Analysis Overview
SHA256
cb7c40f29a4a0f18f6c48530e8c5a5525d1e4e99259ef1abc8ac547e0dff79c3
Threat Level: Likely malicious
The file 55d35848046725a1301561efc707011c_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Requests cell location
Checks CPU information
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 17:02
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x86-arm-20240514-en
Max time kernel
172s
Max time network
180s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cn.com.nbd.nbdmobile
cn.com.nbd.nbdmobile:pushcore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | hxqd.openspeech.cn | udp |
| US | 1.1.1.1:53 | data.openspeech.cn | udp |
| CN | 117.48.148.47:80 | data.openspeech.cn | tcp |
| CN | 114.118.64.119:80 | hxqd.openspeech.cn | tcp |
| US | 1.1.1.1:53 | api.nbd.com.cn | udp |
| GB | 142.250.178.3:443 | tcp | |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 139.159.137.254:19000 | s.jpush.cn | udp |
| CN | 139.159.137.254:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 119.3.253.130:19000 | sis.jpush.io | udp |
| CN | 119.3.253.130:19000 | sis.jpush.io | udp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | gather.nbd.com.cn | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| CN | 36.140.72.192:443 | gather.nbd.com.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | 139.9.135.156 | udp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | 119.3.188.193 | udp |
| US | 1.1.1.1:53 | 139.9.138.15 | udp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 119.3.253.130:19000 | easytomessage.com | udp |
| CN | 119.3.253.130:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 139.159.137.254:19000 | easytomessage.com | udp |
| CN | 119.3.253.130:19000 | easytomessage.com | udp |
| CN | 119.3.253.130:19000 | easytomessage.com | udp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | tcp | |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 119.3.253.130:19000 | s.jpush.cn | udp |
| CN | 119.3.253.130:19000 | s.jpush.cn | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7000 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7002 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7003 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp |
Files
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | 166437cac9f5ba11bb347f4a5b90954f |
| SHA1 | b81f44957bf14692894f3bc2e89002f9a9dc0277 |
| SHA256 | 00b46f1b2d439667d2f78e835a73e09642e05da333a4bda0d4643ea06b67d963 |
| SHA512 | a61049e17a8c8c50da6b1e25fc05539c28b123a128b8ec93fb657d439c78bcf5ee6cb403810fd4d72fb21091025e41da2061d46340cc82a4f189e8e6374d12ea |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db
| MD5 | 8acafb8c2a8bafc717bc70290784c534 |
| SHA1 | e3a473d378bc2bfd41399da74e391fd96e65e066 |
| SHA256 | 1bb294062de9887b4b9be1bffd520c00be9006b4856ebb67f84651fce8670a22 |
| SHA512 | 5503b937a99cc24251b145b238167c235d77e496e544524175e9dd51168b04a0ce9aa5fbfc065784a4e6272a3135dd05f2cde9c348c609d5e4d75caba791a2a8 |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal
| MD5 | 817c72b816d38fc70f53d09322192ec0 |
| SHA1 | 74528f22b10790e52cd2a3eb6b431a63782ec6ad |
| SHA256 | a4206bafd7d4d6a32e77312d04dd34159a5b984878bbae7561ae3be4a9224f34 |
| SHA512 | c2241c8bf6de625e014ddab874b71b35d5466945f597f5576e06b73f97702db7432f333e58816a02d531bb02e3e47a710f4650d1cb87e67a7839da24de2623bd |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | 16051cf08989cb16702991839bac2e9e |
| SHA1 | f55e040ddcef5305c54a68ce8283b0eccd2c8bd1 |
| SHA256 | f5cd1283e1ebf3960491d4e3be604d936efcf3680cdf0f8eea36f5921c12aeb0 |
| SHA512 | 67fb1ef0f6a3da7dbf32c8940df0da01e2a9d30602eb2fe8dbc845e0299cf8a6e3a040c64a5f4229d6a1230ce0c4038633d80b025a8cde094cd3783454345c99 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | 74ef0e4ec91c13cde3d512a0c0b186de |
| SHA1 | c6ba82795a9fdd987006e4b709236ee178553281 |
| SHA256 | f2ed069123dd792351d652dc28d21f9dff0fe72e4ebc5756f940758e05a242a3 |
| SHA512 | 19353972ac619999d72607f692e9a53ce1c15abd7ec37ee771ce5ceb8dac95eb6a56f8b39d8a26bffb3a02e61c4fd18d010b1d09465d0769e8920aa69c87b2f2 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal
| MD5 | 6fb0e681328b15c4125375efa280bccd |
| SHA1 | a1519c6a3a8ef9f6e0f3fb1bfd1a3ef2b422205d |
| SHA256 | e7bded8312b95e3077cbf7ff98092a25c72b9bdd15039eb0096d43555de2f4f2 |
| SHA512 | 701fd43ab45a812464295dabff57ceb23a41440e512cef9cedabcc5d0dfe94c9681f7f2666ed3446a0d62b9dc45b66f3703ff786dc7a4dce5becc9b4344c2d7c |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | f512c46146950b2644e652c1172bfd15 |
| SHA1 | ca2ac62ee049a498c402e5c8912ea05ad8c25b7f |
| SHA256 | 986e4355dbd019dfac5b6866bf111723399008d044f2afdef5777d1767547482 |
| SHA512 | fca144ed1bb367ba1fa102da23bfd2b23048b6303a8d0359a91152f613857f023bda64c74c0c91227aea76bb5f1c586c8462758a17fe0e15c8027d6829eb1c40 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 258c7923033bed02d93ac7a4ce98b533 |
| SHA1 | 28e1e8fb021c84d7755aaeb579d3f2c6bd54ed8a |
| SHA256 | d26255f1bc9e748ca3891b84b46ce647e721c29257e7d1a7dd4c84b40cba08ba |
| SHA512 | 4685c391b3d5bbefcb0c150ee984acc625a32114b52230fbf85617a06651db3f6177eaef050ed82f75cd927d467be51ad0cae921d6e6f391946e12032833c92b |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1ce8c666cf5042461b887c75d43a4e3a |
| SHA1 | df3932e865a00a7ce1cc355fbb00ab98549498df |
| SHA256 | 4ed85337b1fbe804dd515ee28ade70c8b84caa1608cc90b0a2ac8b67decc1e7f |
| SHA512 | ad2c55de056217f3bb75bbf6b68635866beb17934c34874edcf1b23957aafa2e6ead96059fc9227594ac0201ee1427a892c7a78f03b34ff742140c24192ddc61 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 64e43ba32a7ac473a118d9ee239071bf |
| SHA1 | ca502d500b707810514264c28d3160b19d1d4c31 |
| SHA256 | a600b99bff45c89e184367bfb24c13fbdb4d14df248d9c95ebf9fb1e529832cd |
| SHA512 | 0da698719ddc506ca3aea4390bdcdecfaa024a743aee14bf0d47bb04d339a0373e5631951edd56f18ef5d5e3dd9e5fdcd25bac498e39a9f70db7514de9f9db65 |
/data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache
| MD5 | 878d8ca8038825488e33994fe399083a |
| SHA1 | cf6184a7521d18c9742ba7060c3ad26df316a681 |
| SHA256 | ec1f839051a84d8d42688fdd8463c5d0be9678e677e27c52927c5aa08d3817ef |
| SHA512 | d0cfaf7b25deb33397e1f51c00e09041bd47839c6cddb3dde8e5524e076d3ab9c126a40f2a0be7047b7ab73d543c5b40352f3cd935a3faed43f8426aa35422ab |
/data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json
| MD5 | b30e9ca3372d013005381bb889b35eac |
| SHA1 | 5dd0b4fd5da730a8e85f79b74aabe3e2ccf4db7a |
| SHA256 | e6d93e818b71c6d547b54afc9b6dbfc38cd6d4d5be557a24619de6391cdb3aaf |
| SHA512 | 8387a39e043bf89ee1d1226d508a7cc4f651704dad578114ead416b3d5c552096273bc24664acaf4d98ac6bec21a9dc988d6a833068f801abd6cf02e8e5eff03 |
/data/data/cn.com.nbd.nbdmobile/files/exid.dat
| MD5 | 3bf2fd63021c2a5dec8d300ad622a0f1 |
| SHA1 | 7e4158bcda6c60ceae64f1c2910eabb998713092 |
| SHA256 | 77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328 |
| SHA512 | 431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal
| MD5 | ccd0b3ab7b93f26a6c2982d7f55312e3 |
| SHA1 | 7cf35de2707b4715095769e89f2ac90154099666 |
| SHA256 | 4125465d15ccada3e3af3c662c3a6273216a2f870eddd20d5737b455d67eb50e |
| SHA512 | 31ef87f319e378cb5b9d730dcde76f9004c55e30de0319339141ca6f70496e26c1e9740a297c72e8a8b5dcd48d459c8a3695d9a4d9bb3e2bd6b40a3247423bd0 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-wal
| MD5 | b06c19d1cb54bef072a6b10fcbc705b4 |
| SHA1 | 522d3999942644a32f96f65a483b6b93cf71de8f |
| SHA256 | 32522c644a63594b7fa4602c84e1e1be718fe1f911fbd8549aef591371aa82f4 |
| SHA512 | 87ce9d0e286105bcc6982c04873a39e91ac4c626df50ef6b44f636e7756bb90f73913d1a2577f62d98b11cda56384c3ae2f5170fef99d2a5c59cf8c53a5aa9d1 |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json
| MD5 | 9f9eaf87302860b85b9765d40733e6ff |
| SHA1 | 5fb8cb1d1a377b354a88efd3a3ad44960206c30d |
| SHA256 | a02f77ae35bbc444ccf50377a13c5b004c47fdb8e7e33cb2a2f9796c7f73b9ac |
| SHA512 | e2c818596129c62391e8761161f65c7bdd8a3fc7c9bcacb0795a443bfced4939fd2f76cd7eea241d75c15b606ff808a831cbcef2cdddfd9db84a40ed7e08faed |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal
| MD5 | 84e93384b86587ca157aea8daa8a96ee |
| SHA1 | 6ae583bfbc64097b4926efbfae400ba8109b674a |
| SHA256 | 26a847310fc36962d7d359e19dca1976d9d1da5673aec4e7219613b9cb0f2bcd |
| SHA512 | 5eaa29008444b551f9cd2e7d21806ced5e25730a3007c516baf941ad79109fcaa81a41d7cc1f556a2438f12cd46d9c241f0576e8089d08d93836f6f6fd721c51 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | 35a4132841adfab41182546dad6d354b |
| SHA1 | c06e0b4132cc7ef26f4fd839546508f8438851f6 |
| SHA256 | f9a4607081ecbe399565b422f0697ae3f7a33761bfca86b1f3693d03e12ec0ca |
| SHA512 | a7a95bbf68d0d7be57e9867528d9790b8ff4ddbf7b64ffad1df8a907181fc85eccc1116a6ec7449bd9bf7b014172407127f6d6a4e45600a61fbda408e84cf034 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-wal
| MD5 | 79a36bf8d2c9b927bc1d4f35b5ecab93 |
| SHA1 | 1a6f3297aef56892dc9645268721dbcbfd037adc |
| SHA256 | 21407dd2c3dac29fe1a0c367679a1ab4990fbdb3403355c94d3f2bde5bdcdea7 |
| SHA512 | 12b20adfab89c3070ee4c3c4057960a8fd3262b3b321538e129e70384068080619f8ed6c11c601b272598dfd38d3d227fa502b8c0874676fe7cad5d5ef270cee |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | ffeba06c933b195c941457c8d2068282 |
| SHA1 | 6a20f0faf81b4134a80154b1d0ada613655d1a24 |
| SHA256 | 16a16ffa57ff57c9939a43ada5949266fc071157846c6d70e9b9bb9e02e03e32 |
| SHA512 | e324c16223642a5aae9ee5c48068088d4174a1f77ab9b30aedb20d4ac6f50d0e0b2079c75a822967ec1cfa51e4c7ac60167bc55e7fb29be6f81264a5cabdba8f |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal
| MD5 | a4ca8f30f010eacad3c9754439b39490 |
| SHA1 | 138fa9775250fb5dd8b65f6959b69704486f702a |
| SHA256 | f7dd7cd6d7f5d10dbc8b8f8d80690c17e463f6e36201a54b6058b8dd19b363b9 |
| SHA512 | 75869ba321ec573dd4f2acffa1e1c2ec6f832d26aba7e0def5ccddc60178ee5653992e75d766b93d6b2f45ed9d470a2514c6884cdbcc6b9d9ca0b055a6dca885 |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-wal
| MD5 | 6e90ae7909fb3272469a3188418410cb |
| SHA1 | 7a65899133e5183a782902e181c06215d6a1106a |
| SHA256 | c8c8e40f8acdc55d93d3204cc658ed49f048d1a865c8240740d55c8d1393592d |
| SHA512 | 37fe8f59cbbc92a4889b6947aaf067e51f7d28d381a9b0791a0939894082418ebba9778ef845ede5cb58e2c073dc7c95aa43940371f43b899e8ed4d9fc27c08a |
/data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051937620.env
| MD5 | 2ff925f97c3b158211624c6a6dca33fb |
| SHA1 | aa34b9db31f8a7fa9efff956bdfcbdc267cd855e |
| SHA256 | dd4ae1ca8504f3924ad49dc923c75a0adea21e8c96eceb9a03d815ede1dedee2 |
| SHA512 | ab08e71bfc71cf2501e9a410e92317cf23179ebb1db91e77619a7318bab75ef3cb306c743b790c97fab1987a5be35b40eb2fe9f39e35fa243e2f8a9737abeb07 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x64-20240514-en
Max time kernel
174s
Max time network
184s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cn.com.nbd.nbdmobile
cn.com.nbd.nbdmobile:pushcore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | hxqd.openspeech.cn | udp |
| CN | 114.118.64.119:80 | hxqd.openspeech.cn | tcp |
| US | 1.1.1.1:53 | data.openspeech.cn | udp |
| CN | 117.48.148.47:80 | data.openspeech.cn | tcp |
| US | 1.1.1.1:53 | api.nbd.com.cn | udp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 1.94.9.210:19000 | s.jpush.cn | udp |
| CN | 1.94.9.210:19000 | s.jpush.cn | udp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 36.140.72.192:443 | api.nbd.com.cn | tcp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 110.41.53.90:19000 | sis.jpush.io | udp |
| CN | 110.41.53.90:19000 | sis.jpush.io | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | gather.nbd.com.cn | udp |
| CN | 36.140.72.192:443 | gather.nbd.com.cn | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | 139.9.135.156 | udp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | 139.9.138.15 | udp |
| US | 1.1.1.1:53 | 119.3.188.193 | udp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| CN | 1.94.9.210:19000 | easytomessage.com | udp |
| CN | 1.94.9.210:19000 | easytomessage.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 110.41.53.90:19000 | easytomessage.com | udp |
| CN | 110.41.53.90:19000 | easytomessage.com | udp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 1.94.9.210:19000 | easytomessage.com | udp |
| CN | 1.94.9.210:19000 | easytomessage.com | udp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 110.41.53.90:19000 | easytomessage.com | udp |
| CN | 110.41.53.90:19000 | easytomessage.com | udp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| CN | 110.41.162.127:19000 | easytomessage.com | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp | |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 120.46.84.108:19000 | s.jpush.cn | udp |
| CN | 120.46.84.108:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| CN | 110.41.162.127:19000 | sis.jpush.io | udp |
| CN | 110.41.162.127:19000 | sis.jpush.io | udp |
| CN | 113.31.17.108:19000 | udp | |
| CN | 113.31.17.108:19000 | udp | |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7000 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 113.31.17.106:7000 | tcp | |
| CN | 113.31.17.106:7000 | tcp |
Files
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | 51dc0c70bcc2f2f1b537c6b01c075790 |
| SHA1 | 83926de8fbc008278c9c03f5d511c0d4c75eee4a |
| SHA256 | c51fdb2f9b6f4c96cd7567621a60c6ca30de1247a2f29472406e19f23f91ce8d |
| SHA512 | c881fec7e92a99f9878525ddddc238f08abbf4eda8b660b14a5f9fa7b8481a4dd41c8a48a90710f1c1b1511828302cca2a0be2272ac9aa4a261d2c338bdb4b23 |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | bc3b750b5984dc1c33567bb375a58075 |
| SHA1 | e5c4bbac48505f957663899910d0f74ef1fd9f9b |
| SHA256 | 6e837b9af4db39c1ac7739405dfba2a73b6371fc717ff486928ca7f9894972e6 |
| SHA512 | 1549675139449cb27b2eec03882c8a90bc6d6d910af80c6aea711ad97d88032df4682f40458f63948774f330af324d0710ea82e7943ad4a2bd35adb0a856407b |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | 783557ed1315e9488b18dd32717c1ec1 |
| SHA1 | 65176eaf2c2aa16d83bb274933de5f06c41266b9 |
| SHA256 | 798df276da212f89499616332b3d3c41623c0828ea1063bec37064662615b195 |
| SHA512 | 83f8fb799214a59674baa312e7cd7b27e744b59b08704586202da993f73af3f390564b47219f0eac417eb44261d4a49d5571a2c7e2a343da98db9da260f47419 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | 21d2eaa75a7a1a69cb297ee9123c00ba |
| SHA1 | 96e3bc4f063e200300f3267ca86d64b502a55e38 |
| SHA256 | 877194c8fb98cd1578a0035ea09c8673f1475539093d561bb82da858613f38c0 |
| SHA512 | 15616f5e7f97db6be52302db7e1d240b9b6b56f1101edc1f92dd3917823229ee7cb9e89123013992a2854fdc4734c51252fb8bdc3f58acbf23bbf90f351a81d2 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | 548bbe5a1e120ff85f40cebf9263e821 |
| SHA1 | 39b15ab5440595776a7f228dd609ce6acaeb11be |
| SHA256 | 93eedd90e7a4f366ca724c9c1d4630da344fa2df3fa8ef973003c5a3cafc2887 |
| SHA512 | 57f2aab8bae1838409050d7ee0007dd9eeb7301a0b4f5ba65a89f3f1a36359a60aed4cf8882a44c3ac411e288fc6d0df2955379457ecf3cb0d6d64a43d782b97 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | b6599537c5468fa3d753abb27d34b342 |
| SHA1 | fd56e5e76a4c121de0f0d41e75f934b21be9fa3c |
| SHA256 | 431e280fcbb12fdae40a20faf844c01ac0a441004e2b1198730f079003d5f32e |
| SHA512 | c5c22ae0fd952595b274e03e5a5c5fe362c16a7555547a8873bc34f05b9f6395c4c68de188c2304ab1d08d84deaa7dbc1c989216a9277e3697737f9f8b4c8b5a |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | 95dbad5dd8e67d92c9de439b70a73167 |
| SHA1 | 3bb614229e7391c3f2ec773670d678358c8bd815 |
| SHA256 | 2c4ea3ad18830e1515a777a888fd1d6fa993683091e35f40b774583bbce0aeeb |
| SHA512 | 498bdaa419ddd82c4c90d2b0873f6421730ec9bbfc6cc9a7d0a6e52aff8d77736a176c1e407130df5c91a22c0297d7bd269534ff1ee7e313385cdde529721399 |
/storage/emulated/0/data/.push_deviceid
| MD5 | 1cf3b78621917bb61cf80a713874556a |
| SHA1 | d0b15fca81e4dfdd9f016c73bcdf90afecb4a806 |
| SHA256 | aecd8cb1942b3b567d7f752200e1b1b271351c147fabe71b4bd093221bcbf124 |
| SHA512 | 5c4e390c952a54ad7688785696494bc21401bf1c0af4f3f4f156ec5d97f41b0ba0a8ddcdbdd7de57a62b19549e7c0889809ea9fd98e262383c89492724fa15fb |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | bbdff600e5d417ff62a07077e5371cb3 |
| SHA1 | 46e28fde0d67b16a8b66886b86ec2e1b70907f12 |
| SHA256 | 9dc09b7e1b0a97027246d2d6a1c7c8444f93778b2b46698b7074de108baed4c1 |
| SHA512 | bcb8c3eb4f5d4047bc2ded26182e3a1b284dca8e1a028f4da4c0c854955e9a8439444606c66db424a6d01057cfdcd30ce3345651dede8b0e9aada8554df29970 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 75828ff827144e5a473ec33970f09ec3 |
| SHA1 | f1b2ec2b9893c3347a44f42b5040fbb90db43c0b |
| SHA256 | 1b03c7030710b64706bdba952e66ea5f6aeb0fece1e06c898040e8c13a2e64b3 |
| SHA512 | e2a5af2867a4012c70ae98b23731d19247197f41856b543e65c70431ccaf270ab0e30fd269291a2a91e4d0231613a3a633ceb40024ee66046137a64a9ccbc9c9 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 2de6c0111f2b357781e0c3d0eb41e28a |
| SHA1 | 2e851966f4db201b96373cd03c55f01511036fc5 |
| SHA256 | b6321b007b359cf95283da5af9759f993e7e904827f4fc8a1655fdecfdb523f1 |
| SHA512 | 24d9f0bb104df72970a9a0298248e043c0a4cabae4288501af06582fa7143cf04aec556fcdff3087a8a7eea5aa71dd6748828d723940a8f6142ea3b9d5566071 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | c0f75902083a2e1a04e7ab7b4c0e4f8c |
| SHA1 | 2cf6e2b5350f373d2f23ed192c80c569602fbe2b |
| SHA256 | 6838344e7df7b63b2e698f20b30d54ef61b639fc7cc8f52ce405f8539f553db4 |
| SHA512 | cc9bbf3d177a1f2cadfc682037f7648e27afcfdabafe077340c0a56b7fbc1e25996e8598984ec2fa26b8ccbb35b7e06e6ce085ca0e9b5c3adf7c4f62a5393fa1 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | edf51bfe2a328eace7447aef006c1177 |
| SHA1 | d29efd1cf2e808d8c7dda43c8081d98542487a81 |
| SHA256 | 4519f159fa18713a87e244ac842e1ef7b97ddd25f3327487103042c13a369011 |
| SHA512 | 4da816dec30933be2cd1f0eb9a0c4e83fe90901c6fdbaa703efd8b97457077c9e2e8b845505ad62f55d579d9176adbcb17bb1800c42e3e084484e774561a63f8 |
/data/data/cn.com.nbd.nbdmobile/files/umeng_it.cache
| MD5 | 21369804c255f3c3cb80f8d293b7003f |
| SHA1 | 6b2e82d5bf04d41c587dbcd1fec2c679a359dacf |
| SHA256 | 8d9af66167888ed163f9065b7651cec6dc9ac9df6ac21da880c6e035129dad6d |
| SHA512 | c201f3f464c1208dec47a1a59c7078e2a9c94ba15b4f5fb9d80a9938f4e84b07c41e5172d6f86e979cf8df3c13996626389133ec77d63e806a17fce6e33a8433 |
/data/data/cn.com.nbd.nbdmobile/files/.umeng/exchangeIdentity.json
| MD5 | eaf9e802e206b828b7a708c6b00604f6 |
| SHA1 | 897272bb83d777240b312c1ff4fd2986a1c5dcfc |
| SHA256 | aef0282280d765de6f979a9ccd6cf00dc3448c7a2bbd2be608caa2668aade25c |
| SHA512 | 6835cd50d87e273be4cdcdb72e6dc551cfc5aa4c796213e96d2d829e3439e45f496d1cee5a0463f3edb4373ed7cc31041b222f1dc3f056d06c123d9c75439bb8 |
/data/data/cn.com.nbd.nbdmobile/files/exid.dat
| MD5 | 3bf2fd63021c2a5dec8d300ad622a0f1 |
| SHA1 | 7e4158bcda6c60ceae64f1c2910eabb998713092 |
| SHA256 | 77173cbe835333857c93282f0837a3af0e8456ab7a893fa9ece8dd49b4b77328 |
| SHA512 | 431b39002794db046027c898bd16d85699a557d0cef9d9d777aafbad1b7e828eb9c203d8ea083facba4e9d38ba2198f108075b3e01befdd98540102b4bb780c6 |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | 8f1039ace78c8d9eb78605a75005f62d |
| SHA1 | 3d0b3b676654ce5b7dd9efd4cb38d2ecc52cffe7 |
| SHA256 | 715ccefeedf5cde7f9f60669efa8047096b4d0e9e686c6f889ccf1555541a002 |
| SHA512 | c917a0ff2adc587a57c9c139a4b0d0ca5d0633db0cf5c3bd0d839f9a4cc46a12578c00dc3a4e97080c00cad531236a6f439dfceab8a89faed8a59d7078ade88a |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | 38564ad4c73e5619bc2264b0c44997a5 |
| SHA1 | e55f6fe1b20347ad4cd58d77af0b0feb149f63d0 |
| SHA256 | 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8 |
| SHA512 | 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | 36e50865106f050dd1560e59c5383f7b |
| SHA1 | b0f3acf5b9e614930e18e7ee51409500511cd593 |
| SHA256 | 39b61070b7bea4d2dff4746b6ce1ed45640859bd52fef4c6436ddf20182dc57e |
| SHA512 | 5e24d7c38710a03c7c9fc55e8aef83d59ee2ec655a958c1006eb5a0beeda058276118b617d79c4fd736c9a4f53a767821ab13e89ab074d3dbac09d64342158fc |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/cn.com.nbd.nbdmobile/files/jpush_stat_cache.json
| MD5 | cebe5d13150616c2001644904d68483b |
| SHA1 | 836d5caf671cb073a438fae2dd682dc04fb3cd6a |
| SHA256 | cc6acc84d8462abc189dca452e5562f37d0a1ca702d75e2b188f55aa01efaee5 |
| SHA512 | f729b479e1aa555c6eba4f494fef3b68c54082ac5973805e22ab719de203827d6df2a50a4c3828788c710dfcb90a799132f6dc9cd1727d966508190184a9fedc |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | f5c7f4a6ff53bbc4d479779cce5779ba |
| SHA1 | edff28e2d8572c3f039955e2d71b95e3b3a4317e |
| SHA256 | 2a998bb1b0b11d3c04bec0af4266488d776513ee216692aaf5b5d6d9557b2e01 |
| SHA512 | 14ea0a3eb73033da51c6644dec5a97d494005e83876f2ffff76c00d331c5723acfc3f56acf56e422fb9bb303546967354fff915888d957042692da026e8347db |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db-journal
| MD5 | d66a5f805e0dbcd6bfa9b5b44c1a6ef9 |
| SHA1 | 65049ceec9673cc20afbee6eb5f08ef8d2d7adf5 |
| SHA256 | 40cc437378e810928381e214d9496361f5f00aea8d3bb1ac40a3f5839ed3d300 |
| SHA512 | fcdd7b123ef426cf8cac694fb46c60fc56cfd65b80c85f172d297a34249a92515df28902c5926d15d4eb71fea5fa33c489dc233796e48be2f7732b840134603c |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | 6bcabf0b0bda107ee20f338f295055b9 |
| SHA1 | c9b83b43325381f39525f76d351789334e1de475 |
| SHA256 | efbaead10afada857ddcd30be02bc76f8105af3aa0effc00475c5ea8c218c3a8 |
| SHA512 | 11413d5ed86e688b0f9e71a596efb7295dc9c12e293a8a911639b750af08d7d6be80681a4f9e64f0cddbf7ce33fe7e1897b7cfeb1a646cfadcbd08880883c7d5 |
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal
| MD5 | 283339dddaff06fc3d648912987a5933 |
| SHA1 | 9691f51eda46275bae87906ee6ff6f4aab6eba82 |
| SHA256 | 1a9f602c2c536ffacbf5135a6c287a30652fdca779bd498d9ac125a25473a37c |
| SHA512 | 571797009053e78bde03014ccae5b70eeda63c5ec9253441214c01ceee850c0cb1dd43a6cb92e0b92f132ef63e6bbb37af64a6ef4293a465488efc8ab340549f |
/data/data/cn.com.nbd.nbdmobile/databases/ua.db
| MD5 | ff01fa6699665623a43c8fbf7f96179c |
| SHA1 | 2ec12f6d421416f4b4d740a021ce95d5de52410a |
| SHA256 | 55aa891a66415926344db3e1ab70ea7f0e2c2925f588c93c238bdbf83154c296 |
| SHA512 | f6b5b68fb854593e1f3d3bfc503fda047cc5ac95caca5f20f16a90f0551da0b1aa5f8b908c81f8add5e6cfbeb67388cda31805566677d76e8854af9d970328fd |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal
| MD5 | c76eb390727a550f5ee561c4c3bef51d |
| SHA1 | 7a2a2471b77c14ad7040066a173b58f8851ee44e |
| SHA256 | 69886744b5e2afe4c3a61f2b9749d71e1fcaa3e14b82cc25ba09ff6adb203372 |
| SHA512 | 69ffa6d120e4094493394174c316262b02f3b7510214a2e1837c02b3df0a369bdf2997dbdfe392450b484cba7d7d75254371be350fa6938389371ced51a59376 |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db
| MD5 | 6dc76ea0e01c89dff2d541b02fe8d3f8 |
| SHA1 | d252f44aa7c447b35438b944fb96579312eb97d3 |
| SHA256 | 7d812e29579f423b12f0fb246cb06b77a1c4e431e4c65f3e0a3f8dc97122f58c |
| SHA512 | c1411c043050aee7b363798b424bd64294943bd9bc7c58744ee83e4a3e480ff01cdcc99aab21f142d075ddb9ec808a461ae48266a7270dcb85e5dfe06aa74a11 |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal
| MD5 | 1393ed99e233ba0e33a5a80d8526b001 |
| SHA1 | dc22a7c24689f58074cdec91ac7313e0cce07956 |
| SHA256 | a800f0740598379218756e975d60ec58d7a6a86e7f80f10ce2dc2aa475de1845 |
| SHA512 | aeaedcf768183ee500a1295e60744f430c6e6522c2a75a005bb807b8b7c7994bfd8f8d77116565863567fe63599e18ed7bc4b06609b82d876edca4fabbbe518d |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal
| MD5 | 06d5068b3baa160c88c1724a01be5554 |
| SHA1 | d4b74d1a46e06bb97236dc327a5ab70e4b4843ba |
| SHA256 | c6545673a9fe0de4e8b27f998d9358f1cf1dd11e6b8bb193e06d0dfea6bf2abf |
| SHA512 | eace96d45fe26aadba19920a5a2553215068c3e110d1955b1a9c513ea61edd80f3127f620086adb882be98ae6e80a32703abe654f1707a0435a137750c2dbf85 |
/data/data/cn.com.nbd.nbdmobile/databases/ArticleInfo.db-journal
| MD5 | 3bbdb5eda21618d2211a7004cfd7d3d9 |
| SHA1 | 43b27344035d7e2b72b3679aaa9104fe2afc3b6f |
| SHA256 | b47fbf96d2d3a34c47b469fc8766c081d16922f2aec22fbe2152f7e208c39ffd |
| SHA512 | 13a771917b75ce6087061a7b3705a9ca235fd8da9618a89f7fe1bd9bec783f8940987b21fb21c500e9e86b68b4583a848a3460b75d1ef2344f11dffedf764d2b |
/data/data/cn.com.nbd.nbdmobile/files/.um/um_cache_1716051938065.env
| MD5 | 18fa55d9823c5bb97081a17409ece4fc |
| SHA1 | f001f06cba2fa183982433ee044e79cba197ef8c |
| SHA256 | 3bd76312051565a3ff116e5751ad8b58639553eab6aad396be3b3022d4a8711b |
| SHA512 | a288468456b965385a8f545c302762dccc219b8379d594e394e5ac5f4f6ed77c674427213e9fa8731b9eaebe09ee236f7260516ae42d2e8486a0c971f90fd955 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x86-arm-20240514-en
Max time kernel
2s
Max time network
130s
Command Line
Signatures
Processes
com.letv.adsdk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x64-20240514-en
Max time kernel
3s
Max time network
149s
Command Line
Signatures
Processes
com.letv.adsdk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.194:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-18 17:02
Reported
2024-05-18 17:06
Platform
android-x64-arm64-20240514-en
Max time kernel
3s
Max time network
132s
Command Line
Signatures
Processes
com.letv.adsdk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |