Malware Analysis Report

2025-08-10 23:58

Sample ID 240518-khfgdaca7y
Target 53df07e9dbaf7f8d4bec7214e132c2be_JaffaCakes118
SHA256 d5ee80842ffb1142209e3b47ace72bd1eb5553f5c327b18de9c3c65e15ec1e5f
Tags
discovery evasion persistence impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d5ee80842ffb1142209e3b47ace72bd1eb5553f5c327b18de9c3c65e15ec1e5f

Threat Level: Likely malicious

The file 53df07e9dbaf7f8d4bec7214e132c2be_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence impact

Checks if the Android device is rooted.

Checks memory information

Queries information about the current Wi-Fi connection

Checks CPU information

Loads dropped Dex/Jar

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 08:35

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 08:35

Reported

2024-05-18 08:39

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

183s

Command Line

com.bairimeng.dmmdzz.nearme.gamecenter

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.bairimeng.dmmdzz.nearme.gamecenter/app_plugins/oppo_game_service_200702.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.bairimeng.dmmdzz.nearme.gamecenter

com.bairimeng.dmmdzz.nearme.gamecenter:gcsdk

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 isdk.oppomobile.com udp
US 1.1.1.1:53 api.cdo.oppomobile.com udp
CN 106.3.18.109:443 api.cdo.oppomobile.com tcp
CN 106.38.236.159:443 isdk.oppomobile.com tcp
CN 106.38.236.159:443 isdk.oppomobile.com tcp
CN 106.38.236.159:443 isdk.oppomobile.com tcp
US 1.1.1.1:53 update.ss.igreatdream.com udp
CN 112.86.135.144:80 update.ss.igreatdream.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 update.txss.igreatdream.com udp
CN 218.24.84.120:80 update.txss.igreatdream.com tcp
CN 119.147.175.25:443 api.cdo.oppomobile.com tcp
US 1.1.1.1:53 sopor.game.oppomobile.com udp
CN 106.38.236.159:443 isdk.oppomobile.com tcp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
US 1.1.1.1:53 i.stat.nearme.com.cn udp
CN 106.3.18.73:10018 i.stat.nearme.com.cn tcp
CN 106.3.18.73:10018 i.stat.nearme.com.cn tcp
CN 112.86.135.165:80 update.ss.igreatdream.com tcp
CN 58.144.226.113:80 update.txss.igreatdream.com tcp
CN 106.3.18.73:10018 i.stat.nearme.com.cn tcp

Files

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/app_plugins/oppo_game_service_200702.apk_temp

MD5 37a4c738e5010a062d79c4e1f8ee7576
SHA1 cb3e78e39c5f487be41faf1d3542f3a93cde33b9
SHA256 a2954083260a44c3bc16bf9d2f9f81c90b81cbc3b834238cdcb4eff49666ea04
SHA512 480bf8d401c94f4d424c82b3e962d5a789eba4312246b75871e7d53bf28e7ba2eff8c6c958d15e98feec3885f603c9248455866304faf62f778657f95ca4bad2

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/app_lib/libonlywechat_plugin.so

MD5 3d7b0b2ac561f3d9f2e8b3658ef00a47
SHA1 726c6e3fe35c75596cca114499d0300267f5dc1e
SHA256 82999caf761218fc97717c8d7521381f47fae9028b1f3a7d2204d8e423440388
SHA512 bd79c5c11e65ce6c59021e216cb22e84cd1960c442b42089564eaa0579ca3e7f499d31def43993436bb2d17a4ce010f1420ce5051cacc92fcdfec9f0af9e2bd9

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/Resources/mscorlib.dll-resources.dat

MD5 0c33785e38b56930692f5feb65b1f4ea
SHA1 476118376723a898a51eca8388d43150e10e4dcd
SHA256 b5f88b272a786dbbd825ad8b1c4f94c44fe8672f565508ef74245843cb845cef
SHA512 d3e004738bfcd95219e3e5bf9f9c1e20ac33b8150098e5013c5b4d0c24cb5437bd18d3562b9d9c44778bafc294de9d0433dc368e33d279f7e97b7ed2599242f6

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/SymbolMap-ARMv7

MD5 8a646e9b561851cdf11e60964077c5bf
SHA1 84c884d107b5f9e57ec9bd8dfb9e67ea70b919a3
SHA256 f6b4fdf73cb5c57ef54ee81af97aa06b1b941f077008d8c3c823f7ffc2ab6d67
SHA512 6c42d26e77f66850af2acf955c48bde6addd8e763dedd21f72db8f50666ce02e60b13d87c352241377d3658f5f82fef343ff24acfc7de0addd1e01268ff8bc7e

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/mconfig/config.xml

MD5 fa6f26ac1fb4fbc1b7fe1062205ccccc
SHA1 5283d6ff583d6ec1736731ac62695a3abd8bfbe8
SHA256 c29ef996cea555adb82f8f411a966688beba7c5d9b1bbee37fc69093aa221d7d
SHA512 07d12e050793d9c41f11a3b7fecc83ee09a4418cce3fcc6549fd74860b854f5680859fa9e8611d9b22d0a11e548f8ea1945ad282ed8a874adaf28c0a935f9651

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/browscap.ini

MD5 378be809df7d15aac75a175693e25fbb
SHA1 2d5454e161de8a5b65910f27bd70d9d0ad8fa476
SHA256 4ddd50f31fb968f30bedefc253a46dc3f2890192d05cdaa9e0a64a056eee807e
SHA512 d0d181e806cbd2c016eb0a8786f7d9db877463eaac0195db4e891be111c9ed87491a1abcfa0d9ed7c2743e004e1f4a3f4789333d0b535e63358c672ae833c363

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/1.0/machine.config

MD5 eb7835724bf48cb9ebf4e848458fbf86
SHA1 ea0dce012d8be04ffe3394928cb25444f3bcba8f
SHA256 8772d0e57b6dd797b2049f0eaa1adb8abb9427c797f2d1a52b126f776855795f
SHA512 92306a4c158b87338622b13a4c2f7840d7f35e07048aa3bb3157d7ada2952f54367928964353ae0add60c4adc4263a7614ba9b25d13f62e189642af8a6c9916f

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/1.0/DefaultWsdlHelpGenerator.aspx

MD5 4eb0af5b9aa5021f54cce0b095782164
SHA1 caa1f7ab8afebd56e6e58101721d95699de9acec
SHA256 8286606288343881da5f8b29b9c056c426808891f679acf2f3146ea49efd14ed
SHA512 862c48c42f31214e143ec84a5d71cb6183c521dd2d4420dfd5568b97ded21eb36d94edf0c404d6086617e3c7deb5c31ff791fd14d0b7b6791bc000eecdb31666

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/2.0/Browsers/Compat.browser

MD5 b640611961a31be8ad500f90ae1b6b47
SHA1 a2d01a806d780dedea892f4add54c52efa8a8790
SHA256 780b40a79361b7e50a300332e1aea3af8d291588dd6cd7b7bc397901c7bba04c
SHA512 b70b180386f8266cbca74548ff5a96c4331d48589f1c7eda71dabb0ab603960f4efd0b0f55745daa9ebd09666429b77dbb0f6ddfec02b1981faf97655a61809c

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/2.0/web.config

MD5 68b06f1420d7828be266b7282e807d9e
SHA1 98857ae60e2a77dde6f09893a646d5746e672854
SHA256 d5031f44e8690e55b7d43241662184ba7e03b9eff19a5dbccc2d37e7ceb9771d
SHA512 eaa31ee7708665e479f457c3502762d8108171ab64a1818651eeba59f8e74876c9079accecac9411f61894bc0a12cc27223a401feb4ab00b1d6f6d70d72084af

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/2.0/machine.config

MD5 36a0ab944b47b5b47d3e4d753fea3bde
SHA1 e66bc127b9e4c16290dd05ab458612f1e7745bfa
SHA256 dbead17355885f52217eaf5ea485453b540935282d727a3faee4702bcf54351b
SHA512 b7f65fa63e7f1fa28becee06f2429d6d36faa72d8dfd5486e764caee47edbe427534989e77946dfc6382efeab8512728dd1820f9f54813adaf3ddc8098f7e23e

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx

MD5 d81fdc70573e5cf563e98ab268c925e5
SHA1 65ee28c5f7865c6e4a10b7cff72aa85f194022c9
SHA256 304c18f08b628a02bca516fe80514cc0e2e7e14f3b07a6ef7bbaf5e00d4146b4
SHA512 81c850e1390aac5e8d28bc9cc5631c57c12e71ab8c1dc1c1506aa436892530463e56e95ebb7a7bc70c8dd8715d5aba8ffcf72fe7f9734767f876c7a27c23f4a2

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/2.0/settings.map

MD5 5371eaa3f6e3478dc72d97edf1dce650
SHA1 b0cef4fadc501c1caf8f067975e5d1f3e96415d0
SHA256 cb57a641da32fc4257eeb1a37cccc3c5fd7c32555d03da30bd159f5ee7b2b092
SHA512 2e80d452d8bdd1a34ff8edc58e5202e8618d253c18c6f95d40d1981b87ca2e12fb420a68033a8c7c8b764a5e354e1297a00b257f54b82e5b5c6e060d5b1effca

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/etc/mono/config

MD5 059bc8c3d83344c97341cc30484171be
SHA1 d552ec722dd74cf32cc33d9df16d0e08d89a1075
SHA256 a540fc2a181e847bf41dcfdcb67bf8c7614cebe0052e71d0921c924611eba77e
SHA512 b9b4ffa928e07bd0890c99e975d476617b828f8e7e87d119230d906a51a45845ba7251e3dbe354c7598e80dfbfafcc90ce979c1122079769937ddb33b40cf382

/storage/emulated/0/Android/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/il2cpp/Metadata/global-metadata.dat

MD5 451de0917c8bebe0cfb75383af6ff7f8
SHA1 506aefdffcfa826c38757306a6bc0911104bd7da
SHA256 c9df0d969428785d784255d085a78b5e3399edd4a3e237673fc2a02f537975c3
SHA512 0e5a8adcfcdd7f9a4f3a546fab2a2cf2f50c270d454d1683382be0556c8d63705785e2dee33fce1430ce765297cf0b14a333557a29fb15fd5e5209c4c2fbb24f

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/app_plugins/oppo_game_service_200702.apk

MD5 8590c248a17fdc37325b077291d36d7b
SHA1 73772f40430cd16ef1225e7b2d02e7c67945f092
SHA256 0b9032ce179b1d4d11b059bd71336ebe1bb3b68efb7c20fe49858f3513b1235d
SHA512 fc5d09faa0b3a7718a9ea230b229befb2a5ba91dac94b38b03404104d7e95b16ef3daabae7c2bef5757ee58d1a7f9f6824ad1efb20f94138424c3acc4438a3b4

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/error_sorry.png

MD5 fff465291480dee5ede1744f319a5f43
SHA1 76383cb046a0d1e83790bbdfe55fc062847ccf39
SHA256 0a50afb2b00671d968085e6a52c0f5eea27882a7f0b5352102674cd74ae5f591
SHA512 776a3a669246f9806be13f5afc5b708691248370ceef9160bd2aac92d24333b060cc3ca013557a1d50197e4037153287579c63530d872ff90d978369a13c24d4

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/error_wifi.png

MD5 2b138d3fd0fdef2f40f36e6c79cbc89e
SHA1 237bea54616523d5e45d0a73c15820d87e5ee41c
SHA256 86f952f30c0d241d49654da96778555044a66d0c5d99239c0444220296b34cd2
SHA512 8812f3b6786696906cfea110f9841ead9dd3c021bea0157492eea7b74c5c9cee412ea9c1111f16e1f1fba19549a1505b20b0807d70d97f6b5bf161832d2d7c89

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/empty.png

MD5 eb68c03600f90ca52e92797e385f021d
SHA1 1b3926c5570d143902c1225aebefa0d630a94079
SHA256 a4230125af09ef1e38b8f2611dbe8e8840799d33945aec7716179d079cb4c400
SHA512 321638d74e76b4c4c5d391a4c7235640d8514a802b8f2ae02d9f896aef3db0afe415b400783aa3e0673dac7c145cb611477c7bdc881591ce10c8e7fed1a6a291

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/game_comment_bg.png

MD5 334d1a41e6350cccc6ab4cceeda96c1d
SHA1 94d0b29adb10e3e165e6c8f35bf170bcf03f27b9
SHA256 051509b3dddc0e5f359b567a485239180afe4476eeaa92cc5deec57d2234cc2c
SHA512 e653865bf3dfeeab979c48ce5b36591b2316aa8b9c424e6a75e9317751f5ed4eb71f62da6fe0fbb9ec4a9349def390bbca37d5317170debcb374eee45ae5c4e6

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/game_comment_icon_1.png

MD5 03d0c407c0db2001df8c663cc5a8a985
SHA1 1d56e7cc0abbc05ca5edf2ced3acdffba999a1c8
SHA256 9174cf3d92a8e393ec5867fceeddcba296d5f2158765cea6b504d6b83e8fe36d
SHA512 a757fec6e77c530aec3935f25c0685565dfcc7c48027f8b378b4e3862d8465085b14c3a8de62308692ea579d4bd958b53e517091af36bcf2baa0092b036c0191

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/game_comment_icon_2.png

MD5 1114184b7f2c15db1d2a94c055b08916
SHA1 9df3dc002238e64ce7a86696184b108fc5729a17
SHA256 9610d0799875da3461311b8b3a8df6cfa607686666ecf821e6f089d41b8a729f
SHA512 2bbdea6ab689809cda03bca0b9843c0c153027e2a11e2fffc746f25529edccec7a24224a66b0d45597e8da00585b6663273ec35f0b5e37a5f6e5df64d81b2329

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/game_comment_icon_3.png

MD5 cbe84a27a1b75880f1823b5341c98df0
SHA1 ecbaaa293cde5619f962ec2e7e0d6efaeb056908
SHA256 cc5b15ef802006558a005466857fac3d1a85aa503b3282fd0d4682a113e2c89d
SHA512 598e166b36eb1e10cb80663b1dea9b8eb6de8d9a5f7452fada46119aee058c69176646b3840a6b70a5103f50f7c21a0dda02875211d80d18b40f21a4aac1fd9d

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon-close.png

MD5 c8f3da71ce91fc509d68cd099dfc391b
SHA1 f22ba0a2f92e0c333842781a5194bf75aec8ba62
SHA256 2f19ce31e87023d2ce2fb1d0a36b7fad7c3bf12108e04976894275cf3e9a787b
SHA512 4c1023679f2500b82f31adfff31cbc4d6d9c7e32b5a67877fbc638979ea705946d0e406c458604d72e78279f28a73df311801dd4311aee56c632b9c46c3e6fc6

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_detail_nomessage.png

MD5 443856667fe67c9b1205847ba8e72831
SHA1 e745aba3c5a2eb11ec6aec5b630f6913544098ff
SHA256 4138b85b34d8060c0b9f4887390d34617734083d20c6b7e3b10c1376ccf8f6c6
SHA512 c22feac3c7f244d8c9d9d12df7e9dae9733e1ba41507200a6bd5ad1bb6996c76d92e33efaf62768ad15c8ae97f4c08e65b6edacf41838bd8457ca64ff102ea5a

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_evaluation.png

MD5 7118ae2863af6413fa756094d37fdcd6
SHA1 0e8c9947243c7e98d4c1ed0050527d03d802cdff
SHA256 b20c4c77dab2db323f97f8ec227fd6246dad2c1afafac773f9d2c54c7e34615d
SHA512 8c1b53b6486fd7861a96528a56855c7e3b91697b900a0195d84db006c7ab1fc5da86b1eb107216651dfc3c9710fe97f23e6b15b92c4b7a19efda897c91ab6097

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_pointer_right.png

MD5 0d7bf1c12952ab4bb18eba2e963fc358
SHA1 0418e79737944f3fcb59d38a2b12bbf4c624fde6
SHA256 066bd05449dde3b3bafbf1d86e6d880b72f7631200cdd4baf4abbd3cf48eced3
SHA512 cf3aaafe67a9799a942a56cfc4253765a44f8c51631569a9c82305234d18e26fb55d4fdf80e7f196b55f5bad4d91f6a87e2fec2e91ba297301cdab62db6b34de

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_more.png

MD5 b3d245385cbf8e4f1c216541b6259b0d
SHA1 8fbc21119adee521b846706bf4dc0ef64bb576c0
SHA256 1f1a7498dba4267bfb93fdfe263b6589add8dde2b424e0ed25b193f7b861e1a3
SHA512 9068d164f43290a19787b89763554756a1d6365434237dacbcda7877e0fe57228194c33f0b591ae95a7facc28289b63b21df28189a7b9237522ca8f3f7aad475

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_list.png

MD5 b0e9516eea0596a7546c7c2ebc67d36e
SHA1 f1ab3c57180a1b6906a479ffd68470df52380a6e
SHA256 c45c18e831dbfa55fcb3fb4b849f003fea19c1b0bf351714978916371cc00754
SHA512 48596f5b18c880368889af8a6109c4203231a631a48143b5d3b605a2693429a47320f89e8652ce8c83b3a27cf34a684d90208bf7d6d17a00de9486bf0b279f74

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_strategy.png

MD5 1f9f962514281fc9bc1dde8530b2c815
SHA1 e3e7f43a455ba58cace259353a2978448d1319f7
SHA256 137a3585d9e272630bf49ee491195ef4455a5b00de176a32cc2fc4b98c798978
SHA512 994b8240c3b8db340e6048efd13b83d3719d9b4c0c255cb8b067b9811bccbbe2ad557e485e7e89f6499fcf0c0a02856f59ca93deb369ff84b7a91d3ded5d3aba

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_title.png

MD5 99b896ca8662b328b19b2369e04cde70
SHA1 05cd301f8d7a1765de35dd0f041d10d5c1ae257b
SHA256 05580099f5d653122bc000c7bdb6e2b70b3d98c9662ee9c70d835acd89fcf45c
SHA512 b335cc83dbfe07131507831fdc6fc7cabd673cf8166a76f0f025a4c9d4c2c2a09e4da8d2ab294d9c029aba563737ffd6245018ef5ff45e340f83b7051d9103ca

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/icon_video.png

MD5 e57a0420b804da956c24a2ca76c6bc94
SHA1 8934ea9fe4016d44a192169d7e68cbff5b7c3ca6
SHA256 8f6fc076f7a2e5b5d9fb03f637cd149ce01164ee971fec3e5bc431cb27831264
SHA512 9e55ec6f0eb37ae44a608db0c022c9adc9dc3f91d2b0e3f113bf44a5b2087ed438f011d47e1bbae6bfd670123872f58d307d61141b415ffc6c20ea6a348d1657

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/left_bg.png

MD5 202104f96712dab6c2636af78247b771
SHA1 99a4c0a01d064fd67fdd843bbaf858eb594c0632
SHA256 faef418ffebb1bc78c5fd2a33fca317bd60f3f4860f66d522671005ecba5757b
SHA512 82e6d066146dc1af3c57397201dafb681edb8523f20506397595180628d130514623544594eeca674ccae92edea3c2dd59acc9ddee367ec6007b05f2de27f4d9

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/middle_bg.png

MD5 dcc5f12472518deb5535e42a86887e2b
SHA1 09bdb1a4af1633785164ecdf378a1365e8556007
SHA256 18d9ceab2d81ea46ff569d256efd551886046cb621701bf9d1e40c87e650a93e
SHA512 9af6a017e0665a1797e7731bde2df202b19b30342cf74f23aac93af7689e82b0032050d17c057bda73502cddd9caa831c09fb6fa6e09e327e0d93a71d1e98edc

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/no_more_left_icon.png

MD5 b4d5ecb3377fee678a0230184cdc6da9
SHA1 0a1147ab86e4340f8b888f0edf49ac0b1a0c7c1a
SHA256 9cf400d62ea78c806ffcc59d1b4f59b8927533459978099d408504264a3a4538
SHA512 8e8e99f794c59cf63a594d6579769492a07b85c287f86d4b49b566e15e869e77c08bbc5c143e033b6bb13a03ba4e52751f993eeea2f62da1c611b77720c03ab3

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/no_more_right_icon.png

MD5 89624c0470361d8b3fcad901a87f3c84
SHA1 4268e380e1a593fee16203cbdee358f4eaf896b7
SHA256 6581e02bf79a60c8694262b2a28cab692a673448cce94a6d163214ab5f37b745
SHA512 93449c1d9839e815ddb077472c5a88e35538c061acdc0d7bcd5c6f2aa69e5c41be0f267edfc891325598d1fc76eab9d43584b67973ee818b0dca5730a629d46a

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/num_bg.png

MD5 bab3922302c2d2a1c0f3a92b70f3cdce
SHA1 cf62027408a8d92e5f614aa5f069c9e95e402115
SHA256 e326752657741ab4d9be16d8cb78dddcc43f8c26000d8182a74050c26d4d6308
SHA512 0ffafd1847084c98f6ea50d970e2a9621e924a4b08eb821525dae60077f73e6b7613cd3d1326e64a7aad45f3b689784ba0e7fcfc32f135fc5ffb424fdb680de2

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/oppo_spinner_black_16.png

MD5 5979dd03feb9c7f400ac6d4e0ede5d0b
SHA1 a9fe83f9399fb5294b89a75b1c446f7399297629
SHA256 8c7193c94614cc279c7597327b44a323ebe5699b7b7c08a6687fd38664465a94
SHA512 ee59485b11234fc349be70d7b4d815a5181259fbd10ed06718261def18eaf10884f39f3105f57db46b1faee0b1d209a579786ba3f0c266ea53f1a56414bfaf2c

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/round_bg1.png

MD5 b5b6bf10bf94ed2918421a1ec148347f
SHA1 abe03c4d80e395814b6a1afc0b873b0e077553d4
SHA256 4a937f92c1bbb3eebf734ced2d38a6f1956cb32b091eccf41891212438a39f14
SHA512 b2cb329e69fe17dede8cc60c477e2d7a94db70bb8b6db31eacd0f511b2360c288f8d1233ba8918f1b2c12f2c16875540133cd49de7fe455eebb9d18e8bc69bb6

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/smile_face.png

MD5 d3c21180734948b4fee4e994168acbe6
SHA1 4dfce11c590954dc10ad2157584739974f3ed12f
SHA256 792b34cc65ad7f8bc940d8f295383f8f5eaa234977ce72cafe0132b601135116
SHA512 20c4cd9a462a0c69e3749090ef97a8d52e8958a2c7964d7f0b4c7b594d8b7648e9e914756e31f2bdbb00b2179fc64875085d51a90a1c2c6ffa5f026015d2c96b

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/table_bg.png

MD5 bee121b114a2ca9b4877d34f7c7a3fd5
SHA1 71cc2cf80e2c830de16f4ca868986fdee7018f89
SHA256 bca905dd09670b5496903c22cdbe98888c8bd18b14ef43cf7d43acd87e3bb9de
SHA512 2aafe431fcb7aa1095d1f70ea6f72b1d027dea42a3d11662f53f4554b254deab6d00711c7f3d1518675ad4687b169a6c6b48609ade18cb8f7ccd8ad131d7f264

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/images/vip_tag.png

MD5 e89cb00f406158b082c95f9a595449be
SHA1 11de889c05f12cc334814ce56a189555e4f641b4
SHA256 16c0d004363303ebd657506fae7a092b7f843225e1a5f56bcc4a867895a770f4
SHA512 460a0dec3179b7af8040a933515e9024c78428913c084e0761cdfa790a08c1be7c7735d097a2a32d6e4e7a815f97e41ffaea8aa199ce1760a141256b5885da95

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/js/app.min.js

MD5 c69f4ae84e5bf5d31fedfa7a18605852
SHA1 f62f178f066d4b739fd91441c558e54b711b59b9
SHA256 ab4b7344fe0cc145c1b00d09380827373cd7964995c3722aaf9a48fa9a98e4f3
SHA512 6cbab0f2d2ac8733783d700f6b064b27a79d68f135a43ba922e75a929dd19ed3b904b311be9c573f81c0e9e07eb841ff88774bfee6d3222319fc9922046bc133

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/assets/js/libs.min.js

MD5 d133092470055e2dbfd6d65f253d72e8
SHA1 afad5bb706296d15be44b6c6309fe6584433a3fd
SHA256 864016e4c635b8555105a64cb02393828376f7661cd79b69beadb15882d0daf3
SHA512 974e8c41f671e88db3bf81096d92ea8ac974d77ddd96240a12cf0613d407299cecbe73cbd9d7f36a083af67fc2c970b81da252f64245c3153578e7f045d6990f

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/index.html

MD5 f5ddd0b0acdb45ecfb236ee02ca271b9
SHA1 f0fe10b42075170d99fe333ae2829b31dce94c56
SHA256 9d9f32213ac45a776a78618c967efc1ca9324410ac8d87968126a98482402741
SHA512 d0bbb58c0a0ecfc44cab35bfce793de24bc7a5becc6000e4633fab69acf52f46e3ebc71378de1677d4ddf32701a41010347baad176d9795565da71a874568f06

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/files/tmp_template/version

MD5 f7177163c833dff4b38fc8d2872f1ec6
SHA1 98fbc42faedc02492397cb5962ea3a3ffc0a9243
SHA256 71ee45a3c0db9a9865f7313dd3372cf60dca6479d46261f3542eb9346e4a04d6
SHA512 08856a9022cc1f4b7c90b2d059e64acb6f6c5ac11da907d86db6a3072e9d821c59603c1ea94a2e537bea0a38320d678c482a66eaaf1a79c4d3432ea41e51b721

/storage/emulated/0/ColorOS/.Nearme/.Og.meta

MD5 1c1fd4a16b1a71d375fb65bf664a8cab
SHA1 288042957095f16347f663ccaaebe97663521c93
SHA256 1ab7b773c68626d7403a01dbe1695b2c58e9c3a784054f7e77ecf114747cb009
SHA512 d3733e53010d74a21f3dcf93035c2bead06dee0d14746f83972cbad2899b488c7826f0cefa4847015e05739506e6e201616d89a62a1980ee9df3b32c782fa192

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/databases/NearMeSTAT.db-journal

MD5 079334f65a47210f27be50454fab958d
SHA1 21a73d215624b0685d5a0a409d2ddb3c099006b9
SHA256 70ad4ef4337b5362cc57c2f005e5550843283fd132bec0b44fbc4b640f53f2c9
SHA512 9d7646d97daeecf909b5e8af3f48664a0c7949cd6113f3e59fde8f9bbbaf581f0c63ab1e0f1ec59e4bb4fa1c0c326a426a4b82ff3ef193298bfde136c742f219

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/databases/NearMeSTAT.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/databases/NearMeSTAT.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bairimeng.dmmdzz.nearme.gamecenter/databases/NearMeSTAT.db-wal

MD5 e1b742569e29cca76aa8ed61dbb771d9
SHA1 84fdaee0f834fba82435d0d9e147bc1c80d2608a
SHA256 893523762f49e31699b75aaac7dc9f78fd070e8504446e09a5a3f3c2fef7e905
SHA512 d15bd34b85efcc7b9b3b2a0f256be8bd3e64f263b9f727bb0240c2f90b8444c0be506b136b71f2b53b35e1d953dd8bd467cdc18ba924d0096ad4899015c9ffee

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 08:35

Reported

2024-05-18 08:39

Platform

android-x86-arm-20240514-en

Max time kernel

105s

Max time network

179s

Command Line

com.nearme.atlas

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nearme.atlas

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 sopor.game.oppomobile.com udp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 106.3.18.118:80 sopor.game.oppomobile.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.nearme.atlas/databases/bugly_db_-journal

MD5 b83715053df370a22873a81348acc702
SHA1 d2d961bd3686fc5b958a988bdff6ee8c179482f2
SHA256 504e0b85958c0189061d806d7a9181b2c66dfe23fed4e5f858e34780e31ca837
SHA512 20d8d0a3c777f4f3f925a4e35ba674d850ede301d601d52c6f674280e5b2b40cbe8f3e62e8b57f71b3e9e3213f5371f0070546cdb8631c9724b888cd8291ae62

/data/data/com.nearme.atlas/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nearme.atlas/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/.mcs/mcs_msg.ini

MD5 4f3ea4f9aa3df460c2f3520abc3fa016
SHA1 6057fb25c90453aba3c045b748bc1e2e52f7367f
SHA256 bbea94d72c0e5158d5e75b501af4790c829d99de727f20fae08360612e4ade83
SHA512 9e2d107ed5ba5dbd18a9cd5ba85e59ae3fb990d644c59649906588d2ec8d32459a2bbc5bb7bf50e34e9301d9a80d956a0159bd351f29b99be34168b27b5c8660

/data/data/com.nearme.atlas/databases/bugly_db_-wal

MD5 6d8ca804797846199a81fb8bbc19a5c9
SHA1 34a7971094868feef7e623c4a7ef60619248ac17
SHA256 17ae498c2092efe250623c4889fc94b760e39381ea41f1c52e2dccf87583ad76
SHA512 081afed68b6f228bd9278b3626a1cc93394c882ca6b518c65d369ba527058cbb562b4b48165c231a7fd97f3d548e7e89003607034f42a79c226bb60a96d18fab

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 08:35

Reported

2024-05-18 08:36

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp

Files

N/A