Malware Analysis Report

2025-08-05 19:10

Sample ID 240518-vj4wgadg94
Target 55d35848046725a1301561efc707011c_JaffaCakes118
SHA256 cb7c40f29a4a0f18f6c48530e8c5a5525d1e4e99259ef1abc8ac547e0dff79c3
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cb7c40f29a4a0f18f6c48530e8c5a5525d1e4e99259ef1abc8ac547e0dff79c3

Threat Level: Likely malicious

The file 55d35848046725a1301561efc707011c_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Requests cell location

Checks CPU information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 17:02

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 17:02

Reported

2024-05-18 17:06

Platform

android-x86-arm-20240514-en

Max time kernel

172s

Max time network

180s

Command Line

cn.com.nbd.nbdmobile

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cn.com.nbd.nbdmobile

cn.com.nbd.nbdmobile:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 hxqd.openspeech.cn udp
US 1.1.1.1:53 data.openspeech.cn udp
CN 117.48.148.47:80 data.openspeech.cn tcp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
US 1.1.1.1:53 api.nbd.com.cn udp
GB 142.250.178.3:443 tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
CN 36.140.72.192:443 api.nbd.com.cn tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 gather.nbd.com.cn udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 36.140.72.192:443 gather.nbd.com.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 im64.jpush.cn udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 139.9.138.15 udp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 166437cac9f5ba11bb347f4a5b90954f
SHA1 b81f44957bf14692894f3bc2e89002f9a9dc0277
SHA256 00b46f1b2d439667d2f78e835a73e09642e05da333a4bda0d4643ea06b67d963
SHA512 a61049e17a8c8c50da6b1e25fc05539c28b123a128b8ec93fb657d439c78bcf5ee6cb403810fd4d72fb21091025e41da2061d46340cc82a4f189e8e6374d12ea

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

MD5 8acafb8c2a8bafc717bc70290784c534
SHA1 e3a473d378bc2bfd41399da74e391fd96e65e066
SHA256 1bb294062de9887b4b9be1bffd520c00be9006b4856ebb67f84651fce8670a22
SHA512 5503b937a99cc24251b145b238167c235d77e496e544524175e9dd51168b04a0ce9aa5fbfc065784a4e6272a3135dd05f2cde9c348c609d5e4d75caba791a2a8

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal

MD5 817c72b816d38fc70f53d09322192ec0
SHA1 74528f22b10790e52cd2a3eb6b431a63782ec6ad
SHA256 a4206bafd7d4d6a32e77312d04dd34159a5b984878bbae7561ae3be4a9224f34
SHA512 c2241c8bf6de625e014ddab874b71b35d5466945f597f5576e06b73f97702db7432f333e58816a02d531bb02e3e47a710f4650d1cb87e67a7839da24de2623bd

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 16051cf08989cb16702991839bac2e9e
SHA1 f55e040ddcef5305c54a68ce8283b0eccd2c8bd1
SHA256 f5cd1283e1ebf3960491d4e3be604d936efcf3680cdf0f8eea36f5921c12aeb0
SHA512 67fb1ef0f6a3da7dbf32c8940df0da01e2a9d30602eb2fe8dbc845e0299cf8a6e3a040c64a5f4229d6a1230ce0c4038633d80b025a8cde094cd3783454345c99

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 74ef0e4ec91c13cde3d512a0c0b186de
SHA1 c6ba82795a9fdd987006e4b709236ee178553281
SHA256 f2ed069123dd792351d652dc28d21f9dff0fe72e4ebc5756f940758e05a242a3
SHA512 19353972ac619999d72607f692e9a53ce1c15abd7ec37ee771ce5ceb8dac95eb6a56f8b39d8a26bffb3a02e61c4fd18d010b1d09465d0769e8920aa69c87b2f2

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

MD5 6fb0e681328b15c4125375efa280bccd
SHA1 a1519c6a3a8ef9f6e0f3fb1bfd1a3ef2b422205d
SHA256 e7bded8312b95e3077cbf7ff98092a25c72b9bdd15039eb0096d43555de2f4f2
SHA512 701fd43ab45a812464295dabff57ceb23a41440e512cef9cedabcc5d0dfe94c9681f7f2666ed3446a0d62b9dc45b66f3703ff786dc7a4dce5becc9b4344c2d7c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 f512c46146950b2644e652c1172bfd15
SHA1 ca2ac62ee049a498c402e5c8912ea05ad8c25b7f
SHA256 986e4355dbd019dfac5b6866bf111723399008d044f2afdef5777d1767547482
SHA512 fca144ed1bb367ba1fa102da23bfd2b23048b6303a8d0359a91152f613857f023bda64c74c0c91227aea76bb5f1c586c8462758a17fe0e15c8027d6829eb1c40

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 258c7923033bed02d93ac7a4ce98b533
SHA1 28e1e8fb021c84d7755aaeb579d3f2c6bd54ed8a
SHA256 d26255f1bc9e748ca3891b84b46ce647e721c29257e7d1a7dd4c84b40cba08ba
SHA512 4685c391b3d5bbefcb0c150ee984acc625a32114b52230fbf85617a06651db3f6177eaef050ed82f75cd927d467be51ad0cae921d6e6f391946e12032833c92b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1ce8c666cf5042461b887c75d43a4e3a
SHA1 df3932e865a00a7ce1cc355fbb00ab98549498df
SHA256 4ed85337b1fbe804dd515ee28ade70c8b84caa1608cc90b0a2ac8b67decc1e7f
SHA512 ad2c55de056217f3bb75bbf6b68635866beb17934c34874edcf1b23957aafa2e6ead96059fc9227594ac0201ee1427a892c7a78f03b34ff742140c24192ddc61

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 64e43ba32a7ac473a118d9ee239071bf
SHA1 ca502d500b707810514264c28d3160b19d1d4c31
SHA256 a600b99bff45c89e184367bfb24c13fbdb4d14df248d9c95ebf9fb1e529832cd
SHA512 0da698719ddc506ca3aea4390bdcdecfaa024a743aee14bf0d47bb04d339a0373e5631951edd56f18ef5d5e3dd9e5fdcd25bac498e39a9f70db7514de9f9db65

/data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache

MD5 878d8ca8038825488e33994fe399083a
SHA1 cf6184a7521d18c9742ba7060c3ad26df316a681
SHA256 ec1f839051a84d8d42688fdd8463c5d0be9678e677e27c52927c5aa08d3817ef
SHA512 d0cfaf7b25deb33397e1f51c00e09041bd47839c6cddb3dde8e5524e076d3ab9c126a40f2a0be7047b7ab73d543c5b40352f3cd935a3faed43f8426aa35422ab

/data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json

MD5 b30e9ca3372d013005381bb889b35eac
SHA1 5dd0b4fd5da730a8e85f79b74aabe3e2ccf4db7a
SHA256 e6d93e818b71c6d547b54afc9b6dbfc38cd6d4d5be557a24619de6391cdb3aaf
SHA512 8387a39e043bf89ee1d1226d508a7cc4f651704dad578114ead416b3d5c552096273bc24664acaf4d98ac6bec21a9dc988d6a833068f801abd6cf02e8e5eff03

/data/data/cn.com.nbd.nbdmobile/files/exid.dat

MD5 3bf2fd63021c2a5dec8d300ad622a0f1
SHA1 7e4158bcda6c60ceae64f1c2910eabb998713092
SHA256 77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328
SHA512 431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

MD5 ccd0b3ab7b93f26a6c2982d7f55312e3
SHA1 7cf35de2707b4715095769e89f2ac90154099666
SHA256 4125465d15ccada3e3af3c662c3a6273216a2f870eddd20d5737b455d67eb50e
SHA512 31ef87f319e378cb5b9d730dcde76f9004c55e30de0319339141ca6f70496e26c1e9740a297c72e8a8b5dcd48d459c8a3695d9a4d9bb3e2bd6b40a3247423bd0

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal

MD5 b06c19d1cb54bef072a6b10fcbc705b4
SHA1 522d3999942644a32f96f65a483b6b93cf71de8f
SHA256 32522c644a63594b7fa4602c84e1e1be718fe1f911fbd8549aef591371aa82f4
SHA512 87ce9d0e286105bcc6982c04873a39e91ac4c626df50ef6b44f636e7756bb90f73913d1a2577f62d98b11cda56384c3ae2f5170fef99d2a5c59cf8c53a5aa9d1

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json

MD5 9f9eaf87302860b85b9765d40733e6ff
SHA1 5fb8cb1d1a377b354a88efd3a3ad44960206c30d
SHA256 a02f77ae35bbc444ccf50377a13c5b004c47fdb8e7e33cb2a2f9796c7f73b9ac
SHA512 e2c818596129c62391e8761161f65c7bdd8a3fc7c9bcacb0795a443bfced4939fd2f76cd7eea241d75c15b606ff808a831cbcef2cdddfd9db84a40ed7e08faed

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

MD5 84e93384b86587ca157aea8daa8a96ee
SHA1 6ae583bfbc64097b4926efbfae400ba8109b674a
SHA256 26a847310fc36962d7d359e19dca1976d9d1da5673aec4e7219613b9cb0f2bcd
SHA512 5eaa29008444b551f9cd2e7d21806ced5e25730a3007c516baf941ad79109fcaa81a41d7cc1f556a2438f12cd46d9c241f0576e8089d08d93836f6f6fd721c51

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 35a4132841adfab41182546dad6d354b
SHA1 c06e0b4132cc7ef26f4fd839546508f8438851f6
SHA256 f9a4607081ecbe399565b422f0697ae3f7a33761bfca86b1f3693d03e12ec0ca
SHA512 a7a95bbf68d0d7be57e9867528d9790b8ff4ddbf7b64ffad1df8a907181fc85eccc1116a6ec7449bd9bf7b014172407127f6d6a4e45600a61fbda408e84cf034

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal

MD5 79a36bf8d2c9b927bc1d4f35b5ecab93
SHA1 1a6f3297aef56892dc9645268721dbcbfd037adc
SHA256 21407dd2c3dac29fe1a0c367679a1ab4990fbdb3403355c94d3f2bde5bdcdea7
SHA512 12b20adfab89c3070ee4c3c4057960a8fd3262b3b321538e129e70384068080619f8ed6c11c601b272598dfd38d3d227fa502b8c0874676fe7cad5d5ef270cee

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 ffeba06c933b195c941457c8d2068282
SHA1 6a20f0faf81b4134a80154b1d0ada613655d1a24
SHA256 16a16ffa57ff57c9939a43ada5949266fc071157846c6d70e9b9bb9e02e03e32
SHA512 e324c16223642a5aae9ee5c48068088d4174a1f77ab9b30aedb20d4ac6f50d0e0b2079c75a822967ec1cfa51e4c7ac60167bc55e7fb29be6f81264a5cabdba8f

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

MD5 a4ca8f30f010eacad3c9754439b39490
SHA1 138fa9775250fb5dd8b65f6959b69704486f702a
SHA256 f7dd7cd6d7f5d10dbc8b8f8d80690c17e463f6e36201a54b6058b8dd19b363b9
SHA512 75869ba321ec573dd4f2acffa1e1c2ec6f832d26aba7e0def5ccddc60178ee5653992e75d766b93d6b2f45ed9d470a2514c6884cdbcc6b9d9ca0b055a6dca885

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-wal

MD5 6e90ae7909fb3272469a3188418410cb
SHA1 7a65899133e5183a782902e181c06215d6a1106a
SHA256 c8c8e40f8acdc55d93d3204cc658ed49f048d1a865c8240740d55c8d1393592d
SHA512 37fe8f59cbbc92a4889b6947aaf067e51f7d28d381a9b0791a0939894082418ebba9778ef845ede5cb58e2c073dc7c95aa43940371f43b899e8ed4d9fc27c08a

/data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051937620.env

MD5 2ff925f97c3b158211624c6a6dca33fb
SHA1 aa34b9db31f8a7fa9efff956bdfcbdc267cd855e
SHA256 dd4ae1ca8504f3924ad49dc923c75a0adea21e8c96eceb9a03d815ede1dedee2
SHA512 ab08e71bfc71cf2501e9a410e92317cf23179ebb1db91e77619a7318bab75ef3cb306c743b790c97fab1987a5be35b40eb2fe9f39e35fa243e2f8a9737abeb07

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 17:02

Reported

2024-05-18 17:06

Platform

android-x64-20240514-en

Max time kernel

174s

Max time network

184s

Command Line

cn.com.nbd.nbdmobile

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cn.com.nbd.nbdmobile

cn.com.nbd.nbdmobile:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 hxqd.openspeech.cn udp
CN 114.118.64.119:80 hxqd.openspeech.cn tcp
US 1.1.1.1:53 data.openspeech.cn udp
CN 117.48.148.47:80 data.openspeech.cn tcp
US 1.1.1.1:53 api.nbd.com.cn udp
CN 36.140.72.192:443 api.nbd.com.cn tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.9.210:19000 s.jpush.cn udp
CN 1.94.9.210:19000 s.jpush.cn udp
CN 36.140.72.192:443 api.nbd.com.cn tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 36.140.72.192:443 api.nbd.com.cn tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
US 1.1.1.1:53 gather.nbd.com.cn udp
CN 36.140.72.192:443 gather.nbd.com.cn tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 110.41.162.127:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 51dc0c70bcc2f2f1b537c6b01c075790
SHA1 83926de8fbc008278c9c03f5d511c0d4c75eee4a
SHA256 c51fdb2f9b6f4c96cd7567621a60c6ca30de1247a2f29472406e19f23f91ce8d
SHA512 c881fec7e92a99f9878525ddddc238f08abbf4eda8b660b14a5f9fa7b8481a4dd41c8a48a90710f1c1b1511828302cca2a0be2272ac9aa4a261d2c338bdb4b23

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 bc3b750b5984dc1c33567bb375a58075
SHA1 e5c4bbac48505f957663899910d0f74ef1fd9f9b
SHA256 6e837b9af4db39c1ac7739405dfba2a73b6371fc717ff486928ca7f9894972e6
SHA512 1549675139449cb27b2eec03882c8a90bc6d6d910af80c6aea711ad97d88032df4682f40458f63948774f330af324d0710ea82e7943ad4a2bd35adb0a856407b

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 783557ed1315e9488b18dd32717c1ec1
SHA1 65176eaf2c2aa16d83bb274933de5f06c41266b9
SHA256 798df276da212f89499616332b3d3c41623c0828ea1063bec37064662615b195
SHA512 83f8fb799214a59674baa312e7cd7b27e744b59b08704586202da993f73af3f390564b47219f0eac417eb44261d4a49d5571a2c7e2a343da98db9da260f47419

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 21d2eaa75a7a1a69cb297ee9123c00ba
SHA1 96e3bc4f063e200300f3267ca86d64b502a55e38
SHA256 877194c8fb98cd1578a0035ea09c8673f1475539093d561bb82da858613f38c0
SHA512 15616f5e7f97db6be52302db7e1d240b9b6b56f1101edc1f92dd3917823229ee7cb9e89123013992a2854fdc4734c51252fb8bdc3f58acbf23bbf90f351a81d2

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 548bbe5a1e120ff85f40cebf9263e821
SHA1 39b15ab5440595776a7f228dd609ce6acaeb11be
SHA256 93eedd90e7a4f366ca724c9c1d4630da344fa2df3fa8ef973003c5a3cafc2887
SHA512 57f2aab8bae1838409050d7ee0007dd9eeb7301a0b4f5ba65a89f3f1a36359a60aed4cf8882a44c3ac411e288fc6d0df2955379457ecf3cb0d6d64a43d782b97

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 b6599537c5468fa3d753abb27d34b342
SHA1 fd56e5e76a4c121de0f0d41e75f934b21be9fa3c
SHA256 431e280fcbb12fdae40a20faf844c01ac0a441004e2b1198730f079003d5f32e
SHA512 c5c22ae0fd952595b274e03e5a5c5fe362c16a7555547a8873bc34f05b9f6395c4c68de188c2304ab1d08d84deaa7dbc1c989216a9277e3697737f9f8b4c8b5a

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 95dbad5dd8e67d92c9de439b70a73167
SHA1 3bb614229e7391c3f2ec773670d678358c8bd815
SHA256 2c4ea3ad18830e1515a777a888fd1d6fa993683091e35f40b774583bbce0aeeb
SHA512 498bdaa419ddd82c4c90d2b0873f6421730ec9bbfc6cc9a7d0a6e52aff8d77736a176c1e407130df5c91a22c0297d7bd269534ff1ee7e313385cdde529721399

/storage/emulated/0/data/.push_deviceid

MD5 1cf3b78621917bb61cf80a713874556a
SHA1 d0b15fca81e4dfdd9f016c73bcdf90afecb4a806
SHA256 aecd8cb1942b3b567d7f752200e1b1b271351c147fabe71b4bd093221bcbf124
SHA512 5c4e390c952a54ad7688785696494bc21401bf1c0af4f3f4f156ec5d97f41b0ba0a8ddcdbdd7de57a62b19549e7c0889809ea9fd98e262383c89492724fa15fb

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 bbdff600e5d417ff62a07077e5371cb3
SHA1 46e28fde0d67b16a8b66886b86ec2e1b70907f12
SHA256 9dc09b7e1b0a97027246d2d6a1c7c8444f93778b2b46698b7074de108baed4c1
SHA512 bcb8c3eb4f5d4047bc2ded26182e3a1b284dca8e1a028f4da4c0c854955e9a8439444606c66db424a6d01057cfdcd30ce3345651dede8b0e9aada8554df29970

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 75828ff827144e5a473ec33970f09ec3
SHA1 f1b2ec2b9893c3347a44f42b5040fbb90db43c0b
SHA256 1b03c7030710b64706bdba952e66ea5f6aeb0fece1e06c898040e8c13a2e64b3
SHA512 e2a5af2867a4012c70ae98b23731d19247197f41856b543e65c70431ccaf270ab0e30fd269291a2a91e4d0231613a3a633ceb40024ee66046137a64a9ccbc9c9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2de6c0111f2b357781e0c3d0eb41e28a
SHA1 2e851966f4db201b96373cd03c55f01511036fc5
SHA256 b6321b007b359cf95283da5af9759f993e7e904827f4fc8a1655fdecfdb523f1
SHA512 24d9f0bb104df72970a9a0298248e043c0a4cabae4288501af06582fa7143cf04aec556fcdff3087a8a7eea5aa71dd6748828d723940a8f6142ea3b9d5566071

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c0f75902083a2e1a04e7ab7b4c0e4f8c
SHA1 2cf6e2b5350f373d2f23ed192c80c569602fbe2b
SHA256 6838344e7df7b63b2e698f20b30d54ef61b639fc7cc8f52ce405f8539f553db4
SHA512 cc9bbf3d177a1f2cadfc682037f7648e27afcfdabafe077340c0a56b7fbc1e25996e8598984ec2fa26b8ccbb35b7e06e6ce085ca0e9b5c3adf7c4f62a5393fa1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 edf51bfe2a328eace7447aef006c1177
SHA1 d29efd1cf2e808d8c7dda43c8081d98542487a81
SHA256 4519f159fa18713a87e244ac842e1ef7b97ddd25f3327487103042c13a369011
SHA512 4da816dec30933be2cd1f0eb9a0c4e83fe90901c6fdbaa703efd8b97457077c9e2e8b845505ad62f55d579d9176adbcb17bb1800c42e3e084484e774561a63f8

/data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache

MD5 21369804c255f3c3cb80f8d293b7003f
SHA1 6b2e82d5bf04d41c587dbcd1fec2c679a359dacf
SHA256 8d9af66167888ed163f9065b7651cec6dc9ac9df6ac21da880c6e035129dad6d
SHA512 c201f3f464c1208dec47a1a59c7078e2a9c94ba15b4f5fb9d80a9938f4e84b07c41e5172d6f86e979cf8df3c13996626389133ec77d63e806a17fce6e33a8433

/data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json

MD5 eaf9e802e206b828b7a708c6b00604f6
SHA1 897272bb83d777240b312c1ff4fd2986a1c5dcfc
SHA256 aef0282280d765de6f979a9ccd6cf00dc3448c7a2bbd2be608caa2668aade25c
SHA512 6835cd50d87e273be4cdcdb72e6dc551cfc5aa4c796213e96d2d829e3439e45f496d1cee5a0463f3edb4373ed7cc31041b222f1dc3f056d06c123d9c75439bb8

/data/data/cn.com.nbd.nbdmobile/files/exid.dat

MD5 3bf2fd63021c2a5dec8d300ad622a0f1
SHA1 7e4158bcda6c60ceae64f1c2910eabb998713092
SHA256 77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328
SHA512 431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 8f1039ace78c8d9eb78605a75005f62d
SHA1 3d0b3b676654ce5b7dd9efd4cb38d2ecc52cffe7
SHA256 715ccefeedf5cde7f9f60669efa8047096b4d0e9e686c6f889ccf1555541a002
SHA512 c917a0ff2adc587a57c9c139a4b0d0ca5d0633db0cf5c3bd0d839f9a4cc46a12578c00dc3a4e97080c00cad531236a6f439dfceab8a89faed8a59d7078ade88a

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 38564ad4c73e5619bc2264b0c44997a5
SHA1 e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA256 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA512 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 36e50865106f050dd1560e59c5383f7b
SHA1 b0f3acf5b9e614930e18e7ee51409500511cd593
SHA256 39b61070b7bea4d2dff4746b6ce1ed45640859bd52fef4c6436ddf20182dc57e
SHA512 5e24d7c38710a03c7c9fc55e8aef83d59ee2ec655a958c1006eb5a0beeda058276118b617d79c4fd736c9a4f53a767821ab13e89ab074d3dbac09d64342158fc

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json

MD5 cebe5d13150616c2001644904d68483b
SHA1 836d5caf671cb073a438fae2dd682dc04fb3cd6a
SHA256 cc6acc84d8462abc189dca452e5562f37d0a1ca702d75e2b188f55aa01efaee5
SHA512 f729b479e1aa555c6eba4f494fef3b68c54082ac5973805e22ab719de203827d6df2a50a4c3828788c710dfcb90a799132f6dc9cd1727d966508190184a9fedc

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 f5c7f4a6ff53bbc4d479779cce5779ba
SHA1 edff28e2d8572c3f039955e2d71b95e3b3a4317e
SHA256 2a998bb1b0b11d3c04bec0af4266488d776513ee216692aaf5b5d6d9557b2e01
SHA512 14ea0a3eb73033da51c6644dec5a97d494005e83876f2ffff76c00d331c5723acfc3f56acf56e422fb9bb303546967354fff915888d957042692da026e8347db

/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal

MD5 d66a5f805e0dbcd6bfa9b5b44c1a6ef9
SHA1 65049ceec9673cc20afbee6eb5f08ef8d2d7adf5
SHA256 40cc437378e810928381e214d9496361f5f00aea8d3bb1ac40a3f5839ed3d300
SHA512 fcdd7b123ef426cf8cac694fb46c60fc56cfd65b80c85f172d297a34249a92515df28902c5926d15d4eb71fea5fa33c489dc233796e48be2f7732b840134603c

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 6bcabf0b0bda107ee20f338f295055b9
SHA1 c9b83b43325381f39525f76d351789334e1de475
SHA256 efbaead10afada857ddcd30be02bc76f8105af3aa0effc00475c5ea8c218c3a8
SHA512 11413d5ed86e688b0f9e71a596efb7295dc9c12e293a8a911639b750af08d7d6be80681a4f9e64f0cddbf7ce33fe7e1897b7cfeb1a646cfadcbd08880883c7d5

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

MD5 283339dddaff06fc3d648912987a5933
SHA1 9691f51eda46275bae87906ee6ff6f4aab6eba82
SHA256 1a9f602c2c536ffacbf5135a6c287a30652fdca779bd498d9ac125a25473a37c
SHA512 571797009053e78bde03014ccae5b70eeda63c5ec9253441214c01ceee850c0cb1dd43a6cb92e0b92f132ef63e6bbb37af64a6ef4293a465488efc8ab340549f

/data/data/cn.com.nbd.nbdmobile/databases/ua.db

MD5 ff01fa6699665623a43c8fbf7f96179c
SHA1 2ec12f6d421416f4b4d740a021ce95d5de52410a
SHA256 55aa891a66415926344db3e1ab70ea7f0e2c2925f588c93c238bdbf83154c296
SHA512 f6b5b68fb854593e1f3d3bfc503fda047cc5ac95caca5f20f16a90f0551da0b1aa5f8b908c81f8add5e6cfbeb67388cda31805566677d76e8854af9d970328fd

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

MD5 c76eb390727a550f5ee561c4c3bef51d
SHA1 7a2a2471b77c14ad7040066a173b58f8851ee44e
SHA256 69886744b5e2afe4c3a61f2b9749d71e1fcaa3e14b82cc25ba09ff6adb203372
SHA512 69ffa6d120e4094493394174c316262b02f3b7510214a2e1837c02b3df0a369bdf2997dbdfe392450b484cba7d7d75254371be350fa6938389371ced51a59376

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db

MD5 6dc76ea0e01c89dff2d541b02fe8d3f8
SHA1 d252f44aa7c447b35438b944fb96579312eb97d3
SHA256 7d812e29579f423b12f0fb246cb06b77a1c4e431e4c65f3e0a3f8dc97122f58c
SHA512 c1411c043050aee7b363798b424bd64294943bd9bc7c58744ee83e4a3e480ff01cdcc99aab21f142d075ddb9ec808a461ae48266a7270dcb85e5dfe06aa74a11

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

MD5 1393ed99e233ba0e33a5a80d8526b001
SHA1 dc22a7c24689f58074cdec91ac7313e0cce07956
SHA256 a800f0740598379218756e975d60ec58d7a6a86e7f80f10ce2dc2aa475de1845
SHA512 aeaedcf768183ee500a1295e60744f430c6e6522c2a75a005bb807b8b7c7994bfd8f8d77116565863567fe63599e18ed7bc4b06609b82d876edca4fabbbe518d

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

MD5 06d5068b3baa160c88c1724a01be5554
SHA1 d4b74d1a46e06bb97236dc327a5ab70e4b4843ba
SHA256 c6545673a9fe0de4e8b27f998d9358f1cf1dd11e6b8bb193e06d0dfea6bf2abf
SHA512 eace96d45fe26aadba19920a5a2553215068c3e110d1955b1a9c513ea61edd80f3127f620086adb882be98ae6e80a32703abe654f1707a0435a137750c2dbf85

/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal

MD5 3bbdb5eda21618d2211a7004cfd7d3d9
SHA1 43b27344035d7e2b72b3679aaa9104fe2afc3b6f
SHA256 b47fbf96d2d3a34c47b469fc8766c081d16922f2aec22fbe2152f7e208c39ffd
SHA512 13a771917b75ce6087061a7b3705a9ca235fd8da9618a89f7fe1bd9bec783f8940987b21fb21c500e9e86b68b4583a848a3460b75d1ef2344f11dffedf764d2b

/data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051938065.env

MD5 18fa55d9823c5bb97081a17409ece4fc
SHA1 f001f06cba2fa183982433ee044e79cba197ef8c
SHA256 3bd76312051565a3ff116e5751ad8b58639553eab6aad396be3b3022d4a8711b
SHA512 a288468456b965385a8f545c302762dccc219b8379d594e394e5ac5f4f6ed77c674427213e9fa8731b9eaebe09ee236f7260516ae42d2e8486a0c971f90fd955

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 17:02

Reported

2024-05-18 17:06

Platform

android-x86-arm-20240514-en

Max time kernel

2s

Max time network

130s

Command Line

com.letv.adsdk

Signatures

N/A

Processes

com.letv.adsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 17:02

Reported

2024-05-18 17:06

Platform

android-x64-20240514-en

Max time kernel

3s

Max time network

149s

Command Line

com.letv.adsdk

Signatures

N/A

Processes

com.letv.adsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-18 17:02

Reported

2024-05-18 17:06

Platform

android-x64-arm64-20240514-en

Max time kernel

3s

Max time network

132s

Command Line

com.letv.adsdk

Signatures

N/A

Processes

com.letv.adsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A