Malware Analysis Report

2025-01-19 06:59

Sample ID 240522-vgtmqahg45
Target 67f465f3390b181f1dd8d2b5c1eeb521_JaffaCakes118
SHA256 e6b9441bf831daa31a34ad7afd9a6f6777381c2b367892000d9f42c5d01e3292
Tags
banker discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e6b9441bf831daa31a34ad7afd9a6f6777381c2b367892000d9f42c5d01e3292

Threat Level: Likely malicious

The file 67f465f3390b181f1dd8d2b5c1eeb521_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence collection credential_access

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Checks memory information

Queries the mobile country code (MCC)

Checks CPU information

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 16:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 17:01

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

170s

Command Line

com.mayizaixian.myzx

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mayizaixian.myzx

com.mayizaixian.myzx:ixintui_service_v1

sh

chmod 777 /data/user/0/com.mayizaixian.myzx/ixintui

sh

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 m.mayizaixian.cn udp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
US 1.1.1.1:53 push.ixintui.com udp
US 1.1.1.1:53 update.ixintui.com udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.mayizaixian.myzx/files/ixintui_plugin.jar

MD5 0fd5745abb8efd27d19339cb8bf74c31
SHA1 0514c079304f4ca950dca9c5071fc8f149a644f2
SHA256 fee09a01b0393e0ee0d4e344b798d990be0783be31b6d8829a6aa9329928a848
SHA512 598e6cd7ab9c7147cd532d3c491e3a7158068b7024a8293c9c99cb32e5d1dce0800e3f42b8914380156a0901973c9ced495aee3d9c628f674bc0b23472d2bb96

/data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar

MD5 3bcf8974e4cdf927afb37d9e62e8f5ae
SHA1 cb28d4153b06de6f278888be699a44217ace784d
SHA256 d47323aae8216609741ff960eae9649086451d4399c67fb813b6a2f6abb2f841
SHA512 83cbaaef1cee4d83d184e4766708239829d3c512864fecc9e9d75e7318d6bde45bdcde472d116c9effdb70d13967709fd4d7eaaf9b4a58dfc0ec923437498e04

/data/data/com.mayizaixian.myzx/files/stat_plugin.jar

MD5 6407165af23fa8b3ecf0d65664d316e0
SHA1 60a74d827d9b9d80344e9f8669dc520f6d1f5a1b
SHA256 66b2e6169631facc018b1ceb4c7b15b406abe2fcc0d04207ad185ea53304b4fa
SHA512 c06fc91bc9d9637c634d2e08e90295885c76a765444d0e552d33630c5f591870bc0a8b823d6e26394de131f610a0f72829e42999a4bb38f2894356a410be564e

/data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar

MD5 fbfd3d5c8dfdfb06f712bbc4db2645eb
SHA1 0bcaac6931feb1262c618c12040dd43ad13d0b61
SHA256 be9ad9cfad08657b6ebb1a4ed6ab1dc24d817cac644605bad6fa85b3ecbc8059
SHA512 07401ec8e2024ffce0d8264e9ba6abd061c3c16f33acbb3836b9523e0969ff1fc48f8d84621fa7d2f50390d2cab730d2a3467e8e90f2f60dc929e63ee2af8537

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 45453abe2de0f7764600ea1a721edd97
SHA1 c2325d868ff4885d5dc682214f3a1d3a5e9a2310
SHA256 1824a6b89ed1085e2fa33f626c6050ceab1050b270da7745ab9e5991c688893f
SHA512 12e7ab30f47b1e573ac8cd5dde384b0977b88157a133a89f437d625b131b2a3dc39b0c36d8ef6e1c93de1997d59e9284461a564257c873aab21d7e75e273bb75

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-wal

MD5 2e6ab3a9d756147405291507e8e71d4b
SHA1 6a43adca165c2522eada06d81258c0fedb3fb624
SHA256 94cfec3fc8dde5714e152ed35f7fdc2a6164e239879f55e3de27ab7a55893a7d
SHA512 5656ee6e7bb27553db76d4c48f61abd29fc23e488454fc9db6f4703718179896bd8537d7470eb5418439892c3f25a7b1ded982e3efe161a0dafc483ef64e55fc

/data/data/com.mayizaixian.myzx/files/umeng_it.cache

MD5 0548a8041e3666c1179cb899c918acb2
SHA1 7b6bb524cb44c92e27c9b4f7e763ed1539b460f3
SHA256 9edbd5d428baac20af08305e0ab27ce95e78d5c6b226e580a33ee46b134fe48e
SHA512 c89df8c40fd802c4e0a2b911dc6b1863d2bef491bc8f66769f6e08dc3e9f14e9a02398680ac44faf0dd14bbf6c4e2b6a7fa750909c210560ffa2c37e17606fc2

/data/data/com.mayizaixian.myzx/files/.umeng/exchangeIdentity.json

MD5 3ca8e799d26272975d3bbc0b51f73acf
SHA1 9452b2248f293ffef499d7731346921716900dbd
SHA256 68ab2ff93a4840cb704fcd3f22429a00e45f85c44a40014232c9edd6f8c68451
SHA512 df8b167eaff7a3c36e937a1184321727f2bac0be89098a0798981b475338405d7f93fe42c1f300134ac5c050d7982a3d9828ff205970e37662ed6396c3e4052e

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 11b4f3fc98604ff68479f48c5f5ca71f
SHA1 790b95322e39372589e188f008ef00b25abc6cb4
SHA256 c4ff31368191d1932f4a7bffcf97cff6ee0c74e4028f57d1f6a1e9ee429815a6
SHA512 b95705b40dedbfe4da65113e1149504bd97ca5327a16e0fda2d0bb5a4bed05f660db6df3181779fbf2df9c3d9bf454c9d907284eb031b14f71df013271cd52ca

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-wal

MD5 38e5abf2e8fa92909ace7cdeb5929a15
SHA1 6e43713c2e0326bca787120e2f9cf5021ef1c009
SHA256 a465c183adfa8a28ae06701cafdeb680798af0f15f8ebaf20c8b1cdd38daab6d
SHA512 13368029495cee6294bb299d61b738072d7eddb5bae61c6fc291ba1be4a5bc330327dbbdc56cb98fe39747c280c7fd8d41f0eebdb0b837b67548ea72e2b868ed

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 5047f5662c9542f35424dd7a51aad9fc
SHA1 1dde1a3612a420c83687d45b60254e8a57fd2569
SHA256 0716f28bde4dc11fce727efd58361e36d38f48364d87e2ad664c08db9155e8ec
SHA512 73c9e81ab951202851faa4cf9315e4c45a043ed1454f355442ecfd95358e9d2d21af7eef1ab82105b2ce035711dcdfbf8461ccceba6d2a13dbc675c27281ca19

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-wal

MD5 c55b8b32e09de7564d3b427c634ec71b
SHA1 d9fef7f1643134a838a80369dd0affc4cff5438c
SHA256 185dade1dba77eac8f82638e52174e953c67c55801b512ec5df692a3b0023676
SHA512 28c8902d84856c8185d847836841763d249a5404ce0d61efcb4389d05a3f3911d25c7ffa31c065b89a49ab7005e68a2b0cd2f99b7c7cc02946969bf47ec33c7f

/storage/emulated/0/ShareSDK/.dk

MD5 3f2be1e244aa8d0567aa17c350ac5559
SHA1 349ffee1126f20a1920367b60bd19785a8dc4399
SHA256 2f892808106d63db25390b3ce94df8983484a8a544a678c654e934424c37c717
SHA512 bb3be59a9dcabfacb7e672ace4ba361d7e412b58abada055bd09d6e9c5fe0aa427a09911f3a53cb4833240e63fa59ed51a8d4bfd8db0557c856a537c22113178

/storage/emulated/0/ShareSDK/.ba

MD5 6a3745be7f7fa0cdfad2037824e34300
SHA1 4e7f86dc0032e328311fb026d0b4de87ea2e1a6c
SHA256 2d8cfdcbbbffaff0848df059a890576963daaa0e0fc8111305b8d1f041a1c455
SHA512 cb8ff2f731f844e1dba81ab9c862fa42cfc3173d1970e3682e32340c579251bd924ec5a9ec62226c61b36a5ddce06ae7735988548ace750d310135f502494243

/storage/emulated/0/ShareSDK/.ba

MD5 461f46495eabd31559cb3cd640a4053e
SHA1 352077ffd8cb2b9d8dea1abf0687a190cb4c6014
SHA256 18b585dc37c73eca876eadb011e65ec3dee4a2d0d2f55cc79bdd3666c385a03a
SHA512 26e21df942b8b6829df5233601d0829f470ae907552c1b5680402c6bb744fa616e64d6bc0e5391bb5e6a79c8c212eaf845b5faa961896aad67112d6938cf3dd9

/data/data/com.mayizaixian.myzx/files/oat/ixintui_plugin.jar.cur.prof

MD5 b79f9a30ce369bf78e5679930fab6611
SHA1 9c6dda4077e8b6d16d853b848d3b0475d510c82f
SHA256 e4c9235cd3ac560b937627d6223a5b24c23f24693c3cc7a6b8acef48d0656903
SHA512 0528ba4f0284ba210c7ab828c44cbf40dad02c29f9a5d36a7991defcada5bf64fdaa20024abe1e58978b95571358149b272e17e78052ce87ee6b0049969f450d

/data/data/com.mayizaixian.myzx/files/oat/stat_plugin.jar.cur.prof

MD5 43034cc2f3f0ee8a6e19c10421521083
SHA1 e969fa65f10d8f1e742d7418f919d52f95554e5a
SHA256 e183ad362345bf23c31fc70eab961df2bd82ca9f2cc6bba4f01f9b3a13b3615e
SHA512 038aaa33b06e776df8d9c44f2a33af9401fbd1823a5916ac50409325efc72d6e81b97c70148aeaa72a04b184b1551a2aab2fc497f209353347b77a0782dc7531

/data/data/com.mayizaixian.myzx/files/.um/um_cache_1716397164978.env

MD5 994ef7fc19f696982651d193f504c3a5
SHA1 fe973921045972d1149bbeb18a6f2a40eaea335b
SHA256 c238baaee94a6053d995a0dc3c5e2f8e2eb5c0f9741ddf115f44ddf711f4db8c
SHA512 0109bef875a130b17d9c051c84c3a8d62acdbf1873b52ed46abf8d7da1facdbdf1be535f78abfd0a053e3ccd62d61b0a73ae33fbdbbf384127a831995b4e41ce

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 17:01

Platform

android-x64-20240514-en

Max time kernel

178s

Max time network

149s

Command Line

com.mayizaixian.myzx

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar N/A N/A
N/A /data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mayizaixian.myzx

com.mayizaixian.myzx:ixintui_service_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 m.mayizaixian.cn udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
CN 182.92.31.71:443 m.mayizaixian.cn tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 push.ixintui.com udp
US 1.1.1.1:53 update.ixintui.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.mayizaixian.myzx/files/ixintui_plugin.jar

MD5 0fd5745abb8efd27d19339cb8bf74c31
SHA1 0514c079304f4ca950dca9c5071fc8f149a644f2
SHA256 fee09a01b0393e0ee0d4e344b798d990be0783be31b6d8829a6aa9329928a848
SHA512 598e6cd7ab9c7147cd532d3c491e3a7158068b7024a8293c9c99cb32e5d1dce0800e3f42b8914380156a0901973c9ced495aee3d9c628f674bc0b23472d2bb96

/data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar

MD5 3bcf8974e4cdf927afb37d9e62e8f5ae
SHA1 cb28d4153b06de6f278888be699a44217ace784d
SHA256 d47323aae8216609741ff960eae9649086451d4399c67fb813b6a2f6abb2f841
SHA512 83cbaaef1cee4d83d184e4766708239829d3c512864fecc9e9d75e7318d6bde45bdcde472d116c9effdb70d13967709fd4d7eaaf9b4a58dfc0ec923437498e04

/data/data/com.mayizaixian.myzx/files/stat_plugin.jar

MD5 6407165af23fa8b3ecf0d65664d316e0
SHA1 60a74d827d9b9d80344e9f8669dc520f6d1f5a1b
SHA256 66b2e6169631facc018b1ceb4c7b15b406abe2fcc0d04207ad185ea53304b4fa
SHA512 c06fc91bc9d9637c634d2e08e90295885c76a765444d0e552d33630c5f591870bc0a8b823d6e26394de131f610a0f72829e42999a4bb38f2894356a410be564e

/data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar

MD5 fbfd3d5c8dfdfb06f712bbc4db2645eb
SHA1 0bcaac6931feb1262c618c12040dd43ad13d0b61
SHA256 be9ad9cfad08657b6ebb1a4ed6ab1dc24d817cac644605bad6fa85b3ecbc8059
SHA512 07401ec8e2024ffce0d8264e9ba6abd061c3c16f33acbb3836b9523e0969ff1fc48f8d84621fa7d2f50390d2cab730d2a3467e8e90f2f60dc929e63ee2af8537

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 12ee6d8a55196ef62635d83ac6762f53
SHA1 453cb8ae294368496feb3c2d4ac0d8f89d7a146f
SHA256 999dffd25725d43bd7debfc954ad485d553f2cb2377300c4f51ed175d18a84f2
SHA512 b66c3e1df2526e70165ba0c7c1dc7113acc4e24a73ea935bad77356ab0514b7a2139b73171e8f849d857f527a3ef1148e6468230db84365ccc8bbb565b0bd204

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data

MD5 1a8dbe6f185573fca9fa253fb66df8bf
SHA1 4d537d5cf1f3ff6f556c748b2033e5255737d039
SHA256 a79b50f82ffccd49a530a3dd694d8faad11f966b4de5ebea0083ff1e596db041
SHA512 022cccf4161b8aae9c4eefb224129c2c1cfa30aa0afadbf74607b5bfc4d5cf2049c812039351fa41eb881c51c0d263cb6445f8306fd1478fed540188b3391d3b

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 5b2e1acb41ec090861947e3f109251de
SHA1 3e1014c39bda0385fbd1e8cf5c4ea838056ab326
SHA256 db72b04f08903520907db188c1dbdffbe81478e07c55261850ed468c34dd35ca
SHA512 484d4dd647c9e77400ae95d595289097dbb3466a54ad5655f8c23c55c718483676ce7b1273012523b9bfaf08d855d94bd1432749a3bf4e160371c2884a9cd1e8

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 f1bbf3e83a740017e48c76b1347805e6
SHA1 74a49c1672cf0915db8c1aa4f5d9396eecfdf568
SHA256 9d7a47581f2edfc787976f8c3cd47a811bb62e345db5b20c6b28bb4f47a5b939
SHA512 7b0f3e40208a223f3634cc0d5b4390e739c552da34ce8f02845a7c3366a01639f4a1b6bf896ba2e41693983fc1ec8063aee9dd72926a001a9c9fffc5ef178a97

/data/data/com.mayizaixian.myzx/files/umeng_it.cache

MD5 26948c936ea9ebb290c7ba05d270033f
SHA1 24e04cf17f70f7226242bfc60fc2952540fed95f
SHA256 974deb37a573b3a7a06401b45fc22c23e7f2dc25311076a816bc5c6d85701d3b
SHA512 a919811a0e64bb24bb2d135b5b6e6994a96c4bb7e55d8765ac7518770fc0a12b5febed5bfb84eff28050560b2a3ee15c99bbd082c71f3a63ad87753cc1803fb5

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 e2e0c0fd763e867f2e9d51dddf8a9d14
SHA1 2042915a8d52be5292e801dc37185f0bcb85e979
SHA256 e0d1db04915b030505e13e3ce49d3bb2cb8837570b9c6b9ba0d4025b51a28787
SHA512 e26266c9dca619cc51d8c8954e55c1a1e3a565bbcc4409c825f533f0baba363ee72ff9eac1873f82b61e7d5ddb37fb6e90935c5e003038b0829d81b0434380d8

/data/data/com.mayizaixian.myzx/files/.umeng/exchangeIdentity.json

MD5 6bd2ac61d28a0fdf82b6e53592def221
SHA1 0cf9e1912d71f56f39961c5310a4cf47f168befd
SHA256 a5b6efd6f20495a273abec27e0ed6ef40e114edf2361b5fbc8bf1c730c7bd3ab
SHA512 c8720942603e014f79ca9f31fcb33bdd5c5b801577ebe69a4f6eaec45ee3abf69ed2901f76604926a0f7ba54a32d896d9d6e484cb6d2861777c0a39b2c08cac2

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 0a37a1283de533384108598ffe9fffd6
SHA1 30f44cd3a48b3a4e04e3f193156474d8cc0308d7
SHA256 00b8f5a7ac63448fa957187d9cc5604b899a846655fb554a4e7c98b47537debc
SHA512 2184e61f16197f5bc00223e39fa19d065c6e89728446125049ed33218d18404292bb3af7cccb1300854ff3e173c8a247eacbb1229c2b5a43ffbd4ef3b7efb955

/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal

MD5 c328134f3ea32ef879b2f77836d30b1b
SHA1 8a1c56bd33203e920955c4196ac0db8f429ac26a
SHA256 55ae9b5cbca3955f7d08b1e3e9b05f5893d046a6d08b9129c16ade317c8c4df0
SHA512 0d1870cfc93c2b3424d7d903429fa2a7e4db8c78faf460ffa673de2fefa61db5e27c6e1bf4c508766b9880be473d073b0780252bc182998bda53ddd59fa03bae

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 c187cc33f996a508249dd599484e8bf2
SHA1 240f8aa5856deffd9ab7b45e1c3cc3d6d039120f
SHA256 a116f5f6d4e7ef3dfc2f9ad96c5e1fe816cc6e7a17f16f4f140b9ca920641525
SHA512 d0ab3cd930094e3857b8fa2954ad121bab0722564ab0d2056f0ead8d212f8f8b9269471dbe05149e6b4daa39799a5659c200a5a065f18b99a3fcb06fc8ae7499

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db

MD5 aeefa734168cb1f1e23e81ee65f1d029
SHA1 73a58265629fa44137257fe269502ebace087e94
SHA256 c7088a999f5d44475ee07d9d52a287d4a60e7d18f709ec7f34ff81c233f62081
SHA512 c89c3ac0083bfda24f62ac73fff99bfe4bdd5df696e467d9251de23b7ad783d33e9f7de29c4c9286b4b7a6a0967e40a969b31f3228ede10ba73452fe4327a038

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 7f0fa37cd86c0722a84fb4b93d6f7b56
SHA1 24912831ad9a266a9a6a06c9a156085a80a49f9e
SHA256 3445c5f861c9ef1d1a24d9f08a1850d7362085b3b05a3cde334091d1552b4fc8
SHA512 0d193d69d19aec75c36a3e829c5c8f362c3ccb31b1b6bd8be868830caa961f7ce48da8e55d406e77adbc4a0405b743594ddc24d930c74596a81e006024149ee0

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 e2ada4c1442aea59f00cdfffb0bb76c0
SHA1 b02de9a76412b860863162b4a96e4ad134b680c7
SHA256 fc7307c312072629d32c385668fcbca5bb16cdabc020eaf3dd8df4fc9654afc7
SHA512 d1e860014908b6fff2555af22a2e61b5b3be066baa0ec04a6389482934a92a97650ed5240727310b94efaf110d6a44afb68fb32c1df0b14d013b491bec2cf1d9

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 564f389ad4180793a5560116693c534d
SHA1 b73e336359fd1b48ce5c971d777063d00e102f73
SHA256 80b507cb1e283cbf4b2479bd1e95d7225b0e17125ee70cb33382e3adafb379c5
SHA512 44fbd2fa6633aab790998857dc120834214de67af947b1c1cabe3b95cf0fe5a70f2c3bed82680bac7dd9be1c03ee8d4801c44a0c6ad8d711bb3998491be10eae

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 51cbd0b414d9ccab7bf949e599de3791
SHA1 33f5ebee525b0745651b69d2ac72b54923c8068a
SHA256 dd3eaa010ca4e23fed7304addaa6432da75cc19180ad7e1d670349de78165ef8
SHA512 db176c58f1d1442300453b9ed257c0211f7d4be7921e8a0fb0e9cef23fd5fee14baa44f3c35a46e2eea51b54088a03645e887d2b8965a2a5733b8eb5ab2781b4

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db

MD5 9bf5f66a1470610bde57127432f2701a
SHA1 51fadba5c7896d5ff4edd33a8cc4f29da3e5060e
SHA256 03be0bcc9323a0328d6e47197bce803076d36f53e5cde4ebe700cc81e580aad8
SHA512 0bed5033feb5809e68606c16d85ae23bc44324ab88a26cc694930b067cbd95058f296a6a57bb98375db2c09263102e6e9dc8b4fe12360867dd05e2e61b053161

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 66d4a32818f5858a3a3461b9293ac40b
SHA1 f76d2993e0527075a42f7fbc84e95695f27ad244
SHA256 ef2178340e36dcb65e8f81d4edf38d2488edc999bb2cc91d088c7c79e6cc8c08
SHA512 987fb29f6152ef03007f01f657ec5ba685d80447b2e0f3f6c79fd01a73ba223addb3fc151df9642f447cc1e88c7be9af4138e89e5025b9160cd41c932f6671e5

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 39bff93a87f375270c83cb5064cffda9
SHA1 588da912cb5cf59f304b8d7f7e3b7dd29c4c283b
SHA256 4f47bd41c0a183ae15ce3877cafb5f89ef0e7f2fe563ddf295b9246ff879ca3f
SHA512 52a3d005d4f3228ccb767ea9e0ddb6656603d3a8dd366815bb8624a80e2735fc8644238eacbd3e84a303c641602a1fc83e00e11e3018a32b4c5b87b6ec327abd

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 6afad6d46badb8d84671c07f8443e903
SHA1 de21f9c3640592faf4a4c09a9dce2af8d8ee22a9
SHA256 9e6fc325d5a07e0ca342178b8e1d1e013a8c095cb6b036eb90950ca4c9cc8e06
SHA512 526010d1ea432fbee599fe7018ba1c1f49e26449616dbda252523f77e6f00be4f1be8a3e3e2691b7458731d0851f67e3358bacfbe0cdd704729552342f3c1e30

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal

MD5 012dde9bd05f94172fc79132b2ae7e2b
SHA1 7f983640f752148adc13b5e127d0f97675ab1340
SHA256 46c9eb79f2026e87f80bb95e9fa98c5ad6c1477176e1fa2393cff6277cba9bc5
SHA512 601478ea89fa34b36f8dac1ff2ba53bf2e2213a7a8448918e27bc4c17fa9a758c1c1749c1dbc8e5533383c800127707dcd6316496b25baee86780802a36eb4b2

/storage/emulated/0/ShareSDK/.dk

MD5 9571b8148c1d4d267bd088138efaa1b6
SHA1 06446151883ecc2a6c829990d8c7e050796aa978
SHA256 a9d51edcf4925ecc9101191acdd74f1f1b8f7132be569188d38431a82c90c852
SHA512 f8bbc044871265a978c098f47960eb6184d87e03017935fb536510f18233028d7fd5d8c1b0d96f055dcd527a133e2f4c8c07b8ba6defe348047bb7b6b40934d8

/storage/emulated/0/ShareSDK/.ba

MD5 6a3745be7f7fa0cdfad2037824e34300
SHA1 4e7f86dc0032e328311fb026d0b4de87ea2e1a6c
SHA256 2d8cfdcbbbffaff0848df059a890576963daaa0e0fc8111305b8d1f041a1c455
SHA512 cb8ff2f731f844e1dba81ab9c862fa42cfc3173d1970e3682e32340c579251bd924ec5a9ec62226c61b36a5ddce06ae7735988548ace750d310135f502494243

/storage/emulated/0/ShareSDK/.ba

MD5 9f2ab444546f6dc7b0157046029cf95b
SHA1 3e0c4eb9f42f66636b9ed43a2d7de3e06e408ab1
SHA256 d7dd9c1ebf7852d5a2f07edb56939d155635aaf51701a52b6b513ddb947967cd
SHA512 2790b4970042b38f6477d5606423ab9c6120a721da4449ac2837724334d2ddeb7fe43e4e15b03f43ae2f96bf56accff8d2a67751f28e8f7a54468ecc66b7712b

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 086fb097ed809688ad22c35aa9685162
SHA1 defef938343730a6693c2f400b8354e4a9d35432
SHA256 29b9478fa6de393bb1082807ba8056182951aa75b5c5405d1b11ac597ee26ca4
SHA512 46baa11ace96a109f60f766a9cc315db1951f00b8c7451e480ee73ad95ce3013bede98ea2aec235d06cfa647e82f3c3689f38250cab4ae1b01b6f29068b6f810

/data/data/com.mayizaixian.myzx/files/oat/ixintui_plugin.jar.cur.prof

MD5 8364b9f6ced4252e25bc2de9dbd2cf7b
SHA1 0a102bace59c38b380964acb0f953d4d1837ba9d
SHA256 b58bf636acfe37f86e41c345de589a4ac4b80facc3b3d6dca0aec7440662034e
SHA512 ea26faba3f39c11c956706fd071bd9a92e2c7f11389a4193a4efd973638d9670b320e39e519282804a92c6f4fd583fa9e20c88d65d5af659cacd1cf09958a9be

/data/data/com.mayizaixian.myzx/files/oat/stat_plugin.jar.cur.prof

MD5 43034cc2f3f0ee8a6e19c10421521083
SHA1 e969fa65f10d8f1e742d7418f919d52f95554e5a
SHA256 e183ad362345bf23c31fc70eab961df2bd82ca9f2cc6bba4f01f9b3a13b3615e
SHA512 038aaa33b06e776df8d9c44f2a33af9401fbd1823a5916ac50409325efc72d6e81b97c70148aeaa72a04b184b1551a2aab2fc497f209353347b77a0782dc7531

/data/data/com.mayizaixian.myzx/files/.um/um_cache_1716397159865.env

MD5 036e4515785dd73fad4d3c4183c8b422
SHA1 8f7db600d0ba3a442e1ca0ad069a3768c6da4d70
SHA256 7076eb285875ec65ebf0fe387d5fce83e99b1e26b6dc8b8ecc86104aedaba3ed
SHA512 035b1110c92e59ce7eb75ac2588c53658de960c9c7cb173ebf7d29235ef49478bba18fa2d4ea437b1e322ea8379520c899d0e4b5e2c98d9efce3a148edb8cdd2

/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal

MD5 463b6aac4905cbddc79a57fe98d038a9
SHA1 6cd1132b16022589e59804ff6eff5934e1bc2b7c
SHA256 083b223da5bc7472b5a11a5513fe1191f41661709b15d7485d61c7e20fd73288
SHA512 032988404a7b9e648f562811ec035e485259da9fbc7a909ec6fd9d813f7f153b8fb5161537a58616163c3a5aaf0d2b36f0527f50d2bad2e2da2a5e40dca66f2f

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-22 16:58

Reported

2024-05-22 16:58

Platform

android-x64-arm64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A