Analysis Overview
SHA256
5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373
Threat Level: Likely malicious
The file 66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks memory information
Obtains sensitive information copied to the device clipboard
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Checks CPU information
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks if the internet connection is available
Listens for changes in the sensor environment (might be used to detect emulation)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-22 09:04
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 09:04
Reported
2024-05-22 09:08
Platform
android-x64-20240514-en
Max time kernel
64s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yxxinglin.xzid586042
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| US | 1.1.1.1:53 | fuli.bianxianmao.com | udp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| CN | 223.109.148.178:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
Files
/data/data/com.yxxinglin.xzid586042/files/umeng_it.cache
| MD5 | 2c74cd41eab09bbc6671c0dc94e3491f |
| SHA1 | c33228862b7b2e8bddf4b5ee0d9ef80fb2fd7e64 |
| SHA256 | e5edbbfb38d4d380050d7a37c2fa71ac0d4fd55cf2d2808eca48875e93ea4b1d |
| SHA512 | c8e51bbb82f632fc7c96e2dbad827918528302972f23dfaa7a25bd850b6453562d3bcc821cfe01d3f22b94578eed8b3d36c3ec6193efd6a86efc602a951050f6 |
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzAwNzQ0
| MD5 | d3ec9d8ad3d6cb6b72e71a1066c1ae60 |
| SHA1 | 8d41bef92525c9e0ee1358316e8eb6aeafa83ba0 |
| SHA256 | 7d344cd4f577b1cd501314871240ab6297c03cc4a60f7c11670d68155f17c381 |
| SHA512 | 766c9214a32f28fbb130b656fc134a0029096e3b58d1b82ccf248e7d131b9dc303f794409ea2541d1cd9b6a5a1e148af563675f9e6a8e93ebcc82192787c335b |
/data/data/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json
| MD5 | 44fae30013d439a8ce2362b459fe2120 |
| SHA1 | 25452aa3922c8fb68ca221581fc954c9603c41fe |
| SHA256 | 98adf3cd70513d494efb77abe1cf4cb5e7920f6ef671dd30a6140c9a8662848e |
| SHA512 | 54c65c8a60669f2746bb440bd3ea2cf418059d7ec28d1385648d2d772360e41c92d0b05fd3fc62bb1ba2895663afd07e25664488c752f206f40c04f776966d95 |
/data/data/com.yxxinglin.xzid586042/files/exid.dat
| MD5 | fe6e1f0f7fcf080f0b664051380a68fd |
| SHA1 | 1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b |
| SHA256 | 0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0 |
| SHA512 | d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb |
/data/data/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368701320_envelope.log
| MD5 | d4e98ed633069f100d1d620373bf6c39 |
| SHA1 | 20f741b169805feadd95e1d43f9f87cfd0da3d7a |
| SHA256 | 8c9d80bce6443adf9f1936cb27f69e761d246325b19528b3e19dc70169c8ac19 |
| SHA512 | 753dddf811846e702e134f945bb7834427699db14d564d172ad10ab2bdf68d6669ab845265c43f4e8dc759dd450ccd46470c034e05d8ff24491dd5b3ce61cf85 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | d1f6a8b76a7e5351901328c350d46690 |
| SHA1 | 8a58a120e254b27eed491c037648d0a3cad0b155 |
| SHA256 | 679b5a1e119d87eaa5260d41fe7e44d143e3503cf32b6d645d03b80586507e2c |
| SHA512 | d70765c002cb1ec0bab2bca646606812c02d116e3e077e4c7db7fb8cd613e64ae1403115e30846f1eee5910d0b1035e675d928bd7a1fff5b33324818359fe9bd |
/data/data/com.yxxinglin.xzid586042/databases/ua.db
| MD5 | b7036131b84bdf2b66c67fde18d62308 |
| SHA1 | 18b1e5a358d68c846495cab5cfef7c6679659093 |
| SHA256 | c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295 |
| SHA512 | 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 2e323acb7a27e1837b9a0311b55dbaf6 |
| SHA1 | 85bd114fcfc0998101d4589e9377ea911841fc65 |
| SHA256 | bc9b9c0c795346171e157cfd8639be1597a51caa19b53a8638a450c36b1729da |
| SHA512 | 45d28e4cfb97177882c651aa0ed3f69f3fb7504f497ceef565b58172ddc921754b057c4580aa7a433d56a489e11c72aa7fec55f8391a7ef3050d19d4c8e19923 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 5e576111bf014c0fde1bcd44ab78866d |
| SHA1 | 5e2e24d7125caed5033146fab9746d470f98d7b1 |
| SHA256 | 6d43349188af47dd4861415e6c216799f189b45d4bb5626538d82ebed6073942 |
| SHA512 | 9d7a50bef39aea33b5a5ce7158c6f09f9cb2dca88d8bfd6780ba3b75b365bdffbef1fa9b27dc10ff03ef22543f87173f0ff1e391ffa03732bc4322b345d48744 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 8395ed708c76f7edf7f46687ed33e891 |
| SHA1 | 8a919df6016ab6316777b151cd3a335bc928720f |
| SHA256 | f2729ff98bab49465efa5b36969607322b8e1e51e12854bf3e72b5deafc9f3e4 |
| SHA512 | faaffa06282c3600e7ee6338d4f14511876882fc08a23b49f0153bd92d4fc2e84ae1eead1a017d04fd0f6b1924169b0b4f2b0746f775fd30d92ef0bf96614e2f |
/data/data/com.yxxinglin.xzid586042/databases/ua.db
| MD5 | ef1a833cc3fcfcbf5cf3c1ebf982717b |
| SHA1 | 27964d62eec9045c95770caf0d412e0609f17a8e |
| SHA256 | 2d1ed0b09ecf1a7eea4baae06c3631ca881aa6166f0ab71dc1ff30673547744b |
| SHA512 | cac3275ca47239e3458d1fba8b0e34709da31a422bd81cdc09850f2e8537b20a367483761682ff6b9ffc0307f4db4e9fe9a8892cd1ef374cd53b5c6c42a03118 |
/data/data/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368705613_envelope.log
| MD5 | fe1752fad768c89cdb2e71bb80378bb2 |
| SHA1 | 320fd00652da8d060d55a929bbb78cebacf6cfe4 |
| SHA256 | 5bc21d10a1011e0913756701cd33f0942c3e068ef266bee444ee4e50ea045f7a |
| SHA512 | 56feed1fe34a5f4b5aa26b250975a4d1358b668a582f786e98a6b0d531e4db12572146d02e4fe1d9950ec7f1b4024a57d2f83937263b757e5c4351b766e2c36a |
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzMwODk3
| MD5 | 8c59193ce0212676bd86eb290d161a7e |
| SHA1 | 3d823bc72252164beb9b07cfc38157eaa7835c91 |
| SHA256 | 5121ea295508bd79189c820e67f5bcba0ae8a1e3a190c2a3ea70a2ea4113f3e9 |
| SHA512 | d7d0aea512c236557d89fdfccdc37534904b00c6141998a5918ffee253587f3b4264cf7ff862ba563bf3e0be326e32f15af7ff40024558a6bfa0bc7a24bfe935 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 09:04
Reported
2024-05-22 09:08
Platform
android-x64-arm64-20240514-en
Max time kernel
63s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yxxinglin.xzid586042
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | fuli.bianxianmao.com | udp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.75:443 | plbslog.umeng.com | tcp |
| CN | 223.109.148.178:443 | ulogs.umeng.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
Files
/data/user/0/com.yxxinglin.xzid586042/files/umeng_it.cache
| MD5 | f037c9eff658773ab133c7c6644b655f |
| SHA1 | a1dff0f788a69b298d64adb65379979ec85494d7 |
| SHA256 | 7fc19040202c87058ef19a1f36f16051e0d8759c9a18cd138e99fdfa9f3a1c8a |
| SHA512 | a77a34499ae7544543b3457492eab850807919042f41efbc1965aa424558a634e5498b8ba924e079ced8b435fb5e1804b90a0809bbbed1827590c1062d496885 |
/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5Mjk0
| MD5 | 0fa029c21d3dba577440e6e563cae42b |
| SHA1 | 86a941e2f17a8c0fe1a8e593b911c9126f37f6e9 |
| SHA256 | 87cc9a0eba467635a8514c71f462a0cd5970722f1dcb69f0044b402945cc8979 |
| SHA512 | c8a2628b2e16ac3e4025384c147e0defd0c26e86fbb39cd8bfbd8191a5690611b1e955476b155f038a0f90ce41df48158e929e1df0e7ea48fcb8b537150736b2 |
/data/user/0/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json
| MD5 | 1f848e943325fd00479264cb885969bc |
| SHA1 | deb3c5e8322e7e49543f5a6bd3674b108bb13f4f |
| SHA256 | e5e3f5bc953eabd235934d031dac12b834420bb2aaa64a7310c4d2aa74c5a8a0 |
| SHA512 | 94b0f5d32bf4e82fc795ec30ccecb944e6522e7dd2262cae2106c06b051a86260a01f146da9ddfc003d5d72341f47d070b837ed77ea5d5dda69d26290a5dfc80 |
/data/user/0/com.yxxinglin.xzid586042/files/exid.dat
| MD5 | fe6e1f0f7fcf080f0b664051380a68fd |
| SHA1 | 1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b |
| SHA256 | 0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0 |
| SHA512 | d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb |
/data/user/0/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368699496_envelope.log
| MD5 | 419f584837c8c24275df6ab84771d6c0 |
| SHA1 | 6be748a3c202c3cb72e25000392e7326804c7675 |
| SHA256 | bfa4030a591328e5c84317e3d9d14dd6ca8298f43340b1b6a1131296a0775fd0 |
| SHA512 | 6d94953c2bebef61ec8703a4027891722338e9e7075a98e6b3cedc496411a8ad718f6c6410929dc8b7fcc264f33e73929dae3a63e7e80ae4dd4d158e2bd8e85b |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 76f113517a1f3ff5858fab6d2933fef8 |
| SHA1 | 5cb129e14677626f212c8eee3e09d1ccaf518686 |
| SHA256 | 4988bdd38bec857151ec6a5b72cc6b41f1861404cb522055fda19afcc2ff835a |
| SHA512 | 78a1bfc19b2718452d2dd2b4fef36b46f22f0b71b7cad257f64a71e46bde52b2b1902377f31e12a74a3366479d8e453691d5a89f18355012489ae6be06edab30 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db
| MD5 | 4a8120c91e3143b2db43971dbc77cf8d |
| SHA1 | 37c5700d35059c4e0a718ced73b3d73ba5d2b277 |
| SHA256 | 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb |
| SHA512 | 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 16caba5c4703c94a8a6478ade9372ea6 |
| SHA1 | 23a84b0f7d57a0636a4c93997d40bffef9595568 |
| SHA256 | b0eadf24eabe3654d599f1d1c48bb23081b586652fddf7bad1e5a563989dd699 |
| SHA512 | eb5e3d700ba62a23592992689c67f203cd2579e1b35326dd00183747416427357c79ca813b908bf6d6adc8e6f21e2468be09af6ce9f5dfd4d458d5d8963a23eb |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | 435be4b79f7b3d03bd3d48678567e341 |
| SHA1 | f002eba8408524949c7ccaa6d5ae0287a8440c03 |
| SHA256 | 348d12a7548d609f74882cda9691344432d599416205818e729672e3ad2b0d7b |
| SHA512 | 903a11ce3bbfe8b92ef40236665d8eedab16779180dd7459e9455d909fb9f4c71b696359f7dffc69e844e6cf92d13ce4af25616c00107359210a2704eff52b89 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
| MD5 | f15dc35e67af833908467585b15ad8e7 |
| SHA1 | 2a84af3fc2fe8dd369cb4328445caaf9b411f4fa |
| SHA256 | e73c51ab25a5a400adb839959bfd49810c7a7e620b2ce97facb4ba1ff32e71c4 |
| SHA512 | 1a71bec4bb9d8b8a0e733dfd42182fd5482731b3e5209e6556515f9eaa4760903ba0a34fd1e9aecfd61d26125557623a53d20a10b04669342b230a2a586d50b0 |
/data/data/com.yxxinglin.xzid586042/databases/ua.db
| MD5 | c0baf3326dc470e47249def863c109ec |
| SHA1 | 97f2d86cea38b1f36bf7908f38e95a72d74a931f |
| SHA256 | b188515375e16aa7a2b38ffd65e1853cabd6c4d298c550782a68edc397c62e75 |
| SHA512 | 4643d29a09b237a820f8e872f8e88bae77eab70d64d76c851017c94c213a9d4303132a8725df382788c1479136418b8effe6377cd38195c8a7bc73f70f70da74 |
/data/user/0/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368704352_envelope.log
| MD5 | 019db87b1201da62a87a4792986fd5ea |
| SHA1 | dc38d497160407b2a333a4d67967a3f7ca8cc5bf |
| SHA256 | d6e58703d777c062ff51ab88261dbcd1d6b16c6ef1c635ba249522a2d958668f |
| SHA512 | 52c52c4defcfa7ef7d9f4359ac6d88c92f381fd6b033b9b03936f847709af089db1216e6cafdbbc2184b7703e9e4700d7706b0af4e127aedc597e4c85967314c |
/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5NDY0
| MD5 | 186c42b1b66d13de9aaebaae365463aa |
| SHA1 | 049b1a2aee18188ecdce78875cba5950f905ab28 |
| SHA256 | b8803bee5b699b15c39891bd52d7ca8e1889ae3f2ca7051444ecf5777ce5c39a |
| SHA512 | c2861eeb45a1ea0c50953a3dbea48713a97d56a22f25736d0c5a4a09deabfe1c27555b290afa82e027b931bf15efb0525a3570ffa65c64488a06fb38d27203fc |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 09:04
Reported
2024-05-22 09:08
Platform
android-x86-arm-20240514-en
Max time kernel
63s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.yxxinglin.xzid586042
ls /sys/class/thermal
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.75:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | fuli.bianxianmao.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.78:443 | plbslog.umeng.com | tcp |
Files
/data/data/com.yxxinglin.xzid586042/files/umeng_it.cache
| MD5 | c2441657adbb3c68f481c4d4264e8a70 |
| SHA1 | 1f12676004a99422536ffe1f3370eedf76043d65 |
| SHA256 | e95529e080cbb5d5268e347d0e45374ce6e4ddc7535da17cbb1abf0979d9780c |
| SHA512 | 7ed02b8eb915176a4a4c816c38a8f9a2dacf2962954ee2cba0b0d6348affa3edd0545d1505e4532cc715b42b494a24de5b1e7c5091b2cba3bec75f8d408d9e0e |
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5NTIy
| MD5 | a7ed8a18168d2321a8e069aab7af6efc |
| SHA1 | 0cdfd079a0d6075aefeda6edba90b90306330e90 |
| SHA256 | e6b914d026b3af36ef8af044c5adab4cb14fe7b72f1edf4ac0a56826d300632a |
| SHA512 | 0b93d83317e4e57a5bf3410bdbe2a707dc50db044fc0d99202447caddd8f378298111813b019bcb4d16348ccb206f90d0e2afed823e1701928faa643bab5b72f |
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5Njcw
| MD5 | 5bb3b0d894f7abfbd0ae75e2c2657a31 |
| SHA1 | 2e58095e9fefd9004757cb3cfcd841817c1c7113 |
| SHA256 | e72f560affcabc4492074ff14020c1983eb5c0dc8756248373fd52e6598ba6ef |
| SHA512 | 53b4ee6f09a9e4776e2e99bbbd176a079a452aed8f455aa61055efea28c4496f023b207882d5bce5363c0f43d66a1e2dc736bc65be9a5e955728ebbb9ffc1e88 |