2b1ec8a0d6ae6fcb1b525ee59aab58c9b9962a9ed73524a65c54f8d751b006d0

Analysis

max time kernel
170s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29-05-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

819760e3240527d98198cafff9ab7bfb_JaffaCakes118.apk
Size

19.2MB
MD5

819760e3240527d98198cafff9ab7bfb
SHA1

d9554e2a27c47fbb831b63b9a8546d0d65ea77e6
SHA256

2b1ec8a0d6ae6fcb1b525ee59aab58c9b9962a9ed73524a65c54f8d751b006d0
SHA512

ac3cd327e70d345da4be44898e369db71dba059f6b3b11596a27f45dc643582fb990e20f7cbf6ae34465bd98f9dfb25e906e45dc4384f59a62ee33738f01c958
SSDEEP

393216:ojjQ9Zy1joIBB1uHRiNkr8scj+r2tF9Ymud3j7gfPdgZ7iiTrx5t:ojjQW1oQ2PY9F96TcGZeiT1f

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/xbin/su	com.xgbuy.xg
/sbin/su	com.xgbuy.xg
/system/app/Superuser.apk	com.xgbuy.xg
/data/local/su	com.xgbuy.xg
/data/local/bin/su	com.xgbuy.xg

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xgbuy.xg

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	com.xgbuy.xg
Accessed system property	key: ro.product.name	com.xgbuy.xg
Accessed system property	key: ro.serialno	com.xgbuy.xg
Accessed system property	key: ro.bootloader	com.xgbuy.xg
Accessed system property	key: ro.bootmode	com.xgbuy.xg
Accessed system property	key: ro.hardware	com.xgbuy.xg
Accessed system property	key: ro.product.device	com.xgbuy.xg

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xgbuy.xg

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemu-props	com.xgbuy.xg
Accessed system property	key: qemu.hw.mainkeys	com.xgbuy.xg
Accessed system property	key: qemu.sf.fake_camera	com.xgbuy.xg
Accessed system property	key: ro.kernel.android.qemud	com.xgbuy.xg
Accessed system property	key: ro.kernel.qemu.gles	com.xgbuy.xg
Accessed system property	key: ro.kernel.qemu	com.xgbuy.xg
Accessed system property	key: init.svc.qemud	com.xgbuy.xg

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xgbuy.xg

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4263	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4263	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4263	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4263	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4263	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4346	com.xgbuy.xg:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.xgbuy.xg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg:pushcore

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
74	s.appjiagu.com
111	b.appjiagu.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.xgbuy.xg

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263
- chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
  2⤵
  PID:4292
- ls /
  2⤵
  PID:4463
- sh -c ps
  2⤵
  PID:4693
- ps
  2⤵
  PID:4693
- ps daemonsu
  2⤵
  PID:4720
- ps | grep su
  2⤵
  PID:4739

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4346
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4590

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
8.2MB

MD5
2f7c2a545fabc42357818c4d35052eb0

SHA1
de52edb45f76a000f2be429ef0e7daf7245c35a8

SHA256
7dcc68dd4f94a23b6beffb924eca54ea4a9093534b34fb377d6b9ab5fbeffe78

SHA512
40b6cbbcbfe0771469f025a1a798c4bff6dbbf55426220486ecbe7654506d7a240aba9b4d76db29e54bc468e44b996bb324091315cf7b1702bc0fc0573879f34

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.5MB

MD5
3607e9bc414a499b1da47aeee45672f2

SHA1
04b39c1fad9bd8b87eb58520ef98c649b4864a26

SHA256
80b924b9cb646f78b355227c8c265a0e694c3b1b2b17bce5c992fc8399e475fa

SHA512
0b3733811437cc28a57930c5cf57aa692e8e18e55c1dd3ba534de00cc374b3d1618a40dd0bea185d369816e96c67fe5d6ba981a51142f5f436997f0bcd574771

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
2edb8333947a3cbbf4f2ad35404817fb

SHA1
22ae5219b5a313b13dc9d65590507fa01cb63b77

SHA256
c9f2509cab8c706548fa84a52ec17f7477666cc5d216e2751023c13c783658a8

SHA512
f90cb78128e059c587698697d88a20a101d08965c05b845382316dde2015a9674b975d68fea7f4a457cfb333c741248e2d84a39f4ce6db60f5497eb431f86026

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
2.4MB

MD5
26cfde3ec0e689982b8c2c01e0313830

SHA1
e79bfad35416572ed90b33106b0e4353f609d742

SHA256
450570e28912a1267aca4a1f0c7f28571da0a6c83cb711bf6c35f6a8b228b4b4

SHA512
431268d92e22fb0a819384434ac2bcf1a59d18cd3300e13524baaa517641ed6cb2eb0d8a8747b75d2aceb73fa9b026005fe6cff339a47c8a119329f198f7972e

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/50a16d07e958d1ef69db423dd17b9e53de957b4d24f9a07ac02613333cd55fc0.0.tmp

Filesize
106KB

MD5
66c0c680753df4ee0641951b8cb1d613

SHA1
9573fb478fdd97f871e9019c3b88f27adb879a29

SHA256
97d7cb4c347498221f9b273a11449ce621cfc8c6b2770f4d57a8b3dfed67188b

SHA512
0c169a3f5dbec49a8e14d3381e4e71aab60b454365e84879f1892335ba0294be71950eb9bd0de528cfaa51f702384a66361972875dad163d46b7ab05c23881c0

Download Submit
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
57a657609ff05c27548a5c6ac3960949

SHA1
f80471db4255a2fe924685fbd3863309044bed57

SHA256
def265f2d30b5e85e139279cb2bd13e81672e1f5e06f8baa03b9cef61ee82978

SHA512
6f16664f59c1cc02c4d01ac8da011a449521b5bc940ea29f41fe3ff12d184ed2d8ba65e4aded899fda5f83153510e25faa1b1facff57d841b806b944c81cde1a

Download Submit
/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
20KB

MD5
e08c24e5a3ce0ae25d0ffb028bf9ace8

SHA1
24c7f739cfdc92845f863f7c65893d128eb9f491

SHA256
e7a2ce1e33b49b4f404a810de5fdd68dd431067b4be3c23f90239f9afd07cf71

SHA512
70129ec5c41b9bb0b695c337efc72e249b91ea3f7f8937a85d45de326fd19ed26778433c2cdb10077b90a28d26fcd97539f0c16a245a4ab4541167e3491cfd53

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
20KB

MD5
9af77d8356d114a8be5cb58cf1a819e2

SHA1
781fa6386684244c4f730d3f7a5a312d77894695

SHA256
5c3624125620d8e8e3b669ca882b87019b75484441fe440688a9248ef752b112

SHA512
39f90f2f6509aa37c6f584c238a546a382f5adebf006e72cbf2164e1df1e7015fee2abe474c254f0ad5dcb62fa61d1e09689fc3366a7712877d6f7a91d7dadd4

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
20KB

MD5
99c87b0c384b8040aac4e2436d4028e4

SHA1
c51978c6b98f9b175b24bda1cfdb196e8e10fcc9

SHA256
e88fffeba9cbcaf5fab5b6d9734ce74243aed47a27723dc0810e66aaa91919f9

SHA512
ca25f79d1b223784022956fc035a86839d0f99f9abe224a02667874a04656270c4c9f4a6955611de10fc29317de9f4f74d9b0aa069de37fecb58dc1c2dd8a032

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
20KB

MD5
f7214a46bd47a35377e75965a3189adf

SHA1
4781eeccefa2825c38e3d28357d7a403dfbc0d58

SHA256
4a1afa0e81ccaf8a993b27ddadbef29f278e6c85f593bd66123c3d43ed232041

SHA512
e2f4069128cf7108b198534c9411ee946290ef85a5cff77077c3747b3923c486da12aee9f44229e0bb4912ba1e14bdfb35f71e9af6a6e2c473520e769bf6a2ba

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
20KB

MD5
6804b28bd6ef58e087ac194207ff4f0a

SHA1
f15292decde481d5148a51b7d902fe37014f9016

SHA256
d131d80b338cbe3e1229b8b4dfd51e5e84cccfcf3c4455e905a103a062feb8f8

SHA512
5d893a2dc060c582a7dcfb39257b2e86e6af58dd6fd6e6ab0c164a6a666e13e3d0753fcb7f8bb24a1c106326a134b25c63bbaa1a8306bb15c171947a1589572e

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db

Filesize
28KB

MD5
eeb9e61d698f7435e3954cd8d682e98f

SHA1
6d063b8982d6453eaebae2df578e5e121f403e42

SHA256
ec0b2b9f2be17f14c812ec8d1c2b988bc7c9a8d477bf0ddb01534895891878de

SHA512
b04da6d6589e043b92ba450290989bd8ebd20e13c51be09322913c0a8757e2ce090e60813415833aa806a6a3770ad9418c1027c0a09b3a87cae464b55215760c

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-journal

Filesize
512B

MD5
a8c61860c6648c70d6a06346c0f9fba2

SHA1
c7b9b99cefc749ca75fee3f93c04ff36489acc49

SHA256
311807daf88974e1a04854634919792c76d92f791e4e5fc66a1944d64f287f70

SHA512
dd12735b4749486269344fe1254507d003cb3f3988da0d157d5d534b0793e63abc1cdce682e3c4c25b5a57c5a518abd2d417af21b7335e9d9ea0611a49aac1e1

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
44KB

MD5
d2bbbb54bced0205ac8a9ac0d814381d

SHA1
a7015046013d6bc01468829c7ad98422eb0af5f5

SHA256
9be27308d08be628ec82a8baa00c15d0efc3235c7494b128cc2ccd89029f75e2

SHA512
a0df53ccbf897dd2cfbf3b4c682d266ed22f2ddfdbfb88806c3eec550f636c2b54081b76df59783f1f12b1e700897294ec688c6970319febd05a0a258cfab39a

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
8KB

MD5
09b555f67167afc7934474e616fddbcb

SHA1
d8bdf85fff3a80b3ef6b17e4dadc774786ef14ba

SHA256
1930d9b5581790870f67196f658c4f2ffcef45ff8c77cb09998000bda21740af

SHA512
877a1421bd4a6966172d3f9df3c7848ba239d46b36571181983b41e65b424c30e09566867f22bbc2ee3179435324b1317b8f16d100a328032c26ba3d36def42d

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
8KB

MD5
7a68ddbf81862f4ad0d558addf6fb948

SHA1
df773178a00cb5f152bbe99fea6cbbd07a0a8f5a

SHA256
3dfff2d2e1055f40ea4178c1ad95fe1fab687ff2e013ee73ab4ff2b740af0fff

SHA512
4c20766c4578fffd5b39eefe99afee5b41b87baf2f41b4ee374d4ed0fa4c2654b53a597838de94871990e7324b17d2f5e0d28402211d1c8bea5f58fffd8facfc

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
8KB

MD5
75216d2287e96e9cfccf183483d4b694

SHA1
531290d1ea9bb93ce0d7f96bf8b4bc2137442b99

SHA256
97cc47315aed6f523639e3ffcbe87963f239ee940c7d2579e19fa98a6d63d58e

SHA512
243837f4fa67481ba0613c606a93168c997958032e014da9ebf8b896c1cb972179028c2df5b9d5c22f6b32f0b877596be7b611f3a489f3ceed72a4eed5027561

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
8KB

MD5
1aadc692e3aac1e46c30c77e85d56b0c

SHA1
61e4411c9a6bf4cb0a609c1de9b57b01a1886b3c

SHA256
27634a27f5bf56dd58d355a058c560d3f633a5a1f664df71639faa6896c8ab1f

SHA512
dd1f2c88b441948d48158fd578c7c95ce12f6757b5f902c99e0d6fa8f1b14513cc30c570dbb494cd6ba382a137124b64ee9d144b934bbd54af7f7ac6e520cbbf

Download Submit
/data/data/com.xgbuy.xg/databases/Reyun.db-wal

Filesize
24KB

MD5
ef86eb452985481e7eb60895c5da3876

SHA1
5fe685dbf3d60a2e9667026883b9f8963c523a67

SHA256
a90ae23344cb4897bc43863806d83893a51d929f02245324147b1ba51d074a3a

SHA512
5606c45e7259a4d06d4e0930a5ba027f36f4144de911853e411abf1aa248113770d94648edcb0ffea7a411b859bd37242e7176e2edf807dc0043c7d46c2fc7b9

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
c0859dfe4b6bd8b05d6d5a3fa12a6cbc

SHA1
0db1295a671733a585b28dd151f9b40f489a7296

SHA256
5cd7e6ba10b299f257eb531cae049654e6f0b0edf2c23c3886f3893a3adadc2d

SHA512
050d72fb31a2de3bb0f4e97a5cefe21efb8a4a030b0c71ce33cb5980c2d5bd80bebdc1d7fc363f66aefe5312e83a8ecf605a6b5aff49ca36f3ff7896eca068ce

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
80KB

MD5
728c3462f1c2c1d43fcf6d0c06c159ae

SHA1
d6437614b2393701d5597208d7bf5439f43ed0f4

SHA256
c501389954b94bc936d8fd880f85b97cf0e4c48bbf17db6368b7667b87f78b2a

SHA512
6f19638787fdda230fd275fd6db74c1f3be78fb29ad92d97287ff749cb237705e6407df6da1f1ba2c47b93328110909b6906f3a7692229cb522a34bfe21a698e

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
140KB

MD5
29cf966a3161ccf8028246ab710b482a

SHA1
77a986d13031e2a6a19aa1a5fe6cbd6fd458b97e

SHA256
9968ed78099c2a68c49ea1a91d592262d654ec330ab00224ff761a0ed7687145

SHA512
06d9b288d947912ef701c05c6cbbe52560133135eacdf4742a1ede25001cabdd03039c9af02da916e2db2dc51ebdbb01852a260d2313c8ace4470b37aa44cceb

Download Submit
/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest99605348592718485773907955074363361242-journal

Filesize
512B

MD5
24ed3c7df0d1f6f1659825c46ba5ca8f

SHA1
908a34ccb907019610ef7f3faffa2175fbcf296b

SHA256
927c040a5dbb9be4aa2e6f6dda175694befcc012ce53357cf65ed8364870bf68

SHA512
6d2c8d10e941d3f33c5d0538c9591924404e6516230d73db13799f0e4dabe30ea4f29db2eef7629ee0ccd742f264da8184c9cd0138038f9822829e75fd1ea91d

Download Submit
/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest99605348592718485773907955074363361242-wal

Filesize
48KB

MD5
327459a9a6861036866d1c01932e34c4

SHA1
cec196c367be2a43811eeac27fd9ca37fcc6fa1f

SHA256
754e468140c0be2dac7686f66112d09d77eaf5fbdbf54f8ecf723b3bd3a03ae1

SHA512
b0e6c3edcd725412cb160b51ab4484346f796fc90b0cca9cacf1d83d55bc72a742f446f14f73ef7e204f509d63d6c10d50e1ffd2deaef033daeb29d931aedefc

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal

Filesize
512B

MD5
1f03251bcc8b7c9189839e2c99bb312d

SHA1
ef571b5ff193d1c331208066019d50fc755127f9

SHA256
e530842595821ec964984a902414c72a763e8be908a6479a1a5799ff88ca7041

SHA512
4d936bbc6492e39d0e5fb80b2b2cd5bb2cb5790d5d4a7f255fd459ca9a90981d8c4be3922f0ebcf2003b0688c9d5839b32d3afdb7b328796dbe6650a6ac2dc98

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-wal

Filesize
104KB

MD5
3595d6ebb8d14d8827a2d21c18e192f4

SHA1
2baab534599445e7c79d2f824c373b74034fc34c

SHA256
b94255b4d68b9de05e376aa1733a35fb6c83a45f5ef8a07c7b95bee973388298

SHA512
9cdfad7e52843b39645b060b6a97e5b497580640b50949fd21160ab2595ec0ac078abd0bdbd4549e67fa1f28bce6958b103cab0caee1a90f3b1821ae650afe95

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

Filesize
66B

MD5
08402591a5b4057a425d2cede4801eb7

SHA1
7304da68e97c6907ebadad9ef956f3cf70df568f

SHA256
b87ebd0db6499261ebcac217d6f52e505a28c5ce07f94b63122ad090f3e7bdf4

SHA512
32cf61a4d1c054a053484ddff27e4b215c77989b2ef5ac445991b40618c786374228aa64afa972dc9b4fd0eeacdbf9a47500b0e45b4c23aee3b3e02bff71fd09

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

Filesize
40B

MD5
81024874f926b0c0c9e613997c9370b1

SHA1
a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c

SHA256
da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6

SHA512
8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
ba730012d3c08012293c0d79cf597a3e

SHA1
cdb4936df9d7985710a7002da3530f88bb44eed9

SHA256
d1af0c5868e5355c447023bb0a9bea3b5a26c46322703d6a59645fa9c130cf32

SHA512
309aa380ba77a25ed12fc52c3c091b7eb8d36b3f781bfb9462c210e3bd4aa0a7fc9220a60ef13ae5562ae085f2884a64fad5088bae39708dcf96e0d0ea5d9678

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
b2ed014fca69c21049bb209e10124405

SHA1
93b4993bdef942601ce4768b808abfc57b93e9f5

SHA256
b7aa6ef24e4e6c64649e861647be943bfed1d9e502af1cb77ea7f74d2632e3d7

SHA512
7c911b5a9130f98550f2feef2f75eb49818a0d3666d70bae1814ce4c8bf05f4ab1759fe43ff3ecb710d86e07db05463dd8163fef03ab128afe05882cba3f6c52

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

Filesize
40B

MD5
1bd86b90e1b355f123e5ce8c93c3de53

SHA1
bee5683d6124650c8be0b3740ad66e771f29b178

SHA256
3ba28c4fe20d74ea96f6ced27333f04a01e03c50092717eed1b6e30152a8d152

SHA512
6ba3d7ac2b9da3bb2f7ca50488782bfb9f12a38bf17debc4f2853a161551a932885bedaedace0ecd3da9777e1cddbb407ca2360c13512b1b804bd6242e767abe

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
314B

MD5
2e6f34c3c9ab28d0bfdf88f372fa1f70

SHA1
feb9b3d97c8ec49dbd087d3b96f499953bed981b

SHA256
f1a7db8657580ec329cfd07c5362486b5979f3f72f49c3ce2f5c7eb4d6d08d87

SHA512
300eafd8db478bd7b629690ef1e183caca247a3992d2120c69d41a6c905001cb9bbbda4d6d40869144a9b81d8ecbf75f3e614d00046e352ffba8e246ef862d5d

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
f69ebb1be2451edd7139d1df7ba5fe27

SHA1
f32b7fc370d377bf38408cf4c7f1d53499f5d7ee

SHA256
6796adb4379140c6bc404a812893fbf685ecc0a38fbc4ed5fcc4ad0d45ddb284

SHA512
e5f22ae39260be6917b27cf7a0858b1a7b8bb9b764520bf2e42dcd4dd106b0509a3a71e3769e158cb2bf29a1cee9978aa69dd7af88f40ebf8164df21c1b934c4

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
62B

MD5
92aecf40612755d56ceacf1d0e32aad0

SHA1
942de75779acd4f24fa0e37ceedaef13bfcafb2c

SHA256
63d03122aa2ace684e9a8be7fe9f18098e336995d8ac3cde437430ba451e473c

SHA512
fe944081b5860cc3ee25f042b5c524c4594938f74d58edb1abd4bd797a37d162baa06bc51d678e004b4f592177375ac9e636c89aca9905998d7bbed273933ed7

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
86B

MD5
82b4cc7c1d5134af002d15ac31b2005c

SHA1
118e45303b61f7952d97efd6adcc3925b4c824d5

SHA256
c8238cfb66db3aa438515f8f89635a1d18570316121b571b9f50b26d2cf9c8ed

SHA512
99d9c4b58e7610d9af8eeadebf5c8bd424e271ff86e5068226bca20fe494cdbbc978a1800a632d33e52c262421916a122405eceab3dc6617c184c40bb4ae34f8

Download Submit
/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

Filesize
131B

MD5
61cef090fa2b52150c0a90e1dc2201c6

SHA1
daa1abea8d36283b80469798581b69f5db42acac

SHA256
599754f7520238d908a6dbc4249ba9cc16ae62770ecd0d7f9d8dc5972ba714bd

SHA512
7e88c816b96358e86df03d6630a804bd9cf5b7d26d3889ee2616b9a061959f085c49e1246257a6441f3e3f78e0e49ed66b976f40d7b0e33c3b16c2f8ddf0cff3

Download Submit
/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

Filesize
177B

MD5
e95ed5e8a4011e4107d50eb67d3019df

SHA1
a0b3611165d0671766ca00e2e7c7634267e67539

SHA256
9cb1f5dd94b8fad83ad0d16d306f2b7540d226a12d2cf6a00272eb9023d98d0f

SHA512
600bd4522aac47151ffe4466865cd60394d37d768c086d80fc7bd9707b4299b5c9004271ee3c1f831c04c0a565650c8bf84e3b97a2f1e9a1ffeb40e037f05601

Download Submit
/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240529_log.txt

Filesize
201B

MD5
62cc5c7371a79b189a64c5e808212d25

SHA1
548b71bd231a2ae8d3706fd913dab768fe4a1723

SHA256
f0f8645b8d353000d51b325a60f7388533e11a26beecfe6fb2ee52cbdcdab720

SHA512
ba895472a277b0c4f561ee03c8a735b07f385611bf23a32f34fc694de2f4f43869316c7a9624badb548ec38f2886532cc2543a9d083ebf65ad8c0207381b2740

Download Submit
/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MDA5Nzc5MTQ3

Filesize
1KB

MD5
ad963fad201fff6275be801d564d0b09

SHA1
bfb7762d1249f2478dea0c14b3651ba5b8a50a85

SHA256
dc1cd6762773ed1cdba8f104c8954aa09cee67b76baf7d5275906999ad3acd36

SHA512
1b43ea8bc8b4b5a4904e3eebab629874050b8ff54e255bf3b13e2840148291b5abcc4352188071eb662559b378b530873487da4957007686afccb55e783cac79

Download Submit
/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MDA5ODEzMTcy

Filesize
1KB

MD5
c813da7ac00cb3bcd97579f73aaf7092

SHA1
c4b064b20bc39cd50cb85f55097ba646f6b92ebd

SHA256
d068bf7f09ec64c404b25ebb91408dd83919c3a13d3d0307a1f45081874966fd

SHA512
f979ee938ef84a57250a321b719562b18900ad548cea1ae29f6f708b5f39ef77df352969d738b027778f90d71d92f277521129c4ccd87e69a281925887406180

Download Submit
/data/data/com.xgbuy.xg/files/umeng_it.cache

Filesize
415B

MD5
9940006531f60511fc024290e74ead36

SHA1
4dc354d786a9bc299463f1de7327afc99ed124a7

SHA256
816aad187a8bc63d658d9c56aab46cdad758c6b775e880a61e86108768030f41

SHA512
ebff42cfcdedde0b5fb4cfdeba578b37ef0e661533b558e1959ad6e79267d74eb7997221259806222062f1773e2807609b92a83ab6f48cd2cd4c073c6eccdc1d

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
5bf85148841d8383d6d7b986208f4e57

SHA1
3ae0cec3700200310342e6fe027dbf002e8dbb87

SHA256
5c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c

SHA512
900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
acc2a2f5cb76c41d2e97e0d409b53bdd

SHA1
ed06f22ff10e0912f50d53bc775ed2ae70f85d5a

SHA256
12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448

SHA512
faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
fddfbedd2f473ac0af10415c90cf972f

SHA1
5002f179cfcbdf86916c2ed3d496ebb54a532d2c

SHA256
cd351d0633b4b92627b5537d06d2fbb17939dc9bd54bfb435bb62aba358b1e9f

SHA512
358671b01b2be86735f062fd6994b62e4bed084d4b916243b97895a744d1f46593c2888682f83a3f6e4826411996b996137a0ec5cf63dc02f37105f0627848a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads