Malware Analysis Report

2024-09-09 16:15

Sample ID 240524-pc65csab4v
Target 6e7a2ce4e84d3902614490971e3cd58e_JaffaCakes118
SHA256 89045f7c687bd704e7c06e065bb0c2371bbadbc9a702b2c75944cdcbbcf153ad
Tags
irata banker discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

89045f7c687bd704e7c06e065bb0c2371bbadbc9a702b2c75944cdcbbcf153ad

Threat Level: Known bad

The file 6e7a2ce4e84d3902614490971e3cd58e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker discovery evasion impact persistence

Irata payload

Irata family

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks memory information

Queries information about running processes on the device

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Reads information about phone network operator.

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-24 12:12

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-24 12:12

Reported

2024-05-24 13:41

Platform

android-x86-arm-20240514-en

Max time kernel

178s

Max time network

191s

Command Line

com.jovetech.CloudSee.temp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jovetech.CloudSee.temp

com.spiny.ma.widerouter

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 hx.beilamusi.com udp
US 1.1.1.1:53 t.hypers.com.cn udp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 1.1.1.1:53 int.dpool.sina.com.cn udp
US 1.1.1.1:53 www.jovetech.com udp
N/A 10.79.217.129:80 int.dpool.sina.com.cn tcp
US 172.233.148.133:80 www.jovetech.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.cloudseetech.com udp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 1.1.1.1:53 octopus.cloudseetech.com udp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 47.254.93.223:35553 octopus.cloudseeplus.com tcp
US 1.1.1.1:53 xwmediasvr.cloudsee.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.afdvr.com udp
US 172.233.148.217:8090 www.afdvr.com tcp
US 47.254.23.195:35553 47.254.23.195 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.jpigjqg.com udp
US 172.233.148.133:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.99yesrs.com udp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.myseld.com udp
US 172.233.148.133:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.malinian.com udp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.quanburen.com udp
US 1.1.1.1:53 t.hypers.com.cn udp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.afdvr.com tcp
US 172.233.148.133:80 www.afdvr.com tcp

Files

/storage/emulated/0/Android/data/com.jovetech.CloudSee.temp/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.jovetech.CloudSee.temp/files/login_guide_video.mp4

MD5 cc900eb425262c17bbbbb45e7eada97b
SHA1 fd5161ea13d197b1f3e729ce76c2883c5ccd0ee5
SHA256 d9f529e466d69f86bd46a22d333054f7170896fbfb5468b77b787998e72c3de4
SHA512 a1c2d254ba932d66d1209d6310b4aa345e660c79db183549489c84e08eba1e75caf9d0a8b6e9e2d1653d7c4ca8c15114f31199820e4259066f1807138252d83e

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-journal

MD5 fdcfc6153ec55ed15e8b80ed4b256ac5
SHA1 bab856e28a9528c4a28e008c3b0e9ecced3ba368
SHA256 d38a0b9c5e8033f0a3f4ef399ff7313657130dcfe7b65029ee64ae89af81f159
SHA512 a5877341241cb9cfaf3ebcf188a3a89d5d65185d6b161b911cad95c314dc7ea8121384f08ce0393a44b000c5a3f921f7a36537685f230a0a2608e3056bbd6283

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-wal

MD5 3f5c3adbeaf33863ddacbeaba2dc5ff0
SHA1 5b2ec0326a9d9554cd916b10de092a1706aa419c
SHA256 c41fbba9d6fd49e09984695089ea2a316ea1d8d6b891f26314c2269c52965a9c
SHA512 ed1c2430025806fce2b6f7cbaf9e6314888e74ed4c366f67193f285ff9715cffb415485b4757cd16d2386ac117ff301bddcede4be7d75fcf2a673318385030ac

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 dc3b9068b0dc013229a6e540c984c172
SHA1 a52ff23a2979aa199402614a8f06044c2afca2b1
SHA256 64bd613735aa0406ea5570d16558e01128dbdbe6f9dd7f6da6cdbb6e808be063
SHA512 db438d0074bc2fd3a479dbca8e44fa4a9aee9f91ba38aa7866ba2184cc4d5f88c9d8b7e363fad608e48cb1697f03f48ef1290514e6db2d3d05118a5af31dbdd1

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 e35a1307da0ee76abdb19fad3ede2f42
SHA1 7cc3a3fbf2e5513e1cde12d27c8ed37945a1315b
SHA256 bd391166ed553f1d19ec8367b8e16c0177d7a2089b04eef1e2693c8c0a1550b3
SHA512 2dfbca20dfb83bae42f05763a0d0405aa0b0637709b0a9110ca4d39d6631b2b9b57f261e1f92316acf9ff9f9599c28b5e0681a12a7f1f2b8c59c72d05a205a58

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 478e0e6a5690e46ae6fa2ebf362f44ec
SHA1 c6f009565825aabf5f05be817c6975d775468f10
SHA256 2cfd33eef0e167a1a58a3ccf18446cf02084713f7b6d1d8ab11469908f2e1884
SHA512 14e475ae793f90ce2057f2eb1921a1fcb9a652b5f92b7d76513b568c11e42624fc78599f3c54989daec51c474d3b9e4e9a30f63ee4fc271e6787d39c2f03dae5

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 455f2ae5ccca32edb4e4e9c9d6235693
SHA1 c156f49ca63da4ccd180da1f36851173a79cdf35
SHA256 eb70ee914c7811eac17bf1562f34c9ef7889ba128a51c21020c017204cf320e5
SHA512 6dab9ad1d65013f28a3eea8fb5cfa78281d21d737479ed125b51e7ea8774f23fa91dc11c1840405f32b8da47aeb3d827a2e66d9ffbad53d40a7c2d13bc8ea99e

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 6c75c88a4690d5918ac616ba288fdc66
SHA1 0dec0e62d8b9370393c8e47e39675f9b1190217b
SHA256 6b004897eff736d0c0379a55fbfb2ba233a03d350392f0ebd1d36c559e7e2c05
SHA512 5a8c72b1a01c93bbbaaa22b6ee6a683a8a656ab7ae342047d1d10a104822149293c7205e9f2dca5bbbb511f66bcd42c338b88421846d6393914b3f0fe5bdcd05

/storage/emulated/0/CloudSEE/log_cloud/2024-05-24.txt

MD5 5491cc2dee881ba6979bc70d51e19cb8
SHA1 d8d727ee5fb334f1a9998c78ee1f6922494fef8b
SHA256 413e5f766eb38e05e66bee9aef01414d2967f06fe9c4e61b25dc83ac2a43d22a
SHA512 220a3733a535507e2e0ce1e40473362c5696ea1913027b22c0da272238e28d81f81803b6b79fb340f05220b3dcf737a3da3b32f53ac3f9b52669b0f0924217e0

/data/data/com.jovetech.CloudSee.temp/databases/pri_tencent_analysis.db_com.jovetech.CloudSee.temp-journal

MD5 587b7d8a20d64212d6ea0fb42bc2eb69
SHA1 de9f44f570d91d1a92e1a5fe5c22143c7b4ad8dc
SHA256 e6dc2c0c5d372985c8130f09c4ce884392233603871a0b67b907d13d975a6b83
SHA512 252ac3e0e9dbf72f82676b28825c58da913906b6c02340bb92fc6252ded9938e6dab22979d9ecd1b22072771aec7fb08b4caf7ba7cf3fdeaabe73e24c1a6a62b

/storage/emulated/0/CloudSEE/log_cloud/dl.log

MD5 b9a069212e0e66d296a4d6a14cb5a9b8
SHA1 dfa8f5118678e28d695fbbcf9d2fb77e8ebb66fa
SHA256 c903489d516453d6cfd729b9f86ed244de43159358d9bf516e94618d51751636
SHA512 a2cde561aa7eaa8949df445db8624a2d3ac85a81055ecb93379f22e870205965a8f6d40927cdf5bd5456e9c84ebb4ada7408524452122af658c1c9e1ee64e200

/data/data/com.jovetech.CloudSee.temp/databases/pri_tencent_analysis.db_com.jovetech.CloudSee.temp-wal

MD5 6493a8c433a09fab59bb75fb46f760f2
SHA1 856895222447ca104577242c328589607e4f9cf2
SHA256 a307b607b7a16652850276f5741bbc163411a9fc6d41298f924e2fbf5188717d
SHA512 b7f711efd148b3de52bf7f238e705d3d13a838d124194d2cefdec6e3fb033398e0b629825d2b79f38f32f299a78c6779ca1b5f23a90a0ed0f496159fb567ce5c

/storage/emulated/0/CloudSEE/log_cloud/css_cache

MD5 44d63a302181320e146a447321b5ae89
SHA1 9923c94d960719f322d57d5827214ea4ae3cc5d4
SHA256 f21e1ee4d6665aec8560c6b3fcc15085441bcefd8941ffd8511c07f1423ff61b
SHA512 8380a609593f327288a6789037a46accd1f445ee442f377cc87b63daf8c7b255afee8a90e51fb578dc444954df3404551e4073db088c02a083f286d41dafea2a

/storage/emulated/0/CloudSEE/log_cloud/yst_connect_log_20240524.txt

MD5 0b8b7b2cd618a08663e64e7b8b311e15
SHA1 997505050c34ebb90b06493766764037bb79b5e6
SHA256 2cb4f310a9c05801c59884313e52b4319bad99c77a4601f10f10226b767de3b8
SHA512 62c1eb7b7cbeb7b98a4d8d8deddb48aad9943f245f3779788db7a3f1fd1470087b98d3622a4e0b2664cc26b31b04fcd25dfcb1ab2b09cb8922defa3340af193e

/storage/emulated/0/CloudSEE/log_cloud/A_index.dat

MD5 96ec69eef4fe04cda7eb0dbbcfabcb8c
SHA1 60e1e6ab3d3c017159f2550966389d5de33bca1b
SHA256 83cde305e37ad1deb17d86f23a39bd2434d6719e30b307adebe5a189a78ff6fb
SHA512 a8bc5a95767b3cadba530f1a5c6201519a6df25a969f86bfca1a46a86641f8bce1d2983f51322314bae5aa841d1db774adf1093a5a3464e0d64eb94b1269ac7b

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-journal

MD5 bd5d0082538de1d916e3ba4249fa08f5
SHA1 c3f574a756d99f2ed5d49ed04ac59c435cfe6520
SHA256 98d46b01c25f1257fb0dc9a4a63b5851729bbc8a84dd8a314a3162ea14051c69
SHA512 a5fda9cbe0103f2df337becf1612f3392954e771cf113d82d1d9b1e647b9965ce096450c8586940b326bc2e96499dc19439e41933f156d84fcf7625fd1041c13

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 ff8a465bc3689b7379b63709a5145b86
SHA1 9c99edc81f21760e48f60cc02244e73eb3ab5316
SHA256 901ad3226270ecd30068eb63cf4301bd5e84c7d7fd648af2222d983234f632a0
SHA512 12fc4b839264f07f6966d214807ca62e9f216a4266870de7bb661c887f53cd165d11c66a2a47fe847321caf5f302af6541dd07848fce9c8cab93f77be9023d42

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 55a035740452456fb52e301d018163b0
SHA1 803b21bfebeb8e0fcc322582a74c0bca7a4009b2
SHA256 53bf0f2cdadc7748fbc1e5efbd546bf1c8477ba6f95fdf7902b8195108aea5ad
SHA512 de9d7c0b4f344c7cc83e8781a66bc263bfde2f505ab2dc6dc4f4b4c78b8916e06cec284904707395a928bfbc6b6a36b1759233c8bd89d5c0baa5415c3cb45727

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 4b473d9bc0ae83ac0a44c8d94ee770d9
SHA1 7b5554649ef2b81ddb37c1fef11c7f315e5dfe3c
SHA256 374b47cfdf3a259e7ace2db31188da528d34e4a00c0a73ccef3419bc91fd19f8
SHA512 2dcf0672e3b66718b493f740742df905979f05b682e9687033c6b6be627f8ee2dfbccf7ef4d4788a8a9f775239dbdca8c6d94c654c8e509657f5fd5efbe179d5

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 4c80130c2701cea370fc926e780e633e
SHA1 8405b02abf48b365bf48dd8af2823bc969308574
SHA256 15f966982746ab2abe9ef96bdf567d2b706796e0042f5e314dde5291394fb4ca
SHA512 467b6e793fd47c3286b151d583a70b7e70c522cb86c2945944fac1a39cafdb151c1a28f4e60b6155fe63994604e15f76f6f0aacb03e3ad30c43369a2c30d0232

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 3be6d6e9da67be5b0e51d85b9147ea44
SHA1 969f4bddf55dc00c0d327515bfbb3991e4c2299c
SHA256 532012ed884dced4094880cc56e5100aa157dd984c1221920692b6bdecfc8446
SHA512 338fb0055d03d7bc2d9e68d25ae43c04dff3357dd51777667b699e032913640c158a704320b78b26615ddad50db5365e84209c5c32f06b61940b950b56e5d515

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 ae50935fc98b4522e0905c952fec25e7
SHA1 e6f38cc70fbc3998cdcb3d0687c5ded00e52c57f
SHA256 c2a0ce180b7dbbe6fa4c7c01637e32a6edb5a0df708e1d065085caf5407242ff
SHA512 5a7c2fda762c13ea0651f2be0f4592805b83bb5eac191800a817ed70de76d74fe000fc422b500e4e47f5bea39e70db0ec8892563c1ac3e4b35f2bc64f5b1277b

/storage/emulated/0/CloudSEE/log_cloud/A_yst.dat

MD5 d52328159d40f287fad5b08a3f77aea0
SHA1 04295973e685bf2cc031df99acb4204093fefd15
SHA256 dbec904ed2ad1756e8d468a35b4c7344c8401346005a6e1390abad64357a8318
SHA512 94a647eff08b7c9b5630bbb25515a5a2fcd8c97d75b2acdc5c046f9800195ffe45dc1a7a64e8a5fd21b3ebd8185a307221b47116a3ef1941a7f992ce22d06b2f

/storage/emulated/0/CloudSEE/log_cloud/B_yst.dat

MD5 972aa3e942f0cca4c4efd9dab978dfe8
SHA1 c6faae3aeec9ae5650a7decd932ca76edf647505
SHA256 d88ef8a8e5659ea38dee587780ef25d515d58910a2f6743a47fc3c81e37fafba
SHA512 3bd7e64a64d86bf474a686845f3ad93113e2317b6e395200b4e18bb1ce2ea67fdcb29b14cb29f81a94ab7d84dd5c377fbd62d8d86d67fae6b029a2e1da71dd4b

/storage/emulated/0/CloudSEE/log_cloud/S_yst.dat

MD5 f0ce11a35f0bcf1a7207e854512ed68d
SHA1 e47e024165b7f8a48e77cb253e1b502050b4b208
SHA256 73c6aca2c9cba7b3f6d1dfe9d933d0a832fa8e54f9fb17ed33ead46084d891df
SHA512 1ac9ed426fcb1f49af8a1029043fc2fb365bf45f725ad09e50bb162bb1a50bb0ae6dc2b33465bcec791810996b811da26eb6bdac6e791d89dc80779390b30015

/storage/emulated/0/CloudSEE/log_cloud/SC_yst.dat

MD5 b7e00a0a7607fd25626807581e269b1b
SHA1 3be37d8ebda4a93c3b4c85b7e1185f0b8caf3801
SHA256 495adc5eb4bc69f3cba964aab12c8a4fb59173fb9b07ce7b6ba8d50bf2aceb57
SHA512 49aeeec05e697f9fa0ec461e6599aeeecc266e6903c6589b7d5ce5243426fef443e5d4ef05c4c2cb38e5348dd439672ef4e6063aca0faf305396678740074bad

/storage/emulated/0/CloudSEE/log_cloud/SD_yst.dat

MD5 8d501032f2a737ead767b47ef349bc12
SHA1 057aed8d9123459911eba655eceebaaa177a9111
SHA256 d730b29223e1ce9a4b09abc8c20febfbbaea497f7cf649cff6df2495ba78945a
SHA512 7407da024025cd734676838576d4ad2acab0487e27543c117522d914a0efa8d7304871acc1eadcbc42775f06febbda05d2590c4c6a4b7353f33075417ce8d422

/storage/emulated/0/CloudSEE/log_cloud/SE_yst.dat

MD5 6b81d6b4add127e8ce151364d174a9e0
SHA1 29d21797f0d2f08e9ec4f9868319e72335fff0fe
SHA256 5910486ea88ba324955b97b06d825860671522857a8702ccf14beb65ccb19f5e
SHA512 3336fffe6bc329766a1c4366d461dba9feed6841c1c033c9c0de6249550e4355dc02915c1e7e7ffc5288e2558dbf8addddf23b17cdac00a0904f0bb581a08b07

/storage/emulated/0/CloudSEE/log_cloud/SF_yst.dat

MD5 8689b2b3b03512ae64a38dabb9e53431
SHA1 f74240c7e15f3d7b3ae235e1eaef8b928e6de517
SHA256 2ada6f28b0cd386731f470728548619246541d38bc6a7e64e6235232e09ad5c9
SHA512 ee596d46bb69982576a75220a2e6f647d50fd15df9cb7f097d45973d026486f5ce23c54c55f992392b9520f9ce7ba3a09ef53721e54f1d89131f1576ac022236

/storage/emulated/0/CloudSEE/log_cloud/SH_yst.dat

MD5 d6eb7fa0f605c689f254bcf0c4c7753f
SHA1 de81d61641ab292dfe41840efc96b352bdff600e
SHA256 e389fe050ddb56fc5a2d1678461e1860c3feaa1691ffacb07081b6593453b79c
SHA512 9148ec07cb12f757c4f11bee12211981590ef45a7f23bd52cb23e163b1bf73e771b5a76cb4a8874fa205503d500ec4ba23372cce148df52ff9302c7392b9de16

/storage/emulated/0/CloudSEE/log_cloud/ST_yst.dat

MD5 78a58ff056bbeca2333dc557dc94acc9
SHA1 4062636cc15a4157dae1c1661f24585fdff1ccb2
SHA256 87ceeb884dc096d6ebea5794e1a774eea87a82367b662cded80d55000978bcbc
SHA512 341008d78b99368926c297305af0919b2f0818a29f76f26e1061f7b32af848276475f8add59743d6b235984c09df89648b50099d0e84582ae47757925049b377

/storage/emulated/0/CloudSEE/log_cloud/SK_yst.dat

MD5 b8069b1cb006e99ffb51f352dd0be1ac
SHA1 693e948708b0fa3472a96c318fd4ced18efdda56
SHA256 80e2a35dfeada46720d943b8842a53e339158f36446950eb1ffe0c8e3d2fb67a
SHA512 f257b94b6e103f1e1a345d0e546fc07261ee5c5c561a9f2638cb7cbd6da6b01cd6516c0cbe47d36c916c298bfbab505ee9643baffc9e92ab15163cd53fee9a28

/storage/emulated/0/CloudSEE/log_cloud/SL_yst.dat

MD5 83ff3c4794e65dc84c93684dd5578821
SHA1 f6ba7baf664b7ca0f94e54b15c98fb59c59003f6
SHA256 58b8d7703a456c6ba593d569036fff133df498186e39d69c9e2d43d26b830505
SHA512 15842e16e469407bd4ef433ab624bcc65aec6ee40f80529ffa6ffa9acb5170247e714dbcdcc8c0ee85039d7663530f811595a75546b592267b79ca8afec891b5

/storage/emulated/0/CloudSEE/log_cloud/SN_yst.dat

MD5 a88d7980fb5f983219dce1dfe26fea5d
SHA1 1b8d44565dd415688eeb9ae3621460e2db763318
SHA256 77fab904a1239385ba87968094349e16ed977543d0d1e8a0b4da40dbf5ecc736
SHA512 72adb306a42dd5a2f5c5a5b7ab67e308228d8a032967813b0a33d7046699af8de5d6cf785dd8c35bd6066b59afa7e3f9a2d7b208cb59f4f9a9821fcf822e4b03

/storage/emulated/0/CloudSEE/log_cloud/SP_yst.dat

MD5 6e9221b33c23aa4f860769408279b42b
SHA1 c9d384c282ae709690b853e164f6627ea53a6e2d
SHA256 c51f6ec37fb8ebd2535907b34af607224b75ce56cc832388518598a44acba191
SHA512 73e08104217324e4ac80b3eafb2d495ba726361eb34636aa74e8fed3dc62566ee3571bab3fc0f3f2accb885d7b7c3359bdc1aced9b4f70f3e36a2c6f4b434539

/storage/emulated/0/CloudSEE/log_cloud/SW_yst.dat

MD5 e74de2579fb73c5636dae6480ff6720c
SHA1 cf05e31cbe6668422af237dd39fa8b528d7c5ca3
SHA256 81e3bc339051e009fea926f6035e89496a472509a6d0c7d36938df53dd2fcbf3
SHA512 7216bb6c320afd5b264b6b9fa6770238e36272fa6c43f99fc03e5f6f5356d2639a87fbca29da25b7a795fce63224d18d9288270e2b17c6ad6e9a7f1177b7f2be

/storage/emulated/0/CloudSEE/log_cloud/N_yst.dat

MD5 89fafcbe46950b587c0329a4b74ec20a
SHA1 b9e5922ee41508479d08059c2446cc11a8b55bf3
SHA256 af3ae003f6e71212b1bc58685280005f6976c2b8553840cc31b798a4c980cf4d
SHA512 65f82157166620e38e93058a0483bc0c8dc9b60c3f9ff44f9035d2c9fbf9c4c1f881845f72e9c28438c09aceea2c1e0331f07c58f7a8420b1d3e2460916acc9a

/storage/emulated/0/CloudSEE/log_cloud/SV_yst.dat

MD5 b9fbd989fe9460d89fb919d2b3dd1636
SHA1 baf03b21d462d29a215c669c82ae2543cb0058c2
SHA256 b84a46f3065fcef418994022bed7aa1a6163f976683771a56a727ad901abf93c
SHA512 d4844f9cfc3a17c5fcfcdb28d1031ceddf3fcc8db6204db19a6d39facf3769514475682334046d0fd4b37d47e49d54ba10aee139300a6768f4149d7e47e88df0

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-24 12:12

Reported

2024-05-24 13:38

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A