Malware Analysis Report

2025-08-11 00:00

Sample ID 240518-xlm2vaad2v
Target 564c5ccc574df8b0295acbfada8fd6c1_JaffaCakes118
SHA256 ebcba4879f3e15cb5e70d29356489c735a1695afdfe839b1c145b7e20d955166
Tags
banker discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ebcba4879f3e15cb5e70d29356489c735a1695afdfe839b1c145b7e20d955166

Threat Level: Likely malicious

The file 564c5ccc574df8b0295acbfada8fd6c1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Checks if the internet connection is available

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 18:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 18:56

Reported

2024-05-18 19:01

Platform

android-x64-arm64-20240514-en

Max time kernel

48s

Max time network

163s

Command Line

com.orange.org_player_new_alone380457

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.orange.org_player_new_alone380457

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 cg.66rpg.com udp
US 163.181.154.244:80 cg.66rpg.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/game.oge

MD5 956ec93131c49c0e290c69d4506a16d4
SHA1 c43d44dc381dd253580d056814e2f40b6bc9825c
SHA256 35bb2b39c154a302f82745a7feeaf22ea6f1159aec160e078cf7dc15ea031327
SHA512 7b20568827e84db5f6a3aab6a7947b3d222c3b0405fdb6c5e578df838042821cdfc044863153dfb3766225c7ea90a7765d456488d4063bd92e6f15f6119ec59b

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 b8c750b9a61e9121630f3d79a37c492e
SHA1 355a5f36c67df3caae5b98e6349d774273add229
SHA256 9ad35e4c625dce7ef114a817d593cf5d7914b5c07cd41589ca555282b738e400
SHA512 cee330f05b7fd140a9954cef6fda2f7def0af80272027427362bc7e650184213c29aceb46aebe836050da87cda394227170fcf2ad34fa36161b2832dec021d1e

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 d710d1d5c3360dabdbf10310ae7f67d6
SHA1 5255a96e4df23d99e1110f19f3bc89392f09f66f
SHA256 4e596e1c353c0a4168ec5a393fd881e3b539b33d584adac18146c331b92db9a9
SHA512 3f0c67c8990b95655e1668974ac8958b75c18b6a4cc47751c5a2edeb21514f7caf865d5a08449897614e931f6585d5e33257a60ec57ca48058aab2db22d8b2a7

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 615b91c78615d93aa3dfd614a0cf6a2d
SHA1 2a448bf75c63f31357136d456f317ea13f3b2035
SHA256 c747a603ce6131c7fcb809f3ca504169286e7a917ef2d07a464e8aa8033cf091
SHA512 15ac77344b2fd7e8cdbe4114e0905b612f27b154dc2b480018f3d2332977e0b468331d7b97fb28ac5554641bcc15524b9e16f476384e918b0dc95821abe3aa27

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 1ff31a3edaf6bbb95433f7218fa97953
SHA1 73fe2f9d376542efe0166ff84fb453d8c7caf0b6
SHA256 8bf22d14d43d465a52bb868541f165ee9a80a131f330d276041c9732c42c1e3c
SHA512 f1d5e9ec2547393fb73e047c74951c7042ab376f8cf85b9bf07565976b399c60a33318ab0b8bcc86d30f968cb58f90c9bf867d6d7ba8c5435f55faecc304cd9f

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 bcac0872bfc2d799b16dfcafc77492c8
SHA1 e03eb45d067a3bf086f3c159002166d5b0be5265
SHA256 047a65ec8f12e81ff493ed4417add29afb9da95fa4eeee3b1a771beccdb1264a
SHA512 766ae94d28ab88233af9c8124c2adf5b7b670f86e1eef093a827e239ef8d97c07f672abd1f0059a0f6d6014c803724f885bfdb097ad43803d98895d5cfc5494d

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 1f6ac1e3658b7e3b7035b1fb199073ef
SHA1 ed56651681d6badf65425221df2ad925d6c077f7
SHA256 31415a4d4a1ec4ecf8d4e7b1d268c933457f13d3a9302544502c03b436109f51
SHA512 00df43a3d2965414fcd63c133fa8169560f950567234c7ec8615c53508d105dd94aa6f21e9c7887d5fe71b96230121a7eaec491ed56a6ed8d9084bb73912321f

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 e7f4b62a0bafcac1f050ae07fb8d21e5
SHA1 df8f7fca273814d80e3a93877df28b13cc41dc0b
SHA256 61a2cf4868ce6754eeee42670185c47f5626674057f797b0cecff0327e51fe90
SHA512 b0e40da116a32c2a1c72fba3968865ffd346db8cdc58dcab842d2fdbaf8f424d4997968ea1ac021e4307333f37c47a2e8effbbd9ff03ea9832564d61120e369b

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 20b7e23b13cdf9a2ccbec17e7429dad0
SHA1 a3f4c0042ac60984a9870621eafd63fd01718531
SHA256 d1610bdbd782c269160d29e47a93087ca12198db7332e933ef4ab516682f2f28
SHA512 7057e25b30c4753c5e47d505da861a853e382abe2d67190132c3f55d6fd794dae2fbb0242e1017a147035afe293e45b308e5231f4b46c60b0eaa479e26b8919d

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 310685143eb8ad4f015e19fc156bcb97
SHA1 9dbd7ca5f1eb255ab27c946c8459e2ffef675bc9
SHA256 653ad9e30584ff931d2f55dbe0ffcba1bba3ef57b373e9333131eb5828085dc0
SHA512 1bbe145f607df81e9da2bfc5c4b87d1d1a24346c0d8913c1f67b5a9b4eb7af953cbaeac8b24875c6ea0736b0f3c9c099326d8d45da858ee992e0a12406d09374

/data/user/0/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 28888f3f69239fd336c2836fa2a770c4
SHA1 21be6c8abfc0fbc5eab7f6cf7012a07a7027d44a
SHA256 a8527063d253b8538330fdd8fb8de6a4b6bead1e1386644a8e095d742652c4db
SHA512 c8b78b2138d3e612aeecbaf8928f38bd5717ec91143bdc9d820da8cb9ede61bcc0315ff4b91816fec9ac3d0d75c4fb44d4722793a4633ba14d052e69ffc69935

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/map.oge

MD5 27e95ae0541907cc987db613f2fdd8d3
SHA1 1bc75cc142532239afcba13642328839b1e2a6a8
SHA256 8cd83245bacf1fcdb548f3fb0c0f656d6c6d4875f14f67b666573248eb2dbb41
SHA512 c12312b74c743090e3bdc3747d5f7c25f179097b74365aac5fdf4cff789236077e5c7a25e3c4c9d392e264e36c65a846507c0fb6613dd8c614ecf928e63523c7

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/share_data.xml

MD5 3bc3042829b9c1e1586d660d9bebeef7
SHA1 d70a8c754036251a07dc9ee75ef4b4f6d693586e
SHA256 a0bb0696b507306dabd7c0c63795447fba6a32730285a098f02b2bd2bcda05d3
SHA512 cd17b0940a89422862905041b69a539a26f2d6b0aca1056bd1527c612fd91dc247603341c637c3eef1f6cf6f8ea2d761b0de61851604666e71dd2847e2ec7b99

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/game.in

MD5 bbe088397b3e5d746e62d05f283cd9b5
SHA1 cf935cc47ccbd41fc03900903209ca8c2c462381
SHA256 580323813e17f1052bc878c740b3e0e787269b13175a8993b50aeae94cddd44b
SHA512 c57b5467d0094e7a1df3b6b95a0dcfd7fe2b3a5b85032590d260ac8281acdd8ec19e4c8f27aac8485456f6f24834a8c159c2ba7616eefc9b1e8d4051baac9b1a

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/ot.in

MD5 6bc6b6a472c3c3c1fc086c992a4f04b1
SHA1 105e66fb4605abff79bc15171114de449ac8ac83
SHA256 f851a9ebcfca42f79e2967ec21e742baf3c2870f44e077a55d0edad0d74b39eb
SHA512 64bec8cb3c0c7bc91690fc6510fa4e424ffdfc8993d4f768729171fb6aade6e640ea6733f48b769874ca7d43c1f41322bb034a666a17c232872b9547f3e72c03

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/hotPath.png0

MD5 90e036a4670310dc000e6bf1c3d9afca
SHA1 697cc143757c72f5e8a3549c22f71f6735389e3c
SHA256 4d0b361545e51256213f62410343fac3baf458329b7f28bae77827d448176a39
SHA512 90ddf207f4480e075d17d9d0767903876e56f20f9872631a100b83a11de6d7c705d7b09d2f695df96614cb029311d6df39fc4ee11409e00504133260e75e50a2

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 18:56

Reported

2024-05-18 19:03

Platform

android-x86-arm-20240514-en

Max time kernel

151s

Max time network

162s

Command Line

com.orange.org_player_new_alone380457

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.orange.org_player_new_alone380457

getprop

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 cg.66rpg.com udp
GB 79.133.176.224:80 cg.66rpg.com tcp

Files

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/game.oge

MD5 956ec93131c49c0e290c69d4506a16d4
SHA1 c43d44dc381dd253580d056814e2f40b6bc9825c
SHA256 35bb2b39c154a302f82745a7feeaf22ea6f1159aec160e078cf7dc15ea031327
SHA512 7b20568827e84db5f6a3aab6a7947b3d222c3b0405fdb6c5e578df838042821cdfc044863153dfb3766225c7ea90a7765d456488d4063bd92e6f15f6119ec59b

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 996cc531bee9c79f44f3ac2a2289e511
SHA1 cc4672c9385876f10368dfcf213eab53b81d5890
SHA256 4d46a4e96c939a6a366e89b640a4b419c69063f288bdbfaeafe5e0565b5c9909
SHA512 bc7734a253a8972cbeb286d503f4d0cb99a3efd672f2532243b4399ca24414dc2689c6cd02a09b318e380a894f1918d4dda33171c7c65b83117460e6f63ea22f

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 0fcb31920c258bcb52a89d3acddf2d4a
SHA1 dd764d611e087ef4e43f0a5cd3f3be85e062eb17
SHA256 b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828
SHA512 009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 909229f535be0db7b214c7d16e39a564
SHA1 1a5fd5570ba0ee46bc0449b024290473e7b57944
SHA256 965acc5731e53af9ee20e4a82ca9b25099a886164b6d0cf50f4a3688a6ac6d7c
SHA512 29519c7a6d58e4cfca16a264af3bf9498adc7f0024449b7383c5e3f942f01d7f5cdc45acc05153032e6ef64486ef6a71ecfa66f5b2d46506d3f9c19d78b5d143

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 a19de20b727f3f1a26ced294d2631e06
SHA1 a62f6067e407457ce62f2158c43b6770cdb3e227
SHA256 df786f43c6954f466ac0f39222cf4caacd4a40fd42325f759cbd816cb724d163
SHA512 e8f7ef22743c60740bb532aa870dcdc67adfea2df891d8786d61198ffc255f840a96efee607387df5bd622274601a832982ae4c3d4049618754c4002374d2ccd

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 992730794d4f80d8e54b11e36c212a01
SHA1 c146417e678b7c5a900918c0d4fd0f6f03bebf3a
SHA256 890081914552761e9846e07b88bfbba3184947764b6e03b9b0783646b9140e3b
SHA512 ea166894d724e1244c6775291e1622d5d12528f14ce3b470bd267c08eb0ad1a93f73dad20c2f3a53fb115640ba8b3cb2e470aee9faf08aa879d33234c69cb1db

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 62626ba07b50e245c3ca4ffe1a0a9056
SHA1 5522b8b04542b6551cb873ee4431c569e9192d65
SHA256 1931ab6314ded9c7fc5fbe8dc3e664286df94753222556137fbae9150a57d56a
SHA512 293fbd428dbd177a351ed24065393aa929cbfcb610c5e04091572205bd494c81805890be2189709963185ada243bdcaab665442090c2038aa7f1ecbdebfb93ad

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 783d4158291f5fc9d7580b7d3939fe9c
SHA1 2f3088b940871ea793a430e12ac83842b263629b
SHA256 f2c2b2d57f9c1ee7fc95cefb784f35c977db543b9200cc4096e12660db5fd49e
SHA512 c3e6c850ce2a820d1f153bff3bd9481e2bcf2501046ba551baf3843fee4fd554f070c3989a2e9a38ead6855b33d40908b8e141d7b0a65bb5d9681c73025f30dd

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 4a56597d0dd62c71238bffa21445caf0
SHA1 76d636ad646e0c49b5bd08fba6a7eea6d223625b
SHA256 dab343332f1da6868de4b3f8693ba746237c323b03314f7777319cd0afb9ccf4
SHA512 38c2166471ba169a05a85c95f52576f0c850f2dd5fde50ae5432484fc0254e1294ac133be03de5aa60c0f8f152ce5919ea4d3e54cf8f63294c0df418945f2341

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 f1a22e793bb479ee61c0062d039f1e3e
SHA1 e31914e02aa4fd3726cabde892bc3748823f02fc
SHA256 a238f49f32e1634d41e37ebc28f47b393917d2d601ad9abcd32a7e7777db0c5d
SHA512 b3b76bd7b14d537647c4027f7da9ef8017c4d4672225b25d43e43e4f908a622b567d45ec91a0e6e43266a351956a245af33f588d094c3f0298f9b00e8cdcd8df

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 7da3b9553759a5712f4599585a2abffb
SHA1 50e4d6f7593f537b1ec9730cb4c63b3ae9c7ea73
SHA256 f5f510bffe52b1eb128e39dc979609d9e5029a9d276e08b500c2b4625a7441c8
SHA512 a4f79aa581622521191480cfcfaf4582e11934c28f7a251c5f26a5475e5466fdd32d16b8e48f69f3b3a2ce52fb73773b16bb225ab346683eabafe5b99d10d3fc

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 64b3a0b968f5378fe3ede4eeca1aee3d
SHA1 ec6572fc8ccf28f317ffd2f99e9626623d4dde51
SHA256 83e47bc8ff4527cb36d5d5120790135396221317b8f35f57b6150bca563d7d99
SHA512 d6457c270518657843f711a24a8cefab30bebfdf460a8a051dcff5cf420e8f0ca53bd98b3aac8f4a2e131764aa101cf0f8404cbcb2ccca0db5e978503c3a48d1

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/map.oge

MD5 27e95ae0541907cc987db613f2fdd8d3
SHA1 1bc75cc142532239afcba13642328839b1e2a6a8
SHA256 8cd83245bacf1fcdb548f3fb0c0f656d6c6d4875f14f67b666573248eb2dbb41
SHA512 c12312b74c743090e3bdc3747d5f7c25f179097b74365aac5fdf4cff789236077e5c7a25e3c4c9d392e264e36c65a846507c0fb6613dd8c614ecf928e63523c7

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/share_data.xml

MD5 3bc3042829b9c1e1586d660d9bebeef7
SHA1 d70a8c754036251a07dc9ee75ef4b4f6d693586e
SHA256 a0bb0696b507306dabd7c0c63795447fba6a32730285a098f02b2bd2bcda05d3
SHA512 cd17b0940a89422862905041b69a539a26f2d6b0aca1056bd1527c612fd91dc247603341c637c3eef1f6cf6f8ea2d761b0de61851604666e71dd2847e2ec7b99

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/game.in

MD5 bbe088397b3e5d746e62d05f283cd9b5
SHA1 cf935cc47ccbd41fc03900903209ca8c2c462381
SHA256 580323813e17f1052bc878c740b3e0e787269b13175a8993b50aeae94cddd44b
SHA512 c57b5467d0094e7a1df3b6b95a0dcfd7fe2b3a5b85032590d260ac8281acdd8ec19e4c8f27aac8485456f6f24834a8c159c2ba7616eefc9b1e8d4051baac9b1a

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/ot.in

MD5 6bc6b6a472c3c3c1fc086c992a4f04b1
SHA1 105e66fb4605abff79bc15171114de449ac8ac83
SHA256 f851a9ebcfca42f79e2967ec21e742baf3c2870f44e077a55d0edad0d74b39eb
SHA512 64bec8cb3c0c7bc91690fc6510fa4e424ffdfc8993d4f768729171fb6aade6e640ea6733f48b769874ca7d43c1f41322bb034a666a17c232872b9547f3e72c03

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-wal

MD5 97c623247017e0562525e83d9a38431a
SHA1 7481010df7a77b9015bc85ccad2e170635ca795c
SHA256 99857c0883ba4c05c2320efaed21961537ec974c4ea94231e3780a3799af108a
SHA512 2a1a2d877284a37250e563f75b49185f2cb7b636f4c6b9656f2061a594f61cde8826422e479e46c4d412aed6fa20fc948a18f1ad0ab0d3ac46855ac5100423ff

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 bf0d7a7d73cb67bef0ccaca21708a4f7
SHA1 96ca33096118d17f1c6463c91a1ab404f760265a
SHA256 aa87b26ce99353fe356419d01470a525d070548a16022033e21d4b1e88faa0ed
SHA512 3f2a2293f5f395d72230d4bd629702436835ba4e554b1c085bd5671f2286b9dcd1843c9387f5ca49a05ce73356cb0eb9e68f6ce0e7e93313d9081024b7383e9b

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/hotPath.png0

MD5 b82787b819091b10dab194c7aea1f847
SHA1 a129cbc3b5f8673def47d904e905edd6edb23429
SHA256 c6e907bd5fcbbbe975744b7e42313a684573fc8ac6dad7cced957ca75e630e62
SHA512 6e588a7c0f7b116d98baa332e6f4523c8b2de064e5098c5de6f07b5b4e09bc15486d755477a22b0c9896be0d7b5baa5bee30cfe2633ff22cfbd7fc34def80b32

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 18:56

Reported

2024-05-18 19:01

Platform

android-x64-20240514-en

Max time kernel

162s

Max time network

170s

Command Line

com.orange.org_player_new_alone380457

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.orange.org_player_new_alone380457

Network

Country Destination Domain Proto
GB 216.58.213.10:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.213.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 cg.66rpg.com udp
GB 79.133.176.225:80 cg.66rpg.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp

Files

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/game.oge

MD5 956ec93131c49c0e290c69d4506a16d4
SHA1 c43d44dc381dd253580d056814e2f40b6bc9825c
SHA256 35bb2b39c154a302f82745a7feeaf22ea6f1159aec160e078cf7dc15ea031327
SHA512 7b20568827e84db5f6a3aab6a7947b3d222c3b0405fdb6c5e578df838042821cdfc044863153dfb3766225c7ea90a7765d456488d4063bd92e6f15f6119ec59b

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 b5138ec0385ff9d6f97c03464895eac2
SHA1 0a94d7eb029764cc5d402436c04c0b68e277c316
SHA256 cc46bb33d32098dbf246b185c4ca0b7104e8bfdd02979bc181ac99c5f192b732
SHA512 e4f9bde530d5c46f1f641d566dc6686bee394f36ce619fa91b4144bc9163888b79ea3ea513db55bb42fc26f3046569adacda03c0ba0367bd3c48c6f4de6de074

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 f63801a7c15aefc466a9f9f60f6f37dd
SHA1 80ef2791b0ec8fbebfa3b851eb958ed5433e2529
SHA256 65ca5a0cf65f0510e225ca2057765d724590c98759ccfb0991c22945eccdc626
SHA512 39ba7e38bc56f595f66d40f8bcc6bbcb65ec779b143cf838c3a4c0de88a6592f1d97580716ca2b766a531bce2ecfe4c8c65accdaf9149ffd6ffa04fa6a8f30ad

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 68a3ccc18d32588cfecb13260de7a514
SHA1 8c23e57c36c3306d39be6f72728ae84434f6cb70
SHA256 4102fda47949fa9db5beae0a5b3ac10725ef7515076c80d7bd7d5f7850908c87
SHA512 72e2f5b12cc0cef60eb931f41da0b6ffc4320760fb017650a461f269c18b1a650cf9b84acc1a4a746651fb1c9a3aec079d923f7be48e4516ab01001d03733eec

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 5a0239f929a5fd179d6e09a9088d7e6c
SHA1 dd3d1e938ed6b24e3c2a51b976827215dbcf1260
SHA256 3bd1b8f5977b774f5f0fa8d7035fa6fd1cb93bd4cbe68793ae9c7487a87fc50d
SHA512 097e60ec31023ce1efab00e18cc15795e27a96e7a7862cbbdd305fc8eb89d47367e223ca83b1c6c0a43b1f659825a4bc200a6cbe98ec63cd1b70704c73066f4b

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 fc670244847d709f1d00242abfcf075d
SHA1 2efd1e78b71b7df32c68f6ec2069b62bd1a1449e
SHA256 a8d30a0b4c8e8e4e0be7a522a58bc837a267c9bccc0f584b144bfd79c88a0576
SHA512 d0bb9027db8bd8b9d79de1449689041746f2ff7241b549ca4dea5beb3eb89a91aa7598bdca4dfa2db4357bdcb6e2b4c8953f6c77dbb673af317d2baff0eef312

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 af57a760d75a8749759eacf0d7a2724a
SHA1 5e118b7edf1eea965428a9d4869e2cb0a2d3b35c
SHA256 2886e7380ddb42ce0dc72280dd08a131c0d34f08c442b458f4ce485fa9baca9b
SHA512 6f4b2b4fdda7ed862d0cefd191837157502f3bde082170488507204574da0eb1a0b99d3e5408e87187f7971b6f1bc6257baa18f0d8f06c89305bd0afd82c74c0

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db-journal

MD5 cd3f579acea955ea7ade44e85848e9fe
SHA1 8bfbecb53171461e84da3bf5013f482aaf2d22ec
SHA256 6aef9cc6ea0bd1388f51c5cfd4edfef96731e87c614d62fd8044f65161573f98
SHA512 ea0759ee083ae59ef513ba19afc48828150c296075b9f203e4867055c348d6bc8fc1a1f41dc07ac74c5b3b3bf58bea02e76a461ba8d0f2c2123e56776a9f7296

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 9cf6e056201d97615784eb9f3a7e797d
SHA1 fb796293419c77637fa63953bb441e627b0436e1
SHA256 765eb1201d8223a452362d8d12c257e5bf292a48dd5777685841601cad634bce
SHA512 1ff4e61f0a052608e4a144e125d8f3bd0c5d981ecf575ef20141846b965f0a056687c8cdf6767bca87b50f169d7f97de16beca999c015b154663f943926efae3

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 50c665ea46e38f8cf981943424c8adb6
SHA1 36fa121b28b44451d0e7ee38b83f42c33d944ce4
SHA256 16676b02221e38d1c74052db8449986d6ef391cdbcb378fb0ad5b357a17f39d5
SHA512 3467a0416cb8e0d40d76020faea89f17b558252b89851bd783751628858beced492bc44456235ea66f83ebfbc96ae3e77ed6c937b5818105788eb7d3d404ffd6

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 7e6f5b254a7a1a7f9ee77649ad625c05
SHA1 52609b02f31aaad69022ebe4b58a4e7aaf270af0
SHA256 801c511c22c787ac9d934c44d1c6b7145681f29cbd83aedf9194c2455da05210
SHA512 3d9fad3fbbb45209d965e4a14dc23111ca97a679f9e39479c82a0455626f07b610cfcc599cac48d77f1825b80a3c936d61833f28abba3895c153b8e42a41696c

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 ba8c1229e38b0a68c0a005beb391d434
SHA1 5fc3e0d51aca673e516981c4aa9f768531fd037e
SHA256 e0ae9f090519424db26b9c0b30b5ae6d2fb3945d236c22e8ab4378b9414af15f
SHA512 25c90fdb3a63ba6918ee8dbca8f36c565e26756d4d048e1ec583e4eec9dbe01a9c116b7d79ed0a46170203e54102269fecce7a94a3d0c88ba58a90ac70b7eec8

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/map.oge

MD5 27e95ae0541907cc987db613f2fdd8d3
SHA1 1bc75cc142532239afcba13642328839b1e2a6a8
SHA256 8cd83245bacf1fcdb548f3fb0c0f656d6c6d4875f14f67b666573248eb2dbb41
SHA512 c12312b74c743090e3bdc3747d5f7c25f179097b74365aac5fdf4cff789236077e5c7a25e3c4c9d392e264e36c65a846507c0fb6613dd8c614ecf928e63523c7

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/share_data.xml

MD5 3bc3042829b9c1e1586d660d9bebeef7
SHA1 d70a8c754036251a07dc9ee75ef4b4f6d693586e
SHA256 a0bb0696b507306dabd7c0c63795447fba6a32730285a098f02b2bd2bcda05d3
SHA512 cd17b0940a89422862905041b69a539a26f2d6b0aca1056bd1527c612fd91dc247603341c637c3eef1f6cf6f8ea2d761b0de61851604666e71dd2847e2ec7b99

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/game.in

MD5 bbe088397b3e5d746e62d05f283cd9b5
SHA1 cf935cc47ccbd41fc03900903209ca8c2c462381
SHA256 580323813e17f1052bc878c740b3e0e787269b13175a8993b50aeae94cddd44b
SHA512 c57b5467d0094e7a1df3b6b95a0dcfd7fe2b3a5b85032590d260ac8281acdd8ec19e4c8f27aac8485456f6f24834a8c159c2ba7616eefc9b1e8d4051baac9b1a

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/update/380457/ot.in

MD5 6bc6b6a472c3c3c1fc086c992a4f04b1
SHA1 105e66fb4605abff79bc15171114de449ac8ac83
SHA256 f851a9ebcfca42f79e2967ec21e742baf3c2870f44e077a55d0edad0d74b39eb
SHA512 64bec8cb3c0c7bc91690fc6510fa4e424ffdfc8993d4f768729171fb6aade6e640ea6733f48b769874ca7d43c1f41322bb034a666a17c232872b9547f3e72c03

/data/data/com.orange.org_player_new_alone380457/files/TDtcagent.db

MD5 ca74a9f0fea70f335e0a9d3a14be11ea
SHA1 9db19911a64eb4b1cfbd2c1b56b4bf29d572bba7
SHA256 b82ac35377acb3fbb02bb0135857ba313a3797ff3c2b468f0eba65d65bde37ac
SHA512 4c40874df0626842917cfb034d80fcecf0090f77e0786602058ffaadadc81388503129996c92757439824736585d4367266e10937d5cd19cff6735ffdf215855

/storage/emulated/0/AvgOrangeNewAloneFlower/380457/hotPath.png0

MD5 90e036a4670310dc000e6bf1c3d9afca
SHA1 697cc143757c72f5e8a3549c22f71f6735389e3c
SHA256 4d0b361545e51256213f62410343fac3baf458329b7f28bae77827d448176a39
SHA512 90ddf207f4480e075d17d9d0767903876e56f20f9872631a100b83a11de6d7c705d7b09d2f695df96614cb029311d6df39fc4ee11409e00504133260e75e50a2