68898ee5e99539703325b31d8e95be6f91d8c456bd5262afe8a3315b8032cd332951b666452d951e8125e0b806e76

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:48

Platform

android-x64-20240514-en

Max time kernel

3s

Max time network

184s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:48

Platform

android-x64-20240514-en

Max time network

151s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:46

Platform

android-x64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.179.234:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-17 16:44

Reported

2024-05-17 16:46

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A