Analysis Overview
SHA256
36050438869a840764b4dde7481bdd75899763ee2e5aef89b29bcabf115e2fe0
Threat Level: Likely malicious
The file 63d1c4eed6af4f5df798744775aea2ab_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Removes its main activity from the application launcher
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Queries account information for other applications stored on the device
Loads dropped Dex/Jar
Reads information about phone network operator.
Checks if the internet connection is available
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 15:39
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 15:39
Reported
2024-05-21 15:42
Platform
android-x86-arm-20240514-en
Max time kernel
178s
Max time network
185s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.ajdr.epbs.blkv
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.ajdr.epbs.blkv/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&
com.ajdr.epbs.blkv:daemon
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | api.ehtbr.com | udp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | api.adcmsware.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
Files
/data/data/com.ajdr.epbs.blkv/app_mjf/tdz.jar
| MD5 | fc1eb8c18ddc0f8727b5fb5eba8ca870 |
| SHA1 | af6d64fe2432bece4c523066a57f35be8f175a48 |
| SHA256 | 7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9 |
| SHA512 | 25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66 |
/data/data/com.ajdr.epbs.blkv/app_mjf/ddz.jar
| MD5 | 7f1e0fe2e6a0618b6c84d48ea0586b6d |
| SHA1 | dea54fa91f9f431b85e8c4048244a1c3c4b16665 |
| SHA256 | 4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e |
| SHA512 | 7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6 |
/data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar
| MD5 | 789a4162427149dd5e519f917ead0e29 |
| SHA1 | d2bd738c28ec21c0441c6daaefc206a6a76f8e1c |
| SHA256 | 830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0 |
| SHA512 | b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37 |
/data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar
| MD5 | eb4b1f8a3354e8b5c30a253c771196ab |
| SHA1 | 5c721a6d50b607c91d6b900b4a21a09680f6149e |
| SHA256 | dee0215de8f0bf8acfc41aa199e605f30178a969cb5821a977e865b69773b3e2 |
| SHA512 | a7ce9f9612de9c987392c28f2ded37dbe991f3b61022ac5ad797230c294606a69030182a62df3f8ce98ee50b42a4a38eda9bc297332cc4b46b3f478cae6fe1b6 |
/data/data/com.ajdr.epbs.blkv/files/umeng_it.cache
| MD5 | 9ac8b3533ba1a6e96e0e7313765c0a6e |
| SHA1 | af94e33a5ea4974abdae020045523c6eaa5522d0 |
| SHA256 | 650c05ae0f32d2da4e7e6f0f86e24c014abaf4b8271d3f54785e389e1b47cc5c |
| SHA512 | fd2304fed0503786c04b8dd9f4e668a04e5bbbaba244907876937158f6bc551f5f2955e1099ff0935ec0f836814ceb9ef4a21850b8a7bfc14220fbf826455114 |
/data/data/com.ajdr.epbs.blkv/files/.umeng/exchangeIdentity.json
| MD5 | 756938aa1719e69dd20100c610039674 |
| SHA1 | b2f5fc060ae62f898517f10900c4b498889c5b11 |
| SHA256 | 3ea71ab66648357e66d1bccbf3a63abeedcb22dc967fc8320312c81b73febc2a |
| SHA512 | 3dc81f7fb4eba34f2117792f74399f993a7961b0ff60c77ef0996d3f17b552dc472db18caf53a04bab4b38670e33a031056f72baa2227bd4cffe9d40b016d5ea |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | e090c7b5ce3f0c6d0c1131e1a8b9fc31 |
| SHA1 | 9c0979416891476e94574180420dd0672c59dc9c |
| SHA256 | c08dd22a12665f0a37084df0482769b89931d0c3de50d8e498391b957d374575 |
| SHA512 | 9fe77e8cbf545b2091314ee7fe499e4faa5e4a38380ff56814e82f514fa585722ebb73aa6484fbe6e2537a21bfb223eb1206e5e7a0234416964ee32ab0064a19 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-wal
| MD5 | 5a38a96434780f67bc56d84f6a3ca9d0 |
| SHA1 | 36510b28b88925f16a6070809b4a0684c8a534d7 |
| SHA256 | c535487705334a4ecd4056c540a01e26387e6f83b0d016256f4450e5c6831729 |
| SHA512 | 0ce7dceb4837ec4f690ea102a0132d6ce90f8d2f670f584ac816c4f1dfcee81871ca0f55608d38e2ffc7095ea73d659136b4662ecedc40a43f9e12cab65b087c |
/data/data/com.ajdr.epbs.blkv/files/.um/um_cache_1716306049748.env
| MD5 | 8971aafff56d5aac5cf9518ad7e89623 |
| SHA1 | 4da6a8f8150ca0bedd64b292ed0de085dbbc7d78 |
| SHA256 | a175d9d3637925ec02a8b916da854d579b427fc7aea19477c7d0d397bfa3b7b4 |
| SHA512 | 801627a8b2b9fd70d97ace7d78ee2fde29f41b2db8be4f4cb391a90500e8af00403f3fed82ef10b51589827a0b1617776eb2e0ca96fff8a66d7203ef13483235 |
/data/data/com.ajdr.epbs.blkv/files/mobclick_agent_cached_com.ajdr.epbs.blkv1
| MD5 | e6275be716c38918bcdf97a0b4e94f59 |
| SHA1 | ad36786714af4cf2d9ffc2df81c35fcaba14c485 |
| SHA256 | 52a67571de2a6b2bea346cd85b8875ac79b60d9b9c4bd3a71dada860e5aa5796 |
| SHA512 | 1d65663ff76cf29a719d53ad6fa21cef34e5e85114d62eb2aaccacc6a07af03cf1bc7bc6dd9e4756a600ef89c8f178bff939b7a8c90e380d28a807d9f0351a9a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 15:39
Reported
2024-05-21 15:42
Platform
android-x64-20240514-en
Max time kernel
178s
Max time network
186s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Processes
com.ajdr.epbs.blkv
com.ajdr.epbs.blkv:daemon
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | api.ehtbr.com | udp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | api.adcmsware.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 59.82.120.37:80 | ip.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.122.165:80 | ip.taobao.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 59.82.122.165:80 | ip.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
Files
/data/data/com.ajdr.epbs.blkv/app_mjf/tdz.jar
| MD5 | fc1eb8c18ddc0f8727b5fb5eba8ca870 |
| SHA1 | af6d64fe2432bece4c523066a57f35be8f175a48 |
| SHA256 | 7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9 |
| SHA512 | 25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66 |
/data/data/com.ajdr.epbs.blkv/app_mjf/ddz.jar
| MD5 | 7f1e0fe2e6a0618b6c84d48ea0586b6d |
| SHA1 | dea54fa91f9f431b85e8c4048244a1c3c4b16665 |
| SHA256 | 4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e |
| SHA512 | 7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6 |
/data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar
| MD5 | 789a4162427149dd5e519f917ead0e29 |
| SHA1 | d2bd738c28ec21c0441c6daaefc206a6a76f8e1c |
| SHA256 | 830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0 |
| SHA512 | b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37 |
/data/data/com.ajdr.epbs.blkv/files/umeng_it.cache
| MD5 | 3044c962eaffa1c4a834bf3cbe4b9e72 |
| SHA1 | 417211c63790c4ce7d01cf0be4a81ae90a2ef923 |
| SHA256 | f4feb243177a178ff6c2f35477e14bfa40b1a45a02731418df919c212ebef8e4 |
| SHA512 | 99fdda474f885dea2861551a1abcf210c4e326d8a9f23c5e6d5a8d265a5bfa65d99294b0efcf5ad20494648041d041665da3708237debc6977e1231e22a77072 |
/data/data/com.ajdr.epbs.blkv/files/.umeng/exchangeIdentity.json
| MD5 | cef6174c614493465567b75274419dfa |
| SHA1 | 9f09a526b694547bb7a7baae05156aa83f12d5fd |
| SHA256 | e3c436320ff42adffe9616dd5e65caa75afbba5469b351ceb9baaec1f99fca8d |
| SHA512 | 690eb1cd445504d1b289a3b6e61d46606921237d313563f9fe6258075afddd63577ac598bfec9482bf2e1bc01a6ec96129b94bb070827df129eec6d7f8f223e8 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 258711f1e04aa0d1f1a7d1922b47d093 |
| SHA1 | 80ab4a3d4bccd3663555a667164b76910e441efd |
| SHA256 | d054a1e9d870da7b539ec960f6262752aede2c244332056739d9ba0f6ac18646 |
| SHA512 | ee4b6a157942e7dc3e9bec512abc61ca46a7aeb39eafea0a5602c290cc336e919edc66c86d45184e1a83decf8777cace17e808fa3961d4f2c99062d461120114 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd
| MD5 | dae68dcffc3d522a79f98ebbc3b6d457 |
| SHA1 | 6df5dce9a50f12044a2d20b8d1742ae47b82ee03 |
| SHA256 | 56cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286 |
| SHA512 | 23b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | fda96b14443112f71c56a16b84f65963 |
| SHA1 | e33b51445822e37178def8f071a10a7805be36c7 |
| SHA256 | a3fa527403bc930e650227f68b6baaa2a2dc1393c2b8380a54fc89368a86d7ce |
| SHA512 | ff1b57dae18e2526c3704f8bec63aec43a210342bb44f3f07abf337bbe10faad89acb6395917fe16d781ccee13f0eca308ba203e7cdabb3ec8757e18eaeba0bd |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 98330c87da6e4ee0f491d1bebac638c1 |
| SHA1 | 926b050c93f0132d0661efd3ceeb76f75e63aa74 |
| SHA256 | 8158e92a9473c8215201bc7925863452f8ba6695b4dd350d405bfce7b3cc2d66 |
| SHA512 | d0f5bba2878f7823b36eff24a7c916f953fb86d8da40ac714edad7e684546eded757e1640663c34f6a1d9e19e02f01df65ad3c93dd593da984b49363e8575f26 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 8544f140f926af1e8e3bc70bc5b976f7 |
| SHA1 | c01786455fa4eeef0d55690acf7dc145df73fcfb |
| SHA256 | b03142d589c5c412bb5637c8ab9423a24134ae640aec48e23d584298279fa94b |
| SHA512 | a0f2a8a971782b2b3d20e8839c71fbfe36d078ef22c2b2dc9b43d32ab91bdab33f23749cdb326cc0f5a69d1f4bca99cbad341f9b00d29d23df08888c3f6ae610 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 3472470eda5a49eecb326417d4db9ea2 |
| SHA1 | df12f425d3e87e62ffb931614b270e5b0626e094 |
| SHA256 | 4cd6e516767d7c7b961f2fd8115c19dd2825a06da968dfb5535c46ca7b722821 |
| SHA512 | 540c4303024e432ecf68456cf183c649fcbebd89efaa019c4721da471309d03a5df0bfb95dcb5709d570b42800190183bf6c93fef3624d43e81dea49fb9fe7c4 |
/data/data/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | a9da4fff2c51565b9f40f11a3c525299 |
| SHA1 | e58a05d114b8419e4c7e97b32f23f285400fa455 |
| SHA256 | c8fc7cc0024d5546f52c37a8f0a7bff66d515d4c788cef6a8a5d59c71a210dcf |
| SHA512 | e30dbce184137895484015191a82084555fb2b640abeda951ad99854412a60a562fc8fa38dd845d5ccd8674a48911f0e233b5efc96e1f3aec92225a6c367bc62 |
/data/data/com.ajdr.epbs.blkv/files/.um/um_cache_1716306048952.env
| MD5 | 2855383bc2a9dc3b1309e3c5cf689dbb |
| SHA1 | 2f88204dc213224fd15c77a5e309864471a239f9 |
| SHA256 | 45b1103b9f473676b91447eb6e148fea23baa1e3fdf575701838ddf0b0a007e8 |
| SHA512 | f359abbe81dd90c726326a418939ceb9cbf5255f9ea5768df3004f1655f481d174e966d778ff45304f3f798e9fa5fef37a762dad5a5422fcce479c8d65b1436e |
/data/data/com.ajdr.epbs.blkv/app_mjf/oat/dz.jar.cur.prof
| MD5 | dd700f22a556fcad635f2dbcd470244a |
| SHA1 | ccef6021225a1e037cf4a402384ae62e3f936a71 |
| SHA256 | cdb870b3b79e1f5490341cfbc0a1b2cc4abf4c88e53b5597161c04aa92d2901b |
| SHA512 | 41984f251c0167335c1cb34ec2b51ff7f253abd9ee9516ebd6a247856895a40d77ef6c302107374892ab6bee18d559d92b77c7a0768031e793ff51cba887e276 |
/data/data/com.ajdr.epbs.blkv/files/mobclick_agent_cached_com.ajdr.epbs.blkv1
| MD5 | a419ab2975383326ff129303d2e8113b |
| SHA1 | 973fc7fca085188698bfeb059b4ce6ae7e3bebb3 |
| SHA256 | 0211ee66a4c8d9bc5ca731b1ef5dd2a53845acc1341f3ce55d795df09961d113 |
| SHA512 | a88782c06d98fcf0726eb6e45a1cf05867f2cb39ac48d412902872b5027e384dd846944455037c97726a773bfa673377dd0973c75a9cfc5ab0eb337f967646c7 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-21 15:39
Reported
2024-05-21 15:42
Platform
android-x64-arm64-20240514-en
Max time kernel
179s
Max time network
186s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
| N/A | /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar | N/A | N/A |
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.ajdr.epbs.blkv
com.ajdr.epbs.blkv:daemon
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | api.ehtbr.com | udp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | api.adcmsware.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 59.82.122.172:80 | ip.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.121.73:80 | ip.taobao.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.122.130:80 | ip.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
Files
/data/user/0/com.ajdr.epbs.blkv/app_mjf/tdz.jar
| MD5 | fc1eb8c18ddc0f8727b5fb5eba8ca870 |
| SHA1 | af6d64fe2432bece4c523066a57f35be8f175a48 |
| SHA256 | 7f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9 |
| SHA512 | 25e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66 |
/data/user/0/com.ajdr.epbs.blkv/app_mjf/ddz.jar
| MD5 | 7f1e0fe2e6a0618b6c84d48ea0586b6d |
| SHA1 | dea54fa91f9f431b85e8c4048244a1c3c4b16665 |
| SHA256 | 4225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e |
| SHA512 | 7a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6 |
/data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar
| MD5 | 789a4162427149dd5e519f917ead0e29 |
| SHA1 | d2bd738c28ec21c0441c6daaefc206a6a76f8e1c |
| SHA256 | 830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0 |
| SHA512 | b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37 |
/data/user/0/com.ajdr.epbs.blkv/files/umeng_it.cache
| MD5 | dcb142ef548e0796df79824aded8a975 |
| SHA1 | 370fb04b798bc8a8bffeffc3eff036e209b90094 |
| SHA256 | cb1fab4bb9086b6a971d8a021c678c21da083c88273cfa447497d99c42a488d3 |
| SHA512 | b87f4a9d553584318883fee67e0664656bc7145983966772d7772e810578c9a89a9cd3255f97ab2b6fd9a5ce58f75dbf61c7cef1314f0ae4bc89263bc39da770 |
/data/user/0/com.ajdr.epbs.blkv/files/.umeng/exchangeIdentity.json
| MD5 | 6d6546403fc5449ef45869cf6458d5c7 |
| SHA1 | 3bd2e4fc276395914f3a147f6c80fa5273cdc583 |
| SHA256 | 283dd6783117a49e5ba985ee5c0a16313d83921aabc4b01f94625d9408a700c4 |
| SHA512 | 27f9ca91e8310afc1117e284246b8f48b672cc6203ad0e1c5f1e104749a0e6e1978afae48724eca5bd12c12ca67ea8a90abe5121c15d577fa7954789b5adf4ac |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 89b379d5f2cc361033087d1e2ad84412 |
| SHA1 | 7bb40da181a5652610eef3a184da887c8f5d8b13 |
| SHA256 | e26cc73e13dc5e35a8b3ce60327aca3cd23c6d88e970f6504eec84c25ec96c7a |
| SHA512 | 1f8a74ce4cf54b8644b5e906511cade8ba1ee3cff0da2420b480a01a21284046e7730385e0f809307b85e3b8807d33466c6f175a788bbf5cc5ec418631785315 |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd
| MD5 | fdb8a92e5060ce104e8f0faca55a47ce |
| SHA1 | 270d7ca30673e18cec1d2b9add71cba96dc426fe |
| SHA256 | 194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a |
| SHA512 | ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122 |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | bc403342642a90eefa1198445610bb97 |
| SHA1 | 69453877fbc0ab8a95e8afb843157eb9bf7b9ac0 |
| SHA256 | e65ded252c8b1012e8657f10639b45e677d20554cef57075e98b7d4313030ee0 |
| SHA512 | 5cd08bf658f5400d3dd84ae7ed04f0a32ee9f51e1cc3e70d69d29b1e4f8fe62800b3150d5412f7da555ca3c861e1e5caf7c9748b09a06c70350cc8aad5323f05 |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 2f7a7cefbf97d8850578d230b199baf8 |
| SHA1 | 60e848cc22d6ef19ac1ed907ee0eefc061021fd4 |
| SHA256 | e9af16443f9ae6273584d94e4d36dbbd9566afd0e5b081512340aecfcf8edbfe |
| SHA512 | d10a1cda2b531328bcf03e73fb3110fbace8ba982bd18082a62be4b7e12751c4abbb361faba15e274a7cb9ccf586a3b06fb68ad833d00b3e3f28210867be2247 |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 8cde7cb4da8c6102fc98e911096a7d49 |
| SHA1 | 2ec97981ba66dc0bceb89eab20e9a1c7c7c23a70 |
| SHA256 | a2911ac5a505ecd0f755194d3fbc9eed5333ee73bd048db8bda5fef3fb1ea0a7 |
| SHA512 | f2f3a113150684b68f8ca93069cf6cef5e5da6dd9ac10eb90166604ae353bdb7596436cb2f9c80f15c5a16b0e04cf1720e1aab49ee6d576ae1584ed42360e9ff |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | 6166430df16a421a11f4f89bf11d07fe |
| SHA1 | ce42eb457824bfa7ef6fdfa6292816732b69ce59 |
| SHA256 | 09edc1e7c20861548883d685e90b5e931b74fa33f7c6b628f3b0eb072ad6c35e |
| SHA512 | 41b6632236406bee48e5ed5786503b9c8904749b5ec65ce6538889653df2d84624ec66c56609629b821d6652c686cdd123b319141222becad60c9a3ce18cc847 |
/data/user/0/com.ajdr.epbs.blkv/databases/lezzd-journal
| MD5 | a1fe688f106ebc0939ad06676e27c7a1 |
| SHA1 | ed15bc4fafe004a78489c93b51ee16a4517bbe7d |
| SHA256 | de27c59b65d3f6e0702e20056252a03fe3a96a91bad5cc5f30223195b1ce595d |
| SHA512 | 0cca63b000d1c2ecdefabdc0a62e41c54db2b4e03dceddfee081492190d5acfa63c6abf3cc68dbefd3499f77cacf233ac46eb62b3a163d9339e2a31fb3fd9a16 |
/data/user/0/com.ajdr.epbs.blkv/files/.um/um_cache_1716306050005.env
| MD5 | ce11c68a19f9a9a5ca4d24c24c3f6889 |
| SHA1 | d8589f6efa12eea92bd62885e0376314c6e1e0e5 |
| SHA256 | 960074185ad414841d0233d2a8dd651a6e563c2d89b3e4dc3ee1469172b7f369 |
| SHA512 | 0e5e0b896ff7376cf2b32cce1930554c01e3428fa4f740fdd23e0e6a095c8fd7d1b4070bfa9a97d466b7e84a8fe3d8c1fcf49107cac936802f6bbb901a0713e7 |
/data/user/0/com.ajdr.epbs.blkv/files/mobclick_agent_cached_com.ajdr.epbs.blkv1
| MD5 | 28bf0e9062cc77d0dd65cfb271d5f19d |
| SHA1 | 11a8860041c92dc96c3d42109ac71b21d027e6f8 |
| SHA256 | 52e8f89f288d9167cfaf6c3f1a1dd9f7704946e42857535dc9ec9d88463c1525 |
| SHA512 | d8e1660f93830b918abb931ab0f3c9cc692ad9aa6e06ac7882c016368e6799a1275bae69b0d0594ff7d1cdce81c86a27aab6dad4352425d82af2d91dfe9acbac |