Malware Analysis Report

2025-08-05 19:09

Sample ID 240518-xhcfyaaa9s
Target 56463b4de5c0ef91f5459c33e2784120_JaffaCakes118
SHA256 80c052719f99b0ac2c7f83410611f66db433f14f24c77f08208153b1db8e3bf9
Tags
persistence discovery banker collection evasion impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

80c052719f99b0ac2c7f83410611f66db433f14f24c77f08208153b1db8e3bf9

Threat Level: Likely malicious

The file 56463b4de5c0ef91f5459c33e2784120_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

persistence discovery banker collection evasion impact

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks memory information

Checks known Qemu pipes.

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Requests cell location

Requests dangerous framework permissions

Declares services with permission to bind to the system

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 18:50

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:56

Platform

android-x64-20240514-en

Max time kernel

7s

Max time network

150s

Command Line

com.qihoo360.mobilesafe.deviceinfo

Signatures

N/A

Processes

com.qihoo360.mobilesafe.deviceinfo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.authguide

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.qihoo360.mobilesafe.authguide

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x64-20240514-en

Max time kernel

8s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.chargescreen

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.qihoo360.mobilesafe.chargescreen

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:55

Platform

android-x64-arm64-20240514-en

Max time kernel

7s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.chargescreen

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.qihoo360.mobilesafe.chargescreen

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:55

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

130s

Command Line

com.qihoo360.mobilesafe.deviceinfo

Signatures

N/A

Processes

com.qihoo360.mobilesafe.deviceinfo

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:56

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.floatwindow

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.qihoo360.mobilesafe.floatwindow

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-20240514-en

Max time network

156s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:59

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

130s

Command Line

com.qihoo360.mobilesafe.lssvc

Signatures

N/A

Processes

com.qihoo360.mobilesafe.lssvc

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

130s

Command Line

com.qihoo360.mobilesafe.chargescreen

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.qihoo360.mobilesafe.chargescreen

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:56

Platform

android-x64-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:51

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.179.234:443 tcp
GB 172.217.169.74:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.187.195:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x64-20240514-en

Max time kernel

9s

Max time network

147s

Command Line

com.qihoo360.mobilesafe.authguide

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.qihoo360.mobilesafe.authguide

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x64-arm64-20240514-en

Max time kernel

7s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.authguide

Signatures

N/A

Processes

com.qihoo360.mobilesafe.authguide

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-20240514-en

Max time kernel

8s

Max time network

129s

Command Line

com.qihoo360.mobilesafe.floatwindow

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.qihoo360.mobilesafe.floatwindow

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.213.14:443 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-arm64-20240514-en

Max time kernel

7s

Max time network

132s

Command Line

com.qihoo360.mobilesafe.floatwindow

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.qihoo360.mobilesafe.floatwindow

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 19:00

Platform

android-x64-arm64-20240514-en

Max time kernel

3s

Max time network

131s

Command Line

com.qihoo360.mobilesafe.lssvc

Signatures

N/A

Processes

com.qihoo360.mobilesafe.lssvc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
GB 216.58.204.74:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x86-arm-20240514-en

Max time kernel

147s

Max time network

172s

Command Line

com.magic.clmanager

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/authguide-10-10-110.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/authguide-10-10-110.jar N/A N/A
N/A /data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.magic.clmanager

com.magic.clmanager:resident

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar --output-vdex-fd=59 --oat-fd=60 --oat-location=/data/user/0/com.magic.clmanager/app_plugins_v3/oat/x86/protocol-10-10-170.odex --compiler-filter=quicken --class-loader-context=&

com.magic.clmanager:qos

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar --output-vdex-fd=95 --oat-fd=96 --oat-location=/data/user/0/com.magic.clmanager/app_plugins_v3/oat/x86/news-10-10-1015.odex --compiler-filter=quicken --class-loader-context=&

mount

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar --output-vdex-fd=69 --oat-fd=68 --oat-location=/data/user/0/com.magic.clmanager/app_plugins_v3/oat/x86/deviceinfo-10-10-102.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar --output-vdex-fd=87 --oat-fd=89 --oat-location=/data/user/0/com.magic.clmanager/app_plugins_v3/oat/x86/floatwindow-11-11-157.odex --compiler-filter=quicken --class-loader-context=&

sh -c /system/xbin/which su

sh -c /system/bin/which su

/system/bin/which su

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar --output-vdex-fd=84 --oat-fd=89 --oat-location=/data/user/0/com.magic.clmanager/app_plugins_v3/oat/x86/business-11-11-206.odex --compiler-filter=quicken --class-loader-context=&

sh -c getprop ro.build.tags

getprop ro.build.tags

sh -c getprop ro.build.version.sdk

getprop ro.build.version.sdk

sh -c pm list packages

/system/bin/sh /system/bin/pm list packages

cmd package list packages

sh -c getprop ro.hardware

getprop ro.hardware

sh -c getprop ro.boot.serialno

getprop ro.boot.serialno

sh -c getprop ro.serialno

getprop ro.serialno

sh -c getprop service.adb.tcp.port

getprop service.adb.tcp.port

sh -c cat /proc/version

cat /proc/version

sh -c getprop ro.product.brand

sh -c getprop ro.product.model

getprop ro.product.brand

getprop ro.product.model

com.magic.clmanager:resident

com.qihoo360.accounts

mount

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.108.22:443 sdk.s.360.cn tcp
US 1.1.1.1:53 g9hc4.cn udp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 cc.f.360.cn udp
US 104.192.108.22:443 sdk.s.360.cn tcp
CN 1.192.137.36:80 cc.f.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 180.163.249.11:443 g9hc4.cn tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 commercial.shouji.360.cn udp
US 1.1.1.1:53 sdk.look.360.cn udp
CN 180.163.237.166:80 commercial.shouji.360.cn tcp
CN 180.163.237.166:80 commercial.shouji.360.cn tcp
HK 101.198.192.67:80 sdk.look.360.cn tcp
US 1.1.1.1:53 v.sj.360.cn udp
HK 101.198.192.67:80 sdk.look.360.cn tcp
US 1.1.1.1:53 g.sdk.look.360.cn udp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 104.192.108.22:443 sdk.s.360.cn tcp
CN 180.163.237.249:80 commercial.shouji.360.cn tcp
CN 180.163.237.249:80 commercial.shouji.360.cn tcp
CN 180.163.249.11:443 g9hc4.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
DE 47.254.149.104:443 p.s.360.cn tcp
US 1.1.1.1:53 abtest.m.s.360.cn udp
CN 180.163.237.89:443 abtest.m.s.360.cn tcp
US 1.1.1.1:53 toblog.ctobsnssdk.com udp
US 1.1.1.1:53 is.snssdk.com udp
US 1.1.1.1:53 dig.bdurl.net udp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
CN 101.132.174.146:443 dig.bdurl.net tcp
SG 103.136.221.67:443 is.snssdk.com tcp
US 163.181.154.244:443 sf3-ttcdn-tos.pstatp.com tcp
CN 61.170.79.223:443 toblog.ctobsnssdk.com tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
SG 103.136.221.67:443 is.snssdk.com tcp
US 163.181.154.244:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.244:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.244:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 139.196.193.196:443 dig.bdurl.net tcp
DE 47.254.149.104:443 p.s.360.cn tcp
CN 139.224.30.139:443 dig.bdurl.net tcp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
CN 139.196.208.61:443 dig.bdurl.net tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
US 1.1.1.1:53 dig.bdurl.net udp
CN 139.196.208.61:443 dig.bdurl.net tcp
DE 47.254.149.104:443 p.s.360.cn tcp
CN 180.163.237.89:443 abtest.m.s.360.cn tcp
CN 139.196.193.196:443 dig.bdurl.net tcp
CN 106.14.23.11:443 dig.bdurl.net tcp
CN 101.132.170.46:443 dig.bdurl.net tcp
CN 139.224.82.203:443 dig.bdurl.net tcp
CN 180.163.249.11:443 g9hc4.cn tcp
CN 139.224.56.191:443 dig.bdurl.net tcp
CN 101.132.174.146:443 dig.bdurl.net tcp
CN 139.224.30.139:443 dig.bdurl.net tcp
CN 61.170.79.226:443 toblog.ctobsnssdk.com tcp

Files

/data/data/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar

MD5 b17b611ca4a15e26aaf255b426cacc2f
SHA1 521cc19073c387c1316889ad84cdaec66bb16fc8
SHA256 388644858db6122335d233c5a897dc6c6954308ce1d87d3d71fc331fb255c6fa
SHA512 5bb0bb413c8b2d476ee5adb860535b01c7374599e3393b03eef53e45ca66d45905d17effa8ab441a12f54c758417308c042393ffe35cd1e3e7e2197d5b1f9003

/data/data/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar

MD5 9827e0719d83f0e2a8dbf884b0125f16
SHA1 9ef0b6fb5c68539ae0af9fca60a28ef1a4e79dc5
SHA256 e874d63a6f7c88d183bac0e56e11bedebeb2c8dfca0ce85087d548cb0e7d9444
SHA512 e102f103316f6926e6efdacd3a5432c7fbc08904bbe8c1b45d6d746996ab46d96a978923c5a5e9baf853a24aef4f269175f4715892430745d55c3140918a300c

/storage/emulated/0/360/sdk/persistence/iEr

MD5 281c57a3af5356f7a58b5672ddc5d25e
SHA1 8e942994e00cd5bc82649f557acc021bf71cfe64
SHA256 0691e2ecbfa3185e43ba06bf8e527f586461e2d2fe26b5432b6c618700dea1de
SHA512 266f0fd21458308e4ec4cb277f057442efb23407a77f70635e85416601479f48f58471b9d6e9bf1739050c4594801e942ea159fa4ac6a573988ca1d58d908b37

/data/data/com.magic.clmanager/files/o_c_cas.dat

MD5 776bf221466e9267a3e3317aa1c1268c
SHA1 c7421c41cb624470404d6aa86e11597f0a279536
SHA256 c9ed30ded447434f7190340d06744cc824e3885540d23b832a8916f687ea0095
SHA512 1438092a99fa47e8437d78b523c125c5668367f04177721c6ff3bd6f02d6fa3f1b5fe87dc397554f633acbd58b89e30ed7ae10195c8d92558f520c029312b316

/data/data/com.magic.clmanager/files/o_c_cas.dat.timestamp

MD5 58544b9462ae399885ae812fd754f2bd
SHA1 203922aaa77eec07d34fedf6bd4883e77b102bc0
SHA256 feb622c9791ab285aa868b177035dd91e74e1895da1bddc982009ee63e5ce303
SHA512 90ee8009eb1ec91ad9dcd54f4a3d5e520fbb3d4c6c01c629a1b981b6d4ec409e8350e11f2329b835979fbaeb43a2a2dcafa2a4df669103fc2d65c9ffb8e35465

/data/data/com.magic.clmanager/files/o_c_spl.dat

MD5 056ce376a2d90303a0060433a0be4333
SHA1 f316e453bc2cba36e17274e6f4fcdf107d9215ea
SHA256 ef4eab9b6dcdd3a00b913336cc6ee6750e0a084e71559471fe1fe044edb7c6f6
SHA512 840ba8911a8d0f44b310fe5fd6125c49de7cb6581d6c9924f8b8293876eb2ff40e6c82b541e2aa0e18aa326ed63047e1bd6143435e7831247585bc9a4555db9e

/data/data/com.magic.clmanager/files/o_c_spl.dat.timestamp

MD5 6b44fabaec2649717d014e2b1ee8ed25
SHA1 cc4faf6f62d12ac37f3ae7ae55bc1c234f1936db
SHA256 8401109a7671d531cdd79399bdbb5be57ac1c26c8572b934817e5122596ccd15
SHA512 df8a032e2dd36ef96283a2d2e457492b871b6f6ea50898b9a8b9b8748eea3fb1ca4840723cce1c1b6777cdfad68ebc6a3d95bab65ee4bba0c9976429f5380814

/data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar

MD5 0dce82e8ad4f78f760a4f3512bdadbe3
SHA1 2ee0dae61970becaedd38b5101e9ab5f030bd879
SHA256 76a12ebb818c2cf69fd19697f49a49b9bd85a7523707fe865ec3899cb514747b
SHA512 1367f820e97ac2c1f28be70f0389e7954375cfcd750d7a0a57626e76597e4ed1f85e766c80900e434e488e3b0933d06816a06592e0a44d92d4108095b6be84a9

/data/data/com.magic.clmanager/app_plugins_v3_libs/news-10-10-1015/libtobEmbedEncrypt.so

MD5 66bb47997c52e0e9926e61217a5a156a
SHA1 125358ce5faa578da083d4619eace4a6baa53c50
SHA256 62bb40df76da71b8e0a6738f4a3e63abb078cc8af8ceedae9e71222ec65431ff
SHA512 97423d88304b3426e727bf7fb6a32f979c6645b1767e454a24c34163b5c7c53f6b59d33f05a3f844fc8299af6a96781fdfdaad5c41d6089065346dd3798199e8

/data/user/0/com.magic.clmanager/app_plugins_v3/protocol-10-10-170.jar

MD5 ad59ad8e11e643186240249251b0f1ab
SHA1 19dc6b5c1003a5affcb3e46c8b810c7b1370ee6c
SHA256 ae8fbfaac4994a77f89769b0cafa863693167390914b018334e8e8ad9d26f02e
SHA512 3045b7955235bd1d758efc9f746bc9a00931c3de313a7b23ff1322ef163ef39860ddb6e55fc13c7892cc219e86ec7e8db13eb112b7ec12b2040aba69e968e7d4

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/router_info.json

MD5 6991e294cbf9383431149f9e620612d4
SHA1 a223b576fdf37a1c481a05f68744e60a3408c312
SHA256 93c6adc2327bc70acbecf77869cc0d06800fd8ba8f7fadd64569495ec765d53a
SHA512 37254b02cc3d660da91df6533f721e55599da17d3a3caeab036ea9113a897655bb7f03846672d0c7f7f9465caded77414711b4745cd310e9dc4a05877680b64d

/data/data/com.magic.clmanager/app_plugins_v3/authguide-10-10-110.jar

MD5 1b80d2e0ac0eecbc2fa65701b2998678
SHA1 ddac8fee8e8041f38468ad949e760c283c78ce3a
SHA256 5e5d2af96f10318d13b8e0d97b8cc9b39cbc0cd1ca2afbd4e6afb56768e54735
SHA512 0c3026e36ae36a3b1fbf2be950247ce04039a14a843be6ee736b0b8eedcdad628fe237b55978bd17a223558be053afa1b6abf83269e3a937744c0cf630ab6ab4

/data/data/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar

MD5 96b39324d849e737047e16a727f385d6
SHA1 5c1034843f708fa8064b7b9b886bb23da20a0cde
SHA256 c484154fdff3d81e56db35f6061667a13ab559b4bbf48fb4883e722aaaa7b687
SHA512 6a7adaf7f45169682d322515c99eb2873de45851b3b59b1ad421e8274a42f68a47af370a34670727d7777c9f6a1e9daf99bfc8336635b6115fe0ce8bfad60963

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 39d167554ba43c30fd0fdb9198335368
SHA1 f03042611bb7a1cc0660c6b568b855b0218af1fd
SHA256 2f30259795968344a24c4aef44844b7caa16f6b03c04f9f6cf6118ae0a94852c
SHA512 f84244000815879aef70849642cc36d93549b681968732e59c3983fec1347b38fe7cd8a2debd2c9bbd03015bd385fe975ac0e317b0d50ad3578ff20968dd3a00

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/o_c_al_sp.dat

MD5 ec994bf43d437fc91c75157752dfc9d5
SHA1 81b9b3b49ac19615b21f4209c6265ed87cfec920
SHA256 200e427baab3fdca33f5ae4819d40a1ecdcb6a20e3076708705387960abf90fa
SHA512 305e9f021992cf51f5413935cf809a90312f58f48ac68cd9f8777f807e5301cedb6f15c19d4d9a32ba5f081a001b9a748f3a9b4bbec7f9d7e4f6888f4f4a6d55

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/o_c_al_sp.dat.timestamp

MD5 581a915cbc3819fd0a07b13d87be2c51
SHA1 7a8a5a11334abe54864a7ec19d8bb8dea654ba4a
SHA256 bc5d984926651eb3d198514ea57e8ff000d09d27c3726d076530481a07d9b554
SHA512 08ecf208bf8368f709075cec1f63852c0b822f662a479b6c8a51424cf646c565bc4c3c22615d0e54cdfa85060b04eab381d8b93569b821f7c09083b9e3e18043

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/o_c_n_dlg.dat

MD5 fe37d7b349b2a53875cc0c86d99a32e4
SHA1 4378fbd5e6bdc504b3a2cb2347bdac8a510e86a6
SHA256 7c6de34570cb693d5341da4e8e394a727b64af780e8574509b9ca5745ef059f6
SHA512 93ba3e90cd1685484490737c50a0169c7f1a0f0abed49b99323746a29ce91a1af7abf6055951c5f82aa14ef4f19b38591bbb69b408096fe3b6c34c1aa61ffa88

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/o_c_n_dlg.dat.timestamp

MD5 b5cf59b5281af023ce38f19030fed90f
SHA1 af73b69b283fd674a877d5d0f38c564fa8567b0f
SHA256 7eceba289c1ff54212dd19e7a19c39a6be01c227c955460d09eabde0cfa5fd71
SHA512 fa5b0282981184637f46ae2e3e1ee6563a15f95d0ddbf80b9d79897cdcc3c0da0a36f1cd8f62625409e81cdbeeda774bfce6afdab580180f7c54f5fd5dba7e96

/data/data/com.magic.clmanager/app_plugins_v3_libs/business-11-11-206/libqhsdk.so

MD5 067a2e8ff0e73b4672d26236558b9a38
SHA1 769040e8038aa9a38fc066ee403fee58d5da3e21
SHA256 2f95949865a54b1beaffebcf558ddf80f95a3a156bd67595f78e15425b4068eb
SHA512 bf6042ef01915cda3ebb546ce1783709cf2bab6255079adc4a7558cfafee77e703e39fc0b81ba0f2300cc8039a6f1e64e9b7f7b187e77247fa5e7a01c7155c6d

/data/data/com.magic.clmanager/files/plugins_v3_data/protocol/files/o_c_a_e.dat

MD5 ef8be8f81224c3ee4c44171bcc402d87
SHA1 e63938b981da43e3a13cf9e9dfdfe6253e06aa7a
SHA256 8d7085c88f358e29b56353456c1a42d39f66820503ec373ffb72c59b89de130e
SHA512 836ee30fa86d7f5d5fadf003f698e94b226f47916eadd1b71d023bd4c2f24474314b0c63da569cfe7d447456b2e5643d025712ef129486aa4e45f3128ed4336c

/data/user/0/com.magic.clmanager/app_plugins_v3/authguide-10-10-110.jar

MD5 9d7780052c2383c1216d84a7b64493ad
SHA1 6b48e54e7cf22bec216c3bc377eb247dc65675c9
SHA256 9163a5973b7c0e2e73d16506fcd91231e57f8186f063a9d7dbb1c589f099d0dd
SHA512 c050298a366b47cba27eed2be0ab7bc3e03f05e9fee145e01087f3c8f682802621b1ba2a0f8f65e1450627aa3f77ee0b9c882ac81ecc90e8b69fba0442b264c8

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 77d93b530ab547a6701c1605a99693b6
SHA1 429e3ea2a3a6997652ac3a1ac05152aca2b9e2c0
SHA256 5ff736f315d9169bede3687d5eee11bc56c1e1f415d47814007fb56352434efd
SHA512 7a62b7730de72f4138b0877137a6ae555f1ff3df8d836dc7afe0b69b48f84e5980c4c035920651f451c83b82aa9cb1d653e980ad34fb0e2f69dbdb59b206ffb0

/storage/emulated/0/360/.deviceId_temp

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 7301cf1c317805dce7258dd069b218c7
SHA1 d015e83d93471adc7dc8f1923b5fb746f0b55d64
SHA256 d83165cc4469c20131a6b59bdc7f9cf9dcc689b9b25e2cbc9c122143c029b729
SHA512 ee107ec209edf04926bd436f9ec8343fd0e373032d1d63ba2f63e470180dfe72fc263355f9a24eec5447da8353db59366b0e2e1b0aac9b5701386c9a04c76a3e

/data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar

MD5 0f26331205b4fd77ba333a6d81a237bf
SHA1 1678428d874e00edc100af92b106ae9a37510996
SHA256 73d4d23d78ba044a11fce65cfe16fa0dae8dcad6e6989c0a21d08ecf59028017
SHA512 76cc7aae009fd05366c8bdb8ece8e5c76e9e960f0942c26eb523c040f415580c9ebdc1f40d8bb419f1ad35a7bb011f2b7dcbac0eeaf353ea6305fa4da1a569f2

/data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar

MD5 5a40c650f3df298761f9123c09c85b00
SHA1 1d66fbabe04d7f1992895e53cbe6ad68b4ff9bcd
SHA256 4be16ca5ecd25447a71a737346a5048134efa1f867d9225d5f08f31a0a373892
SHA512 b70b23e03aa1ceba73b71aa1035b4dd0ab4aac12fe61c5cd13a93fda4d14a3145f08e6240bb2f13de05c9f31db83d00322a7c6e50bd92a6ce6906c02fc09e8c3

/data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar

MD5 aaa70411285a6e16ef94859a786a796f
SHA1 50d6bd9df092a0a3092fd70ebb4871d02554d945
SHA256 37a3d0e6950318990fc296f06808045dcfa886ee44accaf652b4a4ce45a28c8c
SHA512 b9234bda5d9fc3ba56e91566cfa15a3d5fbaff65c461b635ba4f60d5810c3b9d4e3c111c4744caa843ceb1c53d7080dc9ed4b9f2daf6ca44bbee22097f858149

/data/data/com.magic.clmanager/files/o_c_m_c.dat

MD5 3ca4829881338978a26f0e7e43347d4d
SHA1 8f36d5d45bcb1b662cdc785e1da126c31198d764
SHA256 664c50b1331b5360c60743ee18b3fba70f301b605c1e9ee36157d327c846af47
SHA512 90cd47769fe24497dc2dcb6793fe4b4dbe08ae6660bc90cd422e15dc067f69264c64713d73c6733b0822e09df62e12cff7bdf7681b8a88ba0f117f021a6c8286

/data/data/com.magic.clmanager/files/o_c_m_c.dat.timestamp

MD5 398947f3aff6e42afaf04ef2d98b14bf
SHA1 594863129b0fe65de0baa6ebe2afe11fb9289ecb
SHA256 e538fe97b05226287bda837a6040fbc9c8df49ed616f5e91d9f4a527f53dfe27
SHA512 6d6638bd10f87ad0e0d49bb3b065bde60af14f5c4d8198986bbba837dd12be1367c08e5e17cdc6856c9a686fccb8faabeccb77f472be2a4e63df62bfea634849

/data/data/com.magic.clmanager/files/o_c_r_d.dat

MD5 c44075aa13fef51efd833ae368e1a3fc
SHA1 9b74414f0ff5f5a324c34dfd9b106f94599d9d94
SHA256 a6e6baf56c1db1c3d332a795d8c3bcc43b7e76f39af358e083f937b1355880dc
SHA512 d45ed9de9bd5540f043d40674995220af8481b0ba9e70c1154382b2171514e6a994f885749ec141a236d81154e30cf6f02f0432e563c700ab2ebbc9526f26b4b

/data/data/com.magic.clmanager/files/o_c_r_d.dat.timestamp

MD5 5ac3f7bc80fbf00d94bcf8cc4d7f1a22
SHA1 bca834e0f1ee216ba5be41200ecb51511fa0c2d7
SHA256 d8619768d8b06b7ae19f439a7b58d50b0bb6385ac5330bef61188a29c754f5d0
SHA512 be40ab4c4b0ad1a7216f4a897d56ccb487b2d0bf6b80190ad620affb0b5efc9475d2abd7375581b06d107cea858d34b2b2882b5e6e319eccd72d93cf064f9ad3

/data/data/com.magic.clmanager/files/o_c_m_local.dat

MD5 618cb4e5b1083eda6f3416639267ff69
SHA1 4d8b3a684160c321ae4b6113c2f5a44bc4e2786e
SHA256 e7adeecc5237a4b2ac74cc521be3b115b7bbfab7ccc53ab26ce504b4c9ba9f4a
SHA512 0aed6ecefb45436ebe6d8fa458063d3e9a410953cf654f1735a8ac1a0aa9374a3940a89ae3f530dd1c31d691615573cb998588c1906b76a3ed317e615bce7a0a

/data/user/0/com.magic.clmanager/app_plugins_v3/deviceinfo-10-10-102.jar

MD5 0079f683baf524985e15983772a2a94c
SHA1 8710f2194364b896c27b70b650582c8d36dcddd8
SHA256 e55c1ea78def6aa5978236a8bcfac93f5794724311447560e6c1099b2d5ec851
SHA512 a30e240380b679df833f5b7045763c8d99c7532f193691abd2e662561a4a981163ad49462fa4f1b0f1d96194f6676b1819a770b4cda5146144ed27213044b015

/data/data/com.magic.clmanager/files/c_q_m_o_r_p.dat

MD5 91edbf4a13aedeac9874e687bd95a8bb
SHA1 faf83a869f2d945ca396e7db49c0f89404ccb697
SHA256 e5abc591f5c58b1f16130aec862b3af7c63ae20fb8aac351088d36847a84c927
SHA512 09145a797023c399e8d843886c86c79ed6c245717771feb14c3b7c52f58001454c66a725adc465fec88b5307c660a33689846e5fafdf34fbe60c16313c5eeb61

/data/data/com.magic.clmanager/files/sdk/a/a_temp

MD5 739bff80e64aa5e880c0812d0baa9388
SHA1 da73edd0c860a738a20e94c68f0c16577c9ce520
SHA256 0290e312f737e057287013b278d9ef520948e0a105d47c40bcacfec60be4bdcc
SHA512 74d05547e572148c33518771d5734a1de2061e5c99261c5b557cf2c91474ddc1525a18ea895849dd1ee410876a4fe933efa903fdd3272074fd85880a182c1c95

/data/data/com.magic.clmanager/files/sdk/c/c_temp

MD5 a8c3618e976059a8052acabf0044cf02
SHA1 1f3120b184890e7a921d1124da4cb91119fe24a2
SHA256 0097feca9f87e5dc71c7429ec9f7faffc67521c7411beefd923d87943dc51b30
SHA512 7729af63ed1f7099525e3ed432d31f670c188f4a0db8842b07cc935310ae8b216af83d600b71aeae35aaf835e26667b477c33e372b512e0af3c7579ce7882128

/data/data/com.magic.clmanager/files/sdk/d/d_temp

MD5 a13371d2a79add1e02f59d4add16c268
SHA1 8eddb67c34fd1e962df705260f6b06190036986c
SHA256 597b79b7e10155949c4cdca20d5ecec5d1de9dfc5da5ef47b819387b873bf32d
SHA512 ce419876a5f4ea48b3bbfdc5602a254525f4ada7eab548d35cd1a567ef75bfb7627c5466a2e80afb3d8cdc5d5ab5f4e8e5fd652942eb4f1cb2e3fef295e049d0

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 57ae75c9699b7cdf02da404a0490389d
SHA1 a19deb5e212f30279f58bb66b1cb82992d668640
SHA256 b98986bd8e01dfaa7a1ba3650361be49996ca1c4957145423cafd8a51dab750a
SHA512 92fe25f3f5c29bbb2d9820e9d9205aeb6ba44fd2786a3b5891c1ef60db38cece1299c17891696989cbd452c7aec2a365d4c3d494bf6579646f0e99ba0638e50d

/data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar

MD5 7e04afcacf81496f5aa7e01d2a0c316a
SHA1 37b17095716cdf6e6fcf25bbbed3c6f1418f90b1
SHA256 3aa2ef53c739c01e952014ad4c279349e10a9ffff5058e25944453bd299d7e1f
SHA512 457af8c96de41fa5fedf06c36ade992927e8d4d334bccfd42544da1d091ff1609c222a94e2f4d01d1e1365d54332b7779a04163748dd315dc053c2b795d4dc81

/data/user/0/com.magic.clmanager/app_plugins_v3/floatwindow-11-11-157.jar

MD5 e2e3089ea60d907c4358086534c9c27f
SHA1 29a8dd2e904c59752d965f933aaa85710b3f0c90
SHA256 1d0bcf56a8b2def657b46adac64ea9229bc42f0d4c545acab6b167d1eca71e8c
SHA512 f2822ba5dcc4b85d595fd65a3c2bddd58c86e61838ec9bc5755defab81969650584f2522015cadb1b731b825555f45b71cf8b66ec196db9a91a86bdd514d4736

/data/data/com.magic.clmanager/files/cfg_schedule_screen_off_clear_process

MD5 1429946e7fd65d2206b7e0567cb24468
SHA1 847edb953797e3adb4795809e7df3c3e690b3f20
SHA256 b4e7eb0438acb193a6b279ac000459b380df01e05a3d7202db1e073a1a4b4178
SHA512 67099ce951510212ee1aa008bfce829338b7c00e3f4254a878f4cbe5461861098290f58922c080bab73462f4fd8d722142bbb9d77b542ae30b5a6f38ccf99662

/data/user/0/com.magic.clmanager/app_plugins_v3/news-10-10-1015.jar

MD5 69b680e50d6c08b39316e4943c569997
SHA1 502d5c97dabdfaadb553fc495c8fe9107260ceb7
SHA256 41eb2c4ac06809b6e9a0f3f5767944d803dc80d6174b7861420cde8a68e7d060
SHA512 6de1bdabc11b6ca41a8d54d5bd2af71213aa6e09e7edfc6d08aae68ca1e43c14537d25aecddf29467fa441807cb321e543b000a53da18007551fdb2e166043d4

/storage/emulated/0/360/.deviceId_temp

MD5 01357ce487e57576a483ff9bfc2797a7
SHA1 01ece1f0b8f18ce17120dfce15c919b5be2a2f36
SHA256 2c630a6ae6ec3acee60826fead907c5054d06799f2b19805accc65ea60de5b14
SHA512 f27692d98b14bf471e907f0eb4693858a691c2316dbf259e8aa714a94434dbf7911412863250514dc1774f417611b79d1ce7656280feda667c20e72399888def

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 57a908a2e55fd795038758ac48cb26a3
SHA1 051b17a8556e8a46c07c84b7c3586afe31d8e973
SHA256 3f6fa98613b7e2e34892c7cf50caf4ca8830ebcfd190ea8b099ace9ecd71afc4
SHA512 c58ef0a8380bffe4059e0cf0c9b5280c1d56227c0bcafd3908c0729a6732dfcb14acc7af8eb6f55dc9ea1b49b60f0183e6ebeb78eb558354cd53ca7e63c7bf7a

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 05556a952ab5e91ce0fccd8547d92479
SHA1 63df5a7689183ae06eeb389df918aef93adee888
SHA256 900e3bfd7dc48e436565af53c9dd91a0ac3bdeccc13aebbd78cd6203597ec282
SHA512 193afed77decd95c3a94bfd49bc0f43e4d2af7a3f9aa94af2d31fca529ed7b17c8b1ba5540fd40b742771a94dc61a9020ed5283e646d2242e965f685a8f5ba94

/storage/emulated/0/360/.deviceId_temp

MD5 23f01161ad48cfc166bb4589cc70a7d6
SHA1 794e7d7e46acaa528aa480b0c3e2b0b52132d696
SHA256 d25c7f0aca74b625c45c9fedae990d04c9ad8855e758aef22adbc299142c6f46
SHA512 2ee8fb08c9a69ef386b1111b02f9aa37b0d1431635493b13cebb04fa38c688cf644ac733213214f371f76ae79d57931189cd97f030e3fdc064669cac0056a48d

/storage/emulated/0/1716058308675

MD5 fc489ddb5893d48f60ed3c01526d4528
SHA1 20c67df35f6f3c93a4257b7b7ae451203780aa31
SHA256 81b6035d8fb697a0da2308234e9b708c461fb1e75f061f0323e1b66ab59862fa
SHA512 93b6555df4a965f12f84a6d6c60020f27fa370b94a25e10cd7c1a8452e224138a948d7e2badafe429ddf4cdaf225407edc68bfd42cb0c1f2289294021e58d23e

/storage/emulated/0/1716058308737

MD5 f5646381076af3644ff48711268e3250
SHA1 9a87bbbc9f0c35682ced096bc7aa528c6521f1de
SHA256 dd471764c58c91829df3e44344190d14d5ee1bd3bb724b212a29cdb667af7d32
SHA512 f496ebfabc82ac108978d0999a6c502a92cc1c4c20bd2a129acd6338ecaa2833f4f5edb389bdb2302f6ff0a4be27b2d64143e5058fd3904904b13645782c8799

/data/user/0/com.magic.clmanager/app_plugins_v3/business-11-11-206.jar

MD5 1787c2aaad4e43b1a74a1b5e70c7ca5b
SHA1 1f05b6d9b406ae516b0849cb8a27394b9ac7055b
SHA256 9335386a457cd5dc3cecaf8cbc37e201e5e6473a0a23dc4e2be3583e13318d12
SHA512 a22984962a44eb387bf348293bc21f30aa9c35915d14b681dd436410f213dcd3135f5154c442069c5f090261419bd3edc677d55fa11a9144e4e8013a2409b50e

/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

MD5 b5bdad3aeba3a44f7b9151d6b4eceb1d
SHA1 fa66e12c8c7e6e996978e6032d7e42a844e2f4a7
SHA256 4ce1eddac3880567fd2e408dc80ffce81423780206240575b9b11da78da7e49d
SHA512 0ce9881137836a794f788c8845ac9936b758826eb8170367e47b7a3fe693789a602723bb4da1777d8ece93440bc1144edbb02d5382037328e243ea7ed9395dd9

/storage/emulated/0/360/sdk/persistence/data/Y29tLm1hZ2ljLmNsbWFuYWdlcg==

MD5 9d604df6e671711fc033378ee76d54af
SHA1 569e9220a2e17cb493908edc9bdd54ec9f573fb3
SHA256 f8b8e401b59ed343b9ba3d270e31024bc2d6b721c53b55b7b62562c49cc1d397
SHA512 5bc4d7c2f2ee24a2355ca4e61a1bdf018e59f0d172028092530bce0b153451ef16cb0676cc64cce52bd93c508ca715b4d5c6a623c06e1c7b095ca8f9a8fd21fe

/data/data/com.magic.clmanager/files/o_c_vest.dat

MD5 4b12c3333077094ea4c814796deaf928
SHA1 5a896b5e7abe6ded161b7f0ab77dda5bae7458b6
SHA256 e2358174b11feaeb23616e3e1f4b4b3404b6376b2efd71b34382dead3bc07f27
SHA512 534dbf9451390f2d5b0a737bdd74e9c19fee575da19503c22d1612ee64ac6607adb540e0d378ed15e4633071d29c4d4d8751aa55c61be0e181878954f0bb24c8

/storage/emulated/0/360/.deviceId_temp

MD5 dccdcba2be2d52325ef749f275ebded5
SHA1 828ea593e36aacaf20c2c408101d5e23b6b08027
SHA256 7ac8f9dae827892ad859f1f77cc362404c5f1190daadbe7e5b547b3a1f623933
SHA512 3e45d3d58d76b4bb74396085ebf54a9b7e6aa636c16210c47f5983704fe642a40ad3b52743664044490c0bf4b4aa449f5eebdd00bbd6171912c4870735103707

/data/data/com.magic.clmanager/files/o_c_tphis

MD5 3fe48c8ab5fc3512ee794541d755f4a4
SHA1 782cbd0a8eae1a4930e44da260b646201a0ca45b
SHA256 ac2b8b0abaf9b2cc13b5bf5cd5a177a76e42f196493827c6f292c78fd1b31dc0
SHA512 b04632f08fbab203426db1ec7c2d82a5c0cfbeb0760d9ab8b27bdae09c2ce81dc59a61529a3c347b4dacd0c8871b141d33cc5d791906f59fdbe10b2f09216304

/data/data/com.magic.clmanager/files/o_c_tphis

MD5 d35438abfb02bd9e5779ce6f4d42f6a3
SHA1 bfe94b991888c1f45e62aacffa36e755819f24a1
SHA256 f026afa72b78d8cb14baa3d2076face47218defbcd6f89ad688ce2bb1964bb99
SHA512 2fd327ab7d9a678f7ee3113887df1e11352a00a420a93f17dae796b3b38f87329c31ef6a8e49709f72a13effd51d7c004c7b801df9f31ea2ec337bc64a9c786f

/data/data/com.magic.clmanager/files/qhDeviceSDK/dc_cache_file_temp

MD5 a616d297bd703f8ecd2080c08514fe0b
SHA1 61dc726bc170e98bd6ea205363ecf6b48d890731
SHA256 27011ced8f03f65e3b55f948f65f949de3a1c6da465ebc38fd117004231f96ec
SHA512 cfaf2113fffe7cb9be4d2ece13d7054923848c1fe3d3de1dd1306dc6d3d97c5e3a0d9a9e382ec8c7c70479f87635847dac86bb87435f0d2c7c25c5d61c4f8813

/storage/emulated/0/360/.iddata_temp

MD5 898ad2f8032f8ea69bd048af31879ff9
SHA1 1d1eb251435b23c51dfa5f94319787a09b339373
SHA256 cb665ee0f36f082afce76ec46d2b12bf317ddc4c54ef7e035f5295d27e29292c
SHA512 ebb0097ec75e711fa57fd7df528abc4250ec4db102d3c24aba4f9383262802b7f62b0de2f1a3452be52545ea9ef87a6a42e55ca50883af773621a0f416df36b7

/data/data/com.magic.clmanager/.sdk/e/e

MD5 1ecbcae2074a93c09b1dcc22f264f4b3
SHA1 0bc3bd7349af18f7f9fef3d975d2b37d4802033e
SHA256 c552300bca46e9830bbd3ba0188b4e8e4a0f93ce134c978c73074afd0962551b
SHA512 4bf74ee3c4a2008eee33434d052327690c5c30d6a40a0e5c204b26f83681fe84ac3ad7d93fec1f746975fc339b28ed14c26d117ec0b5d72b1560ff7f349f480b

/data/data/com.magic.clmanager/.sdk/f/f

MD5 a266b4483a725f3fef4132647ce552e3
SHA1 43d38acfffa63552deaf4c26407937c460bac50e
SHA256 b384c3d7a98c3b8803dca51f84a32ecf1dccca77ba0c9350037697b9d8564463
SHA512 04b490a0da8e0ecede9bc1424f797cb1e1ba6193e8578529ad616e7def5948cc1ca1df8d508e5ccee71cfbab971b40c1c7097ccca91ef47fb68f6013429fe241

/data/user/0/com.magic.clmanager/app_plugins_v3/authguide-10-10-110.jar

MD5 7bf349950531e404281d8bc812473e09
SHA1 6ecebd4154e280091512dc4d5df1dbe895bc91bc
SHA256 9419feb4f46cca67227bacecdb5e734290555fd6bba8a6ac9874d5876c5d6f21
SHA512 1541ee4683ee10f83acdea0befd2349aeaf7cfc5870e969a5ff82f148e8804b694a1e5e5f07b2b098995b22ce940cd4aed7857480eaa21d52a88272c4c018f95

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-arm64-20240514-en

Max time network

164s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 142.250.110.188:5228 tcp
GB 142.250.200.2:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.201.97:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 172.217.169.65:443 lh3.googleusercontent.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 udqrenbrxkin udp
US 1.1.1.1:53 ticklvxg udp
US 1.1.1.1:53 itpvrrahgnn udp
GB 172.217.169.46:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 19:00

Platform

android-x86-arm-20240514-en

Max time kernel

6s

Max time network

138s

Command Line

com.qihoo360.mobilesafe.news

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qihoo360.mobilesafe.news

getprop ro.build.version.emui

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 commercial.shouji.360.cn udp
US 1.1.1.1:53 sdk.look.360.cn udp
US 1.1.1.1:53 v.sj.360.cn udp
CN 180.163.237.166:80 commercial.shouji.360.cn tcp
CN 180.163.237.166:80 commercial.shouji.360.cn tcp
US 1.1.1.1:53 g.sdk.look.360.cn udp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
HK 101.198.192.67:80 g.sdk.look.360.cn tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 163.181.154.244:443 sf3-ttcdn-tos.pstatp.com tcp
CN 180.163.237.249:80 commercial.shouji.360.cn tcp
CN 180.163.237.249:80 commercial.shouji.360.cn tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

MD5 f4061881df4a152235fadb2b6d86138e
SHA1 f121c707f774caadf519d0ee8e70cabe4d235d33
SHA256 2454e42a39dd14e4fd0a3720139f8fbc4b2c51a2e385638f3c9b66cb06039ee1
SHA512 b898ce2bba82685358428c9240cc75f24ab000c4771bbbef1d19beb799ba351c466807800aa93ac741f4101c588a915bc9574f8cd94b5dda750f69a5469073a6

/data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-journal

MD5 6610c101fc96cba8df1313d8d5a215d9
SHA1 657b901b679f1be4a47bd82467f7b060bee35beb
SHA256 8e21b8aacc7c5cc525dc397214afafa95ede5ca6ead74ec8188d9cc300097a70
SHA512 5882b0cec427609800f9cbe3587ec70b22f0c8f38ae13b4c9ccd3da2205aa360205908380131f4ddb01e3db067ad0f5fc0a3462ac2ee874512f2e66b4fc3718e

/data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.qihoo360.mobilesafe.news/databases/bytedance_downloader.db-wal

MD5 4cf72fd1087a1db1d6fa4257cf2221e1
SHA1 0f1093ebed720e1d0701a5a2d068dcefc3cc7bc1
SHA256 6d07138c64a4cf9452190716a8af8c1b5645a95c5f16f19299c81295baab955c
SHA512 72940dc284ab1c9ad8e16f201c2d631dd800440abe5b357817497b49b328a66f9df440724bd637c5fe1ae1f0ea0c6caa2b555e5ac5c53e44f599dcfee21ba016

/data/data/com.qihoo360.mobilesafe.news/files/torch/core/finalcore.jar

MD5 688f586243bed0d1621b4a0bfb030664
SHA1 fa019a8988220b23398355a59ba205962d7fb5b7
SHA256 180ef79eae604bb46a1bef906a5da9cbc182f77840fdc7fec254a7a4b8e18c66
SHA512 05a17249cadf3b5df59fd328cd419a6e2607dddca5c22e1be1629e672ab28b0a4111ae291442d77b96806efc726a73af5d81145218dc8283bdefb67aaac26a5c

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:56

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:56

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:51

Platform

android-x64-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:51

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:54

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

142s

Command Line

com.qihoo360.mobilesafe.business

Signatures

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

com.qihoo360.mobilesafe.business

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:57

Platform

android-x86-arm-20240514-en

Max time network

154s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 18:59

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

170s

Command Line

com.qihoo360.mobilesafe.lockscreen

Signatures

N/A

Processes

com.qihoo360.mobilesafe.lockscreen

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-18 18:50

Reported

2024-05-18 19:00

Platform

android-x64-20240514-en

Max time kernel

4s

Max time network

153s

Command Line

com.qihoo360.mobilesafe.lssvc

Signatures

N/A

Processes

com.qihoo360.mobilesafe.lssvc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

N/A