Malware Analysis Report

2025-01-19 06:58

Sample ID 240522-k11v2aab36
Target 66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118
SHA256 5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373
Tags
collection credential_access discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373

Threat Level: Likely malicious

The file 66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Checks if the Android device is rooted.

Checks memory information

Obtains sensitive information copied to the device clipboard

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Checks CPU information

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 09:04

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 09:04

Reported

2024-05-22 09:08

Platform

android-x64-20240514-en

Max time kernel

64s

Max time network

185s

Command Line

com.yxxinglin.xzid586042

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yxxinglin.xzid586042

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
US 1.1.1.1:53 fuli.bianxianmao.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp

Files

/data/data/com.yxxinglin.xzid586042/files/umeng_it.cache

MD5 2c74cd41eab09bbc6671c0dc94e3491f
SHA1 c33228862b7b2e8bddf4b5ee0d9ef80fb2fd7e64
SHA256 e5edbbfb38d4d380050d7a37c2fa71ac0d4fd55cf2d2808eca48875e93ea4b1d
SHA512 c8e51bbb82f632fc7c96e2dbad827918528302972f23dfaa7a25bd850b6453562d3bcc821cfe01d3f22b94578eed8b3d36c3ec6193efd6a86efc602a951050f6

/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzAwNzQ0

MD5 d3ec9d8ad3d6cb6b72e71a1066c1ae60
SHA1 8d41bef92525c9e0ee1358316e8eb6aeafa83ba0
SHA256 7d344cd4f577b1cd501314871240ab6297c03cc4a60f7c11670d68155f17c381
SHA512 766c9214a32f28fbb130b656fc134a0029096e3b58d1b82ccf248e7d131b9dc303f794409ea2541d1cd9b6a5a1e148af563675f9e6a8e93ebcc82192787c335b

/data/data/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json

MD5 44fae30013d439a8ce2362b459fe2120
SHA1 25452aa3922c8fb68ca221581fc954c9603c41fe
SHA256 98adf3cd70513d494efb77abe1cf4cb5e7920f6ef671dd30a6140c9a8662848e
SHA512 54c65c8a60669f2746bb440bd3ea2cf418059d7ec28d1385648d2d772360e41c92d0b05fd3fc62bb1ba2895663afd07e25664488c752f206f40c04f776966d95

/data/data/com.yxxinglin.xzid586042/files/exid.dat

MD5 fe6e1f0f7fcf080f0b664051380a68fd
SHA1 1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b
SHA256 0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0
SHA512 d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb

/data/data/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368701320_envelope.log

MD5 d4e98ed633069f100d1d620373bf6c39
SHA1 20f741b169805feadd95e1d43f9f87cfd0da3d7a
SHA256 8c9d80bce6443adf9f1936cb27f69e761d246325b19528b3e19dc70169c8ac19
SHA512 753dddf811846e702e134f945bb7834427699db14d564d172ad10ab2bdf68d6669ab845265c43f4e8dc759dd450ccd46470c034e05d8ff24491dd5b3ce61cf85

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 d1f6a8b76a7e5351901328c350d46690
SHA1 8a58a120e254b27eed491c037648d0a3cad0b155
SHA256 679b5a1e119d87eaa5260d41fe7e44d143e3503cf32b6d645d03b80586507e2c
SHA512 d70765c002cb1ec0bab2bca646606812c02d116e3e077e4c7db7fb8cd613e64ae1403115e30846f1eee5910d0b1035e675d928bd7a1fff5b33324818359fe9bd

/data/data/com.yxxinglin.xzid586042/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 2e323acb7a27e1837b9a0311b55dbaf6
SHA1 85bd114fcfc0998101d4589e9377ea911841fc65
SHA256 bc9b9c0c795346171e157cfd8639be1597a51caa19b53a8638a450c36b1729da
SHA512 45d28e4cfb97177882c651aa0ed3f69f3fb7504f497ceef565b58172ddc921754b057c4580aa7a433d56a489e11c72aa7fec55f8391a7ef3050d19d4c8e19923

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 5e576111bf014c0fde1bcd44ab78866d
SHA1 5e2e24d7125caed5033146fab9746d470f98d7b1
SHA256 6d43349188af47dd4861415e6c216799f189b45d4bb5626538d82ebed6073942
SHA512 9d7a50bef39aea33b5a5ce7158c6f09f9cb2dca88d8bfd6780ba3b75b365bdffbef1fa9b27dc10ff03ef22543f87173f0ff1e391ffa03732bc4322b345d48744

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 8395ed708c76f7edf7f46687ed33e891
SHA1 8a919df6016ab6316777b151cd3a335bc928720f
SHA256 f2729ff98bab49465efa5b36969607322b8e1e51e12854bf3e72b5deafc9f3e4
SHA512 faaffa06282c3600e7ee6338d4f14511876882fc08a23b49f0153bd92d4fc2e84ae1eead1a017d04fd0f6b1924169b0b4f2b0746f775fd30d92ef0bf96614e2f

/data/data/com.yxxinglin.xzid586042/databases/ua.db

MD5 ef1a833cc3fcfcbf5cf3c1ebf982717b
SHA1 27964d62eec9045c95770caf0d412e0609f17a8e
SHA256 2d1ed0b09ecf1a7eea4baae06c3631ca881aa6166f0ab71dc1ff30673547744b
SHA512 cac3275ca47239e3458d1fba8b0e34709da31a422bd81cdc09850f2e8537b20a367483761682ff6b9ffc0307f4db4e9fe9a8892cd1ef374cd53b5c6c42a03118

/data/data/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368705613_envelope.log

MD5 fe1752fad768c89cdb2e71bb80378bb2
SHA1 320fd00652da8d060d55a929bbb78cebacf6cfe4
SHA256 5bc21d10a1011e0913756701cd33f0942c3e068ef266bee444ee4e50ea045f7a
SHA512 56feed1fe34a5f4b5aa26b250975a4d1358b668a582f786e98a6b0d531e4db12572146d02e4fe1d9950ec7f1b4024a57d2f83937263b757e5c4351b766e2c36a

/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzMwODk3

MD5 8c59193ce0212676bd86eb290d161a7e
SHA1 3d823bc72252164beb9b07cfc38157eaa7835c91
SHA256 5121ea295508bd79189c820e67f5bcba0ae8a1e3a190c2a3ea70a2ea4113f3e9
SHA512 d7d0aea512c236557d89fdfccdc37534904b00c6141998a5918ffee253587f3b4264cf7ff862ba563bf3e0be326e32f15af7ff40024558a6bfa0bc7a24bfe935

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 09:04

Reported

2024-05-22 09:08

Platform

android-x64-arm64-20240514-en

Max time kernel

63s

Max time network

185s

Command Line

com.yxxinglin.xzid586042

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yxxinglin.xzid586042

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 fuli.bianxianmao.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
GB 142.250.200.4:443 www.google.com tcp

Files

/data/user/0/com.yxxinglin.xzid586042/files/umeng_it.cache

MD5 f037c9eff658773ab133c7c6644b655f
SHA1 a1dff0f788a69b298d64adb65379979ec85494d7
SHA256 7fc19040202c87058ef19a1f36f16051e0d8759c9a18cd138e99fdfa9f3a1c8a
SHA512 a77a34499ae7544543b3457492eab850807919042f41efbc1965aa424558a634e5498b8ba924e079ced8b435fb5e1804b90a0809bbbed1827590c1062d496885

/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5Mjk0

MD5 0fa029c21d3dba577440e6e563cae42b
SHA1 86a941e2f17a8c0fe1a8e593b911c9126f37f6e9
SHA256 87cc9a0eba467635a8514c71f462a0cd5970722f1dcb69f0044b402945cc8979
SHA512 c8a2628b2e16ac3e4025384c147e0defd0c26e86fbb39cd8bfbd8191a5690611b1e955476b155f038a0f90ce41df48158e929e1df0e7ea48fcb8b537150736b2

/data/user/0/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json

MD5 1f848e943325fd00479264cb885969bc
SHA1 deb3c5e8322e7e49543f5a6bd3674b108bb13f4f
SHA256 e5e3f5bc953eabd235934d031dac12b834420bb2aaa64a7310c4d2aa74c5a8a0
SHA512 94b0f5d32bf4e82fc795ec30ccecb944e6522e7dd2262cae2106c06b051a86260a01f146da9ddfc003d5d72341f47d070b837ed77ea5d5dda69d26290a5dfc80

/data/user/0/com.yxxinglin.xzid586042/files/exid.dat

MD5 fe6e1f0f7fcf080f0b664051380a68fd
SHA1 1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b
SHA256 0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0
SHA512 d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb

/data/user/0/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368699496_envelope.log

MD5 419f584837c8c24275df6ab84771d6c0
SHA1 6be748a3c202c3cb72e25000392e7326804c7675
SHA256 bfa4030a591328e5c84317e3d9d14dd6ca8298f43340b1b6a1131296a0775fd0
SHA512 6d94953c2bebef61ec8703a4027891722338e9e7075a98e6b3cedc496411a8ad718f6c6410929dc8b7fcc264f33e73929dae3a63e7e80ae4dd4d158e2bd8e85b

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 76f113517a1f3ff5858fab6d2933fef8
SHA1 5cb129e14677626f212c8eee3e09d1ccaf518686
SHA256 4988bdd38bec857151ec6a5b72cc6b41f1861404cb522055fda19afcc2ff835a
SHA512 78a1bfc19b2718452d2dd2b4fef36b46f22f0b71b7cad257f64a71e46bde52b2b1902377f31e12a74a3366479d8e453691d5a89f18355012489ae6be06edab30

/data/data/com.yxxinglin.xzid586042/databases/ua.db

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 16caba5c4703c94a8a6478ade9372ea6
SHA1 23a84b0f7d57a0636a4c93997d40bffef9595568
SHA256 b0eadf24eabe3654d599f1d1c48bb23081b586652fddf7bad1e5a563989dd699
SHA512 eb5e3d700ba62a23592992689c67f203cd2579e1b35326dd00183747416427357c79ca813b908bf6d6adc8e6f21e2468be09af6ce9f5dfd4d458d5d8963a23eb

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 435be4b79f7b3d03bd3d48678567e341
SHA1 f002eba8408524949c7ccaa6d5ae0287a8440c03
SHA256 348d12a7548d609f74882cda9691344432d599416205818e729672e3ad2b0d7b
SHA512 903a11ce3bbfe8b92ef40236665d8eedab16779180dd7459e9455d909fb9f4c71b696359f7dffc69e844e6cf92d13ce4af25616c00107359210a2704eff52b89

/data/data/com.yxxinglin.xzid586042/databases/ua.db-journal

MD5 f15dc35e67af833908467585b15ad8e7
SHA1 2a84af3fc2fe8dd369cb4328445caaf9b411f4fa
SHA256 e73c51ab25a5a400adb839959bfd49810c7a7e620b2ce97facb4ba1ff32e71c4
SHA512 1a71bec4bb9d8b8a0e733dfd42182fd5482731b3e5209e6556515f9eaa4760903ba0a34fd1e9aecfd61d26125557623a53d20a10b04669342b230a2a586d50b0

/data/data/com.yxxinglin.xzid586042/databases/ua.db

MD5 c0baf3326dc470e47249def863c109ec
SHA1 97f2d86cea38b1f36bf7908f38e95a72d74a931f
SHA256 b188515375e16aa7a2b38ffd65e1853cabd6c4d298c550782a68edc397c62e75
SHA512 4643d29a09b237a820f8e872f8e88bae77eab70d64d76c851017c94c213a9d4303132a8725df382788c1479136418b8effe6377cd38195c8a7bc73f70f70da74

/data/user/0/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368704352_envelope.log

MD5 019db87b1201da62a87a4792986fd5ea
SHA1 dc38d497160407b2a333a4d67967a3f7ca8cc5bf
SHA256 d6e58703d777c062ff51ab88261dbcd1d6b16c6ef1c635ba249522a2d958668f
SHA512 52c52c4defcfa7ef7d9f4359ac6d88c92f381fd6b033b9b03936f847709af089db1216e6cafdbbc2184b7703e9e4700d7706b0af4e127aedc597e4c85967314c

/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5NDY0

MD5 186c42b1b66d13de9aaebaae365463aa
SHA1 049b1a2aee18188ecdce78875cba5950f905ab28
SHA256 b8803bee5b699b15c39891bd52d7ca8e1889ae3f2ca7051444ecf5777ce5c39a
SHA512 c2861eeb45a1ea0c50953a3dbea48713a97d56a22f25736d0c5a4a09deabfe1c27555b290afa82e027b931bf15efb0525a3570ffa65c64488a06fb38d27203fc

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 09:04

Reported

2024-05-22 09:08

Platform

android-x86-arm-20240514-en

Max time kernel

63s

Max time network

131s

Command Line

com.yxxinglin.xzid586042

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.yxxinglin.xzid586042

ls /sys/class/thermal

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 fuli.bianxianmao.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp

Files

/data/data/com.yxxinglin.xzid586042/files/umeng_it.cache

MD5 c2441657adbb3c68f481c4d4264e8a70
SHA1 1f12676004a99422536ffe1f3370eedf76043d65
SHA256 e95529e080cbb5d5268e347d0e45374ce6e4ddc7535da17cbb1abf0979d9780c
SHA512 7ed02b8eb915176a4a4c816c38a8f9a2dacf2962954ee2cba0b0d6348affa3edd0545d1505e4532cc715b42b494a24de5b1e7c5091b2cba3bec75f8d408d9e0e

/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5NTIy

MD5 a7ed8a18168d2321a8e069aab7af6efc
SHA1 0cdfd079a0d6075aefeda6edba90b90306330e90
SHA256 e6b914d026b3af36ef8af044c5adab4cb14fe7b72f1edf4ac0a56826d300632a
SHA512 0b93d83317e4e57a5bf3410bdbe2a707dc50db044fc0d99202447caddd8f378298111813b019bcb4d16348ccb206f90d0e2afed823e1701928faa643bab5b72f

/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5Njcw

MD5 5bb3b0d894f7abfbd0ae75e2c2657a31
SHA1 2e58095e9fefd9004757cb3cfcd841817c1c7113
SHA256 e72f560affcabc4492074ff14020c1983eb5c0dc8756248373fd52e6598ba6ef
SHA512 53b4ee6f09a9e4776e2e99bbbd176a079a452aed8f455aa61055efea28c4496f023b207882d5bce5363c0f43d66a1e2dc736bc65be9a5e955728ebbb9ffc1e88