Malware Analysis Report

2025-08-10 23:57

Sample ID 240518-h3z1eahc25
Target 538a7dd8b999182f2e3a216ba7986d53_JaffaCakes118
SHA256 d67e3a7439656841d1720af95f3faf360553c3d0938cf7390280e6a3d47e3d63
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d67e3a7439656841d1720af95f3faf360553c3d0938cf7390280e6a3d47e3d63

Threat Level: Shows suspicious behavior

The file 538a7dd8b999182f2e3a216ba7986d53_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 07:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-18 07:16

Reported

2024-05-18 07:19

Platform

android-x64-arm64-20240514-en

Max time kernel

7s

Max time network

133s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 07:16

Reported

2024-05-18 07:19

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

163s

Command Line

com.pombingsoft.clumsyman.gtx

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex N/A N/A
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.pombingsoft.clumsyman.gtx

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

cat /sys/class/net/wlan0/address

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex

MD5 1e38cae7edb80121ae6aa34afd61ed81
SHA1 f0252d2aa050345c2a238d5d633203fbc438375f
SHA256 a480a7d7e626b00fc85ebdada35b85f3a79fac9f66bc98bc13ddc52b19ae901a
SHA512 b44dfd3c38cdefbbb899358ea706979edf15725b753891b2cbac3ccca59bb11a1cf7dd875daee09f06079420fbd063d21bd06648f1e54ad4e321ce34f808942f

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex!classes2.dex

MD5 19f1dbbdd8c2a9e81a0dad975b2f4190
SHA1 01dbbf6faef8e9aeaed60c315d04516089bb58b2
SHA256 18da70de72e35e3bcc7af8f42f3939429d1e24b9178692a6c998a22feecd6386
SHA512 8ba77c29424314d53673dd39657648e388131bf4e8228cabcafd69fb00d1f1863b6b7f152660e8d04a4f4ae876f351d607999e2ae3a4f8737fcb8271a2e6f0ca

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ri

MD5 05a11301911ce68ff072c3fd18c04ce8
SHA1 74f32c54c335863493651240dd8c03ba100236ab
SHA256 dfbb5c079ca6e867ca362803efea9dd73c0a0146a7876c5fe588ffdba0168b21
SHA512 55b417fdc37cc765224ea695390d7e9e8e5bbacbea4e4a338386841f2784c49db9fc54937bb53bd703d78fc8eb5cab5aacb9678cdaba04666943930687401bbf

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ri

MD5 536b6910b5b281e79b05d281a4e77359
SHA1 b10abb84b2a38a2f3d0633563599013dd776906e
SHA256 1cf5b3f88ead49517f6042839278e75bf3833e0dcd460708fb9c5201882a4401
SHA512 7cc1a36e481b55538211ecec6b29761bfd2cb98e7e23c50e94411b47a584d7e7d8d93411f63027862a440688098406dd29694d4508237537b633341f3b6d6753

/data/data/com.pombingsoft.clumsyman.gtx/files/.jiagu.lock

MD5 0e60ae281f9b40166957b93180150e4f
SHA1 0457fc9d57c9e4e4800acd302fd50ffc97ff0c17
SHA256 268bbeee0421e4caebea1dea2ee30dc4b631ed20dfe54bc73b2585fc32318831
SHA512 63f32ea3fd22a6db6ab62061a0e1b303a7bedf8fd76c953a3a26bfc07472f28414e7a9680985553146613516bf00b93b3797bd49a7019740245ba44879b188a4

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.rd

MD5 d733713b9451e67ab5b42696e37cb00a
SHA1 4211f6293fcdb26659fd27797e236081af42ba28
SHA256 f53e9ccb2826358dddd7f843ddb4b0b1da7a1f442aaca273b831a58cefdc07e6
SHA512 d0669c5b2cd12c6ffca899d7d74956826fdef497f84fcc21c8349c95700648d24222d85ef378801a7f54e30b9cca14545cab48fdcbceeb4ac53dc13abf771227

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.store.report_pid

MD5 d6255e6c286e6468695858280af749d4
SHA1 a77e7874cc2134ef52f9a4d079c0b31c0e3a0b35
SHA256 d8d869c579f909277f599903e50d9e9cc9fee16741339419b88ea2bf53675eba
SHA512 055ed7141604fea9c75a62b47a508fb68c18b4188a4139587cf9459dfaceff10525b83eefdb2f3955d0fd5c2e1d1988ae075251cfcfd90bdb57d0bc93ff9eb85

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ac

MD5 598c39ec5628009a581772339fc90b31
SHA1 9bd77127cda6a8380aef45df5293a1331a52c5a2
SHA256 e1960be5d6233f422aae668f890ba71b87d711781c274ca8f26e51d3d3dbff98
SHA512 7e0c121c26eb56137c511cd17ea8b462945a0cfecfce8231344514dad782b8df57698fc119d80eff6fbd1d9f461bf6bdec49a8a89bbe9787c687eda9926ad6f1

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ic

MD5 d681e68c04eeef10693b497b64266a68
SHA1 1e12fe8463fb6555f342e6d634cef27c3e287103
SHA256 cc8e7fe6e436fe3f015f53b601cc9dae24ada526689dc5c3f8be353edc139f98
SHA512 88e35222451b375a3b16505b8356425480ce82f3da86c52aa021902b02c4bddc043ca31a624093381e607104e402acaa885a8ff2f07d10f72b414d35d065841a

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/seey/tv

MD5 1c4ec9002d8f6c1ddae5c151e48cf718
SHA1 2425cc273831d722bee4906c14c03fe497b99c08
SHA256 f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0
SHA512 6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/as/cheuu

MD5 959b6b1736444a0c8199f4962878212b
SHA1 fc8ecc1e5fb7243fa5d4856ce19ea037408fc384
SHA256 6bebbf0e7366e29cc6d3dd90528ae9ee091f311c6da3602ed5248c3a2b7ab745
SHA512 ed3c9a782d7c9db5ae2a2acb24ffa93dc8d68023610077cf0df72689576c412e98fa7a00e49c2940b0d9432c00f98bf968526da70705da84f0ecf0685707a5dc

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/seey/tmd

MD5 f22d1c9d8805a03089a14cb8f0a077f0
SHA1 fbf44eea9680293a31ffaefdf4a51fe76b661b96
SHA256 c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49
SHA512 9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

/data/data/com.pombingsoft.clumsyman.gtx/app_ebody/res/xmtok/37673/uuloi

MD5 a4be05e15ad132090b309f396e91ff58
SHA1 8c8b8354188d80d9abf60f4f63883d2b92a553f2
SHA256 e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016
SHA512 1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva

MD5 c7464d7ac75c59a56ff2f6a0f9374094
SHA1 e18fb726a5a36039aa18c383b265e79a343479e4
SHA256 c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344
SHA512 93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar

MD5 c575a286b11bbafcf8e4905d27f30977
SHA1 92f75a7425564f8e5ced10e4ef098c378a0748bd
SHA256 185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba
SHA512 f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

/data/user/0/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar

MD5 7eb039aa7728169a015707a82e1b41a4
SHA1 adeae37340af1ce383c908cdc4d375b270b30a60
SHA256 9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c
SHA512 c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-journal

MD5 838312cee4983d1385bf837fc45d9d7b
SHA1 4e05e1bfe0be54109d5dd1d004b6edbbf03695c9
SHA256 adc693660c4c54f03748c73c63fbef0c3520ecfd1bf6ca5b847ea549e562f3dd
SHA512 818d71ce38a04426c60662ac338992372e63dd8c92f00956c371aa1a05ed688998d5bc5f1cf8a97d2354beda8602f892c37dc98c4e9522c705069a6d0299dcc6

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-wal

MD5 d06c547df7f0ab95b0b80b41152dc850
SHA1 d8579ae6e5bd03dd936df4e32e4780bb5965f46d
SHA256 7218c17b7a2af7779d7a4b39590435f4de5f97b1799edbc6970bfeb8debbd66a
SHA512 969d8506677d7456a244966052f5ac2b043cd7ed6cada326edd0fa231e134378608120b05e26e3d0ed399f4f291fd02b0fc1010ecf1d140fce41087da30f2a8c

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ac

MD5 1e251ba80230daa026f82280c1f9e67d
SHA1 216e535e7768bc945bcca4a8422583a82b463abe
SHA256 e727f351ef9d6e4a8049f360be3f9dacbc2c4b69f28c7ffb6e6db6a9c66342ce
SHA512 2e4d1212c1264f434bd207ca6bc12421b7cc7a4a4033ec9d12aed6f7e08ea69418744865857f37c3bb362c06ea34ab82166d9dda0f8e58ca6af43787750ee8be

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 07:16

Reported

2024-05-18 07:19

Platform

android-x64-20240514-en

Max time kernel

169s

Max time network

175s

Command Line

com.pombingsoft.clumsyman.gtx

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex N/A N/A
N/A /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.pombingsoft.clumsyman.gtx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex

MD5 1e38cae7edb80121ae6aa34afd61ed81
SHA1 f0252d2aa050345c2a238d5d633203fbc438375f
SHA256 a480a7d7e626b00fc85ebdada35b85f3a79fac9f66bc98bc13ddc52b19ae901a
SHA512 b44dfd3c38cdefbbb899358ea706979edf15725b753891b2cbac3ccca59bb11a1cf7dd875daee09f06079420fbd063d21bd06648f1e54ad4e321ce34f808942f

/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex!classes2.dex

MD5 19f1dbbdd8c2a9e81a0dad975b2f4190
SHA1 01dbbf6faef8e9aeaed60c315d04516089bb58b2
SHA256 18da70de72e35e3bcc7af8f42f3939429d1e24b9178692a6c998a22feecd6386
SHA512 8ba77c29424314d53673dd39657648e388131bf4e8228cabcafd69fb00d1f1863b6b7f152660e8d04a4f4ae876f351d607999e2ae3a4f8737fcb8271a2e6f0ca

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ri

MD5 02ff90310af799f662f21b0c4d4c2a03
SHA1 ae69175e8a5d5c774b017a49876f932a59d2a9cb
SHA256 495c096d44240a3cc04b33c3b058cbfa3936871f0f3eadbd8009d41d60ad4f90
SHA512 00550becd07e9d877d951736d669b9e53e995a499e4140ac4487aaf0310df6ace0094e6fbd02b2e11a341c0ee9ef0c7a4042a344e9b9e1e8d2cd24400a2aa63a

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ri

MD5 ce66dc8e8cc2b9366c6a7732e2f743f8
SHA1 7063589097a48959c36f5ea5d96e0d3a30ff77c4
SHA256 bfef4b514f3a58b8349405776fef64cc73808dc1c95692543068862f309955eb
SHA512 4a6dc363ca705a3fb2d2cd71a1a2c590d8ccf63cee3a44f9d7db2742091cef5b6128d900d47e48c13009eb43bd93fc906ca0ca3820c9f718e5028ba6ba7210ea

/data/data/com.pombingsoft.clumsyman.gtx/files/.jiagu.lock

MD5 4a3459ad107c8be108d241f83a4bd788
SHA1 9830000cc11b532256d95b602bd69c1c6456a31a
SHA256 ec0e407b4f13c5e876ba5b4058ec06fd85812cdb6803b5decf03ab08ac38d653
SHA512 7b3e6f3e5b20ba9d356258725f8f186af3e7cee6bce71f012c4e2f4b0e8e8b14bf3579c76aafc21628c7a4051196bc938b28348c05a01015168cc6c8d39130ab

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.rd

MD5 0d11f02b7620c6d4a07eb477f70e1050
SHA1 d8f16684b1f45eb734579786234d4eca89b60837
SHA256 b1f9a0e6d2151b627b4abd8f074d9922bee8602bd0876f3452c04fd2d6241e0f
SHA512 62452c7dc7ab6837210cbfb04243df875db0f2695597e24f0f87dd100220c81e176b3a40fc25a35710ee0db9190ef7a4202a1e4e8452467f48b3e1b715678ebb

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.store.report_pid

MD5 d6255e6c286e6468695858280af749d4
SHA1 a77e7874cc2134ef52f9a4d079c0b31c0e3a0b35
SHA256 d8d869c579f909277f599903e50d9e9cc9fee16741339419b88ea2bf53675eba
SHA512 055ed7141604fea9c75a62b47a508fb68c18b4188a4139587cf9459dfaceff10525b83eefdb2f3955d0fd5c2e1d1988ae075251cfcfd90bdb57d0bc93ff9eb85

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ac

MD5 598c39ec5628009a581772339fc90b31
SHA1 9bd77127cda6a8380aef45df5293a1331a52c5a2
SHA256 e1960be5d6233f422aae668f890ba71b87d711781c274ca8f26e51d3d3dbff98
SHA512 7e0c121c26eb56137c511cd17ea8b462945a0cfecfce8231344514dad782b8df57698fc119d80eff6fbd1d9f461bf6bdec49a8a89bbe9787c687eda9926ad6f1

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ic

MD5 d681e68c04eeef10693b497b64266a68
SHA1 1e12fe8463fb6555f342e6d634cef27c3e287103
SHA256 cc8e7fe6e436fe3f015f53b601cc9dae24ada526689dc5c3f8be353edc139f98
SHA512 88e35222451b375a3b16505b8356425480ce82f3da86c52aa021902b02c4bddc043ca31a624093381e607104e402acaa885a8ff2f07d10f72b414d35d065841a

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/seey/tv

MD5 1c4ec9002d8f6c1ddae5c151e48cf718
SHA1 2425cc273831d722bee4906c14c03fe497b99c08
SHA256 f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0
SHA512 6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/as/cheuu

MD5 341a8c5186aeefa5a49c6559a8263487
SHA1 9cd1e3d2bc3d96f8274b79b055746762f42c09da
SHA256 78e75bf613817d9f1ef88c33e2d341c3185acbd8c2c7d60c11b6e41af0d140dd
SHA512 4cd706e283f90698961e2f8fba314d9afdc728e58037fedf167eea8e6274ab66c26cb4af7c7da0b6765f2324f59351c100f3c8f62d5a74fd8ff5d8fafba9cc46

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/seey/tmd

MD5 f22d1c9d8805a03089a14cb8f0a077f0
SHA1 fbf44eea9680293a31ffaefdf4a51fe76b661b96
SHA256 c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49
SHA512 9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

/data/data/com.pombingsoft.clumsyman.gtx/app_ebody/res/xmtok/37673/uuloi

MD5 a4be05e15ad132090b309f396e91ff58
SHA1 8c8b8354188d80d9abf60f4f63883d2b92a553f2
SHA256 e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016
SHA512 1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva

MD5 c7464d7ac75c59a56ff2f6a0f9374094
SHA1 e18fb726a5a36039aa18c383b265e79a343479e4
SHA256 c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344
SHA512 93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

/data/data/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar

MD5 c575a286b11bbafcf8e4905d27f30977
SHA1 92f75a7425564f8e5ced10e4ef098c378a0748bd
SHA256 185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba
SHA512 f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

/data/user/0/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar

MD5 7eb039aa7728169a015707a82e1b41a4
SHA1 adeae37340af1ce383c908cdc4d375b270b30a60
SHA256 9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c
SHA512 c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-journal

MD5 58a4b2caf6f6f80ee677a1f2e01a5ec5
SHA1 476c25c4ce101cf022c1127a6bb6af1e64c25f2c
SHA256 0fa6d206abb4b6588d083d611c5ca39dddcdd536f17d527670ca0a8a2c40fa36
SHA512 767796feefbd9bf8ecfe8685c1f753420f8fdf10f4f56472e6dd9c60d6360c827a806afca14d46194599e5cdbc8e9f8c1865e3ed3d8f1e8aac2ffafa98fd787a

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-journal

MD5 f7f30856356fbbe46f5fc8c3a88d8982
SHA1 af69b5c3873b46bdd4700151d175f1522a333ff7
SHA256 fb081408deb523a69c63810989aa533f9fe32173e4d86784107b6b65fd26f1f9
SHA512 054b0999f8db5f4ae7ef520c8ae6f4f782422ea8b535349358638b1a7d29139cd02f8c17d8f3ff0f5707bf256b4e0c306f92f2b601dc813d4b2f0e2b8dd0ec6a

/data/data/com.pombingsoft.clumsyman.gtx/databases/cc/cc.db-journal

MD5 583cc87956c69ec6113a799ede790e0b
SHA1 34353b55430b0edca6251a5a133984d4765ccf4d
SHA256 05348ada292bb1e564d7473219c74335d41addcaff69c17f922e89ff3a48b38c
SHA512 647b3e135bf204000161695a9af25fd619fd825da6e471317193082fb265b43015e53cac5bc11eb6752c26e59141def68caabc2a8d950ff551fcfbf0be460b3f

/data/data/com.pombingsoft.clumsyman.gtx/files/.jglogs/.jg.ac

MD5 1e251ba80230daa026f82280c1f9e67d
SHA1 216e535e7768bc945bcca4a8422583a82b463abe
SHA256 e727f351ef9d6e4a8049f360be3f9dacbc2c4b69f28c7ffb6e6db6a9c66342ce
SHA512 2e4d1212c1264f434bd207ca6bc12421b7cc7a4a4033ec9d12aed6f7e08ea69418744865857f37c3bb362c06ea34ab82166d9dda0f8e58ca6af43787750ee8be

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 07:16

Reported

2024-05-18 07:19

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

150s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 07:16

Reported

2024-05-18 07:19

Platform

android-x64-20240514-en

Max time kernel

7s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A