aee5be6e7496a7a5ba71520b8c902dd056f5803803c435c9fb772e09b039e94c

Analysis

max time kernel
179s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27-05-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7840f8538e85a8b6330323fc8b0bf58b_JaffaCakes118.apk
Size

12.3MB
MD5

7840f8538e85a8b6330323fc8b0bf58b
SHA1

cb8b286df745d7ce97d46919f1bf4e58d6bb8b99
SHA256

aee5be6e7496a7a5ba71520b8c902dd056f5803803c435c9fb772e09b039e94c
SHA512

1dc99f0746efd07062bf798d2ad81753aac7313931080d335ee0710266a2326fd04e71f5b7e229926e929416acfdbb6f03d4088092f6f6bfd1ee550b6fa53a00
SSDEEP

196608:/usjYHKdaOKeUdVHSOFizA0JStJpNkFC2DdJhhhoReU8cZbd74nDfWVMbAsStS8Z:/usjpcBqOFoANJinr5cZmDSMssScPs

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.tashan.netjob
/system/app/Superuser.apk	com.tashan.netjob:pushcore
/system/app/Superuser.apk	com.tashan.netjob:pushcore
/sbin/su	/system/bin/sh -c type su

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tashan.netjob:pushcore
File opened for read	/proc/meminfo	com.tashan.netjob
File opened for read	/proc/meminfo	com.tashan.netjob:pushcore

Loads dropped Dex/Jar 1 TTPs 16 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.tashan.netjob/.jiagu/classes.dex	4288	com.tashan.netjob
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes2.dex	4288	com.tashan.netjob
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes3.dex	4288	com.tashan.netjob
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4288	com.tashan.netjob
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4344	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tashan.netjob/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tashan.netjob/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4288	com.tashan.netjob
/data/data/com.tashan.netjob/.jiagu/classes.dex	4445	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes2.dex	4445	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes3.dex	4445	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4445	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4445	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/classes.dex	4700	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes2.dex	4700	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes3.dex	4700	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4700	com.tashan.netjob:pushcore
/data/data/com.tashan.netjob/.jiagu/tmp.dex	4700	com.tashan.netjob:pushcore

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tashan.netjob
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tashan.netjob:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tashan.netjob:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tashan.netjob:pushcore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tashan.netjob
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tashan.netjob:pushcore

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tashan.netjob
Framework service call	android.app.IActivityManager.registerReceiver	com.tashan.netjob:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.tashan.netjob:pushcore

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tashan.netjob:pushcore

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tashan.netjob:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tashan.netjob
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tashan.netjob:pushcore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tashan.netjob
Framework API call	javax.crypto.Cipher.doFinal	com.tashan.netjob:pushcore

com.tashan.netjob
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4288
- chmod 755 /data/data/com.tashan.netjob/.jiagu/libjiagu.so
  2⤵
  PID:4314
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tashan.netjob/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tashan.netjob/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4344
- /system/bin/sh -c getprop
  2⤵
  PID:4411
- getprop
  2⤵
  PID:4411

com.tashan.netjob:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4445

com.tashan.netjob:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4700
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4795
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.tashan.netjob/.jiagu/classes.dex --dex-file=/data/data/com.tashan.netjob/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.tashan.netjob/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.tashan.netjob/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4905

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tashan.netjob/.jiagu/classes.dex

Filesize
8.1MB

MD5
3c6339ba52894c4aaa71576fd4012ab3

SHA1
cd87936db7330fe6c0fdd0109512a4d70683d8e2

SHA256
d15497557f15e405dab71aa0ce731b5ab53e835c23e76ddf281fad85b782fe41

SHA512
8f0d07cab34f24276987a571372fc0086da4d33016838d0698a71cc00f5e8be074c3d4f66253afa9c595caf0ebc2ef08cda0a2d05e486c2a801a0860632830cf

Download Submit
/data/data/com.tashan.netjob/.jiagu/classes.dex

Filesize
6.6MB

MD5
8efa76293af168e722e68d3caf390271

SHA1
4b4baca96bafe05e4fedc85a39b0beef33a270ed

SHA256
16b2bbe3dd15b11027db7cdd9713f2c34b6fcda111140b2b2043652101998af2

SHA512
3ee51708d0ca15e3e91dcbec1eefc3f89224e581e828f41af9a1100a649ce59324e7e389f5b33bd20bc32ec9cf1737487fad931a0ffbb6a39a98b9bf75db983f

Download Submit
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes2.dex

Filesize
7.0MB

MD5
75a6f92076853088864abaef92fa7542

SHA1
7dc6a5fda25c6929dad15f96d667df738aeab605

SHA256
a95157d8436bc70735176835f4fe322a5ae2a219060920f6343e636ac6475146

SHA512
b7cee4272b378a1a3fd5bb2519f662fbe4e1ea76d495619589838dc48a24a8f1e9608c966bde272c86551bada3d7542624613558319763327aea60ddd53caa77

Download Submit
/data/data/com.tashan.netjob/.jiagu/classes.dex!classes3.dex

Filesize
438KB

MD5
28a727c12ee0b393752c280c1cf4a1c0

SHA1
dcefeedf5b01ea5ca6bb096a07a82c7530c2b405

SHA256
9d7569d27ce02c65a5aba6b0c4f19d4c100bce04756636cad624651e9f4c1848

SHA512
d653c93fa235b53c5d254380461c401c3d4bd13afc8f8ec0a707b262cc17c1da8080338e2664200bc300f86096c5c9f805ebb343ef164496471ab28612c4a466

Download Submit
/data/data/com.tashan.netjob/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.tashan.netjob/.jiagu/tmp.dex

Filesize
284B

MD5
f75d809ece4dcc8c7918e6a0e652fff5

SHA1
53e1b2ffc54657ea50452d7337b0c3857ed90a8d

SHA256
4fa3330a123b6f16c4aa91b7b95f57cfe0b884e2b6bf7ff1c1c5facc37ce6755

SHA512
1ebecd36e4eff6447456d081f407ebb1e8e99bdd7ff027c66b1d9b66ac273a04efa2e072bb6b92ef2d8774ac0c5e1bb2026bb0e63595582bb01d5cfda99ae137

Download Submit
/data/data/com.tashan.netjob/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.tashan.netjob/app_crashrecord/1002

Filesize
227B

MD5
6aac3bafeb273a14a8e6fd64006bc70c

SHA1
3022a54bf23d53bdbe0fb547fd344fa778adc602

SHA256
7202b3ec5eae4106fe57335f2c671709d990b7d8367128caf07fd522e339c11a

SHA512
666be70f63c980644a4d695c63eacbd8ffdc44f7f699f06ba199b7e8673d945d6a24fc36e2609b8dad585adac0116dc48423b9bf315535ae75712797b6a0fb2e

Download Submit
/data/data/com.tashan.netjob/app_crashrecord/1004

Filesize
227B

MD5
6a7f2438dec784fd44e6c6ab943743f2

SHA1
5b13b0e7efab156b65b734660ef8d7e41fa5e74d

SHA256
2238dc26743c508e14002f21728c9dd043f3f5c505527c65fc45e938d30bbc48

SHA512
583ec8b03237fb810d0181e7388c55ed186f4c28cc901938aeda9d53b4b0791c706bae825ba7e07723a84c6d411b8a08e71b0282dd8ac2c54bb7ddbf2e1436c4

Download Submit
/data/data/com.tashan.netjob/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.tashan.netjob/app_crashrecord/1004

Filesize
58B

MD5
636497e49c6da08b396b7128c2d4efeb

SHA1
e7fa43e3bf8649430ec87b5e34665478d6fc7378

SHA256
6dc06b8bc6f5ef6a503e489d6e8580e0f5fb525c7be523ed68dfec068d661caf

SHA512
6f7f6cd5a2a3439277171c4b9a86015ddd0b8911cbe367227612d9685333c7ea0583b8638bec7b03f5380e1f3620df78bec1a0c33337a3ce6dcae8ef92810aae

Download Submit
/data/data/com.tashan.netjob/app_crashrecord/1004

Filesize
236B

MD5
d205c77b11fe1c06c8190982c1435a78

SHA1
939d57cd809b5f075689c1935cb836bdb0384bef

SHA256
f8bfd49aac800d774af473613aa9ced1ec6c9847ea425b6001fb67dd0ccec70e

SHA512
193af84e0ab9e93a03abed4e73090d3d6fbcadb818f906230f23fcf09cd3d91609f2e4a0133a5d0948a5486ebd927eac20ff14a2df681bd699489852fdbb53f0

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_-journal

Filesize
512B

MD5
a8f5ffc7fee99d531b4ee24b84d85920

SHA1
6c685f1ac961418f6a87f1689dc0cb198348dab6

SHA256
241f8deff487812d7c7bf0fe819ccec8c2d95d5343efbe5fb0885f77166da036

SHA512
a6a2b4d903e3340f48ba00980a1e0b9b46976c418e354660978eddec2118704b1ef57640be205a9a72c239d902eb416b8d3221656f88656216d9a219f60c1722

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_-wal

Filesize
72KB

MD5
1512d6d75a6e9466d2212d6b7a690604

SHA1
39f77bd652f35aa6b6e12fcaea1ea97377703ca2

SHA256
b67163b2b4ca1c663c091d80c43bce779bbad5c54aaaf2afe436ec50b5c722be

SHA512
ca6bd4c0e87701767c0fee4a52d2e3193889902e0dfa8eb21114c2daefb3c2d0b9322099786951e0cea668a736009d2ca3ac48d7117f2f9326c582e35d15e37c

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_-wal

Filesize
96KB

MD5
50f6304b4dd4e6468211971865897582

SHA1
e517a4f976eff9769087c7a5e7c035f34b24cb9c

SHA256
204ad6e0c1b2f240097e861870082a4f542a4903713648840b3084afba264003

SHA512
23455e1ec3b77894c9386d2f841c65d872252c24dff692011a610fac5ebd4dcedca0e8ef5ce3acd24100572acc93e696db074afc00dd4d5ab61bc9e40aa2d05f

Download Submit
/data/data/com.tashan.netjob/databases/bugly_db_-wal

Filesize
76KB

MD5
ffeb8eeae0ce94744cdc42c65ef2506f

SHA1
79da1c982fd0e6ac2559773ab7190921d7daef96

SHA256
559f3916d42b480d539b7dae7822c41f8e92766cbcbd8251d83d19dadf656349

SHA512
69556e0ab7f947048f6969d548c343fc416329d26109d84754ce8b0da001bd38fa5330cd2fa92e052b9574185a4410a6ceeb45b9c0896fea17bb5ecc4dc55a8d

Download Submit
/data/data/com.tashan.netjob/databases/growing.db-journal

Filesize
512B

MD5
0a1bc61d945836a4a30cf15cabc637c4

SHA1
1598e3717d44a0a65b92ecd305c9ad5355c7720a

SHA256
dc78768df35a47db9d0c8bc3b425cbd6cfd06b1625f9138d722f19cb7cd23fb1

SHA512
9c1184c50be405715e5812c4a5b80eb9b4ae9623129fe1e8b47f0c92a992e6d9aae79c4cfb4a00529dc85cfcbd281f3bdb694dabb895bb079d4160bdaae30b27

Download Submit
/data/data/com.tashan.netjob/databases/growing.db-wal

Filesize
32KB

MD5
0a71e64f551578c6d787d3ce7ddee36a

SHA1
0f14316ea691ffe90c7293465e09d70df57751d6

SHA256
97183cb1d0ee4cbdc314d636d3ff765d9561492a540d93e7bce76099fbbab2bc

SHA512
5b4e4f7238809bae0fc65b10867c0f77052dca5d656d3024aea01c50ce9369f8b5528d93e1b8212a9e82a8616e4193c641752051fb02e16e82a800d4f6e74db5

Download Submit
/data/data/com.tashan.netjob/files/.jglogs/.jg.ac

Filesize
315B

MD5
51b8bd2d54c708dfc4f339f2c6e9303b

SHA1
629a1a96b068982e4731c889929ef502bedbd5de

SHA256
620bc980035008cb0f2205f6cef97d8ec229932964b6ca7ba7ff1e05c8ec1cd5

SHA512
3fdbcd706f32dece80b31fdcd5b3095ca140f6391c035a8b213493bcc690fb137179c98338b216a2add6ee8cbd210cf1ca89cd5f6e5b3d277f9713cb6076d904

Download Submit
/data/data/com.tashan.netjob/files/.jglogs/.jg.di

Filesize
340B

MD5
18fbeb06be6dfb122fa3ccfadfd2b944

SHA1
6228e3f367071c1b7faf8d9178d4fbf5ae3226d9

SHA256
8dee84c5a7313bb11c7b775b4886b91bc5355ccce2acc1281a416bf47daadbee

SHA512
702e93ffdacd46a6280683a122f0f733616bec9f298753310dbbac5cddf8f4120ef891a6b962b2f183844c01da3684d300d2bc3ac9a7daf7539732b5e1329270

Download Submit
/data/data/com.tashan.netjob/files/.jglogs/.jg.ic

Filesize
20KB

MD5
e51ecca129d12b603e6b00bf5b995798

SHA1
2c8aa785508e393cfb2d7dbb9f82fcdc8536d662

SHA256
81fc99eac73929ce02c780400d24d162654a5ab9d2d57babb385ab0cdbc4e271

SHA512
62aeae3a8e2f3b41bfd6a083a62e5a409c87ab062dd0d577ce8bc546bc0ce40c4bd65e15d4f4a3ff67a8ae3924ec47bb2b70178ff0be16a18887b4419babc753

Download Submit
/data/data/com.tashan.netjob/files/.jglogs/.jg.ri

Filesize
314B

MD5
36a17bc498b5deac642e3f8e310bc27e

SHA1
09f69473c5e8a8e02d41b06423ad46a7c418785f

SHA256
6a5d248bdd685f7654e6701aeec6daaeb345e81a933fde369e57e1cb66207da4

SHA512
7b928035f0f5519ba69edbe7226a38836928d277feabfa4e99457f34c3f1da7025f528cff3746a81cacc06e4aa8e467f2de975b5adb56ea855dc246f924e267f

Download Submit
/data/data/com.tashan.netjob/files/.jiagu.lock

Filesize
236B

MD5
1c4e38a2b321b8bc0ea56e0e0325888a

SHA1
a4c61995af2b6df884a8563ad3b8a797960d975a

SHA256
f172cc28c88a1f14b5653b489376c190ab909cb194aa836668e40d2f4734c3e2

SHA512
47092f8481dbcbbabb6c9480e674fa9ec9d52a83d637305d69fc2dec722f3aaf9dddfa003f06e01ced37f4677f9f941e058380994a852f65f47f613873422b33

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32KB

MD5
e52b962ee7b7c54a776c6bafd7091d71

SHA1
50d006a93e6a76603de7ceab916f431152656077

SHA256
cff6e8b9edf8644e43fe08da296866290390f5ccce84c35b8b5c16b911b89a14

SHA512
77ce186804cea756da572fd405c86e21ffcc4cce48638a07635d963cd3d0cd0730881b202a5aa38d76c1f7b55db1e23f4212cdf486856bce470036ab5e526d5a

Download Submit
/storage/emulated/0/Android/data/com.tashan.netjob/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads