Malware Analysis Report

2025-01-19 06:55

Sample ID 240523-gn5fxafg59
Target 69f62c4acc85312308cdba5e59b8ebec_JaffaCakes118
SHA256 dbe63111d70e15fae9048f49f7a6fe3a35bb25bafea71874d857e65e17f3ab28
Tags
discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dbe63111d70e15fae9048f49f7a6fe3a35bb25bafea71874d857e65e17f3ab28

Threat Level: Shows suspicious behavior

The file 69f62c4acc85312308cdba5e59b8ebec_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 05:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x64-20240514-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x86-arm-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 06:01

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

134s

Command Line

com.geihui.test

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.geihui.test

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 172.217.20.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 83a89e07c8213e33836824f6417d168d
SHA1 c4fc4ed18ca88477408e4262a5d254aa6a77ff3e
SHA256 385171e4f8e3d9a7a7da82109fa099b05436747d2fa3f348c4cc8856504f916c
SHA512 512346ab1dfd275a65a57899d89c6ba092389a925fa213d49d92a568a2924c5d4ce2826b0bbf34c8ee9941504201e58d692584808d6f33641d55e3b9a4be6d08

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 28b9af2972346e73f7cc71a621064768
SHA1 a2f08aa9cb6079d628acac01c66c3b9090f838d6
SHA256 4e93db99e81368bde3fe4569f2aa9c9a4ab448663efdfdc913f00e4cee45be49
SHA512 f8662daf123791c0563097028e52a5376e220cd09dbb3d1bd1eeb496f45ce535d8a6353f51a1ee6acc52fd857dbedc266434ee3e5f32ec997a192780fc2487fb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c80725388d8b8758754c78709146f7c5
SHA1 f9bef9942485d097985cd6a9d178f21a0e67e9cc
SHA256 e3eb44b3563858d8d4c4718828cc26fd47cdbe46f849ee486127c7e1597f4f54
SHA512 4051da287ad8e6b4c17fc5ba6f6d55d00c89239a39751beab879fcef9bfdb1b36af6c619029b8604cfcd7307d2ba9b035398c5eeb08b82a1aea28ae8407dab17

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 61b26ce18b91dd68181d39461429d280
SHA1 056123aaf56c2b126052d67dd1e4b4b3226d764a
SHA256 db2bb74fed0c9be8fb8fb315aa9db577934149b3dede4c22c243f0389b75aea9
SHA512 7d927b2f767d1799af04b16bcd284bb7783962217cbfceadf13c29c8a8a388640abfb372587c5dcdccfba33a7aa603dc353744959fb99d23ab0fb22f13ecf227

/data/data/com.geihui.test/app_SGLib/app_1716443894/main/libsgmainso-5.4.94.so.tmp.4293

MD5 e8203144f80c10f26ac159969d12bc0c
SHA1 a355ad3767b8f06bbdbd55f38f709d4b2bb867d1
SHA256 55a408c14eef4de4fc025f0945eb067f744cd9e86780ee9ca0ecc6ebcffb6a43
SHA512 4ee0b4400230817906a89f610a037598a926ef33fb903ff65f430ccfb7aa3c608a955e795723257a1c08a678a70957ee558a4d6d732e8093f625aa9ffcd0e010

/data/data/com.geihui.test/files/Q0VSVC5SU0EK.txt10c5

MD5 834ff06eb813e2050e462b30da839dba
SHA1 42d827c7e9c765f4c33ed1e6dccd532d1f35c8e5
SHA256 d66f225d37edbb247e9563cda5be29bd8feb146f9c43f0521b3dfa103acbd12d
SHA512 9f77204fbc88ec0e1e9808d676abc6f973815ac09bd4fbd106351b680ea1cece71fc21b3a21288dc3fd0b33d7312399fa70d953e334f6bc8179d062ede4d0896

/data/data/com.geihui.test/files/SGMANAGER_DATA2.tmp

MD5 97f339ad326cb62bbf8b433fba5e09d3
SHA1 15f0026855089f8d0d6c777048a81fa8855f2aac
SHA256 f56d4964135cfc0314fa540396eda6325336ecd074fe669df414e0ff920ad3d6
SHA512 d9819589b578530601946449d9cd77be4a4fe30123305e067edf96ab25a5333f2be6d3661344521e394a689dab0353df8ac06c347583d57991784dba6e0b0753

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 06:01

Platform

android-x64-arm64-20240514-en

Max time kernel

4s

Max time network

153s

Command Line

com.geihui.test

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.geihui.test

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 142.250.201.174:443 android.apis.google.com tcp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 142.250.179.104:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 www.google.com udp
FR 142.250.179.100:443 www.google.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e937e27799a179bd4b9149522a1fb9c8
SHA1 e0e8c133d6899c42b3fce6d95fc2899bd997634d
SHA256 c0503aa6f75fb028641491f1971f478df407e10d75bc4f9842791e7e6befb01d
SHA512 f16d8ee6d60dee6ce200908e0fde78cc394e17e78b73c4666ce9cffe22d8195b81356526b2af7c7fc96ae54e71106b5643c747bb936c468e3b1b7824f0df1f43

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 cf01cc66ea58b35cf9f4eae55e31107c
SHA1 d67043385c72c2988266cad71ffd4e4063741e40
SHA256 45e0c8229ae728c5a84537ca8b4fe1217cc51a10221405bdbead38a249df263c
SHA512 2af03e12cc0f840e9634705838547b7c8c6c50781f1ca864fbf598fb8e9189b14df2723f50b7c349846ecfe9cbb544874e707ea48cceaefda6dd939160d51cd1

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 027e372b12b2136fc87ab90e3773faae
SHA1 ac0c7ad4167e3ed3fed9bd12fd07c236039ac239
SHA256 81875e6b634d7ace1416e45dc883ec3b026577320f5d179378d50edcb1acae77
SHA512 2c5c8d15a5ef1ce6e7cc53e721eb42ec88627642592c3a95c7dbfc7cc564ddeadcecab9057f04f5cb19efa26965d3ded81951501cdf189203709260f8a5fc3ea

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2f104e6a2757a466989c6811ef041f63
SHA1 c00ad2245219e802a2382e3c6b84407c016d2bd7
SHA256 368f68a730d04be461e02e634f5eed8b70de3bbbd9d88341186d68c75ff98f13
SHA512 84c14f687fd78e10c6eab5260f045e797967c640b915fba7d6084f93c18939f5207c7812fffb3672ca46c594ae0ea8ab2b3444e9fa03ac13a307a0147d76043f

/data/user/0/com.geihui.test/app_SGLib/app_1716443896/main/libsgmainso-5.4.94.so.tmp.4614

MD5 e8203144f80c10f26ac159969d12bc0c
SHA1 a355ad3767b8f06bbdbd55f38f709d4b2bb867d1
SHA256 55a408c14eef4de4fc025f0945eb067f744cd9e86780ee9ca0ecc6ebcffb6a43
SHA512 4ee0b4400230817906a89f610a037598a926ef33fb903ff65f430ccfb7aa3c608a955e795723257a1c08a678a70957ee558a4d6d732e8093f625aa9ffcd0e010

/data/user/0/com.geihui.test/files/Q0VSVC5SU0EK.txt1206

MD5 992a886fd400d321f9f17757431191b6
SHA1 f9f9980b1d8f4baf48dd8767eb6db35b7d5f48f1
SHA256 1b085d65b1304549e4d85d67b37f114116a69b9d49ccf220347e9ef428de0ae5
SHA512 a0427605c9a077c67fc71eb56fb075863a12d533a77bae7f1f697c9e115b4b5c662c82c3cb2a819b586115d90177925a8530538de9caee37d004e4a135f30533

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x64-20240514-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x64-arm64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 06:01

Platform

android-x86-arm-20240514-en

Max time kernel

70s

Max time network

177s

Command Line

com.geihui

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.geihui/.jiagu/classes.dex N/A N/A
N/A /data/data/com.geihui/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.geihui/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.geihui/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.geihui/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.geihui

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.geihui/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.geihui/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
CN 203.107.1.97:443 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.213.78:443 android.apis.google.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.1:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp

Files

/data/data/com.geihui/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/com.geihui/.jiagu/classes.dex

MD5 65bfbb9bef7227caa4362e85cf491a78
SHA1 a3414050d34b8a4ac0cf92cb41881ff0b838c8ba
SHA256 2347d072fe3c5693cca670733c2cf301bfbcdb9e6e51466470f9f66042068e97
SHA512 9d1d00d481c4e4680a0cb410cc603f6ff195ce675f981070785fc5dede3ed784c94ee10981f1e42f0b084a6cc7983fdcbc216317f56408737966b0ee456cf125

/data/data/com.geihui/.jiagu/classes.dex!classes2.dex

MD5 f700257f7660d44033c43c5fcdaa129b
SHA1 9426819c9071a1ac066e6ec115df63bf8a3ab1c2
SHA256 3de074d617002c5c2f288c9315a0a4d7760fbdb16a449632d432f93d63cc72fc
SHA512 67c6056f087ff66d62e743847c5cc0ce8471e597b98d80858bff0cbd5e40079d42b152e42135042f2254998161526113906df2f0b3565b7fd7ddea0179852917

/data/data/com.geihui/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.geihui/files/.jglogs/.jg.ri

MD5 ff53b7234ffc88f6c472614fef0dd5c3
SHA1 1a2f088d672e528056aea7597efa07c04dbdd7e5
SHA256 3852d73dc431a6891fc7a4881e576a2836a6dbecbec089729ab2fada0ea80e65
SHA512 ee78d4d8c8f884fd7eebcf76fcc27f804bf4b5f677f7c0a5c0075328846fb82deb5b5c6641ceec65ed79bdfeb1fdc8a81c48908c2e450fbc7e0dfdfe12b94b00

/data/data/com.geihui/files/.jglogs/.jg.store.report_cf

MD5 3e77f937c351ba17bd2c0908c44789af
SHA1 ccf9476f04c46c28f5f735ad6575c90a3307eaea
SHA256 ac8be245fd6541d79145ae0b2d85d9da92649bde4bfbc7c96de68e7ebc1a353d
SHA512 0b14576986b9723b62780f18e6ede07e0df7735bffea91deae9504ecce090fc72e04cc67a4802336b10e7dc95769711784d7d7a7415965fb0889dfbb890aa84e

/data/data/com.geihui/files/.jglogs/.jg.store.report_pid

MD5 149ac96e799ac2bcecdd20d6465f6ec6
SHA1 3b2902244756bccaebd310afb5d1b98f7df70ac4
SHA256 61bfb30e3a357c0aca71be631c4f04368e752805a42f67c77bdf8d27472127ea
SHA512 697db8fe73db1afcd5980408d1aa6fd44aa083640890d1521da7753e3e506d012a7c2ef2bf3a19fe45c2fbc0872f4a4bc6afb2b898fecba2fedaa98b97487d78

/data/data/com.geihui/databases/MessageStore.db-journal

MD5 8af3200d725256550c182cce5722114d
SHA1 0a6ed9c6c13df83697d786486a0a9348277ec507
SHA256 d3ce2cac152052c8e22436b0950333bfc2077ab2904b097e974a5c9da843ad7c
SHA512 63674b0b30d3b35bd5c038c5326ccc58b70f7a813ef530e79944ea11d5b30b0876a21e6d06fb8e9a9fe5aafe9dd01a85e6a2cc3ae05baadd0619ac37be0c0c83

/data/data/com.geihui/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.geihui/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.geihui/databases/MessageStore.db-wal

MD5 8b1385b1585c12ddaa86a30b8050f276
SHA1 4039a2158eabbdeeaab4d1fc146f258d9c5e2a7e
SHA256 11a728f29144bcaac0ef1e83a6b5bbd110b0eb539e4fec6b1a26051e3c69b8a3
SHA512 bd2b8c5b5d1fc1435e0d512bf24c3bf831180100b1ca54547fca8021422bba8a9539173623d7460f4194490fb53882d8bac37b07cf4ae20f01a14ca608d425f9

/data/data/com.geihui/databases/MsgLogStore.db-journal

MD5 5d5e8b9f1b4183c4f9946c8ea4f7dc23
SHA1 3001a662050a27b7eaa36c8d937e6431ffc50a05
SHA256 630e6d95c3c9591edc91e91f5e51b90b30e979f66130a0e654774b637ce7f20e
SHA512 09be534f3f4c9035e50694c32644c5bc32ba9659a94d1d3fab7c4399940d265551d85446ac3c9866c2a8611986e733046dffb9d2106a9a159dbbe9221510d01f

/data/data/com.geihui/databases/MsgLogStore.db-wal

MD5 6a2b55d6f3f3a80fbc225823b9584487
SHA1 9c68b92d1c94bb9c8e0f550c877df94551f079c8
SHA256 a42f4827742a63712ca0a9ae04fc31d4bf46166bfb0d08489a4ad1624a5e7394
SHA512 deffe9a38660d81daf965b12afccf5762dc0456b63b266d5d12988cfb071f73f7fc7b97dd22ad071d71061bb9370b3955246597656511dd5409b4126df3e79a8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9ba592e1717969ccd883c2d71cb3597f
SHA1 a0453cd0323f3feb20083a40144350e9d9ba6a71
SHA256 96e61e956f59060d0851a565db00aca0d4bedac18cf8eb57cdabcceb58ca76df
SHA512 36c192664c0dddea342d9e7508e92c08f987ca692953c0fb6ba3bd8e5c2363f2508eed151ae558da326dc107a7eb8665b29b888ef4512d24712b353692f31763

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d74f255d32a02a305a266c122298780a
SHA1 5575d99695352c45c397265503f69186f547c282
SHA256 a720b7859c7535de84592d34264868a1434a32c5236f4f5e9dc6e9227832d5d0
SHA512 e0f16d98e06e182a18204404993fc7ccfb4468901c022e41f99e187ce9d0bda318c157da1e37feb3f4df9a49bdce95ab865b48331a44626de5be6eb1e28e305d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 341136873b6fa2a96130372c99c50012
SHA1 7c4be474fc593515459fd3176eaa61b26c7a3ae7
SHA256 67a08fcc48d77b394a9322a10ff3814d188b0e5299d9b47c0fc1304348c83617
SHA512 4d05872e9e96184782a79091377507765a56e0741c30843c208e870b75a330910a4a1e4111ae7250df8d0a482189c0328304e5da1f914ea59b795009d26b611a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7301eb35093bf0e5619b5db76517245c
SHA1 97915c54aea4c0b4fd04aae0df89a92ad796929c
SHA256 4a64cb21a7e946e03d62242f71ff39a10ab01aa4e5d35ec2972c6dfe76886ce2
SHA512 c3e62b6ab0169c704ff5b6aebe76fb82edc3dad2f2565d8e04828824413d95b56833b286d5d87300427f5bac23bca63c847922564e5b977ecb344d14afe746b9

/data/data/com.geihui/files/.jglogs/.jg.store.report_cf

MD5 813ebecc61429b4938db7a934f7bcc79
SHA1 0801212afed259d4066ff9c5920dde950836b5be
SHA256 80ecf8198934fcfd3bfb4368418d1445610ea38730b65e6724a82e468c83030d
SHA512 e3a909b05f67360e9fed5473ff9d588832179591451b72c0cd5eebbd7aa6590a4d4922f53c77b26daaacd976a65916d92e96bc3c6266d6d38412c1cd0abcfa1e

/data/data/com.geihui/files/.jglogs/.jg.ri

MD5 4b1c6eb5bc263571fc46c5ad6a59c72a
SHA1 be6d702b3efd517b5a4587184a3c8b4032a36b21
SHA256 ff3a0f4ae0d89095c50e48b57ce80f98a643704fe2f8eba4ec168b0231bda2e2
SHA512 769c0f92375e38f366faba26fea80e5da1df437e54fa0cf49723d1975a731c7a8a7b91d459fd7277132e85fb9871e3a8e4e84776539b2ad3fee58b410cdde1d7

/data/data/com.geihui/files/.jiagu.lock

MD5 374eecee6735d549e25da85825cd4c63
SHA1 5256e57fb3ca5ebcdf9ba318d73406e60112f0ac
SHA256 64614608e1af37cd623d7c9b8c36c0b90c8c2491eb988cd74028f3f58304fd36
SHA512 df5e2b5dede2bc46a12223987db35c60d5bb4432454b430ee5c74a828b2bfb32fa94d9a6da71629525daf6238fb3d73896766aed5e2c689d8899547d15b899f8

/data/data/com.geihui/files/.jglogs/.jg.rd

MD5 cd3eec14fc6619e01a52043c74616694
SHA1 c9f8fc56216cab2c6dad011c5c88b0e5b2e8c69c
SHA256 80a437862af20ae846dc2efe1f4fb6b262a464812c9678540328647e269e3955
SHA512 d5c3bf674c76064e98dc4f94738f60c9a6475320be9567cc4f1969578343d76f0ea69f2ed2372ffe82035265d6434174c55b6c73bfacadded53822974816f3df

/data/data/com.geihui/files/.jglogs/.jg.store.report_pid

MD5 685bad9f8f553772f8736d0a5daf117b
SHA1 8ecdc9f0eb27078f1764223580f26373f82373a3
SHA256 3eaa29be7ed8f99707c116f7d827380dd08b45e3ec4e0efa9ef90fad9a7dfe4d
SHA512 29367822298d1a1171bb479db4ccd88f252e826b73a09d4bcbdf5200c8417d417298e086e258c96aed02e32f12e459f6c080de72c73846a9530ae9e4a74fa11a

/data/data/com.geihui/files/.jglogs/.jg.pk.h

MD5 5ad9643aef7e9d01b6ab1ac4a50935a7
SHA1 0ec57dc35c54ae1d6087b266c3adae73e59a24f2
SHA256 ab695849e9ed9e19a921fcdbd029598b9d4fabec753ef1cf33ec08fdc9963e3c
SHA512 5d599aaee3477decedf7f78952d1905bac1a4a128e18f7ec12caa2ae72488571a28d6f343c3179101721a04313b9ab2af9ff2ded069c0c5834c43e5c77f79094

/data/data/com.geihui/files/.jglogs/.jg.pk

MD5 6da5074640c97b465be6d0d0df9cc15c
SHA1 d98eb885fdc1e118641eaa7f2cbc754a7707cb7a
SHA256 f85df0d4221d2b56d3a3535ceab84aa9187fd9fbdfd95e2251247e3f9b41cebb
SHA512 f0dc25c3499292b762012c25796f9873dfe7dc4c0f3095ed3d975ab75c2a2f49ffca6b69e955c65af5739ab762dc9bf9a0d427072ef3a50bfcd5229e23bb3448

/data/data/com.geihui/files/.jglogs/.jg.ac

MD5 df7edf13c89a02b0fd9d839ea6bd1c2b
SHA1 9210b731016dcb0b21d14b36ebd548d7310e759e
SHA256 7d88ef7c24e3c1e598d401cb8221102b91de29b1a3d661970c2c7a4502b86457
SHA512 52bc8b7a36e65806d8ae7cadb144d9de8fe6b7c923640d16fb5560db0fb7b23f678bb936d95d8e5062f1df4448f95156a0177b614f060cbc225f0a7415b0401e

/data/data/com.geihui/files/.jglogs/.jg.ic

MD5 cb8d87d1a6b391b4daf8616d8413536d
SHA1 e116aafb38a9e70d1c3a52185ce87ec59b65a95e
SHA256 83ed72f755d629cc54ae208fde4b93577ac6e33eae898630044f1045368e6d60
SHA512 be2267254f0353f1335921d689f0783555a69f2dc008b785aabc050847558335d503117204e0bace0c50d580ce3f68ca14b288353f2ec30df4872c049960dc64

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 06:01

Platform

android-x64-20240514-en

Max time kernel

72s

Max time network

177s

Command Line

com.geihui

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.geihui/.jiagu/classes.dex N/A N/A
N/A /data/data/com.geihui/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.geihui

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 172.217.20.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 142.250.179.72:443 ssl.google-analytics.com tcp
GB 216.58.204.74:443 tcp
CN 203.107.1.97:443 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.10:443 tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.1:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
CN 203.107.1.100:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp

Files

/data/data/com.geihui/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/com.geihui/.jiagu/classes.dex

MD5 65bfbb9bef7227caa4362e85cf491a78
SHA1 a3414050d34b8a4ac0cf92cb41881ff0b838c8ba
SHA256 2347d072fe3c5693cca670733c2cf301bfbcdb9e6e51466470f9f66042068e97
SHA512 9d1d00d481c4e4680a0cb410cc603f6ff195ce675f981070785fc5dede3ed784c94ee10981f1e42f0b084a6cc7983fdcbc216317f56408737966b0ee456cf125

/data/data/com.geihui/.jiagu/classes.dex!classes2.dex

MD5 f700257f7660d44033c43c5fcdaa129b
SHA1 9426819c9071a1ac066e6ec115df63bf8a3ab1c2
SHA256 3de074d617002c5c2f288c9315a0a4d7760fbdb16a449632d432f93d63cc72fc
SHA512 67c6056f087ff66d62e743847c5cc0ce8471e597b98d80858bff0cbd5e40079d42b152e42135042f2254998161526113906df2f0b3565b7fd7ddea0179852917

/data/data/com.geihui/files/.jglogs/.jg.ri

MD5 ff53b7234ffc88f6c472614fef0dd5c3
SHA1 1a2f088d672e528056aea7597efa07c04dbdd7e5
SHA256 3852d73dc431a6891fc7a4881e576a2836a6dbecbec089729ab2fada0ea80e65
SHA512 ee78d4d8c8f884fd7eebcf76fcc27f804bf4b5f677f7c0a5c0075328846fb82deb5b5c6641ceec65ed79bdfeb1fdc8a81c48908c2e450fbc7e0dfdfe12b94b00

/data/data/com.geihui/files/.jglogs/.jg.store.report_cf

MD5 3e77f937c351ba17bd2c0908c44789af
SHA1 ccf9476f04c46c28f5f735ad6575c90a3307eaea
SHA256 ac8be245fd6541d79145ae0b2d85d9da92649bde4bfbc7c96de68e7ebc1a353d
SHA512 0b14576986b9723b62780f18e6ede07e0df7735bffea91deae9504ecce090fc72e04cc67a4802336b10e7dc95769711784d7d7a7415965fb0889dfbb890aa84e

/data/data/com.geihui/files/.jglogs/.jg.store.report_pid

MD5 149ac96e799ac2bcecdd20d6465f6ec6
SHA1 3b2902244756bccaebd310afb5d1b98f7df70ac4
SHA256 61bfb30e3a357c0aca71be631c4f04368e752805a42f67c77bdf8d27472127ea
SHA512 697db8fe73db1afcd5980408d1aa6fd44aa083640890d1521da7753e3e506d012a7c2ef2bf3a19fe45c2fbc0872f4a4bc6afb2b898fecba2fedaa98b97487d78

/data/data/com.geihui/databases/MessageStore.db-journal

MD5 c702eb7084938e274c986d29959e58a3
SHA1 fcf5a1d046633c004ceab39204d5648e9de96618
SHA256 aa09b35e1b9d3736f9dadcb557be5472599115d62c9c9f70041c25e2a9f827b8
SHA512 a6c05667d49a2f9e3b62d9fa0c60c99fe553f1bd925d2e9e8b54a25d91ada398cc96029a5289cfd7877d355199f39a1f9a1ae9472745b089c62975b2716aafb1

/data/data/com.geihui/databases/MessageStore.db

MD5 15669eb47bb19111cb64fa7508b227d7
SHA1 c7585424afeb0fc7051697b771eb3d81e0e3aae3
SHA256 ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071
SHA512 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

/data/data/com.geihui/databases/MessageStore.db-journal

MD5 4eadc4fbef3637e4c5641813d8337122
SHA1 33f8d24e0f5496b70db0c0cfcc5c9a7039f8c28a
SHA256 92f52efbc27edffdcbc2ca4266e01ae50797ca71673f110e605a58083ea332a2
SHA512 bd8b99139e80819aeffc7b86d5854d9b160a386d3d2486caa998472cbcfd0d4586fb2751cd8f4106da6eef6ada633f704c4c1c7c13561a85f31f139d0f8bfd9f

/data/data/com.geihui/databases/MessageStore.db-journal

MD5 849a6ea01f75ef1c93b73e283d3c679e
SHA1 c8b0fd59357f60b9cfdba51d4d10a0f3f6cdea8d
SHA256 26cd4a7e2667d457a63cf317d19d96bf78e3e201f9392b2d024ce1f83325080f
SHA512 7141d6d663e8b25d76c3858f53e87cf9a5ab21141fabed81a616ec2a7c97e61d86e1e9a873030d533bbaf5b526ca2d16c9d9f23eafc9fb07539a5c15ddde57fb

/data/data/com.geihui/databases/MsgLogStore.db-journal

MD5 b43482eb6bb6ffe58fe66ff7a404a766
SHA1 4605e656ea860c58f012cf8c057ad386c0ed99d3
SHA256 911e0d258e7223d95db71e05c245bfef466cbfc39e91db9821152921b29e5e74
SHA512 1c9674ec2fa8bf96d5d0fcb4bcdf4ddbf1a7417db549352d53b464c06e0ce36eddd5cb3f1f880465d88c20d7046f8b961086743f5f4768c26df5584b1a30add7

/data/data/com.geihui/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.geihui/databases/MsgLogStore.db-journal

MD5 91b1693b2daa82a5898a8091bf5b69b1
SHA1 f2d9ffa62b60eb7809ec2661a2f1df5186c5cdc5
SHA256 660ba7e1340bbb8cb28fb1889f734915eda2b77eb12c48e32bacd695365beb04
SHA512 cdbfc25b8e68094b88e4e6e0a1dc751dbb9ab8ce26904fed65fe70994b81d738c092b1b0e3776779c4177d143fec53ae4fecc0f9ceeda08953345430f60d38a1

/data/data/com.geihui/databases/MsgLogStore.db-journal

MD5 6cf5972daad3605a34d26b325dac4664
SHA1 5a99119b106412a8ea70c516af1f92c012975c60
SHA256 a0cda5e2e3ad59b1f99a292b7627d4eaf237b59e6cd743a368266974f9cf346f
SHA512 3a0c891f8111ff64312e52c27fb1cc523c35018c3279765320c42429bf651ba561f35cf3963eb2c95a6d38d00b58e2064920b46b9e898696993003062cc91d5b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 008360ad9307d715a9eb2a37a67f995d
SHA1 15c5afa6c72e526b3943d05063097446e2fbbdc5
SHA256 828ea08cb42bc6c8ee2e339ffe0b42cb808ddb195d79d9e57008b04fe3edfac4
SHA512 13bb1c2447c28304ed29f09abdb7861dc9ff471c5e59306c35fbfbd3e8741204944e3fdfc654a842f95158ec5e51ed2dc915fefb78350ea1f572914dd1a490ac

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a1a68a583e545d679ffa5c272d3fe39a
SHA1 81eeb4f3e88bfae1e6b2ba02739fafc97cc3e7d9
SHA256 77e79044077b1047f3d60ae71d23efadccfc42469b01196177722aa0ea347b85
SHA512 59c4233f0c2fc7f4e8bf979c23798902faa551c746c0531f61e8f78cfeafe450d4474f839a979f6d110555a8baaafe5df0bf0bf238c82df7fb38fa214371120c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c49c2eaeaf1ce01512a38588a3d42742
SHA1 2e1f9d41c4b8bdf016b470f2ca27c7f0e62ad1d5
SHA256 5ff8ad1759b5a62b38974139eebcbd86ff6439efb736abb7f92c5f4b9d97dfb8
SHA512 cfbc01064447bdf0633c4d3983941cffb7f5cc083f147342c829064a931a09546e66f3de06fce1b1ed1eff69c49f469d713c117b7b76ba975c7096bf25eff6ee

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 103a91da227379a3c67021423dbc31bf
SHA1 0238d0911e61812d6bfcacd9017b37bc57722103
SHA256 5ecebc74f5673505baf7cbdb8e4cfa3a88e3d9d119401e05ab5fb2a11ca87cf3
SHA512 af541c8844d402761f022858cf55824acfb7696af569c50d66002b53ccda207e8e9d3490e8cb86923aad0e3da9db159ff0771811104928ac6625f76d9c94f6b4

/data/data/com.geihui/files/.jglogs/.jg.store.report_cf

MD5 813ebecc61429b4938db7a934f7bcc79
SHA1 0801212afed259d4066ff9c5920dde950836b5be
SHA256 80ecf8198934fcfd3bfb4368418d1445610ea38730b65e6724a82e468c83030d
SHA512 e3a909b05f67360e9fed5473ff9d588832179591451b72c0cd5eebbd7aa6590a4d4922f53c77b26daaacd976a65916d92e96bc3c6266d6d38412c1cd0abcfa1e

/data/data/com.geihui/files/.jglogs/.jg.ri

MD5 135978604c95015d04ce5cb74d933080
SHA1 ad1189ca2d7f406d7aa64ff20f63fc9e4baa6cb2
SHA256 838dc932f31967d727ef629230930c8ae8deaf44726d41dbcab57f3f69eb4731
SHA512 e8740dae25e6b0c47d0f885f937bda8bb6229603b7548581cc606bde70038e6341861793e98f155330cfeb810d46144e547d576663f0f379e7db5c42173aedfc

/data/data/com.geihui/files/.jiagu.lock

MD5 da58af4bc92bcd86733ef8c848e03f9a
SHA1 50ca198fac28dff6004fda1dfd55398fbf877d21
SHA256 6223a080ea1e4023c5d88979dd01341de5b19e3819c2e944289de116170a3be2
SHA512 1d7ddf2f3d5c74d84ec70b88a6fea897318e689af81c57884a5de9ae7e1d3ad828246db0f85910cbca6498363b88e464a35b8dab67e17dfd2abb7890b3a928f6

/data/data/com.geihui/files/.jglogs/.jg.rd

MD5 58f9900d84650549fb0233e8f3bf6b54
SHA1 86454f2f8b6dd6de7674c0e7c677d3ad361926d3
SHA256 400a7624d8bc1ebd39954cf85da8fcabd0c955c6894d67385d7c89c7f7a6f20f
SHA512 b23e1dabe41dd07b7541c9f400e7a0b6a93e28997f00525329f88217186dd3906b3e8b92757f5de407160dd7e2109b120c51658046705e74e3b8e1f6f7e64a46

/data/data/com.geihui/files/.jglogs/.jg.store.report_pid

MD5 685bad9f8f553772f8736d0a5daf117b
SHA1 8ecdc9f0eb27078f1764223580f26373f82373a3
SHA256 3eaa29be7ed8f99707c116f7d827380dd08b45e3ec4e0efa9ef90fad9a7dfe4d
SHA512 29367822298d1a1171bb479db4ccd88f252e826b73a09d4bcbdf5200c8417d417298e086e258c96aed02e32f12e459f6c080de72c73846a9530ae9e4a74fa11a

/data/data/com.geihui/files/.jglogs/.jg.pk.h

MD5 5ad9643aef7e9d01b6ab1ac4a50935a7
SHA1 0ec57dc35c54ae1d6087b266c3adae73e59a24f2
SHA256 ab695849e9ed9e19a921fcdbd029598b9d4fabec753ef1cf33ec08fdc9963e3c
SHA512 5d599aaee3477decedf7f78952d1905bac1a4a128e18f7ec12caa2ae72488571a28d6f343c3179101721a04313b9ab2af9ff2ded069c0c5834c43e5c77f79094

/data/data/com.geihui/files/.jglogs/.jg.pk

MD5 6da5074640c97b465be6d0d0df9cc15c
SHA1 d98eb885fdc1e118641eaa7f2cbc754a7707cb7a
SHA256 f85df0d4221d2b56d3a3535ceab84aa9187fd9fbdfd95e2251247e3f9b41cebb
SHA512 f0dc25c3499292b762012c25796f9873dfe7dc4c0f3095ed3d975ab75c2a2f49ffca6b69e955c65af5739ab762dc9bf9a0d427072ef3a50bfcd5229e23bb3448

/data/data/com.geihui/files/.jglogs/.jg.ac

MD5 df7edf13c89a02b0fd9d839ea6bd1c2b
SHA1 9210b731016dcb0b21d14b36ebd548d7310e759e
SHA256 7d88ef7c24e3c1e598d401cb8221102b91de29b1a3d661970c2c7a4502b86457
SHA512 52bc8b7a36e65806d8ae7cadb144d9de8fe6b7c923640d16fb5560db0fb7b23f678bb936d95d8e5062f1df4448f95156a0177b614f060cbc225f0a7415b0401e

/data/data/com.geihui/files/.jglogs/.jg.ic

MD5 cb8d87d1a6b391b4daf8616d8413536d
SHA1 e116aafb38a9e70d1c3a52185ce87ec59b65a95e
SHA256 83ed72f755d629cc54ae208fde4b93577ac6e33eae898630044f1045368e6d60
SHA512 be2267254f0353f1335921d689f0783555a69f2dc008b785aabc050847558335d503117204e0bace0c50d580ce3f68ca14b288353f2ec30df4872c049960dc64

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x86-arm-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-23 05:58

Reported

2024-05-23 05:58

Platform

android-x64-arm64-20240514-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A