Malware Analysis Report

2025-08-05 19:10

Sample ID 240518-v3bn2afa33
Target 55f15be5341e7f25d2585d8551a0f489_JaffaCakes118
SHA256 1fca6409cb30b3fb7f8a62cabba7f6db317f079341af43baa0bcafcf476d5bf1
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1fca6409cb30b3fb7f8a62cabba7f6db317f079341af43baa0bcafcf476d5bf1

Threat Level: Likely malicious

The file 55f15be5341e7f25d2585d8551a0f489_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Queries information about running processes on the device

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Requests dangerous framework permissions

Reads information about phone network operator.

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 17:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 17:30

Reported

2024-05-18 17:33

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

165s

Command Line

com.xhl.kaixian

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.xhl.kaixian/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xhl.kaixian/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xhl.kaixian

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.xhl.kaixian/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.xhl.kaixian/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

getprop ro.product.cpu.abi

com.xhl.kaixian:remote

sh -c ps

ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 sslapi.cqliving.com udp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
US 1.1.1.1:53 api.map.baidu.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
CN 113.31.17.108:19000 udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 124.71.159.41:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 110.41.162.127:19000 easytomessage.com udp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:3000 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 124.71.159.41:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 124.71.159.41:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:3000 im64.jpush.cn tcp

Files

/data/data/com.xhl.kaixian/.jiagu/libjiagu.so

MD5 1da618896802fdb4b6f17c92703424f4
SHA1 b48aa81ac014a5a7f6e95e618e4f951ee12d34c3
SHA256 2cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f
SHA512 620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6

/data/data/com.xhl.kaixian/.jiagu/classes.dex

MD5 99b4a589d1dc8e97206fd1776838a114
SHA1 9dfa415073cb4eb49b6defc314a53e0d4c21821e
SHA256 ba2e7ee87f699a81577e58bc38c4700304a7b24a29fbe53dfba8092c04f2022e
SHA512 a745c1d8519c34b317679fc10330950f3ba0826c4262ab36a4a7f0fb3a9a6f7a7edaa9f2c93f77ee1760b6e3dd0adf7eae471380f90a84d002b3b62eadfbf997

/data/data/com.xhl.kaixian/.jiagu/classes.dex!classes2.dex

MD5 c7092cf2d8ada2ed1bbd6070397bbc7f
SHA1 6fc9700bff02b09c490315be3f123bf4462ecaa6
SHA256 97d765e39f34dca5f3c56be3f2d1200f879a7497a5f91cf4a72a14980b3b9c92
SHA512 7fb06b9bfcb2e6582cc6ce02fd6e26d689a9eb9534e6e70c3296221a543c9788efc8cdbae75a24d36e7be277eb8a1a2fc557e6f76cc9c16454ef69631dadd79e

/data/data/com.xhl.kaixian/.jiagu/tmp.dex

MD5 b72cc6fed1d7d7ec4d6bbca74eac8714
SHA1 b205a39bf5114a7f7a0d4c8018602dfa59965fa8
SHA256 03d133dbedf9fbac5a6aba4f97f85e7e82064b2a629be191e7a6bd899be27191
SHA512 4d9c3970f7801b14518664c112f4d00cc4519d80f71d36a7babace924ccd1f2df65dac4904b70b8246e7ec441dc503b94000e11addf46eaa50f3026db9001dc8

/data/data/com.xhl.kaixian/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xhl.kaixian/files/.jglogs/.jg.ri

MD5 55a5f1d65124089e2b86b1f258e2b269
SHA1 7ef49af06f910367f978fbfc333d5b7747f09560
SHA256 fb0c6599001503e0543e138d5e6dc2b6a4b04ea3940c2964b5fc1400aba858f5
SHA512 d8d272105414d1193874bcab281df3531b342515b3a8c0c610d8b2e6e9a046e6a20ee4c2ae4543d4eb2031dd76c35a71cec73a01d35c0288a2ba1183e0d33a3f

/data/data/com.xhl.kaixian/files/.jiagu.lock

MD5 0aaca72af996a001d7ca33fe4467fe7b
SHA1 9f9eacd42c6b02716d06c2a6985cf95d619f36db
SHA256 f5fe6a2d755a2956211a4400b43f77f2396ce17502e4dec7ffdcded67b40a02d
SHA512 d6626d8a3960788b23a54b4fb5eb789f8956050000f188c0c8af551e8c8f038d7bf908b03ae804086288751ee087fb2f3f3231151f66b4267b389b2b73750b90

/data/data/com.xhl.kaixian/files/.jglogs/.jg.rd

MD5 eca3a78ea8de239ebccaa35231a929e6
SHA1 437691c1a8436231179ffee4ed3b981e3484277a
SHA256 66dc8fe221869b70e874227b5b731479034c45512beff4b055b18e5cbdb747dc
SHA512 0a3912fe052094a5d5ff994779bdf43c0c2d733dff8a77d263f0096a411b973ee426a2b6cfb37f9526778db3d50740f1a2d8c0f804bc2a4af2a9c9645c2cf4d8

/data/data/com.xhl.kaixian/files/.jglogs/.jg.store

MD5 fc74aacbafe8eacfa5462dd25d0a4fd1
SHA1 9d8cf4c81a94197188d8dc5319624dfabd518b08
SHA256 9549b906ae104069a445e40954ecbc5301ba60d1266b407d6e0dcbf95cc00135
SHA512 ad6b5cf5eb5a2052e82532c795822463bb5510efa829d43c98c465297b4a88e893379668acce8da02b31df53600fcd2d1042a24ca157761d560797f84c81cc45

/data/data/com.xhl.kaixian/files/.jglogs/.jg.ac

MD5 22c7935a144f1d3dfd2f600c6a980241
SHA1 35e00d0568513a276b9c65729587b14dc6fcacf6
SHA256 cb8ee8aa69e8b1d235ad2335327b124f16f69eddc1312e7c15d8c6f78af2a4db
SHA512 bab57ef5ba6a3110f213a01b2669ca2daebb17c81d38771c14c19fc1fb4bb13b627885ae620cd322fb28c40329b300c3a8f21c32b9af2a56fe05b2bce83ed8da

/data/data/com.xhl.kaixian/files/.jglogs/.jg.ic

MD5 6a38544ac53213b71eef416397304abc
SHA1 608c8eebe49bfa222ea54c74163766bcdffaaf1f
SHA256 c8776995760283cee32ed3122c8dd934f3880ef2da629e62f64f3e86889f4cde
SHA512 d114e5bbd8dcd07f0b59619ba72f4a72a2c7141967117039ad077966625a3a73018808ed6c53365805d8a196ffab572c643622bd1c67138ecf9839dc8d0db7b7

/data/data/com.xhl.kaixian/files/.jglogs/.jg.di

MD5 dd9d3150e5bff47ffd1acd1bdb1406c7
SHA1 ea38d4ff8a752162f87272aac6d65e2287a6799a
SHA256 f62211f517afe71133fd89bac3609015f6a09f15b5a9c2ce88399bed5fc35bf8
SHA512 e159fa03c70c8cc95df32afe6a744920b8b8269740a232da0e9405395c574e310693d8f15d8e41a664a1e2a2f854bc69523751b163df71f28e8dbd9abbe71094

/storage/emulated/0/360/.iddata

MD5 5ca95d7a8d4fe891dfd99574469d7c88
SHA1 d7d5b153c20af84bd46013def46b60d005a87971
SHA256 c07b1f16937ebd013874a3a7d3350e524fa1481e0d9d574ab357ccbfbdeb9a6f
SHA512 19b655fe94c29b21438c9051d76646704790b9ddc1ae3b7a74cd20216c1aaeba62b9304cec6f053d7be8e798e6e67897a74fca0d7a5dd21ffca532c41cf94e24

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Android/data/com.xhl.kaixian/files/tbslog/tbslog.txt

MD5 1d78db76e7634afa019d72e65e2eff68
SHA1 27c916eba12a9047033e1ceecf5e686bc24ad49f
SHA256 20f16b8db3ce4111ba12e2b6c3e255a5765b4dc2e5a91ee22f0bd443212f6ef5
SHA512 d667f7d795a4a15f30c39aa061e562d32ac6aea82001ebc5cbea28fd728c6f6259072c35913a1665acade7d6a6fb8e31c64d933e39b51cb509fdc418a2f68c7e

/data/data/com.xhl.kaixian/databases/cqliving.db-journal

MD5 b80fe644516139022523b8ad14c66ac6
SHA1 9dca16b361092d5d77e96e116248761e50d7afdd
SHA256 e7987cde98a5d59af3520baf461b4112cb315e6cddc2395a983f1ee67f7debf1
SHA512 9fb9c78977ec0ed462b24542f7c296b4f2d5a5e4e12371f179f80c94629e371e4f922e4350e2aab327a8bd7176553f36e570a7d7a5992d05626f7a022b343aee

/data/data/com.xhl.kaixian/databases/cqliving.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xhl.kaixian/databases/cqliving.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xhl.kaixian/databases/cqliving.db-wal

MD5 fc36cd295408185b61bb5edcdf324acf
SHA1 24f44b4485b29e30d2ec91d657433508b952dc70
SHA256 54e19ab9b1f9e6ec245dca6233b778711a06115a67587af0df1179b7cb80612d
SHA512 c838204622a8b34271ac8baeaaa90c868c2886de3b05c5297ee429eecded95212678607a91ae0595e722d3539d899edda80254bba87ea9efc5ae6c8f2c8dd09b

/data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-journal

MD5 1aa0906f7706f3cf3cf852c6acd6bdc2
SHA1 1322f91c0f1fb2cbc9cc4479d01b0bcc8aedd1f2
SHA256 61138586b2020a1515e971d62e8ccb1fd36f7a98d12978280fe6aa76009b0331
SHA512 3a5ec11330bc06cfd08dd7ea610804ecb9f195eea4be5f81d4ffbd77b7db92a0ccad55c7253f940ec94077eb6435d4511c2b41cac8456768c03d53df9620fb1d

/data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-wal

MD5 366bcf0e7c7976303763d94b1185c457
SHA1 670285887786418e5b23d32baad789bf8fc4c8eb
SHA256 6b2052bd8e262a326f7aef77943a0e077a6cab92c90ca2975986cf7eae090bf9
SHA512 76c0c2ad7eff074178c2dd5ba6038ee5f0623e576e2eb9e70e04dc4529601b61417838f4ceaaadc1b9fa2ef00343132a4586615d89e056276ac97eabecc7114f

/data/data/com.xhl.kaixian/databases/xUtils_http_cookie.db-wal

MD5 d6bf6c27fbe42ba460efb576ad358c76
SHA1 48ab5fde38222a3145ae0e61d9a08b6aa713a089
SHA256 94556be8948a2a645350930133bc936f53000b1862cda6113aee7f39d0ce4b1c
SHA512 f2f52e1c4a0345b73b4199a139363a0ed498cf7ab4413d17fccac0bf448422b7359dbc92def442f8df38fcb4255185631ee7ceff963e5cc9b1b81fa0b72155d8

/data/data/com.xhl.kaixian/databases/cc/cc.db-journal

MD5 89f64a8f022e10031d4ba9914719495e
SHA1 bc2eb23ea0546b2b0f53f611af780f94c7584f26
SHA256 da28b117808f9b0f307dfb322ee9d44382479c5db09e10b6f9c6aa91e363cd38
SHA512 dad932ca9d9e15e01f6d49ff7a283534310a00ff4d0e48e65f15546d45ae70453868a7298e12f67ca7ab5a00b8a5c4faf340303ef853a014f739d46215fcf3f3

/data/data/com.xhl.kaixian/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.xhl.kaixian/databases/cc/cc.db-wal

MD5 2f78b60710da3d6f0055725cf635a6bc
SHA1 4bb04dfd0b7e87232591a04e20064d53339ce7f6
SHA256 b76aa393983ec835f945e7f57eb5fd1bdc91308143f7433bc0a792b2f4505836
SHA512 5eb022b19af5ee1bb4dad685754a9722e462d6a849a7106ae22275b7cfa5cc54e8c703fd865d228626e575a377c87e58b7213a10430c36f79d1eab89987587b0

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 2f8aa543c425a1858eebd1da85257a80
SHA1 5905898d06d23d5a9caafc51d9cdfbc5466bca6a
SHA256 9d26c6100594e57c5ebd8e36924f2e76663553bf7332d00a4264022a8af36027
SHA512 2a33fcd8cace4e1fd1a2c41a0663df33658c7588f1234db7c6533a4cceed078459aee1fc9bae213b3511b031207298a16db00d832e6e520097f1d10f8b978467

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 23c157eff48acc7336c897598ac6cf83
SHA1 22c4029f6f26afee4dd7480ddda31bfdded936e8
SHA256 c1211e70d8a51593fd66ca2703bc048c25d9d581cd95764120fcaa08535acf06
SHA512 31719f15558761af4e9493a390a9d767893f9ce0f14f2972a9276140da565586540a11814d932ba6cfab3a80a10841f46a6a1926e5d39ae8e197aacfff7e06b1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 bada263ce4994043524043bf5672d2d0
SHA1 e2af86cdbe663bc85f2df9c31687f31ab2eadc2f
SHA256 f96a43d2f41228c9d31396fce09c30d45c7cf6033067794f5f4c8e832bc66ab9
SHA512 a8da028087573818e0c2758680d57e353c7037c210129d2d32be265d70bd3ea4af9e0e73bc6a936f9e57a766a88c01f1170be6a960008fb3cdbb6cec99f9c7f7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 17f478419963dcdbe4cc32f98dbd8001
SHA1 f3b21a21330e27609e09780b31cd6969af3fa192
SHA256 c86ae37db02f07c3c67d6b10b34ca6765e89a41d59178571d7c46edd5012ce94
SHA512 0ee2eeddefc8843d5ae71e07e2aa210917c3c7ba8e6a39d8cd976f97b4687fb6b048258d7ab908f211719f7e5161c49a46bc684e3214813fdffb8067cf671091

/data/data/com.xhl.kaixian/files/umeng_it.cache

MD5 a18cebaa1a10602e4671ad2db534599d
SHA1 0be3e8be233e479fa2dddc2c85eaec4141c24c72
SHA256 54e999bfcf60ce78b47b17b22ab8f29ac42a0db6327d2b49a652a31498c47412
SHA512 6176d9dffadbd2d6f2107ab5466a07894bb3f1f2b5a4365a8c88dd16e3b06ab5ac1abc8da1a232caa95d050aa766c352ebe3ad59649f0148faba9c323c6f179a

/data/data/com.xhl.kaixian/files/.umeng/exchangeIdentity.json

MD5 a43edaecc2ece261711d569cab7c63ab
SHA1 0348552d7e7bd54fedd74c593427f6af2a9b7f4a
SHA256 4c0dfb9f84b6b85c13ed6a91c06bb27edc498abaf640590a8cc3cd9146575f12
SHA512 e7444b0ca5a33e39f1599a59cfc7d88f681baf919586777e2c64dd75ef18e1f7526afcb96f74de9d7ef359e315e33877cb71e894dbc1239f187ecdf7f6822240

/data/data/com.xhl.kaixian/databases/cc/cc.db-wal

MD5 ded33f2a24c80b6bded0c54106faa46f
SHA1 1384a14748c33b8accdd297830569ed22cebbd42
SHA256 a2bed1f18d704319268055bb1f40a7fd72ab5190ac5ee383d85e3696e7edc741
SHA512 73d17b1fd084e29a92ca08c8a226cf84d16458a1825d05f439a09a4dbcdc2eaf88023295d5a875d6343d4dc397ed0c19948cc476611f8d5c82e6fbeb02515779

/data/data/com.xhl.kaixian/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 7231e59ddb0ad5644d1a82d4349a05c1
SHA1 4aa06df041b3f0e20ff8a403b1593283385fc436
SHA256 32b8f8deda264746c471cf46c91c1722d37708c36f278d87bfb91d591aa80721
SHA512 e893ed48bb6a33df7e6fa8151cebf0bfcedf9a2ac11b2ef10d3bfec746dd0f4d6199496da8a68f788cb8a69c03471a5b379e7119a8ed0a36ebe79966489d126d

/data/data/com.xhl.kaixian/files/.jglogs/.jg.di

MD5 214c0bda2fa1b5592d7719446fca7b01
SHA1 eb348df8efb5bfa0eae9d2d2a68ddd5516df7e9f
SHA256 6bbd969313f8813b75b08b2a85b0acb432e67990590c59670ef223616310b7cd
SHA512 d73ca1d6b9c7631f4663abab2669cf2624a42805333941aa212032c56023c435794db940d54a78016be413611c664e72f928063c0482fbaaa7c12f2416b31abd

/data/data/com.xhl.kaixian/files/.jglogs/.jg.store

MD5 2bd01c1be5cee4cbdd9eb9295a05ecc4
SHA1 e111819898e0e2abf55d71966b5b3084ae7d6e5c
SHA256 243a9f557336903292f8fa4e38a8455ee22fe31627491869ae7638064190565a
SHA512 403aa49d6478d625b7fb0184de053faaeb55cae850113eb3f0d30706bbcf07128010a11a8836688cc99bc586cc155cbaf37360acd84161b25da7e9ec99d1b7f5

/data/data/com.xhl.kaixian/files/.jglogs/.jg.ac

MD5 d9296e132c31d056ae191a3a890774fd
SHA1 3a6d53f3e1e9ef00bd1516a82243c6b19e79b963
SHA256 51ece7b5fea82875335afe5f50f70a770ed194d09979a558c3bb6c4b57dbaec0
SHA512 e19b04a1f43a10443909fedf1c096d1e88c0fb4b884f79c9965cca5a8c0de869632e321363d42875902263e9fe387061afff0a64b30f053cb9bb1635c45c316d

/data/data/com.xhl.kaixian/files/.um/um_cache_1716053515058.env

MD5 9b87f36c559685572c0df766d59ccbfc
SHA1 b960dc72207616132452b330677baec988a15be8
SHA256 e321a8a844edf232f321a7a322ca3442c28591dd7e0d3b0bf75af2669548e687
SHA512 fc9530c5c70b07d5095ece75258135fb76bd568af26056d0d5858d0792d19a8661745ed61e71481d3fe91be1ccf61fe25511bab26703ef39706faf65baa8bafa

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 17:30

Reported

2024-05-18 17:33

Platform

android-x64-20240514-en

Max time kernel

5s

Max time network

186s

Command Line

com.xhl.kaixian

Signatures

N/A

Processes

com.xhl.kaixian

com.xhl.kaixian:remote

Network

Country Destination Domain Proto
GB 142.250.200.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 sslapi.cqliving.com udp
CN 123.60.31.166:19000 s.jpush.cn udp
US 1.1.1.1:53 log.tbs.qq.com udp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 s.appjiagu.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 104.192.110.60:80 s.appjiagu.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 113.31.17.106:7000 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:3000 im64.jpush.cn tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.16.238:443 tcp
CN 113.31.17.108:19000 udp
GB 172.217.16.238:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 139.9.138.15:3000 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.119.240:19000 s.jpush.cn udp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.60.89.60:19000 s.jpush.cn udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 139.9.138.15:3000 im64.jpush.cn tcp
CN 1.94.119.240:19000 s.jpush.cn udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.60.89.60:19000 s.jpush.cn udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:3000 im64.jpush.cn tcp
CN 1.94.119.240:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.84.108:19000 sis.jpush.io udp
CN 123.60.89.60:19000 s.jpush.cn udp

Files

N/A