Malware Analysis Report

2025-08-10 23:58

Sample ID 240518-hl4x2age3v
Target 5374047f927699bd9d2ec6cf65164896_JaffaCakes118
SHA256 4d5a003604d1b408345f01f63db044fcebce6913cff14d25b78308711cb0b70e
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4d5a003604d1b408345f01f63db044fcebce6913cff14d25b78308711cb0b70e

Threat Level: Likely malicious

The file 5374047f927699bd9d2ec6cf65164896_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Checks CPU information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 06:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 06:50

Reported

2024-05-18 06:53

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

189s

Command Line

com.video.newqu

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A
N/A /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.video.newqu

com.video.newqu:xinqu_process

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=116 --oat-fd=117 --oat-location=/data/user/0/com.video.newqu/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 ksvs.cn-beijing-6.api.ksyun.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.137.180:19000 s.jpush.cn udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 sdk.ks-live.com udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 1.94.137.180:19000 s.jpush.cn udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 120.92.15.230:443 ksvs.cn-beijing-6.api.ksyun.com tcp
CN 120.92.15.230:443 ksvs.cn-beijing-6.api.ksyun.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 app.nq6.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 120.76.202.236:80 app.nq6.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 120.76.202.236:80 app.nq6.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
CN 1.94.137.180:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
CN 1.94.137.180:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
CN 1.94.137.180:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 1.94.2.18:7000 im64.jpush.cn tcp

Files

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 e8be01a3d651b9f955cbb28d7fe2f623
SHA1 04010f8b539c2e98c8d7b7752e9879547aa9dc0f
SHA256 97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4
SHA512 19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

/data/data/com.video.newqu/databases/xinqu_data.db-journal

MD5 1d00218c45edc593b4a4d0fe70f99af1
SHA1 40989a5a7688ea34846bb6457d93b63acc0cd850
SHA256 72dea5d8f1de0d1ede2a0bbd7a3d362401d4eb6c43a3fa7fab37213442a13a78
SHA512 32b327bca7779a3031b9233c9b445fad663238ccc28855a7725fec1191f51f80817030c36de22acb0f81844390be3bff54a15c0e23b74044962ceb7ae92974e3

/data/data/com.video.newqu/databases/xinqu_data.db

MD5 90878693c412d23f7532b642b02a2972
SHA1 990ec71239d89982c8c7d8d2d041ff4e3729b933
SHA256 ac0498fec6357b86a89158cb4bf7533aba2e44cd688f4b8a699a6941e8b87a01
SHA512 b725743f5125d2088189e522c2083be1684bcde61bce8cf5b597f410d84f82cd3be36c7fd097d7eccf9f0a80b98e9cdc8ca24c7578e2bb41c25d02bc24eaff32

/data/data/com.video.newqu/databases/xinqu_data.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.video.newqu/databases/xinqu_data.db-wal

MD5 29c3cff593be83120f52a0f0032d5f0f
SHA1 c53aebb24595d428ecffb25d020221c5df63cd31
SHA256 441731754b45e23e1e5c1f432c70b34544a411231dfb52ba8574433a83915bb8
SHA512 1d8c5c2fc4954d3d7d49bf8167365f146c91ffb9d712838cd21c48f5702a97e1bdab6dc943666829ff7b87203852bf55ccac6b17e062524f661eb0b052c7fc0f

/storage/emulated/0/Mob/.mcw

MD5 4352b4668a501cc39389729a26b423f7
SHA1 a6db52aee4947f617dd2faf058960209c34f38d9
SHA256 56a22789e055170e712e1cac8953e5f0053e5217724513e6f23757a7d2c0da8c
SHA512 dca3941b7c5f9bb2844716e98fe5f389373da546d2987cea71ee7aa87fce36aaec88546f9e43b1d3c6bedacd36840433708ba6ddff6c61f46898616c2e163c07

/storage/emulated/0/Android/data/.mn_410185822

MD5 697b7a3e6ec95fa355597398031670b2
SHA1 6ccaa8d0bb62d34f12010cbd9ce08b2fa33c4756
SHA256 141e632e3d57776c5ae38956520e703b38049a10dd074e3c7d0553f6dff9fa80
SHA512 b25478f7329e19353715fa0ea0ed3914c51ae05d20b894af8bde76a307a8d30693f23177b703d8671a697af35efb10a74e0abc30b17d2202d5d4a41cde606ead

/storage/emulated/0/.mn_410185822

MD5 231f523675a834bbf89a1cdff1058a7b
SHA1 a6354fa9944cf65e10785bc027a2d65abedd8fc9
SHA256 3606eede85b47dc29f298517566fe14f0115fadc521dca02bb955d6b930964bd
SHA512 e322d6f0572bfcf867a697ee3113555a9ed21a3392e9ec18698f15e540788a0b9154bb6906e843a9d94f8a8e6aece4cdeef0fe19ac51173dbcf4785b59f17c7e

/storage/emulated/0/data/.push_deviceid

MD5 7abb21efd538d69eeacc58c202526ee6
SHA1 2bdb175e872064babf687c15b9ca7190754d220f
SHA256 2e0eb3ab52d21c25f78a524af1e481c4100f32c31644c35b402fd3438b95f6f2
SHA512 5474fef47fbb7ee2e49ef1216e4ec185e12729ae39e5200cf8c7b9b6fc9425a2e637b1968faf5242594276ef0b4a149a3c9992e1ee1edd0511996f257ebc2e9b

/storage/emulated/0/Android/data/.mn_410185822

MD5 54a118a3090dc0c4ade1366063247c7e
SHA1 5865614af157d4d00143fe885f506f355396f760
SHA256 138fa38a91fbd8997d0582e2d6eb10d4bb6fbcce965abdc6c62896a672b0a381
SHA512 d412b983601031a20d2361a803aca7db56fe64b791098a6ac383b999f41b48abee20b1af22212cc97853386d144e6134951721faa7aeb10c3f073b188730a605

/data/data/com.video.newqu/databases/ThrowalbeLog.db-journal

MD5 91cc24231a63eaa3f4988d879972533f
SHA1 0c35987db722b85d878b6c73a41ab9360856d1ce
SHA256 56703dbb9b75cfadb7eb472f68e95de0ae9a2ff633fb3cd73377fd0ac789ef8a
SHA512 0188a8cb6dd52c3233007086676ac777d23be12b514f9b0e9ef7885469d82db3f14ba26711e921c73eff010127fd0588c074c27a58c7a690e08a669d47b7ed15

/data/data/com.video.newqu/databases/ThrowalbeLog.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.video.newqu/databases/ThrowalbeLog.db-wal

MD5 e0436b8480204f35df6253a1268776e6
SHA1 2393c65a21897fa310c2f46f7dc854382e6c8853
SHA256 b3aa6b358606155c951a1074cb1d23fe8e5f2de8f4a944d0160a4fa107095a1f
SHA512 09a14bb41d2c0cc43b78d0fd95b20186da03ab856bf8a5626e98bfea30aa081e62557debba4677dc01bf924f51944dab3248abdf6b454e129545e258d834cc0e

/data/data/com.video.newqu/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 f61b7d768c053bd057a61135602fb94a
SHA1 7cf43682d71a2e3c85ce0315fdface16d3347b10
SHA256 4e34e9423514f7d164806f947ab7c238735e4ffed0a47146fd05787c08d8b88b
SHA512 c881fb63335a6fe35397ad5d1d2d3adc1d3f2e02010227c8bb0ed9bb431f40eb64bbfcf724efa96807a250acb147f1e5863f715289bf74dcb5d720aadd3fb9ed

/data/data/com.video.newqu/files/Mob/comm/dbs/.duid

MD5 d99f9ebaec8ab2eb488b17c8be3ff841
SHA1 6037eb9fac8ed58ac7886fe5f23f0d7dfd10dada
SHA256 56ed58090605c94baab160be3019b7f2c61776a5a1bf2811abdf1425af33432f
SHA512 072fd67dd664c8ab652db38b1cfc1ee4bcbd8da899265c5615badf3d60e3dd03dfe8d750cd441c372faad59be556fb2cde65e24e74b7f133738ad91ec287e17b

/storage/emulated/0/Mob/comm/dbs/.lecd

MD5 61bb8dfaa5c9d570c5861fe323c3d8de
SHA1 a45bd6abaa1f924c22a2f2fad0edac4961b62f50
SHA256 9dff986e9f75fc592f0029e8646e3686bc5bb02bac10ec197d0bc7cbcb175f2d
SHA512 0d1411b8ed8496fcf670a0c6b4be9c2b17d7b18b5432925d910912c4f4cea07e21a59c9865224835b76e0090deb6f3ff7715f7c0890bacf6a7319ad71d514851

/data/data/com.video.newqu/files/jpush_stat_cache.json

MD5 baa6ac6d1020433ae0db542315bd0064
SHA1 e91a2537a21f0600aaba8a33fd75cd6185b56a30
SHA256 9a547a56aa60ac9357d2e8fec074f03980be790ef3eb005c8dca5792ed54b39e
SHA512 c2c809b0fbf5ba4afda8d303dccca1ffaf5cc9b07987e5daa2cd9216b6075cac371c3173b67ca0a1c769075c71adbb802f6f96cde66c0a28e4f4caa19492ac08

/data/data/com.video.newqu/app_crashrecord/1004

MD5 09488c1a5d4675c0c5fafaa9e18a46ab
SHA1 714433009760df64b184b4ad8337421de58e2966
SHA256 c3e13dce636fc65ce9c75413cbbc049e1f598965d0878975d0e581e19e085806
SHA512 4cd8ed79539aed860b50ee702d7faafedbecdb54705fd6c03a98b2af6b2a4b33c89e4b5baf290425b37d7d77431b4421d689e7acbdd329fc40fe47558cad0b0b

/data/data/com.video.newqu/databases/bugly_db_-journal

MD5 7dbe4a27da97384472d520e07d66d0d1
SHA1 4e5cfb1fbb8f366bb7ee09f2a7f0d9d692201423
SHA256 13d287aa366b7e3f53d3420ba8565faf0d03a3b67752df1f08784d10e92f8dbe
SHA512 3ebc3a45880f674291c5fa5e41ea994260cf8faa4b6b814901a8899831793d194505ccf08c8c72aa82de49f4312256a21531782142fc180e0e5c3dd71dc28e6f

/data/data/com.video.newqu/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.video.newqu/databases/bugly_db_-wal

MD5 78fb5e1329568d67f06c3f61ba1df9c4
SHA1 d39a8dc52bc933a761d5570cb3bc3ec344f4f785
SHA256 5f3ec98dd55d32e6ce86b5d79b4b8d6ae138c95f92f2db3abb5b48814405fc0d
SHA512 a4931bf7cee948b86f516b569879c9071d6cf7059002f6b356fb9c00779c55a791b921351870dfd4cc48b8fb374c7f8ab172d2c51fa6edb48731764aa9172393

/data/data/com.video.newqu/app_crashrecord/1002

MD5 9af663a6102ac668eab53d55d21a5cd8
SHA1 d11672029b39113274636b37d0bf69713e7d68e5
SHA256 5970852447a1eaa054005468d85e00b15b388f4ef3daba6fd2f548e96b834e52
SHA512 f4fcb4e08ce10130332f37c2de12dee921b9a5b4061ee97af1f1d7a987756627eb8fea70a5619fa470cc70ea52f80b914ee06e394cbf04ae3c7f897c347779c7

/data/data/com.video.newqu/databases/cc/cc.db-journal

MD5 1ad5655b05416e0d260235498ce2b035
SHA1 7289abc08e7decfb6cac0765e410e42bfcc6520f
SHA256 66a79ead343a5938410bc40682b46a987a56dc6f574fb767c8e8decf65a4a5c2
SHA512 29c47c5b3432511a489b6d40924d726454e9c9377c2e031e0040423bebff52320356f237984a42756a02d910671a1670b8cd19a33bc30507341a16abfeb3cb41

/data/data/com.video.newqu/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.video.newqu/databases/cc/cc.db-wal

MD5 47cb3982bd8348887bb1588feffe3cca
SHA1 dd1484fbbc12ca7b7be79abaa783b556125e525a
SHA256 2dbfe27912d7d94c0ddfc3664a67262448ad75bd9719a2857f71bbecb7e1ef81
SHA512 c9a6c0b8349bfded051a2c6e3017bc7d831284cda7d606c5f5bc339d080649643c8486730252ce41ecba88a0198be3287b591a56c38b69eeefe236da7c6cd270

/data/data/com.video.newqu/databases/.ua/ua.db-journal

MD5 5471361f1ed0e8f7a185cfa1a7a6c553
SHA1 e8657b69b2081b39e09e3a32e56a4113eea665a6
SHA256 3cac1791f1e86d0b3f3f02630259a42e09cf37ecfbbf420c3647ab61b937ae01
SHA512 b3b3a0c377fd2450beb5b911c41c9b1ac4ec9a9a15c4b37a385753cdc2afe41efdeb850a36226630927e423610f24e47d27e92adb2edd70accccdb823fcb13bc

/data/data/com.video.newqu/databases/.ua/ua.db

MD5 731285aab4afd55a2d80655fb03f2f06
SHA1 f0759d7f393326f964af55553152b268705189aa
SHA256 b915b5e2345d856f206fc05013f0abcc53564cc65ecb3323c203230714d478f6
SHA512 73191ece5a4ca730f46182f125198aac84611a1a8abd60473d734794809812136dee4213e8feddfb0f02bb0c03229ead373acd31067d2874befb738bd2b80bc2

/data/data/com.video.newqu/databases/.ua/ua.db-wal

MD5 864cc9a66b564afaaa7afa1656d21e40
SHA1 aad38a8ee085b58c38cb0d2a3ee7dd116f6b4c43
SHA256 e0d05fe38539b1d0d45079c21f5422044c56d626d251b8c6e25d6497c2a5abf3
SHA512 62b7609b39eb75553b9ac0c049cd29bd9b107e0c765de658fc8244c77c1588b7d1d90a38412899b7df581eaf3a0dc6d97d8a9cfdc037da5d197c8fed8d83a595

/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 d76981bb850c22bf261d52dd424dd3a5
SHA1 d2b52e926d51927588c2b426836587e63fe68597
SHA256 70ae375f7ebea59b98fc436ff2587d4784dcd83d7e4c94fd059afb49962fa250
SHA512 a3379600f571a7e69cd8b640dcb172f7f0ca0de56ebd4256f65735d2f6053504e02d7756e0ee568489665274c8aa3756d8fb438fea9505d9137dc1216d9874a4

/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

MD5 b95166c2f63e536b6fc4b5b811444dec
SHA1 45fc74323bb2e66f4c2a493b65b70e0de2aeb77c
SHA256 2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d
SHA512 65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2033467e158d03c267f69a8003e41370
SHA1 acd664740f2633303815caeeebd5021db9f50585
SHA256 f668486c3f479c094bafe4ad56d6738b72325d6902d97618ccc350ae6226e140
SHA512 d39b7c45b21d09e39efc47d295eeeb9f04985366fab856dc5c46419ea57d3dd4914a45501f3468404f96343a2016bd61bf1724dd6af2e07ff49a93526dcfdb94

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 4483e589582ce5350ba9b18f64276190
SHA1 1c1eccc047fbdac773ebd13949a671226f287519
SHA256 b608b2aefe7a8ee3dca9d15333276cf838cb562e6a86d26f2f27e37a8c1528b1
SHA512 155b28b771124f9f7801644ba78866c8edf1a6f74bb3960c46af250c030af551c65f290f36605d6f74acdf2aaaa8c00effe975fc151fbf7585252428272a0ac7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e3eb7ad353009c83531a803c33c5aecc
SHA1 d3c1b6bfdc2a26853b67fe3db7f2f654c9f72086
SHA256 c339eaed987f9a42c0e7a1b155c92b48e43827074b270274ef2df79585cb8c48
SHA512 26e289c1758bed4840cdf182c40c9c58d70e57a68cafeef83c278b8c1679171d6c02e8b4b79fb959742c7ca8daafddff973d51755a39585f0c9a707abb973a70

/data/data/com.video.newqu/files/umeng_it.cache

MD5 9f8ec245b3194024fcf79e3037a8a94f
SHA1 38b439ea54652872f50314388fa6d1c4d8b81f8c
SHA256 e0d1e66fd1089b162aed487e1ef16496b87b4936f94e531d23477523b0bd6d02
SHA512 dba9b7d491d75a8de009d6c8dd09ca56d8804866c370201d16cb21054b8fa1d4cad781569a9e46a379632dec91b50dab18d29e09f4131d94e0a60fd741a5b029

/data/data/com.video.newqu/files/.umeng/exchangeIdentity.json

MD5 45c4724ef918f8a40c6fb489e02df40a
SHA1 5838be6692c1224468aefdc79eabb2922d218a3d
SHA256 47d6fd61ccce96cffed7fc5c80fb12c7676ceff5e8a880ae18021154ef86fb6e
SHA512 94bee7ee67b24737dbcdbbfec485eefae48e84b499537baf9c258233d832a35871ea29ff5a5888d251114561d355450eccc9003434d8b8726a8ec6827b202a0c

/data/data/com.video.newqu/files/exid.dat

MD5 985d92c46fe4d792f296c38029bb02b2
SHA1 bae1329c174ff4a796572198aa86c8f032b6030c
SHA256 5d23553bdd8c785a156f89e208276dacb8dea58668a54c6d205491f369171458
SHA512 9a12fb75a777042de3c26a7e08e502112dcbdb74fdfcda0cda0218c074360930e938a4c0dd8c4b21e733756038ab597c6117491dcb6e7acaf78dd4aa8fafc406

/data/data/com.video.newqu/databases/.ua/ua.db-wal

MD5 effcc4b72af79a0b36b60349af36c752
SHA1 c290853a73073a595de9a2b469317f21e1bcd1ed
SHA256 c6a6a074d01f7f8bd6200c422327a0e0fbcd887a56892ff6792c25cf9150e825
SHA512 b52bbc071bc73f4757a6c896e3e574f182fc7080e4c4aac501f6d0d2e0b0dc2ecdea45425495fa390ce8ffa1232c75c6ecc5323b85a5553b4817d85b42057f34

/data/data/com.video.newqu/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.video.newqu/databases/cc/cc.db-wal

MD5 6b06f686bd3c4f5bf159b94dfd29c649
SHA1 784d6c8a9587a091a891e440e581d2a740767c16
SHA256 9c4c21ac7bce39693391d53dd5d6b646b4bb5ec7c6bb7a80e73d8e5a32204af9
SHA512 423795c248c69950b841a1805fc27a03450337266fdf6453d0d58fe52c82f006f89afe3a998136f9a18d76c906f8c809d7f2419a91d19ab65caf7c2b92c22614

/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

MD5 0b5784570f9310b17137d6541b329ec1
SHA1 6d5f66ef2c8da7aa69644020011bdda95ee1676b
SHA256 96451b883d3234465a050ae836f23469de5cc555252c82d5970e1bfe10d3b83f
SHA512 e826e7bbc5dc7f362ead69ea39d8846574a1c578110138ee5769a96842880fabd1f4f19f3fcfcc6de0f775956761f3c651b2a970427b7a048a02b5d0deb19f75

/data/data/com.video.newqu/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

MD5 c551d821290c1c898dfcf264d4f05aa1
SHA1 6914c7ca06b3c007320340823bb45a6bcde0e4a3
SHA256 acc90b0920e0d20d8ec0b653508280e6ef4d04e67cbdeb50c5c4857b5b8c0b40
SHA512 1ee710f2a863ef15cc3603a25fef3ffec7dba9f95da1a0f81afba99a03bf351c1f10900383e2d474f5c0e9d98deaf3838016e59ea983cfd5d16245a81db66176

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-journal

MD5 01efa11e42f13b6800be4852335078f0
SHA1 66734936ad28c1ea7be796cd602bb5486aa9c282
SHA256 3dd269c13b011bbfba153dcb3d09aa9aadecb805d54832e744f084df4f89d3e6
SHA512 a0cb592576d914469e166d1eb2b56ba53faa138a8ebf0c0c0dd0d6e39c21bd3842528d82088977e23b86b5c6abdf8e332de28b1c4e0cdbe1f705638ba97a58ca

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db

MD5 755d1d1b0599d7be973031b5a9ed3373
SHA1 3b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA256 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512 afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-wal

MD5 984d2375470795da40bdd5de104c2b61
SHA1 8c6681e1c73b1d5f834d78c4ca76075e460d7a2f
SHA256 ecd6848eb704ed7ee25a26475a1b58899dbac9544dfcdea2f6eef7acc2da5dd3
SHA512 33919c25589cffbd7ff9846794253fcd2c96d06f73a4e0b79ec1fbd1dc420a19e0de5e79c5813c5fd47baff4f73ac83764336d8b4e0bed7868cff832616a02e1

/data/data/com.video.newqu/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

MD5 89018dcc99b7e07d720d1853af33b6e0
SHA1 a86efbff20f16a612f1973e6dd1ce6ff1f77ab65
SHA256 4dbd7d0c7c55dde53cebd195c1753f02f46b68a4d4ec89b579118f0b892e221a
SHA512 ac19e5f9112f808af1009b465df76b4a7ba52eb0b4accc60bfc275bab373e7f7f92d104e8af4d74bd50a9a40362bbf392053066be40121ee39934bcfb032efcb

/data/data/com.video.newqu/files/.um/um_cache_1716015183742.env

MD5 cc2abab2fc326858e10ff4d931ebb868
SHA1 cca9962ef71772f69192ff98558bfeb4293ae9b3
SHA256 c76c4fdcf67a1d34a6b50e6c7de08feb7ac02d578e59a9d6720e48ef1ce4cb34
SHA512 45e2ea2b9ba032811602eae74c95a969386d5c994a0d549feb8d6fc49bf1dfd0eca627d5a83655b7f9981cc9e6f355443afa2d855b8f7dde9e5f47a22c4931bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 06:50

Reported

2024-05-18 06:50

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 06:50

Reported

2024-05-18 06:50

Platform

android-x64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 06:50

Reported

2024-05-18 06:50

Platform

android-x64-arm64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A