Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-tqkwhafh38
Target 505c9f7160817d3e855eff2f149811ef_JaffaCakes118
SHA256 cd8e15f7d989db4e45f1190c14f904f548af1a40d62537ba2f2ae933fc148895
Tags
collection discovery evasion impact persistence execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cd8e15f7d989db4e45f1190c14f904f548af1a40d62537ba2f2ae933fc148895

Threat Level: Likely malicious

The file 505c9f7160817d3e855eff2f149811ef_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence execution

Requests cell location

Checks if the Android device is rooted.

Checks known Qemu files.

Checks CPU information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Checks known Qemu pipes.

Checks memory information

Queries information about the current nearby Wi-Fi networks

Checks if the internet connection is available

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 16:15

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 16:15

Reported

2024-05-17 16:19

Platform

android-x86-arm-20240514-en

Max time kernel

6s

Max time network

131s

Command Line

com.example.a14409.countdownday

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.example.a14409.countdownday

ls /sys/class/thermal

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp

Files

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-journal

MD5 e41810b2b9e96f058bcd23d74ebb744e
SHA1 c3b8760e9979e3e4aad0834534b4aa7616255be5
SHA256 cf14c5b5398e2dfea36101bb4ac93939f63f8e912191f4ae74fbd7dcf24d7a31
SHA512 3f03e01c2dc3222674ca130a63a76bb9551f370498a01d7b6dda46a76e837339583538f84b7a398261abf416962ad557f1c2a2eb128b64f6ed1607d5deaff7b2

/data/data/com.example.a14409.countdownday/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-wal

MD5 7e38ad13e50edfdcdeeab2b14679d936
SHA1 4062c0e84715e7dce680213063f0ae9045077aa4
SHA256 74010fd034494b3a74dfd1e21f9ab975761da3792f71602b47c3df202d7dfc2f
SHA512 4105fa4d63ed3f02d6c4a0399de7319849c25078d94707abde9c69a7b513ff86f50cf18c54e190a072d4bb2e25779a57b4b986148fae4baee35d133e23a67a54

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-journal

MD5 4d950fd5df584f8efe5f85c213638653
SHA1 9f5686a7b7bc19487640e10e4e8dd3c11ecc7406
SHA256 b9cf48b0b06c676d331a0736f472af04ada53c34a336d50a21dc3f5bd1cd3ee7
SHA512 5cb3036bece53f4d7ca28a493c65db49808b593e2101f31215e63d046b6960004672144e579ad18855ffc0331a92cde9d5ba50975f0bfd83b358150ffdc79745

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-wal

MD5 74cf81af829f5a2cba440ab069e836fe
SHA1 2fbb20b38f9fb440a3133bb1a970b3f54038153b
SHA256 3f4e9059b35844181ba9b44451e31da97f815bfbb892866746dbabf18d2337f6
SHA512 edc55d23b8767325b7287b109e0c1aec90b9ca01f7566486f5a5d1565f5ae0e8956bc5a3968f2bcdc74696a83b150c54e80a1ec4b8cfeff0a18de09f6e17f5b5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 4d60460fbb8b26c7e0aec026fbd3a445
SHA1 38ed2a004c277f66a7a5d9ea799cbb623dc0314c
SHA256 73be534f49074bcd78015ab3008c4cc09e39bbf3f34fed3ff365c99fee36a033
SHA512 d9abcce712cc66a902ce5128e7a87073af3bcf10cb15777b40dc7c81228110ceab35d726167ad4f7641b847c2753c35b03f2876d81c2dc248f377371dd944a3a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f1ad68a55ae76ad340ffff10e5571766
SHA1 ef500d7532f84c2fd4394efc6b0c3e8f689425df
SHA256 d7855e9dbbb475f0c4e3ce488009e1238692d007d5eb328ad972af91cfea74e6
SHA512 af5a794f0cd01304c33c92308d91ea94577aca1e6065d2f8e2c43764efdf16d8d029f9e78da2a32b68ffa92111f22c42db2c69d0f0f2e0c388aa1e8938cffca2

/data/data/com.example.a14409.countdownday/app_crashrecord/1004

MD5 5590066d69a08f833a820f362f874ef9
SHA1 4529e317ee738cb9040525269a38831a92b6267f
SHA256 96c587a708520c9129de7140772660ccec8a9f515ff82d1c149fa9850857c1bf
SHA512 179fe885c8f31348ce323eb3bf190fdefa4bef392175c46d7f0cb9b3514459687d360b2dbf47222d5a3319971b65c602b165b82ffb2bb6b9b98a151e5956083c

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 9e3bec2406aaf942502ee044b24987b0
SHA1 b805abe749f5d00474fecdfb79fcf8c05fb94554
SHA256 764f06547649418c1e36747b5432bf819ab02c67e3b209c402bd0cfe3ee97ec7
SHA512 aec56a8f090732eae0f11abac5bbad281e3d87739a865edfea9e3f4bb4e6a5701f48bea55d9ac24dd7c39cb96e22ea1162eb1ab0e1ba933e347bf5622981ac74

/data/data/com.example.a14409.countdownday/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.example.a14409.countdownday/databases/bugly_db_-wal

MD5 fc3e65a239f83300ce8323a31ec386ff
SHA1 abff039dd9d6b1d82ab85156e6461a8f79357b0f
SHA256 9bd553a5aef6cede6c62b1de22b5998a7906ceb9f5d62433eea4016eb913b5d9
SHA512 ac5dce0dc24b3eee4a1968b5ccef0319768c5796e76784351165b912be77421808cb17b9dccc7026b56330b28bad9f16e0bb1528945461daa5058645f58c2fe7

/data/data/com.example.a14409.countdownday/app_crashrecord/1002

MD5 c4d6255ca13d60a382685f64c9270a1b
SHA1 f78bc8d09dbd3291419c1278714b92c226c63c07
SHA256 b2b84f7e875b8fbfaddca14fdffb67c3461e89d6b1b0df8ab1cab2c4299d1336
SHA512 2168efc611dcdcbc00acdb7c7e98b632e4ad605a238b5459ae9a2921aec1def75bb85f7012b49f86d4df715344b9497322e261eabffcb30f0f7b539352b0c0e4

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 bbeed0e23202462da327dbd3c12b6a89
SHA1 fa6803e17ccd15af0a432693d5ecb123059dad7b
SHA256 44e06a436d563fb1958db8cd8e3c1d071f3d5443f7cb430169adb4a83374bea2
SHA512 d357cc5a618e220ce78b7ab20bff598a203d19db4793bb831e96a7359fd3f4e65f0a8be01024ef3a2a9079659eff35e024766daacd7f6f805dd66031d29e6d1e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 18d6cdb8f079915bc3e7d1870b4acc4c
SHA1 5af15f9f879018a826ff8d997425ffcf0afac3e1
SHA256 29f988e69d62735f4d30ac5b6fd35848ddc2fad9b76ddee99d7df20fadc9f390
SHA512 51c14a9fc2817f8d7c6b2623deeb4f9ebc8249ad048ed382f9194d5b89a4d3d221a861dc535bf4f8e481a0574eb931b0d76689896bdbd079a46bcf530c691f6c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 16:15

Reported

2024-05-17 16:19

Platform

android-x64-20240514-en

Max time kernel

160s

Max time network

188s

Command Line

com.example.a14409.countdownday

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.example.a14409.countdownday

com.example.a14409.countdownday:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 toblog.ctobsnssdk.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 106.116.191.122:443 toblog.ctobsnssdk.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 is.snssdk.com udp
US 1.1.1.1:53 dig.bdurl.net udp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
CN 118.190.166.164:95 tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
US 1.1.1.1:53 dm.toutiao.com udp
CN 139.224.30.139:443 dig.bdurl.net tcp
OM 47.246.28.231:443 dm.toutiao.com tcp
US 163.181.154.241:443 sf3-ttcdn-tos.pstatp.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
SG 103.136.221.67:443 is.snssdk.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 163.181.154.249:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.249:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 dm.bytedance.com udp
US 163.181.154.249:443 dm.bytedance.com tcp
US 163.181.154.240:443 dm.bytedance.com tcp
US 1.1.1.1:53 dm.pstatp.com udp
CN 139.196.193.196:443 dig.bdurl.net tcp
US 163.181.154.249:443 dm.pstatp.com tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
CN 101.132.174.146:443 dig.bdurl.net tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 s.h5king.com udp
US 1.1.1.1:53 ali-lucky.showapi.com udp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 42.96.249.151:80 s.h5king.com tcp
CN 42.96.249.151:80 s.h5king.com tcp
CN 121.199.165.253:443 ali-lucky.showapi.com tcp
US 1.1.1.1:53 is.snssdk.com udp
CN 139.224.30.139:443 dig.bdurl.net tcp
US 163.181.154.241:443 dm.pstatp.com tcp
SG 103.136.221.67:443 is.snssdk.com tcp
US 1.1.1.1:53 s.snmi.cn udp
CN 42.96.249.151:80 s.snmi.cn tcp
CN 42.96.249.151:80 s.snmi.cn tcp
CN 203.107.1.100:443 tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
CN 139.196.193.196:443 dig.bdurl.net tcp
CN 139.196.208.61:443 dig.bdurl.net tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 139.224.30.139:443 dig.bdurl.net tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 101.132.174.146:443 dig.bdurl.net tcp
CN 139.196.193.196:443 dig.bdurl.net tcp
CN 203.107.1.100:443 tcp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 139.196.208.61:443 dig.bdurl.net tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 36.156.202.75:443 plbslog.umeng.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 139.224.30.139:443 dig.bdurl.net tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
CN 139.196.193.196:443 dig.bdurl.net tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 101.132.174.146:443 dig.bdurl.net tcp
CN 106.11.61.137:80 tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 106.11.61.135:80 tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
CN 101.132.174.146:443 dig.bdurl.net tcp
CN 139.196.208.61:443 dig.bdurl.net tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 106.11.61.135:80 tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 106.11.61.137:80 tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
CN 139.196.208.61:443 dig.bdurl.net tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 106.11.61.135:80 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 106.11.61.135:80 tcp
CN 27.128.148.229:443 toblog.ctobsnssdk.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-journal

MD5 3d05bebe257d2e166054a6ddf8b6dfbd
SHA1 357bf1b60b8187782be5fc87da286a0f5181afb0
SHA256 2b95d4fd47e43dddc5117560f36514a7c7d2c80fab1f9783de2711835c687977
SHA512 d6ddd158eac3034ec7d8e4f1bba2ca86d80c5ed7fca7730052cba2321a8774059f4a56522b629029e86b7b3219bf38ef8f8dcd94a8b4b8eefea9c459f2f13707

/data/data/com.example.a14409.countdownday/databases/MessageStore.db

MD5 793e5eb5a333e5b23a8132576f594b2e
SHA1 dde2a508e1f692ea976d7f62550df7f811374af0
SHA256 e2430d8be7e83ff27dc333d85b6448d28ae8278070474661b7383b9dca664ba4
SHA512 2db25357a266fc51d8b1cdd71ea9dbf979516c62f77273563692c119709d92850242c1b10c164a6c6317d28946121622e0d05e3f59fd281f7f57b8a4057784a1

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-journal

MD5 16496a37928678e50d6532f56a52a3ff
SHA1 ee69739378dca0441b253fe721ed960cec126e76
SHA256 05e8c32e6420a42945100e9cd4768428524ef7a4f031487125237dd3f82be7fc
SHA512 46e76e815fc0e93b265f3cd948033ace7956b8b1e1e123df66487d6960cbbbad819a7815af283ccc38be2c746cd98675a9331f493dac0a990cbc18b3d1958f4f

/data/data/com.example.a14409.countdownday/databases/MessageStore.db-journal

MD5 edaa92f3c7fb78acad886f91422e8b48
SHA1 a402cef27cf0964a8ea2fc271b11e891060ab3b4
SHA256 4027b2d64490299405050388525fda0424d236833b332d8dfb0d710529e1d33e
SHA512 5244d3dd3077dfdcf760d3d7b3266c86643f33cc6c00cd5e4f4c78762010ba68b209493f9c436b32fbc773634a2bf07d6daf3ca98983c0fb4f0469ecb76ec674

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-journal

MD5 a84d787238613ae4bfc032bb4c903009
SHA1 6c7e44a3e23840bce733f0bb8dcb255ae873fe5e
SHA256 dbd9863bcd96d8c071a766a25a64c3990d33ba91e07fb74f61027f4eb7e18bd3
SHA512 00e7b50f4e15438340c57ed7479ed8c11e40f4c40f7a508124143058cac49b089948e48b083fba013aadadda41368fa6c68cb2b2e9079220b2ce69ce93283c6b

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-journal

MD5 b2f8624ab29e216c1ba5c056696ddb5a
SHA1 71b5ea7108af28282090a117a9fcf7347aa0f02d
SHA256 0d4a74cc01f1e88e7643026246233399a63acb9adcdb3cc6a28c9fb4c3d7079c
SHA512 eab57f39695065b7fc294b3d9194e12a5f6a420b74e8ea20f3866daed6a4efa5dfd028ec2b5296861b6e413874edc16140311ee07ab5d7bd9020e79a814b4c1e

/data/data/com.example.a14409.countdownday/databases/MsgLogStore.db-journal

MD5 601bc2ddaafbd54256b6a123c40e480a
SHA1 117f121995ba7638a0b4779ece60b0694e1be6ce
SHA256 17783e9041f98841f8f85dcef69ba603ce945dd2aca9fafedf4e88cfe36243a1
SHA512 c537262743607a28f6d9fdd00e643e559b293a40edc547b5fcc7e32c65415f59ed51c18e05ae727db09107dd03ea6b6645c53bab526b380de5a3d4fbbe3d96b9

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1758be848de7d3049c037690a22bf90e
SHA1 6663d738ae4a6ea21555c94ade0d00c5c79735f7
SHA256 be6e21f121a7190c5d42f268953a085aaea4c026d859e8040a9f31280c7c4415
SHA512 9c4f75ff285699a59a907bfb0be66193011009c77856f162ea50661424af85532e86021d82dd00371670a7be33be75e2c0759eb59e6a0970ea4639fc7691f610

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 50bea860cba5bf1a6e6b90d96fa42fdb
SHA1 073871c64daf004ea0ec9cec6b6fb3e28684c5de
SHA256 ce5a9bf3957e7e1020bc9b972b0a580b8353817913ceef8b47f4a6f60d41b1ce
SHA512 f40aca27c4e0ab3c7ba7b2cb49ed9d66ff2bc17b8f131eebc8fb75b0598244135e6425157411fdee03cab50dc3b209f89db103cd17d432834e0747257b2839f9

/data/data/com.example.a14409.countdownday/app_crashrecord/1004

MD5 50c5557029e8af2aa764caf690ca8bf5
SHA1 9202260e1dfb6d52c806fb7e0af47fe444429b1a
SHA256 e8bfc32b1611e6ec83ff68ad08076e7ffd16e5f9bd2fef715e615d3775e5c45f
SHA512 f5ea8c3bbe848c01cc7309d80de84d41cd7de6e5962f94d2e0c393b11e1dd64cab51726636794c53f8765d6705c34fe234a32def7acb588b85cdeb28b4cd6633

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 59991402ed31e9bb684d0557c69ca044
SHA1 902437bc7448e9d9d14e1166cf28589d0bc58e64
SHA256 762584e72355acd968a29af32c990aefa88b761626af9573a9a96437a9bf8bc4
SHA512 15ebd6b709ff26d0b140bd5aca56f477baa2622b00e93f8bd621f0f169fb7fe5ee203c9ad67fe2a3c48cbf54aebd2c748e51a9f7cb2bc92d93653562bf105db7

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 d0f78d1912084cf36ec7360064d9f33d
SHA1 46eeb0c45e28ada19e90915ea40a88e92276f04f
SHA256 4f83bb309981c86660c67a1bb87be1e168cc6b45fdcade418c3b103de32e66d7
SHA512 fd160045dc4c771bbff78cb15b0d2a23069060d8ce8c67375eea6dec4f722d6021eb79b5bcbd25856e2a656344f6ca3e30fe1877d0d1a9e73dbd92be80515697

/data/data/com.example.a14409.countdownday/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.example.a14409.countdownday/databases/bugly_db_

MD5 890776ec821b29b78bd34375a96e9109
SHA1 af11baf9ace98e685deb06bc9787387fb09641e7
SHA256 86475fb62d2c8abd9152ae15ae3d4d039f7ed105d635158b37c0790feae54e9c
SHA512 547feeba7cd79f46849a3e249cf3e934a7e23be99ed4595ba1311b0f7aa9b7c562482216c9c058ebdec57bdde8af82c1069623689641adf403e1bb03d0e1caf5

/data/data/com.example.a14409.countdownday/app_crashrecord/1002

MD5 4b00e5bcb0978d65695b04717ba92048
SHA1 66bdae8ab96d9674f5138df4914c21af9d7fd189
SHA256 b0e8e11627d1097cae8b02c688636e43800f6190c50fd179669b5ebbdec3cbe2
SHA512 3ab75300638289e19c6b595cc4a72411f5ca12d4d06603e3d4b37c249e0be9ccf4e4df406e1885876b4900ff1268724b8b561be449716091fbbea6cc3e5c8edb

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 4b91145fbedae81595f5433673401afd
SHA1 f96f34f11a47f7188fba017b57fdb311a30b755f
SHA256 4411eeceb0e3a4344bf447d69c54a475801e81043c88b433838000335635901d
SHA512 aff883ac3aece5a24097f731e95337fda1c453e35e18ffd6b26f72508fc3323461dc66cace573c9731fb91f506ad3f264c431fd461c5234ef81d78e020846679

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 36c9fb559a37193469b68f0c4b37ee71
SHA1 0f93540d8925563c163ab4ff7a8106b544711cfc
SHA256 0adbc41bc33bebb9aeec7bbe2af3e7c271daafc5bafc63d847ee9da69e34c41b
SHA512 b348b2d2b1dde2f3937dc687e67fef1da24970c12b2af6edd1d6102a728ea4d5dafbbd7d65f80acef423031dd4a77afb214f05a208ad5c9f913daa79bfc97cd5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f82bb996bd6aad579e89deed176d3eda
SHA1 98d80799fe12b53060f0e74bf898da9a282b1a26
SHA256 582661fd7bf1234de481298fe5dd8b6749b8175e824751feb505228ed9a49d20
SHA512 af6d0ce5eb7f6ee0e3cda367a0e35d54c30acfe81c0f3afc6c9ff0174ac8d5835f193ecc065d422710ca7b618bb06f87c9258f3af49b576f37be073653cb3e0f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 50f3d63f4b9241e212be8ec20bf3e374
SHA1 10353f506f0aa9dfab398275482eb42da167232a
SHA256 be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512 dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

/data/data/com.example.a14409.countdownday/app_crashrecord/1002

MD5 79b15c4c61ea7296d0db1301c3d87d7f
SHA1 2553f62f24b76b01d82ba37611c221abd25028f0
SHA256 5cda860116d17b7db9ded0bd2e06a4c2be1a22d2c83bc82a807519b91ef458a0
SHA512 fecbe1ffddee0fa1ad71553cd4909438102143746f92d73e52fce47dcebb392dec173c85c5980cf43d929f17a372c0bc0d95152f5a6f2029e915b72dcd91ded6

/data/data/com.example.a14409.countdownday/databases/message_accs_db-journal

MD5 b5634ee40952fdfb8496fd7f311b4d26
SHA1 7fae5b7de804bcdeaf4327043b76618351f25e75
SHA256 078c0a83a1e29e3b4747e9eed1083c518246b16bbf0b6bc5f15e766479eeb24f
SHA512 f27143987f9b264e9a3401cd067372e79eff116acfb77f279a9e063857e54f2680ff93f370609f253a7ed1e3266b4b92ca17c4ec1f1050229c19aec95d8ef2d2

/data/data/com.example.a14409.countdownday/databases/message_accs_db-journal

MD5 a9696ab387fb1cd506306a555442f6c1
SHA1 6f606d7870b9d34affcefc3b5ca97a270b51db9f
SHA256 66b71e828d03fad29ea08800357e0be99aff16b456da53982610e3d0ce534aef
SHA512 ace8f4a2d3ea30c2da9ea1af61a1798552d3de505ec46b7b65863d9114290f63db7e569b29867f0398ea8dfb46461ab9558abd4c02c3976945f161c1ecf93999

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 9daf59564b92329844295f4f2dc77143
SHA1 697107cf58f997e5d4c49459aaf41e8776d173fe
SHA256 9e1a43be8c72a2d7adac0c83900fb2e00d630347a5a6325c424b38c4beda9661
SHA512 23bfa5dfe134a791b3c33dcab1f3a1623b409e925c3e56c0a59586dca8041f56273e155288838865ea96fef0ebada06bc71b2d5d4a2ee811ce436fb4b296a078

/data/data/com.example.a14409.countdownday/databases/bugly_db_-journal

MD5 d44b462d23ca7efc4cb21a3ae8a6fac1
SHA1 ff22c01ffe49b592efaa913a39907cd70bea35c0
SHA256 bcf2de7827932d49348dca2f03bb6d75618a78e8b6e6d86a40dc42aac71c4f42
SHA512 4ded9f9a5cc3e847fe2a35f1dd22be8d73019296650af36201bc3443a8027772ac904ac88753f422b5c787be5d0d176e50dc40150e4a27c0c7d06cf225d9060f

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 16:15

Reported

2024-05-17 16:15

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A