Analysis Overview
SHA256
4d5a003604d1b408345f01f63db044fcebce6913cff14d25b78308711cb0b70e
Threat Level: Likely malicious
The file 5374047f927699bd9d2ec6cf65164896_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks CPU information
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current Wi-Fi connection
Checks if the internet connection is available
Reads information about phone network operator.
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 06:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 06:50
Reported
2024-05-18 06:53
Platform
android-x86-arm-20240514-en
Max time kernel
179s
Max time network
189s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.video.newqu
com.video.newqu:xinqu_process
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=116 --oat-fd=117 --oat-location=/data/user/0/com.video.newqu/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | ksvs.cn-beijing-6.api.ksyun.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | sdk.ks-live.com | udp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 120.92.15.230:443 | ksvs.cn-beijing-6.api.ksyun.com | tcp |
| CN | 120.92.15.230:443 | ksvs.cn-beijing-6.api.ksyun.com | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| US | 1.1.1.1:53 | app.nq6.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 120.76.202.236:80 | app.nq6.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | sdk.e.qq.com | udp |
| CN | 113.108.27.88:80 | sdk.e.qq.com | tcp |
| US | 1.1.1.1:53 | mi.gdt.qq.com | udp |
| CN | 43.141.43.110:80 | mi.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 120.76.202.236:80 | app.nq6.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7002 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7003 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| US | 1.1.1.1:53 | m.data.mob.com | udp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 180.188.25.47:80 | m.data.mob.com | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7004 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7005 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7006 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7007 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7008 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 1.94.2.18:7009 | im64.jpush.cn | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 1.94.137.180:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 1.94.2.18:7000 | im64.jpush.cn | tcp |
Files
/storage/emulated/0/Mob/comm/.di
| MD5 | 70a42cba408700f9a6c01c7941a8829e |
| SHA1 | eab01cc2c0671538795fb0b1146017dc099d0984 |
| SHA256 | 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f |
| SHA512 | 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c |
/storage/emulated/0/Android/data/.mn_410185822
| MD5 | e8be01a3d651b9f955cbb28d7fe2f623 |
| SHA1 | 04010f8b539c2e98c8d7b7752e9879547aa9dc0f |
| SHA256 | 97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4 |
| SHA512 | 19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f |
/data/data/com.video.newqu/databases/xinqu_data.db-journal
| MD5 | 1d00218c45edc593b4a4d0fe70f99af1 |
| SHA1 | 40989a5a7688ea34846bb6457d93b63acc0cd850 |
| SHA256 | 72dea5d8f1de0d1ede2a0bbd7a3d362401d4eb6c43a3fa7fab37213442a13a78 |
| SHA512 | 32b327bca7779a3031b9233c9b445fad663238ccc28855a7725fec1191f51f80817030c36de22acb0f81844390be3bff54a15c0e23b74044962ceb7ae92974e3 |
/data/data/com.video.newqu/databases/xinqu_data.db
| MD5 | 90878693c412d23f7532b642b02a2972 |
| SHA1 | 990ec71239d89982c8c7d8d2d041ff4e3729b933 |
| SHA256 | ac0498fec6357b86a89158cb4bf7533aba2e44cd688f4b8a699a6941e8b87a01 |
| SHA512 | b725743f5125d2088189e522c2083be1684bcde61bce8cf5b597f410d84f82cd3be36c7fd097d7eccf9f0a80b98e9cdc8ca24c7578e2bb41c25d02bc24eaff32 |
/data/data/com.video.newqu/databases/xinqu_data.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.video.newqu/databases/xinqu_data.db-wal
| MD5 | 29c3cff593be83120f52a0f0032d5f0f |
| SHA1 | c53aebb24595d428ecffb25d020221c5df63cd31 |
| SHA256 | 441731754b45e23e1e5c1f432c70b34544a411231dfb52ba8574433a83915bb8 |
| SHA512 | 1d8c5c2fc4954d3d7d49bf8167365f146c91ffb9d712838cd21c48f5702a97e1bdab6dc943666829ff7b87203852bf55ccac6b17e062524f661eb0b052c7fc0f |
/storage/emulated/0/Mob/.mcw
| MD5 | 4352b4668a501cc39389729a26b423f7 |
| SHA1 | a6db52aee4947f617dd2faf058960209c34f38d9 |
| SHA256 | 56a22789e055170e712e1cac8953e5f0053e5217724513e6f23757a7d2c0da8c |
| SHA512 | dca3941b7c5f9bb2844716e98fe5f389373da546d2987cea71ee7aa87fce36aaec88546f9e43b1d3c6bedacd36840433708ba6ddff6c61f46898616c2e163c07 |
/storage/emulated/0/Android/data/.mn_410185822
| MD5 | 697b7a3e6ec95fa355597398031670b2 |
| SHA1 | 6ccaa8d0bb62d34f12010cbd9ce08b2fa33c4756 |
| SHA256 | 141e632e3d57776c5ae38956520e703b38049a10dd074e3c7d0553f6dff9fa80 |
| SHA512 | b25478f7329e19353715fa0ea0ed3914c51ae05d20b894af8bde76a307a8d30693f23177b703d8671a697af35efb10a74e0abc30b17d2202d5d4a41cde606ead |
/storage/emulated/0/.mn_410185822
| MD5 | 231f523675a834bbf89a1cdff1058a7b |
| SHA1 | a6354fa9944cf65e10785bc027a2d65abedd8fc9 |
| SHA256 | 3606eede85b47dc29f298517566fe14f0115fadc521dca02bb955d6b930964bd |
| SHA512 | e322d6f0572bfcf867a697ee3113555a9ed21a3392e9ec18698f15e540788a0b9154bb6906e843a9d94f8a8e6aece4cdeef0fe19ac51173dbcf4785b59f17c7e |
/storage/emulated/0/data/.push_deviceid
| MD5 | 7abb21efd538d69eeacc58c202526ee6 |
| SHA1 | 2bdb175e872064babf687c15b9ca7190754d220f |
| SHA256 | 2e0eb3ab52d21c25f78a524af1e481c4100f32c31644c35b402fd3438b95f6f2 |
| SHA512 | 5474fef47fbb7ee2e49ef1216e4ec185e12729ae39e5200cf8c7b9b6fc9425a2e637b1968faf5242594276ef0b4a149a3c9992e1ee1edd0511996f257ebc2e9b |
/storage/emulated/0/Android/data/.mn_410185822
| MD5 | 54a118a3090dc0c4ade1366063247c7e |
| SHA1 | 5865614af157d4d00143fe885f506f355396f760 |
| SHA256 | 138fa38a91fbd8997d0582e2d6eb10d4bb6fbcce965abdc6c62896a672b0a381 |
| SHA512 | d412b983601031a20d2361a803aca7db56fe64b791098a6ac383b999f41b48abee20b1af22212cc97853386d144e6134951721faa7aeb10c3f073b188730a605 |
/data/data/com.video.newqu/databases/ThrowalbeLog.db-journal
| MD5 | 91cc24231a63eaa3f4988d879972533f |
| SHA1 | 0c35987db722b85d878b6c73a41ab9360856d1ce |
| SHA256 | 56703dbb9b75cfadb7eb472f68e95de0ae9a2ff633fb3cd73377fd0ac789ef8a |
| SHA512 | 0188a8cb6dd52c3233007086676ac777d23be12b514f9b0e9ef7885469d82db3f14ba26711e921c73eff010127fd0588c074c27a58c7a690e08a669d47b7ed15 |
/data/data/com.video.newqu/databases/ThrowalbeLog.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.video.newqu/databases/ThrowalbeLog.db-wal
| MD5 | e0436b8480204f35df6253a1268776e6 |
| SHA1 | 2393c65a21897fa310c2f46f7dc854382e6c8853 |
| SHA256 | b3aa6b358606155c951a1074cb1d23fe8e5f2de8f4a944d0160a4fa107095a1f |
| SHA512 | 09a14bb41d2c0cc43b78d0fd95b20186da03ab856bf8a5626e98bfea30aa081e62557debba4677dc01bf924f51944dab3248abdf6b454e129545e258d834cc0e |
/data/data/com.video.newqu/files/Mob/mob_commons_1
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
/storage/emulated/0/Mob/comm/dbs/.duid
| MD5 | f61b7d768c053bd057a61135602fb94a |
| SHA1 | 7cf43682d71a2e3c85ce0315fdface16d3347b10 |
| SHA256 | 4e34e9423514f7d164806f947ab7c238735e4ffed0a47146fd05787c08d8b88b |
| SHA512 | c881fb63335a6fe35397ad5d1d2d3adc1d3f2e02010227c8bb0ed9bb431f40eb64bbfcf724efa96807a250acb147f1e5863f715289bf74dcb5d720aadd3fb9ed |
/data/data/com.video.newqu/files/Mob/comm/dbs/.duid
| MD5 | d99f9ebaec8ab2eb488b17c8be3ff841 |
| SHA1 | 6037eb9fac8ed58ac7886fe5f23f0d7dfd10dada |
| SHA256 | 56ed58090605c94baab160be3019b7f2c61776a5a1bf2811abdf1425af33432f |
| SHA512 | 072fd67dd664c8ab652db38b1cfc1ee4bcbd8da899265c5615badf3d60e3dd03dfe8d750cd441c372faad59be556fb2cde65e24e74b7f133738ad91ec287e17b |
/storage/emulated/0/Mob/comm/dbs/.lecd
| MD5 | 61bb8dfaa5c9d570c5861fe323c3d8de |
| SHA1 | a45bd6abaa1f924c22a2f2fad0edac4961b62f50 |
| SHA256 | 9dff986e9f75fc592f0029e8646e3686bc5bb02bac10ec197d0bc7cbcb175f2d |
| SHA512 | 0d1411b8ed8496fcf670a0c6b4be9c2b17d7b18b5432925d910912c4f4cea07e21a59c9865224835b76e0090deb6f3ff7715f7c0890bacf6a7319ad71d514851 |
/data/data/com.video.newqu/files/jpush_stat_cache.json
| MD5 | baa6ac6d1020433ae0db542315bd0064 |
| SHA1 | e91a2537a21f0600aaba8a33fd75cd6185b56a30 |
| SHA256 | 9a547a56aa60ac9357d2e8fec074f03980be790ef3eb005c8dca5792ed54b39e |
| SHA512 | c2c809b0fbf5ba4afda8d303dccca1ffaf5cc9b07987e5daa2cd9216b6075cac371c3173b67ca0a1c769075c71adbb802f6f96cde66c0a28e4f4caa19492ac08 |
/data/data/com.video.newqu/app_crashrecord/1004
| MD5 | 09488c1a5d4675c0c5fafaa9e18a46ab |
| SHA1 | 714433009760df64b184b4ad8337421de58e2966 |
| SHA256 | c3e13dce636fc65ce9c75413cbbc049e1f598965d0878975d0e581e19e085806 |
| SHA512 | 4cd8ed79539aed860b50ee702d7faafedbecdb54705fd6c03a98b2af6b2a4b33c89e4b5baf290425b37d7d77431b4421d689e7acbdd329fc40fe47558cad0b0b |
/data/data/com.video.newqu/databases/bugly_db_-journal
| MD5 | 7dbe4a27da97384472d520e07d66d0d1 |
| SHA1 | 4e5cfb1fbb8f366bb7ee09f2a7f0d9d692201423 |
| SHA256 | 13d287aa366b7e3f53d3420ba8565faf0d03a3b67752df1f08784d10e92f8dbe |
| SHA512 | 3ebc3a45880f674291c5fa5e41ea994260cf8faa4b6b814901a8899831793d194505ccf08c8c72aa82de49f4312256a21531782142fc180e0e5c3dd71dc28e6f |
/data/data/com.video.newqu/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.video.newqu/databases/bugly_db_-wal
| MD5 | 78fb5e1329568d67f06c3f61ba1df9c4 |
| SHA1 | d39a8dc52bc933a761d5570cb3bc3ec344f4f785 |
| SHA256 | 5f3ec98dd55d32e6ce86b5d79b4b8d6ae138c95f92f2db3abb5b48814405fc0d |
| SHA512 | a4931bf7cee948b86f516b569879c9071d6cf7059002f6b356fb9c00779c55a791b921351870dfd4cc48b8fb374c7f8ab172d2c51fa6edb48731764aa9172393 |
/data/data/com.video.newqu/app_crashrecord/1002
| MD5 | 9af663a6102ac668eab53d55d21a5cd8 |
| SHA1 | d11672029b39113274636b37d0bf69713e7d68e5 |
| SHA256 | 5970852447a1eaa054005468d85e00b15b388f4ef3daba6fd2f548e96b834e52 |
| SHA512 | f4fcb4e08ce10130332f37c2de12dee921b9a5b4061ee97af1f1d7a987756627eb8fea70a5619fa470cc70ea52f80b914ee06e394cbf04ae3c7f897c347779c7 |
/data/data/com.video.newqu/databases/cc/cc.db-journal
| MD5 | 1ad5655b05416e0d260235498ce2b035 |
| SHA1 | 7289abc08e7decfb6cac0765e410e42bfcc6520f |
| SHA256 | 66a79ead343a5938410bc40682b46a987a56dc6f574fb767c8e8decf65a4a5c2 |
| SHA512 | 29c47c5b3432511a489b6d40924d726454e9c9377c2e031e0040423bebff52320356f237984a42756a02d910671a1670b8cd19a33bc30507341a16abfeb3cb41 |
/data/data/com.video.newqu/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.video.newqu/databases/cc/cc.db-wal
| MD5 | 47cb3982bd8348887bb1588feffe3cca |
| SHA1 | dd1484fbbc12ca7b7be79abaa783b556125e525a |
| SHA256 | 2dbfe27912d7d94c0ddfc3664a67262448ad75bd9719a2857f71bbecb7e1ef81 |
| SHA512 | c9a6c0b8349bfded051a2c6e3017bc7d831284cda7d606c5f5bc339d080649643c8486730252ce41ecba88a0198be3287b591a56c38b69eeefe236da7c6cd270 |
/data/data/com.video.newqu/databases/.ua/ua.db-journal
| MD5 | 5471361f1ed0e8f7a185cfa1a7a6c553 |
| SHA1 | e8657b69b2081b39e09e3a32e56a4113eea665a6 |
| SHA256 | 3cac1791f1e86d0b3f3f02630259a42e09cf37ecfbbf420c3647ab61b937ae01 |
| SHA512 | b3b3a0c377fd2450beb5b911c41c9b1ac4ec9a9a15c4b37a385753cdc2afe41efdeb850a36226630927e423610f24e47d27e92adb2edd70accccdb823fcb13bc |
/data/data/com.video.newqu/databases/.ua/ua.db
| MD5 | 731285aab4afd55a2d80655fb03f2f06 |
| SHA1 | f0759d7f393326f964af55553152b268705189aa |
| SHA256 | b915b5e2345d856f206fc05013f0abcc53564cc65ecb3323c203230714d478f6 |
| SHA512 | 73191ece5a4ca730f46182f125198aac84611a1a8abd60473d734794809812136dee4213e8feddfb0f02bb0c03229ead373acd31067d2874befb738bd2b80bc2 |
/data/data/com.video.newqu/databases/.ua/ua.db-wal
| MD5 | 864cc9a66b564afaaa7afa1656d21e40 |
| SHA1 | aad38a8ee085b58c38cb0d2a3ee7dd116f6b4c43 |
| SHA256 | e0d05fe38539b1d0d45079c21f5422044c56d626d251b8c6e25d6497c2a5abf3 |
| SHA512 | 62b7609b39eb75553b9ac0c049cd29bd9b107e0c765de658fc8244c77c1588b7d1d90a38412899b7df581eaf3a0dc6d97d8a9cfdc037da5d197c8fed8d83a595 |
/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc
| MD5 | dce7c4174ce9323904a934a486c41288 |
| SHA1 | e117797422d35ce52f036963c7e9603e9955b5c7 |
| SHA256 | 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f |
| SHA512 | d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143 |
/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc
| MD5 | 0bcef9c45bd8a48eda1b26eb0c61c869 |
| SHA1 | 4345cb1fa27885a8fbfe7c0c830a592cc76a552b |
| SHA256 | bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec |
| SHA512 | 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812 |
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar.sig
| MD5 | d76981bb850c22bf261d52dd424dd3a5 |
| SHA1 | d2b52e926d51927588c2b426836587e63fe68597 |
| SHA256 | 70ae375f7ebea59b98fc436ff2587d4784dcd83d7e4c94fd059afb49962fa250 |
| SHA512 | a3379600f571a7e69cd8b640dcb172f7f0ca0de56ebd4256f65735d2f6053504e02d7756e0ee568489665274c8aa3756d8fb438fea9505d9137dc1216d9874a4 |
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar
| MD5 | b95166c2f63e536b6fc4b5b811444dec |
| SHA1 | 45fc74323bb2e66f4c2a493b65b70e0de2aeb77c |
| SHA256 | 2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d |
| SHA512 | 65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2033467e158d03c267f69a8003e41370 |
| SHA1 | acd664740f2633303815caeeebd5021db9f50585 |
| SHA256 | f668486c3f479c094bafe4ad56d6738b72325d6902d97618ccc350ae6226e140 |
| SHA512 | d39b7c45b21d09e39efc47d295eeeb9f04985366fab856dc5c46419ea57d3dd4914a45501f3468404f96343a2016bd61bf1724dd6af2e07ff49a93526dcfdb94 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 4483e589582ce5350ba9b18f64276190 |
| SHA1 | 1c1eccc047fbdac773ebd13949a671226f287519 |
| SHA256 | b608b2aefe7a8ee3dca9d15333276cf838cb562e6a86d26f2f27e37a8c1528b1 |
| SHA512 | 155b28b771124f9f7801644ba78866c8edf1a6f74bb3960c46af250c030af551c65f290f36605d6f74acdf2aaaa8c00effe975fc151fbf7585252428272a0ac7 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | e3eb7ad353009c83531a803c33c5aecc |
| SHA1 | d3c1b6bfdc2a26853b67fe3db7f2f654c9f72086 |
| SHA256 | c339eaed987f9a42c0e7a1b155c92b48e43827074b270274ef2df79585cb8c48 |
| SHA512 | 26e289c1758bed4840cdf182c40c9c58d70e57a68cafeef83c278b8c1679171d6c02e8b4b79fb959742c7ca8daafddff973d51755a39585f0c9a707abb973a70 |
/data/data/com.video.newqu/files/umeng_it.cache
| MD5 | 9f8ec245b3194024fcf79e3037a8a94f |
| SHA1 | 38b439ea54652872f50314388fa6d1c4d8b81f8c |
| SHA256 | e0d1e66fd1089b162aed487e1ef16496b87b4936f94e531d23477523b0bd6d02 |
| SHA512 | dba9b7d491d75a8de009d6c8dd09ca56d8804866c370201d16cb21054b8fa1d4cad781569a9e46a379632dec91b50dab18d29e09f4131d94e0a60fd741a5b029 |
/data/data/com.video.newqu/files/.umeng/exchangeIdentity.json
| MD5 | 45c4724ef918f8a40c6fb489e02df40a |
| SHA1 | 5838be6692c1224468aefdc79eabb2922d218a3d |
| SHA256 | 47d6fd61ccce96cffed7fc5c80fb12c7676ceff5e8a880ae18021154ef86fb6e |
| SHA512 | 94bee7ee67b24737dbcdbbfec485eefae48e84b499537baf9c258233d832a35871ea29ff5a5888d251114561d355450eccc9003434d8b8726a8ec6827b202a0c |
/data/data/com.video.newqu/files/exid.dat
| MD5 | 985d92c46fe4d792f296c38029bb02b2 |
| SHA1 | bae1329c174ff4a796572198aa86c8f032b6030c |
| SHA256 | 5d23553bdd8c785a156f89e208276dacb8dea58668a54c6d205491f369171458 |
| SHA512 | 9a12fb75a777042de3c26a7e08e502112dcbdb74fdfcda0cda0218c074360930e938a4c0dd8c4b21e733756038ab597c6117491dcb6e7acaf78dd4aa8fafc406 |
/data/data/com.video.newqu/databases/.ua/ua.db-wal
| MD5 | effcc4b72af79a0b36b60349af36c752 |
| SHA1 | c290853a73073a595de9a2b469317f21e1bcd1ed |
| SHA256 | c6a6a074d01f7f8bd6200c422327a0e0fbcd887a56892ff6792c25cf9150e825 |
| SHA512 | b52bbc071bc73f4757a6c896e3e574f182fc7080e4c4aac501f6d0d2e0b0dc2ecdea45425495fa390ce8ffa1232c75c6ecc5323b85a5553b4817d85b42057f34 |
/data/data/com.video.newqu/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.video.newqu/databases/cc/cc.db-wal
| MD5 | 6b06f686bd3c4f5bf159b94dfd29c649 |
| SHA1 | 784d6c8a9587a091a891e440e581d2a740767c16 |
| SHA256 | 9c4c21ac7bce39693391d53dd5d6b646b4bb5ec7c6bb7a80e73d8e5a32204af9 |
| SHA512 | 423795c248c69950b841a1805fc27a03450337266fdf6453d0d58fe52c82f006f89afe3a998136f9a18d76c906f8c809d7f2419a91d19ab65caf7c2b92c22614 |
/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar
| MD5 | 0b5784570f9310b17137d6541b329ec1 |
| SHA1 | 6d5f66ef2c8da7aa69644020011bdda95ee1676b |
| SHA256 | 96451b883d3234465a050ae836f23469de5cc555252c82d5970e1bfe10d3b83f |
| SHA512 | e826e7bbc5dc7f362ead69ea39d8846574a1c578110138ee5769a96842880fabd1f4f19f3fcfcc6de0f775956761f3c651b2a970427b7a048a02b5d0deb19f75 |
/data/data/com.video.newqu/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar
| MD5 | c551d821290c1c898dfcf264d4f05aa1 |
| SHA1 | 6914c7ca06b3c007320340823bb45a6bcde0e4a3 |
| SHA256 | acc90b0920e0d20d8ec0b653508280e6ef4d04e67cbdeb50c5c4857b5b8c0b40 |
| SHA512 | 1ee710f2a863ef15cc3603a25fef3ffec7dba9f95da1a0f81afba99a03bf351c1f10900383e2d474f5c0e9d98deaf3838016e59ea983cfd5d16245a81db66176 |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-journal
| MD5 | 01efa11e42f13b6800be4852335078f0 |
| SHA1 | 66734936ad28c1ea7be796cd602bb5486aa9c282 |
| SHA256 | 3dd269c13b011bbfba153dcb3d09aa9aadecb805d54832e744f084df4f89d3e6 |
| SHA512 | a0cb592576d914469e166d1eb2b56ba53faa138a8ebf0c0c0dd0d6e39c21bd3842528d82088977e23b86b5c6abdf8e332de28b1c4e0cdbe1f705638ba97a58ca |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db
| MD5 | 755d1d1b0599d7be973031b5a9ed3373 |
| SHA1 | 3b13cffb97005729fc20cd9b9a8547e0fa32632d |
| SHA256 | 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46 |
| SHA512 | afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2 |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-wal
| MD5 | 984d2375470795da40bdd5de104c2b61 |
| SHA1 | 8c6681e1c73b1d5f834d78c4ca76075e460d7a2f |
| SHA256 | ecd6848eb704ed7ee25a26475a1b58899dbac9544dfcdea2f6eef7acc2da5dd3 |
| SHA512 | 33919c25589cffbd7ff9846794253fcd2c96d06f73a4e0b79ec1fbd1dc420a19e0de5e79c5813c5fd47baff4f73ac83764336d8b4e0bed7868cff832616a02e1 |
/data/data/com.video.newqu/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof
| MD5 | 89018dcc99b7e07d720d1853af33b6e0 |
| SHA1 | a86efbff20f16a612f1973e6dd1ce6ff1f77ab65 |
| SHA256 | 4dbd7d0c7c55dde53cebd195c1753f02f46b68a4d4ec89b579118f0b892e221a |
| SHA512 | ac19e5f9112f808af1009b465df76b4a7ba52eb0b4accc60bfc275bab373e7f7f92d104e8af4d74bd50a9a40362bbf392053066be40121ee39934bcfb032efcb |
/data/data/com.video.newqu/files/.um/um_cache_1716015183742.env
| MD5 | cc2abab2fc326858e10ff4d931ebb868 |
| SHA1 | cca9962ef71772f69192ff98558bfeb4293ae9b3 |
| SHA256 | c76c4fdcf67a1d34a6b50e6c7de08feb7ac02d578e59a9d6720e48ef1ce4cb34 |
| SHA512 | 45e2ea2b9ba032811602eae74c95a969386d5c994a0d549feb8d6fc49bf1dfd0eca627d5a83655b7f9981cc9e6f355443afa2d855b8f7dde9e5f47a22c4931bf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 06:50
Reported
2024-05-18 06:50
Platform
android-x86-arm-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 06:50
Reported
2024-05-18 06:50
Platform
android-x64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 06:50
Reported
2024-05-18 06:50
Platform
android-x64-arm64-20240514-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |