23aff9cce8602d4d8a135d84f7fbede235d98b032fa3d5605b3510e8ce46e777

Analysis

max time kernel
176s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6998b4364eaa07f47aab529162127419_JaffaCakes118.apk
Size

14.6MB
MD5

6998b4364eaa07f47aab529162127419
SHA1

e5633cbcf90af71a69f4206b07a7bd71f474d194
SHA256

23aff9cce8602d4d8a135d84f7fbede235d98b032fa3d5605b3510e8ce46e777
SHA512

8676c03b1fdad2987040b0eb17ffadde90380017b849c8c1185ba9bda635bf668a789e1a3463c27d4c5be5c942b1018a50e884bbabcd2d60c066f613050ed9a2
SSDEEP

393216:dS8NMbXB9DdVa4RvdtwfCbouvFAyJ+G/MnwM4AxM:U8NMjbdk4RVt8iuyJ+G/MnRxM

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.shengzhe.disan.xuetangparent
/system/xbin/su	com.shengzhe.disan.xuetangparent

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.shengzhe.disan.xuetangparent

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.shengzhe.disan.xuetangparent

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex	4283	com.shengzhe.disan.xuetangparent
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex!classes2.dex	4283	com.shengzhe.disan.xuetangparent
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex	4283	com.shengzhe.disan.xuetangparent
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex	4335	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/data/com.shengzhe.disan.xuetangparent/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex	4283	com.shengzhe.disan.xuetangparent
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex	4402	com.shengzhe.disan.xuetangparent:pushcore
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex!classes2.dex	4402	com.shengzhe.disan.xuetangparent:pushcore
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex	4402	com.shengzhe.disan.xuetangparent:pushcore
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex	4402	com.shengzhe.disan.xuetangparent:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shengzhe.disan.xuetangparent
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shengzhe.disan.xuetangparent:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shengzhe.disan.xuetangparent

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.shengzhe.disan.xuetangparent
Framework service call	android.app.IActivityManager.registerReceiver	com.shengzhe.disan.xuetangparent:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shengzhe.disan.xuetangparent
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shengzhe.disan.xuetangparent:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shengzhe.disan.xuetangparent
Framework API call	javax.crypto.Cipher.doFinal	com.shengzhe.disan.xuetangparent:pushcore

com.shengzhe.disan.xuetangparent
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283
- chmod 755 /data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/libjiagu.so
  2⤵
  PID:4308
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/data/com.shengzhe.disan.xuetangparent/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4335
- sh -c ps
  2⤵
  PID:4551
- ps
  2⤵
  PID:4551

com.shengzhe.disan.xuetangparent:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4402

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex

Filesize
7.3MB

MD5
c18356f23f22499f85604874e79df0c8

SHA1
436f1f801099cf21e0da90da3d74f3f120e388d0

SHA256
e5659abb327f15034cfa60bc6b3fdc8536fa4201e70ed3ba1eeaf3852ddd441b

SHA512
24cc53f877485644a531edd0932072c65f475d7b9efefbdc8b8d714c4268f9ed5cd765dbcf79e199c3b08100d0d3ddad78073dea543c10e964e262135fc0f86c

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/cache/cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/BXHArea.db

Filesize
288KB

MD5
411d220c5ded63c342a3e6456f25ed29

SHA1
001ae2140f0f32aeb51ff0697f16672f7a4df37e

SHA256
e627b9c089f484e979830b0084eb51d3168eafa6cfdc06fd1db43bb16ed2e3fd

SHA512
8b76584bdc4d72c58319d619b89cf8c872dde942b947df62bc4c9dd4024fe576a4f2a58eb59e49e9b2cf16de5a26119133b2d647fe2733142504dd9def525c42

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/BXHArea.db

Filesize
4KB

MD5
bb2f58b7953dc274d664b3f47cd3fc30

SHA1
a45e8b32d01cb10625cc2df808a3af1ce2ffcf4f

SHA256
0dd28093714c437e56b98c85ddb18eda634392b66b548be86c2ff07ce5d68890

SHA512
50fe8e7be6f38d67472568ade4b6edc7774293b13d21a20a0fee617c18511d3d83fa5797748e4ac9a92bbb732a269a64a69871a7e9d4d8dfdd4717cb7542d883

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/BXHArea.db-journal

Filesize
4KB

MD5
a7c217da185528fb198bc4a189a064b7

SHA1
696bfa70c633f1f1b6ca999f0dab637a6541a18e

SHA256
31999e4b84694bbcd6a7abc56ab3b440678423f5be669e8e5f1bace2898d9e20

SHA512
6206191910317a4961b492ea5d1982b337d67ae5c1588ec77774676d291d2e7e3e426b972414e2ea6a03f91d1b9c6e17b0cd771d74c110459640f403ddcbf287

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/BXHArea.db-wal

Filesize
16KB

MD5
96591dd1566b63daac01dc9554178e66

SHA1
73b4ffdd9d422c917bb1723d343c9035fbc2fd8f

SHA256
999abe272e9d6bdd55c433a42dcfddd3ae76b542f7d5a9bf13d05501444239b7

SHA512
bd2ed71efbbded7c20dced587212ce5ecb512b1c1977f971077524348e879197194bf9cb37310fa2f0562b6d39e3ca0a627ce447c0c6fbd8e196a61514e04b20

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/bxharea.zip

Filesize
63KB

MD5
d39cc8a02bf31bc7d4a4caa41ba4854c

SHA1
6a5b2d15b7342c210a526259ed1128a042975aa6

SHA256
8259db96f870c44c2025d52f01a7aa1a2ccfdb356b0ec58c1aed6da37c6cd545

SHA512
fed7db2821dbcc4de1fe14079e38919d63511451c7fc1e17af656eb367f1b53206c6fe84be6eadb8bfee07b8f4ed6395de82aa703314e1cef1df18a28bfd73e9

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db-journal

Filesize
512B

MD5
ea8efa3dc0f6cf8525e5acee77cc4e04

SHA1
53cd7247edf35f58b6787f68087155f62de35c5c

SHA256
e1fcbe7bde14042867f81094ac5b24246f6a946c86acebe9b00c66118bdf717b

SHA512
af95dcabb006f564fd7d341bf34c42d4d1070e3846fa799bc7ef930b42996e4d34443140ebb55ce93345af3366c165649ef0bded8d7ba259c009338064077116

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db-wal

Filesize
48KB

MD5
21c2614d294e9a1a55f59d293fd2ef42

SHA1
9a56334d039edffb52706fe3c4b3ab6dff992ca4

SHA256
81c8796675851afc19a5ba2a08643b9443420afdec918e65809d7a1b2fe2c683

SHA512
74dfd4f2e5de3fb24eed2f52a0e0156245c32e0b2458b8fc8b183604927cd74d26998ecf8338cbc7481519eb90d2260eaa99808974c7060ee14dd75c44311b42

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db-wal

Filesize
16KB

MD5
d660971367cdd34cb49ae0070e3c3b5b

SHA1
03b6653121e61427e381992843d72561d30605e0

SHA256
2f9888064cb3c0e78813e4955af62d48c6e9dd0251603d1ce71a39a0a9f41ef8

SHA512
1cda968ed2dbf9ce2b5fc80b0ba820aecfc2293704536574c5d03b38c5cfc63a658d9a410a9bc3ad60e8ca2236d0f8d49e79edf28ae1a9496ebedb294531893a

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/cc/cc.db-wal

Filesize
16KB

MD5
f806434dc7f49a307d394f16743cf2e2

SHA1
ba70e237d11cdc9e393908bcb60e21cbc1909112

SHA256
630f98a043e53057da258c166ada85a34feaff6e6b0c9bdc7e67f9bfffa72c71

SHA512
fa5b34f47ed31a146e5e5051d080ca09d144d03632eff4d3ce2f0ada920f5a3c06bab595170467a34e8382683dd040fce4be96d6edbe9147421ba68311cc612a

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db

Filesize
32KB

MD5
a21995ec529849ff3ae140289b912c15

SHA1
a1d559415fb7658a5eb1cf1d95a1342885dffdf3

SHA256
ab0b3d68ede7d5f42d8ad8603773280b312761a65423ba68bbcd15aeaeada555

SHA512
8576a312dd7eeac94e674bd65e7d9fe8ea2352fb3764857b02d7e0afd63f7bbd6f209900c4e9c5025e350ff7d800a74c47446baa8c9e05f615b307cbf379973e

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db-journal

Filesize
512B

MD5
83be8bc1cf76c6c6c55810a1529c968c

SHA1
8923abefc877ce25a2c2769c4fec2442be9e999e

SHA256
646b3b1096d01867c9e3b0af6ffb9d1202ccdb12fa5c9d4c6411538268dfb3ac

SHA512
5648cceded8e5b56f329c59ceb31b0c765a3149ba65f45096657e798950cc257046015e860b17eb09edfc2cddc267b5811aeca441feed196ee8d1fbc6c37f859

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db-wal

Filesize
64KB

MD5
b3f32d078f2345b2661b59acc5dfcf3b

SHA1
3c58de6766e1988201de5526339017602be220ed

SHA256
a9912bca48cda87c682f2a9af56acdfcff95876235af29663518dbc88172c1e7

SHA512
2c7d75bf8484c9e4fa9c89d42f6a3169b7513b95cc756a44481a44ca517c6eeaabf5becfb25290927be5f5a54f0a135adcb8faff7660c54b197f180d4eaebafb

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db-wal

Filesize
8KB

MD5
1ebdd0c2ae8ee5c245852ba522491879

SHA1
db033d40d07f0011eb8ef6f1c1e0fa91be941072

SHA256
307e2ed0fd240a71139269d177fb8475f54fb5177815a8b91d7d2d8fc5441689

SHA512
8ca4616126306cb1f895add5caf91996004f5febd9bb27770a61ca541459364fdf72c68f6ab2ec6bf79d1991f11e8f55292c1c14e3d7196e7aa5c021b638e4ce

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/databases/ua.db-wal

Filesize
8KB

MD5
fba29f410aa5279ec309b471e245ed97

SHA1
b3635937674ed9fdb197e7de6dfa95b99adc82d7

SHA256
b3f850e0eff6bdf0115b12fdae353ae40bf1bd47d574b736fae47d2374cec6c9

SHA512
87357491a73a4a095c286c5af94c3c8f95f78364b780e7549cc8039fd35952987468499340199654f47ce61c8b3cae30db8e7ae1647332ff9b593cace6d9253b

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.imprint

Filesize
1KB

MD5
2a927d5b8a2bca644008dc78f488d02f

SHA1
53208c56fd0b0e65d3e4445377ed24ffb21296ba

SHA256
d44413af54aff29cddb7d0c7be8a812dc0c3b83f4192e044f5448213e4697a15

SHA512
10d26cc528ba81ec9ce5f50c3f910fab5f6f1b55d87b3cfa2596fadd257fb9bd13f36692e35fa84ecbaeb5e983292d212740b1f018cd49b2f096e760d98013a7

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.imprint

Filesize
1KB

MD5
ec239642679ce4d7c2785d5a30cf0c44

SHA1
b4436ac3de5d19e99dbb2cdcd36a93f8a2f8a66f

SHA256
1e76ba3c4882b990afde472504aa4dcadc71b650ea6977fe17c2ae35e380af12

SHA512
1bd6e0a473bd3edb77ecf8af5399f743e4c4b23a77dd6c9c09fef662c2e470ba2504e43e05d03b776e8301f4a883b33132ee380cbbad10e1896ce06e9250c077

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.ac

Filesize
40B

MD5
a2e304a9f812ed199fc81c0aa0eca2cb

SHA1
d0c1e4b19f26d0c8f52015c7cbd6dc6a804597a8

SHA256
6c3e371e6944c93057a005c4a2bf7c9cb4d203c503111e840f2277b6d4d590c5

SHA512
d56f2e2bd904d9fa920b118ae47f222383fcc9c11eac727ea21f5be3e31c9a2692e2e39719ac7efc21aac0990bb3653d63a8ab47ad317f9495b673aabc0cc987

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.ac

Filesize
40B

MD5
03a9ff4a4b6c90594c38ce4cd70acae9

SHA1
2afaf999ecdb842c6e40872fd221e71ed7bba3cc

SHA256
b0c41e351f01ffe22b41a75a78e2597fcb410fc624e45c6beb1090472e3c5f42

SHA512
4ccf606118ff7900219c975303e3d20d21bfdbd833dd7e4895dba3634f6ca913171e4ca3a67e168acc6d5b8ff932230e8f93e8098eacb6f2cba07b5be35ebddf

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.di

Filesize
340B

MD5
127786cd16c229527cb73d054d67a49e

SHA1
b75bf52c7611913abe4cdb82b0687fcb79904c5a

SHA256
804f282f89f7e6b132b0439e9c4f6ec0830186113da4c3501cabb4793956b747

SHA512
317ffa6618cd905916a655b4bc51ed92716d573175077a4748c525da1ebd6a147000c14c9d1977414facb87c281819b84db0214be3fb0e871271f2c0e843e275

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.di

Filesize
340B

MD5
579d1ddf9a9a0630d77f32801578fdfd

SHA1
563e67755caf160a8575638d24d4f5b6df3edd34

SHA256
4b885df4ee7fd9a84dce9a6e0df73ac3b5a6cccd51ebd59b0255c85b6b8f6f56

SHA512
360f0184c1abe6db108e4ce08d833beb1fdd92316f0cbf0c568712a32c5c65b8d88488d5227c46f0653c84b522d586ac2413415c6a2591ade6af891e87dda799

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.ic

Filesize
40B

MD5
d76694e688ae62fe241ab28b7d5a5c40

SHA1
1b737e67799c2e1a02bf5558dc8fb73d4105f3bb

SHA256
084d72c173a7fad9d031f6598b78c3db4061f946becdd377b3a7b9f511780600

SHA512
99c59854a10b71b65c651d71b77abf7fab6108bdda07fd8ad2baa65f9186217cac0e24953d9d69b1d173859cc789897e5c77c4401438cafb36803871ccdfe34f

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jglogs/.jg.ri

Filesize
314B

MD5
6ce15b9fb4ac82c74a667e3153c14cef

SHA1
0b0d27907d5e643591651f67403d13c12265c9e6

SHA256
02fdba838b20e10d838774fbc2ce6545ae9b2f669289b45a88a46aaf127b4d85

SHA512
b38be04bf8b3b9e4407d0cbd261392935e6f5d5b7e7da27e2e4b0a8cc14766fe5cdb8382c1a9bb734a857e4a0cfbec72930d1b9541372e0145e066aedeabe4ce

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.jiagu.lock

Filesize
27B

MD5
d1e6757e11ceb492385d7c08504110d7

SHA1
b291ab69239a9c315d81441a52e99652c548d8f3

SHA256
ace5ca1116f7b1fee0f520859b445f30109af4c9dec9b33934931b9495d40d56

SHA512
d6e6d352b2d2e791be24b72cce3777607df099def4a54221c689d8f36414e3ba09ae3ec0d2f3fae56b40bfd774f42d2f064507bf486e80f4aa7fc4cf1d79ce4d

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
7f38571a1993375acd015f9cc0061c00

SHA1
bccd2ae375722396fedc1ae88ff6a02028da7ab5

SHA256
ec34aa846731fad9f9d59893d9bb73e3483efc6b76c6aa33a747008b18bcd309

SHA512
03bc5e81b45861c6197393beed7f6f7c6896f1e8c710b3056825c32ca74913dbbfa7ae18b530bf0f5405151d601352bedeb492b227b0bfe8bffb4d4e87a43964

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/.umeng/exchangeIdentity.json

Filesize
206B

MD5
51221bfba5d3203eedfe8b202639caf3

SHA1
70993658f5f4c8764fbf96ea6287b02f86dd6c42

SHA256
678fac879cd4b53916c46998d67e97bb788d06d0306f43894f2dec31c2113bd9

SHA512
9cc1b683e1a3950bb8f5c7439cd228deb7a3414388c32625268809bd6f45fa5e442632dc28aa469e0838db604d67e57bfebfba6e26ddea64cfc85f5f660935f2

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/exid.dat

Filesize
71B

MD5
951c09a83ad9a14dc339712acc5578a0

SHA1
22006f9f3e069b500bc4300af4da678241097b10

SHA256
aefe0b4f48974599c3c0bec5611df9d5103c475ab1f9ce175fc064d71be7e597

SHA512
b64dbc318d97b3039f4fddf8c727de45f45a8514242b786c4507679b0a59eebbe1595fea575ea70b4e33202e2a167b18f1b1f522d61e0a689be737ac3c7fc8fe

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/exid.dat

Filesize
110B

MD5
e00a32a27aa7b800192cbb3be3b759ee

SHA1
57de6d8364811096aaeb8bcf40fd276418dee49e

SHA256
59016e05f48c3d6522db349f8f1c6ed75073fdc4d61cd76d33d3ed5e11366f77

SHA512
0aa51cfcaa800732e5994c338a257f367f8706cc4592d00e692a976be1540678f668d7abe9a623bd24c3d5989ab1645e532628e867c48389f24d67f19768d1aa

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/umeng_it.cache

Filesize
496B

MD5
166baf79fc2490600f2e816bba989ab7

SHA1
2271d525ffaf6f057a06c68b22f4f41231108bf2

SHA256
e4d012fff416e965c28c95015bc4154bd4e3ce091022728345a112a70c550cfd

SHA512
67c948959f24171183f37f4afe3bfbe86353719c44c982d031ee7c74c44afb3c94fed84747df6a9bfe47dd9382822ce2d1336380f78922ace8143ec312e9fd9a

Download Submit
/data/data/com.shengzhe.disan.xuetangparent/files/umeng_it.cache

Filesize
252B

MD5
187bdb2b1604b0e07274b6ae495f893e

SHA1
e4ac6120dc3c02fa5c0e052bee4cc2422cc1606f

SHA256
e04c7e8aded6c7cad4d7fc56f90e98cf884cf127ee304a18cb992728d7a6028c

SHA512
d0ce2c32e61cc77509a31a4b711202023240732300ba1a71b85f3bc0e894699d318b328594ad01b50716c80cfa0960c73e411ea25f70af2f9db0d656b6c39d74

Download Submit
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex

Filesize
6.8MB

MD5
adbcfd668e5abe001b3d6e2f18e816b7

SHA1
36ffb57a3c967682d55f4414ad99c6cdd29f4a54

SHA256
196be6a18e7e134b6d969d719fae97a57990ac68e39187e4872a67de10efdeed

SHA512
54182d41d96a272634895d945640cf90439c70e7be70d510f55c019bc12b76ce2da83900c4659330bb4211c4ab7272f738fa2dba17bfd3c53b70784e7d2cb2db

Download Submit
/data/user/0/com.shengzhe.disan.xuetangparent/.jiagu/classes.dex!classes2.dex

Filesize
6.2MB

MD5
bff184e2847ba3fd0ba668c5fa44cc98

SHA1
22b09fc86108e9275b5d3bf495114a3f3f057e6a

SHA256
4afbcd879caac19d9f80727b13fba42756d2866a06c109d75db6efe4d0065da6

SHA512
6c947aa7308e8570e17da6749fa139d41c43e04abdc3d55dd380f715482bf5ae3402464852a9311f72dc258111fc6b7df154b10a0f898bb39d9a42a1289844a6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
afe5b6fb05753b21c06aa98b2d7269c7

SHA1
29d76f2e41f99f7a69d380823253edc19230a023

SHA256
8c446498b6e86fa92c777d7391717a3bca64c7057cd30485458f6fc90ea8676e

SHA512
7e466fd9139a7796c7a26222ba7e00725c2d6bef644c60d9920c566a7e7e7af3e9a682d6a644ba35903d4a36e128dc6f2e66a8c8b5ce660594c8f987c118a240

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
74979666870a4f733fc2b70e2100a529

SHA1
25f99d3fc3867b5acc7ea3b05a5eed18566e7bd1

SHA256
062bd4ccb98080f7c7050eab761d553e07919d83d4d248fb259624bba9fac908

SHA512
7c83f205cc745609b579aca5be642a93406732cc9d8c2ba32ce057f3ed75aaad20b6b7e920b23329b126dc36a18ced23dc27442a1c0fd39cde3d871f1dfd5943

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
125611192e13e55a353cec87955128bf

SHA1
f6b92fcefd9215c335e517f5ba7857c2b0f4f24c

SHA256
6473d3a103a3efa1dec6ded5ba7526de0323a4773155523adba1512c886e9058

SHA512
4ef9686dcc84f9a8e3ba6312de204f285503bc2a4967fac4d62f4678d1f1a197a9f9bce0eca1cd5bcf14c95562c1a23123b7005b8b4b28cc6b2aca252e7bf8c8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
ab26cde698e92fa5f5047412d6938b80

SHA1
593f0a32b94b1ff6ad282fd57e5086c2f23c5142

SHA256
ab54e116b59987d3eca58a5daf26b0b0314f3b4ddeeee9558eefaee636f6388b

SHA512
bcbf457dd12a370bc47820eadaf0b163e386e1e317f978ca0e3a7ccb5dfbc4c6c0e36a991501dcf8aa09b88230b733ec8d580310b90111e01c03330037d33d27

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
f5e1b28a2f1d731dc09d261cf8f7ca8b

SHA1
115ceb8872a7ad61d95542a1378c647db3d5a89e

SHA256
ee97867877abee8b4fb07891030433d0150d0c06c0984f751334655f7b3c94f7

SHA512
7eb07aecab618de11c33c3bd5dc9e6b6f570231758944cb3fed27e9a9b5002a3d1f529a65f659f02f63b363364d2fe89d22a80911455c3da4f8c296c1313f6b9

Download Submit
/storage/emulated/0/Android/data/com.shengzhe.disan.xuetangparent/files/tbslog/tbslog.txt

Filesize
8KB

MD5
91750a32f9aacd3aee6426e6965e042f

SHA1
65676439abe5fb80dee60e47c30f15c52fdabb71

SHA256
2bbb68d4a83e71956f8442be8746fb526265c7e891bbe543d9d7a2c9987dd7a8

SHA512
f03b9e334f1bf66a8cf909c736b9fa9988235ba7c9dcfdd6879e239b9fb95939fdc7d0060b1005a57106955e555b050fca24aaa111b059740a2d4d0ce74d8b74

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads