6caff2353b4c1812883a0bf8696108766efa6d10babfa640d97c7e773d88d48c

Analysis

max time kernel
176s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27-05-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7957d5c764c50c34638a77258e0c98a9_JaffaCakes118.apk
Size

30.7MB
MD5

7957d5c764c50c34638a77258e0c98a9
SHA1

ec00aff4c8686b1e65b4c36c034ca4e1025746e5
SHA256

6caff2353b4c1812883a0bf8696108766efa6d10babfa640d97c7e773d88d48c
SHA512

a7543e19ea8dbb3b38324f8c8158d19e6656f629c54d32efd70876ef9aca6e32fe53746fac3c988a556c29d18c88d6624a3dd721ce21b7f56d32e17f4e2acbaa
SSDEEP

786432:P/GC1lKIBAQU0UjWt2J+biS3Ni9+RWIWYhHCwTBqj:jKIjZtIyieNi9EWaZE

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 10 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/xbin/su	com.cf.xinmanhua
/sbin/su	com.cf.xinmanhua
/system/xbin/su	com.cf.xinmanhua
/data/local/su	com.cf.xinmanhua
/system/xbin/su	com.cf.xinmanhua:pushcore
/system/bin/su	com.cf.xinmanhua:channel
/system/xbin/su	com.cf.xinmanhua:channel
/data/local/bin/su	com.cf.xinmanhua
/system/bin/su	com.cf.xinmanhua
/system/bin/su	com.cf.xinmanhua:pushcore

Checks CPU information 2 TTPs 3 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cf.xinmanhua:pushcore
File opened for read	/proc/cpuinfo	com.cf.xinmanhua:channel
File opened for read	/proc/cpuinfo	com.cf.xinmanhua

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cf.xinmanhua:channel
File opened for read	/proc/meminfo	com.cf.xinmanhua
File opened for read	/proc/meminfo	com.cf.xinmanhua:pushcore

Loads dropped Dex/Jar 1 TTPs 13 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.cf.xinmanhua/.jiagu/classes.dex	4310	com.cf.xinmanhua
/data/data/com.cf.xinmanhua/.jiagu/classes.dex!classes2.dex	4310	com.cf.xinmanhua
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4310	com.cf.xinmanhua
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4395	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cf.xinmanhua/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.cf.xinmanhua/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4310	com.cf.xinmanhua
/data/data/com.cf.xinmanhua/.jiagu/classes.dex	4638	com.cf.xinmanhua:pushcore
/data/data/com.cf.xinmanhua/.jiagu/classes.dex!classes2.dex	4638	com.cf.xinmanhua:pushcore
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4638	com.cf.xinmanhua:pushcore
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4638	com.cf.xinmanhua:pushcore
/data/data/com.cf.xinmanhua/.jiagu/classes.dex	4667	com.cf.xinmanhua:channel
/data/data/com.cf.xinmanhua/.jiagu/classes.dex!classes2.dex	4667	com.cf.xinmanhua:channel
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4667	com.cf.xinmanhua:channel
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex	4667	com.cf.xinmanhua:channel

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cf.xinmanhua:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cf.xinmanhua:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cf.xinmanhua

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cf.xinmanhua
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cf.xinmanhua:pushcore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cf.xinmanhua:channel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cf.xinmanhua
Framework service call	android.app.IActivityManager.registerReceiver	com.cf.xinmanhua:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.cf.xinmanhua:channel

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cf.xinmanhua
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cf.xinmanhua:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cf.xinmanhua:channel

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs

flow	ioc
42	alog.umeng.com
44	s.appjiagu.com
71	b.appjiagu.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.cf.xinmanhua
Framework API call	javax.crypto.Cipher.doFinal	com.cf.xinmanhua:pushcore

com.cf.xinmanhua
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4310
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.cf.xinmanhua/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.cf.xinmanhua/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4395
- getprop ro.product.cpu.abi
  2⤵
  PID:4470
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4591
- mount
  2⤵
  PID:4617
- ps
  2⤵
  PID:5097

com.cf.xinmanhua:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4638
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4749
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4786
- mount
  2⤵
  PID:4853
- mount
  2⤵
  PID:4924

com.cf.xinmanhua:channel
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4667
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4974
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:5016
- mount
  2⤵
  PID:5042
- mount
  2⤵
  PID:5079

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cf.xinmanhua/.jiagu/classes.dex

Filesize
5.9MB

MD5
af10500252c6ad4637439a78ec3ba052

SHA1
7c4e31715d21318334e71e339fa90b153592be9e

SHA256
97121bd7c93f4ce7bd216202b543f5d5ec2180ee8463ef1a464942225811d562

SHA512
d8e386967742a5814e33308cdf4e7a69d6ccc8d3456834b5539554435ec17c2379090f06b6b0fc139a6b742a353d469809fd4bc06672e2f65e2caedd9e3ab546

Download Submit
/data/data/com.cf.xinmanhua/.jiagu/classes.dex!classes2.dex

Filesize
6.2MB

MD5
780223233ea4038c6a4d016d5291c6be

SHA1
7494477b22c986a46077bddfc65afc4631cc5b7e

SHA256
ef77c40d365a7b8375c96b4ad1b6c16e1dfaa894f8c921b2b1aae29d877e9641

SHA512
f75e79ce83aabd80a210bcc432819b5e28f173ebcae4c4b6cd83cbee0e86be503ca6f328e0a68e92ca4399729f2247f120e44bc54c99b8227961ab72e9cf05b6

Download Submit
/data/data/com.cf.xinmanhua/.jiagu/libjiagu.so

Filesize
485KB

MD5
2c1a490890ff15348d2fc3815b2cfb3d

SHA1
922e1e5539c40ad5bed578a9cea9f076df02eaee

SHA256
4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

SHA512
3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

Download Submit
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex

Filesize
12KB

MD5
8cfe97413b1dca5f30f47e0f9e950a03

SHA1
3f7ebd9b76d44b340e249e985548a3372c400358

SHA256
6913531cf5b919e8b93603b10f03cd926dc42708a6421ec88606f38b8a2e93a8

SHA512
1adf9e6a75713f988c9f46473eed9cd6e02df1bbd24bcac40a8d35c2a878fe5caec08ec80620ae06a2aff06079082b383f295ab1d9582f7a0b177f623bdf9fe6

Download Submit
/data/data/com.cf.xinmanhua/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.cf.xinmanhua/cache/okHttpCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.cf.xinmanhua/databases/MessageStore.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.cf.xinmanhua/databases/MessageStore.db-journal

Filesize
48KB

MD5
567c73eb8df4d736deef83be2db2fbd5

SHA1
995d60f4b25113d5b521f834ce293d24e0c8ae93

SHA256
57ccfe47981ec039b8969730166de41bd96c529ed3dabf160981d03a1be3cfd1

SHA512
d2bc369412d8ee19a9a61e66c8a452a970375105dc8b042987736c93fb5373d34de620c56eab8538b4cc33705e66ab4cb46d76aaa6e2f20a81add3bd418707dc

Download Submit
/data/data/com.cf.xinmanhua/databases/MessageStore.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cf.xinmanhua/databases/MessageStore.db-wal

Filesize
64KB

MD5
40a13831a41243df0a41f4bef7b71332

SHA1
20264a43f138cbacfb52c98f3ce84cad8ec00b0f

SHA256
89e6ffa2e6e0c07c1b3be756b08afb3193b3aa10b8f066ba1d45f78efe04555f

SHA512
e2d6f7b8930f22b59fabb0ca5863d5dbd5d0e27b3a82dfcccb5bf8f59e756b1a41d55f78cd8002507d36f24c8360633ffa125c9d1b9fc30362b0eadf17e5c4af

Download Submit
/data/data/com.cf.xinmanhua/databases/MsgLogStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cf.xinmanhua/databases/MsgLogStore.db-journal

Filesize
512B

MD5
74187c752f8db7a61af32d4559bd7506

SHA1
9f6685b5c5d48a48ef2565862b41a642379ff24c

SHA256
4f1c8f17e42b857623a3711db97039ba3b757440496fb42dc699d95f20511f78

SHA512
f227a5ab07736e80d73b0fffaa7ff5d5eb183261a552e0883e194d5392919240f44e4d458c800f9f094b02cfbc69ab4a6354f29d365d288e5009c8ef61699879

Download Submit
/data/data/com.cf.xinmanhua/databases/MsgLogStore.db-wal

Filesize
60KB

MD5
1ebdd3dcdf4df625927f8034284bea78

SHA1
29b23ab32bdc5eb8fc4f5ca27ffd68ebefe80650

SHA256
cd1c892e4a89dd87246c039b15e7c10c97ae84dd73e7ca5d7e3d1c55ea092848

SHA512
e925141849e1107b13eafe1c8b71eb877c8f1fa68700a4de227aefca144deea30ae6ab2089e2a79ae3ef807727ba52e1260bbdd122070372d183ce6c259fecae

Download Submit
/data/data/com.cf.xinmanhua/databases/accs.db-journal

Filesize
512B

MD5
fe708465663ee03903b71e62868146e1

SHA1
d4573031792cfe2f8f3acaac14a6d2c0bb184851

SHA256
b44f608f24d59890a07e044cdceebed8669b95d17e24243aea7edd5780180fff

SHA512
514b60bc8c9b9c3f3f4299629f0bccf8ced71ba7f000eecea6c545afb80772f92736e55d4d3880d918c59ff3bbd2591ed5471c552fa66687372423e002140507

Download Submit
/data/data/com.cf.xinmanhua/databases/accs.db-wal

Filesize
32KB

MD5
98a5f3e90b21c8b3494aaa0977fb245b

SHA1
cb09f103e32c34ac988c689545ab10c06e7b5c93

SHA256
eb79df6995a18d41ba2019fb02ccf84fe37a0c65067aa678e5e14361a52062fe

SHA512
94b98c5666388e037b8adafac65bc0b54ad51ba33ddf600e7452bbd62111cc9f6ce79dc9ee52e31fc15671a6194efcfb325bfacd2a4291f0a8915b1cd19e8806

Download Submit
/data/data/com.cf.xinmanhua/databases/newcomic.db

Filesize
76KB

MD5
1b4a43b6bd13b49dd30fab682b9672a3

SHA1
3ca51f42b29154fa9becc649650afadb0386a7de

SHA256
ff84937975a9ac4853abf3b25431602a45e88fe070537cab1895a7885c96a152

SHA512
423e9f24fd24eaae1525fda1ec6581d018174870117573620ec381ac579187699ab90c39d0db0f3f4580e8efb61f6af26db6fffe2e434af26abb335f8a4acee4

Download Submit
/data/data/com.cf.xinmanhua/databases/newcomic.db-journal

Filesize
512B

MD5
9db016229991cc2326ef9fb398a8ed5b

SHA1
b34e20608572b8b2bb168bf79bc003817c51cdd8

SHA256
df21bbddce897e6da267cd168cd075dbd4d2f2f63d86889c2c0cbbc8d3c3dc47

SHA512
98b6080743b4981032d3d8135373095be4999e621ad6aa3eccd90c41085c7c68eefdd758742895d826c9ca51d208bd2c6dae5ee970a73cb8cca6a241ff02dc74

Download Submit
/data/data/com.cf.xinmanhua/databases/newcomic.db-wal

Filesize
88KB

MD5
29c709e1707a8eb785a7ccdf77ed6cce

SHA1
c9c03923a478295b2925e222e443633541106436

SHA256
576c71d622417bef72c1464251b026022d804371e2986e58365e5ba0ce21a817

SHA512
300ee705df5e62557dd4c4ca64f906c8e66c440eeddb9288200e600ae7d4e64a05d728d3782bb0175d3a24d75ef8397247d0ba2ed339069b7cce02302ea6fa3e

Download Submit
/data/data/com.cf.xinmanhua/databases/tencent_analysis.db-journal

Filesize
512B

MD5
77e9113bc60164607ed030e1f91be144

SHA1
6115fd917746a3b64863a3fe49b3d5345a314815

SHA256
18afdd3f362ef6ef9ed040453144d44064a1380c0f7ec27c935f1b99a297e0ef

SHA512
4f2d9ffe34ad6717b0bd2f3e77499a6c2013e8dc0a006a689b8d137f047d59bc9db640c0d2e2dc27aec4c26ddfea4d4071a90367e495441419ee3191e88c2a25

Download Submit
/data/data/com.cf.xinmanhua/databases/tencent_analysis.db-wal

Filesize
80KB

MD5
ddd048443abdf81364594302fc2fa2f2

SHA1
2d5e305d8db7d7df4813ed86dc1ab3f7e0f62846

SHA256
727681e8003063d36d097ce2def3e7c596976858c9927d3cac6ee541e10493a3

SHA512
180834849b5962c10ea53f7cc026e0f39ca9ef2f586ece8ea5729cdb7a1311a93bebbacd26de45d9568c62850f3fd311def280e92b5f01ea0f1c9c22d23bcfae

Download Submit
/data/data/com.cf.xinmanhua/databases/tencent_analysis.db-wal

Filesize
96KB

MD5
6525f5d339c49b0b4d054e9f0b977364

SHA1
09c185652fbefb989413f06dfe667bc533ae7b11

SHA256
995ba8dfce81253509f9f8e55ba0a6e264644c649b1d40e25f151c91f89ccdc9

SHA512
351e49ac03343880730d077d1a632523dcfce3e10ff4e765335287ab80bc28bb11cbc0cca0cd915bd07455bb6b42ea4b7b06a6a5cc7bad341803864a257665b3

Download Submit
/data/data/com.cf.xinmanhua/files/.imprint

Filesize
899B

MD5
7b0596bf917c24b8a3c20b7b2294e71c

SHA1
f09cc33c4f490c7bac2f3200baf1549805fcdb8f

SHA256
5a925cf47280af4a12e5013fe325bb0e973a30ccbc9e8ce6c707173a71c56fed

SHA512
42bbb40671c1f8145b23d1050625e1adf1579be3bf300780038afe78b84ad580f9ae9c37bdbd29bc478ac21fe76cd593d620bd4b473f1c6877cdc1bc7591d5f1

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.ac

Filesize
1KB

MD5
2e66f5eb2c1b9cc4d8819ec8cc84210f

SHA1
e62861044079b1defdb2a6f6a4ab588f79504c1e

SHA256
bf1a9bd57975e175af41d63ef32ba4a489bd3fa445fcdd58bf07610091944fd1

SHA512
d43abec150bf086f233b1ae5f7765dba55e7a047fe8bea6ab264e6f151b9515b98cb593ac4d60ab0b0d91d65a29c237da94615bf3660326a05741fb4365e633e

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.ac

Filesize
40B

MD5
d511f5e8a8865a95806d7af56636c211

SHA1
ccd9dac1475193b459441464c61c29d8d53b6bae

SHA256
81d6b45389a478eceac9d5aff8406a66614b2d1b61186452bb1a8132c394044e

SHA512
93b7b156f34e76b643890098ec71ed79df2c30a0fdde26f0dc6609a707d69975c5b3679aefc01e2c2759529dfa1870f03c12655ab32b7fdf8bac2172c014b861

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.di

Filesize
340B

MD5
7e64fa96bd2375cc2ac97f76835fb560

SHA1
2465d66d14447da6cdecc4af931c7489af528bcb

SHA256
491873adcf6afd06dcf6d42361b987a9cd4bd8abe8d503176ee2c645e4f204e2

SHA512
fd9f3e5c61debd5771143eb33f8d3a1e51ddff95f7d556b9c42a18dec1b7a8f8414a40dec8917ea4f7551cd063b883689e9d123e00e0d1cfff8af0cc2f45feb7

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.di

Filesize
340B

MD5
ffbb520988f42fb494ff16108f3bfbb9

SHA1
f96d19647cd5b7c174a7a68a5e2c2d23bd50643e

SHA256
575b09fcff711d08b34e28b588b823250eea6f8f32508ef4bb24baf48097d16b

SHA512
4f323fcf0407c41189bd2767c63f2b110a82ba9ca8d6a0821d2a053198501635e1c3be327972e8147b36abd9d6a962a0a4bd116f6b824c69a0f729e97cac3b2c

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.ic

Filesize
40B

MD5
36af4c7473ae212b250ac20102683d81

SHA1
8c5ed7e72fdf5decdf47710aefa0b95387acfcca

SHA256
5f82c8db6f667071234c31cfbea52e17de91e871a538b872ab4294f5fa7bde54

SHA512
ffdfe7afe3e84d773f4436e4dd46de084a1e1bd9e19ac5a677a4a51d15127abb4930ab7425e0264405c265dd7c341c1be9aad5b1ecaf91859409663a896619ee

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.rd

Filesize
73B

MD5
8891e0104d3d4f81fe4595ec29114f9f

SHA1
783984c1bc82f54cbe3d72737e87d29a6c4a25ca

SHA256
a527378bec8ccad76ee0e23248b208fd4d723844ad507d1d50ff2ecb3a756c3e

SHA512
85fafcd421cbc6bcd6b92c2c04dbd56bed5f1d4c46ad425ddc3e71201ff40ceb893476c526f72a284bd34b59a8e2be437bf911134b211243659508cd198fd616

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.ri

Filesize
314B

MD5
de2e7a040cc0a1cb4168a1ce323dea0c

SHA1
de4ea722ccd675b1d08fbce56902e28cfd07d71c

SHA256
d9dd1800593e8cc94e8278df69d630075c65d3794b0a23a21fa713212ca25ca4

SHA512
5b887119f65988ecce76ce8e3d814bd317d5aa8c38bdc6417e9d795777987124ceb5e9269e382a312c0d6b34b4926cca91e2cacc907b70ef8881ba4f1853318b

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.store

Filesize
127B

MD5
c920fc914f979814d596b27afac4e484

SHA1
1a4e5c4cf1247b508817e0d7631c6caf1487de08

SHA256
ece2455927074cf945648dae351dd6d4f6ae75d54f074c3ba49b9e6758f9950c

SHA512
7ff7f35417c871b67b733c83e12a405e8e0e0d8b721bca4dac0fac9b8c1a7e9d11c395d27400b096c0135254835246d766afcfbe6eee9b309c0fe679a10e4433

Download Submit
/data/data/com.cf.xinmanhua/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.cf.xinmanhua/files/.jiagu.lock

Filesize
27B

MD5
40b9059fd4b1ff4c0467c1171627e9a4

SHA1
8a253ebf6fe289976ea9ed3304c950e3cf2d09f1

SHA256
358709b423ba8595f93ac02414cab312fca7ebb52cbea2f96916055d7321e26e

SHA512
0ac1ec72e234346131802221cc5ba5361057e7494e869e51681dfde2c2f1f3b82aa1b7c2a4945a8ffd373ff0619e0e33e52c57a17c548253fc1383940c446fcf

Download Submit
/data/data/com.cf.xinmanhua/files/INSTALLATION

Filesize
36B

MD5
dcf7c35d00acda2596ee5d06fe16fb1b

SHA1
6f11bd5d4924f6fe9c08eb19cb25690327134224

SHA256
fcd2146be23708db4827676bc35b0c09efc49a7b17372e2695d146ccc6a4cff7

SHA512
696a21d2354f82b3d7c04f8a587d78b56fb389f162138499dd95d4dad3d79a7cbbd265cd0db40da1beded3f212d29bae5898cab2a97ea63340b4fb24d487c55c

Download Submit
/data/data/com.cf.xinmanhua/files/com.tencent.open.config.json.1104663120

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.cf.xinmanhua/files/jpush_stat_cache.json

Filesize
119B

MD5
217c7d92435769f290cb5c12d3475da5

SHA1
ce29ab9bfd9109e9f1a5ff9cd180e25fbe32ccd4

SHA256
b962f89513ec83d2e1df87338bee6efead4effbe4b5b25d76de9534d002b90bf

SHA512
c02d23f2bb2727b74ee2afdc4507b9e8e0e0f31f378ac4279bab43c65073a32be08e2e6977bb89504b490467ff145d27b7473f802b5e7d2b3fe8dc3c89ed0cc9

Download Submit
/data/data/com.cf.xinmanhua/files/jpush_stat_history/active_user/nowrap/945a04b1-5d67-45d8-bcbe-ddce395ea761

Filesize
159B

MD5
2dc0bcad992439c0efa60915a01e9273

SHA1
ab168589f94f8c61fd6d9c7c61d24b670fde5075

SHA256
4121ebff50e05637bd1e250a87e0538c8539853348a9d2f5020888a172d69c5a

SHA512
5a5e96294dc01f2387cc7d6027d28627393c8826e06c0089473775703ad1e3553041bd58bdfc29ba7877cef56d10a9f4b12ef9dfab28ee49824b90475c2fb5d1

Download Submit
/data/data/com.cf.xinmanhua/files/umeng_it.cache

Filesize
310B

MD5
49acdd8b0ca9fa547ad15dedbc4a8a14

SHA1
85c73c2424c38654c34ca65e3146a895d0ab061e

SHA256
6478099abfbe2269a3b350f6523b88ace63c632bf012d0544cb5ed327ee7083c

SHA512
539b8077132a528bce00aae804c82141670fcafa500ea1f5f3ca8d96aa34e12fa3b31d5ff87bb6459a009851203a0dc6ce27cc7dae1709d603b336c4fb98fe57

Download Submit
/data/data/com.cf.xinmanhua/files/umeng_it.cache

Filesize
158B

MD5
384275fbc2b49c2d354cf4f3d9dc3bc9

SHA1
1afe9f84297d879319c137302aab238db6784fef

SHA256
306f409ed33efb3ce7359eaaf9b3b234ee52723b4758a14629ba9ef4a2336843

SHA512
5d0b54c970ee02c3a17130fb54082bea93918c235f7e8baf6e76fb7c43403f21ce79e424a6a1e5eb23412abfdd67ceea2eebe5ed4dbe756b9512368bc30a9426

Download Submit
/data/data/com.cf.xinmanhua/lib-main/dso_deps

Filesize
280B

MD5
68eb15ae0fd284de6919ad692263cca9

SHA1
845684c9070913ee5bcfbdaff448cf12da54188f

SHA256
1a515f1fd19c34c672746c36dbd2159f0fabebf6ebd4175c9c05fdbb583c3bc1

SHA512
c5081b2ff8c85e880bc1d96f862c915a7301bc8ebbc895cf5e6deceb4cd788c61cd748aa8be0231bf0eab2fa6399d7acea1bd98157a5c244353203d9c1aaf4f2

Download Submit
/data/data/com.cf.xinmanhua/lib-main/dso_manifest

Filesize
79B

MD5
393345fe9ff2d2985535b3606660f698

SHA1
c81bf9915f9e4ab50afd469284beba34b774e836

SHA256
4523f024dcc3f592be38496f1f602393882cea1c9a2bd637a7a061918f5d1482

SHA512
2d1832ad9353d9fe7d619052cfa99f4a765d732ba424f84e560c308fbaed7ba3d78fb21de07535f844f35159570221a2c16cc800ec076465c3d831f80ef4f9a8

Download Submit
/data/data/com.cf.xinmanhua/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.cf.xinmanhua/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.cf.xinmanhua/lib-main/liblbs.so

Filesize
15KB

MD5
69e185532b472f00e0390da4237ee721

SHA1
ec5e9b3acb6ebc4862fc481ddb3fd3ba41eaa0fc

SHA256
e1c2a6b64cd4c48a744b5a66a3f4de0b57d96e9018bc64c7266f809bf94ecba7

SHA512
900e49b29a30cb9b68189510116a6918059bdcd216608886c8b39dc2eaa584b9c0196e9fdbf8d8c6017112fdfb6187c72fc15ea0d34d82885d454af3b69b9d4c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
22a46dbbe23803d5e1cea22e40df6f53

SHA1
142e4d918a20ff3e7d67e8d52d3864122d4e5394

SHA256
59cb8c7aa2f6094d2d4528591c63fb07ae65660f2689e17ed1db3dcb08639118

SHA512
8c9134224dba8c3060e186036771af1dd8a9aa8a85108de349fcb13b4032ea8c08b57d598bed98735da4b0677d289f03f0a10cfe68aa4403605e80c06095690d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
d2b14f0ea679e73a70969cf1ec9650dd

SHA1
b5561b74a35c4760eaefc70f2741db680bb4a34e

SHA256
81af2b3598e4529bfecf52a1a919509789d55b1b7ad329480b040bb4fdb217b0

SHA512
a3d839367489ebc433019814a737642ff305c4a04e26f24e093bb7865b2603e3d065050eaef1498de17051460683ffd4188abf30339e796318aef0065dfd6162

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
3c1df0d6deff652e15ae4f1e1e52e6d1

SHA1
fd9581195a4ef0fdd6e0bdc0ae4a58994d8e5a3d

SHA256
3ebea1053eec60f5d9182f15cfb3eef360215bce92018a38efed09e0fe782962

SHA512
546283375fc34ed8e0b1aa8ac63a0f087070957f1b4d0bc52040af9f871ff05b0e72964a253dba7abb0507ae50f68552713902ae3b91e9f719a656a5924ccdaf

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
70c5282c0b26c6c8bcc430040ee2d675

SHA1
3236dd23021bc41b96a517c49b7e2c3f5ed1140c

SHA256
d3c17ee5c0f67c6bd2c0185f83fcd0fff79481f7e06d117b3ba85091bd821d72

SHA512
990e941606cc445a5ec622092f46a080fcadb870db6d79b120832aabf6ac1e2689c763cd45afaa2dcedb3c83fea0e25a50204f170705d7cd4756653100c4c513

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
512B

MD5
2535d49cd0cc571c9c5820c36343637a

SHA1
f9120d00840194d12bea65f2fe99fdc1c103e050

SHA256
0939b075cc0596a3562378c63b5df952362a2b6be94e263ee28c5cd79453a5fe

SHA512
4e019acddebb8e22a4bda98d3321dc78b61883c285a1507210bd3c19581f93c4ed90d72c457081a42c995dfcce9642d8eb1fcbdca1c57870810bae98bf2c69bb

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
1a51345b75385b7411b097bda67b8a72

SHA1
2a4f0d0e72a08c7bf50ac2324f344089921d7908

SHA256
7f47c0cc9a9241874c16e35c492f86a2f89f854d83038976b8bbbbae8a71adee

SHA512
29d4fabb51c815cac1fbdca132f1233f145e7b369870ecb2f57f285af9dcdb29bcaa8f112a83a3a1e4a1db0268c719a47dee658660b4bfcfdaa768dbcd1826b6

Download Submit
/storage/emulated/0/Android/data/com.cf.xinmanhua/cache/0e4166005625451fa5bd0595887676ee

Filesize
4KB

MD5
eb5e8440193a70d43d8b16225dda6e8f

SHA1
d9f64ef5f20c744837dca8b6d7470460f479ea65

SHA256
7069a3fc91b6b1ca7703bebc049835b836af3c697bbf59a6ed7ab96d6a207e8c

SHA512
40dd16e8409166ebd353743c5a7c0702c8f77df253740a93dfea4eab193ed4cb846b8805a93c327253f3ec3a549ee3e52dafd2dd7621542b7b71d790a3396ef4

Download Submit
/storage/emulated/0/Android/data/com.cf.xinmanhua/cache/f6cf81c40efa43f0992ba31591192cf4

Filesize
1007B

MD5
be6a4a69f150e4109280e82f023b62b3

SHA1
9f46d31db6bbba02f30b34f1a21f89e70adbf068

SHA256
2dc0f88f7f6ee06de2bfe53ce5396954bfc3792daed83d11a912bc9a5f2f4d18

SHA512
d1a25e884996a94f9363634487fb0e3e962da4c41cd599171fee562639863476dcd330f621a650d7997cd8d7ae4c4449840c11d51becd5e914c5d96527e3b492

Download Submit
/storage/emulated/0/Android/data/com.cf.xinmanhua/files/tbslog/tbslog.txt

Filesize
9KB

MD5
27c8607c917c1e22c92a3876f1d52d43

SHA1
614dc9392a787795cc34512eb969c7346f296709

SHA256
0d57cee9989d609922e7bd098895d71c9a6581f3daede268a912a0abd4c822c6

SHA512
dc53d29f210dacc5c2e66cb3c9ee2b6585f164186976f1a1d650ffa3c49a9c29e41eebb6f20876103f0312be5fb2745cb0db77078655e2166ca389edcb38901e

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
9b933e6393d83829ef1b4fd1716122f3

SHA1
71bc6c2ecf8aa178fe200de6cc5a0f78117af6c8

SHA256
174a973117c9614a14c355caafbd7ee7c4657ab7d46ac0333054429cc164ce9a

SHA512
56c3c6e3d9fa52898fcc7ad6f4fdf0fbd355b9c402f38f00d127913c883d4adc6d45613e9dd15cf371c62ce1a019c6bfaf74956e76a89f2c6b1f0079b95170b5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads