b82bf71fef98c96b81844e91271b5a65f7f02b5cbfec06986c534408607f91e1

Analysis

max time kernel
178s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
31-05-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8783b07a793ab6bab8282b0a7011d685_JaffaCakes118.apk
Size

12.8MB
MD5

8783b07a793ab6bab8282b0a7011d685
SHA1

1902c22c1afeb9b75640cd10f94de741b2204356
SHA256

b82bf71fef98c96b81844e91271b5a65f7f02b5cbfec06986c534408607f91e1
SHA512

3b6ae82e1c64fd7b8a95a072e911a5606586e95a8ff0d7fb42006a848c1d4d9880cd16aef4dda523a7019c3b1e25e85fe8f448a2de702e11a012d14ab80fafe6
SSDEEP

393216:0cNEbi6yuS/h9K55NU/UFovWqw+FqxGSw9dZJwq:BE+DuWh9K55y/0nxO9dZJwq

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.dongxiangtech.ecommerce:pushcore
/system/xbin/su	com.dongxiangtech.ecommerce:pushcore

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dongxiangtech.ecommerce:pushcore

Checks known Qemu files. 1 TTPs 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.dongxiangtech.ecommerce:pushcore

Checks known Qemu pipes. 1 TTPs 1 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.dongxiangtech.ecommerce:pushcore

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.dongxiangtech.ecommerce:pushcore

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgmain_312768000000.zip	4354	com.dongxiangtech.ecommerce:pushcore
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip	4602	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip --output-vdex-fd=75 --oat-fd=77 --oat-location=/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/oat/x86/libsgsecuritybody_312768000000.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip	4354	com.dongxiangtech.ecommerce:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dongxiangtech.ecommerce
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dongxiangtech.ecommerce:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dongxiangtech.ecommerce:pushcore

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.dongxiangtech.ecommerce
Framework service call	android.app.IActivityManager.registerReceiver	com.dongxiangtech.ecommerce:pushcore

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dongxiangtech.ecommerce:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dongxiangtech.ecommerce:pushcore

com.dongxiangtech.ecommerce
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4318

com.dongxiangtech.ecommerce:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4354
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip --output-vdex-fd=75 --oat-fd=77 --oat-location=/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/oat/x86/libsgsecuritybody_312768000000.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4602

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dongxiangtech.ecommerce/app_SGLib/libsgmainso-5.1.81.so.tmp

Filesize
571KB

MD5
8db3a3192dd1b482d10ba8061c89758b

SHA1
243ff78aef523995fed916cf2a56ed54f40e4305

SHA256
f921d50e0c157b01f43fb6071a49824ac091c8f8efbe1e056cc06ffb326dc5cb

SHA512
02e3361e896a7629f28948402e603b39bce3b08eb00e8fa6662d373ad0e7aa61bd0edaa1a4131360d84ceecfceafabfe1768e1e2b83ea95783ce3129dc3bc140

Download Submit
/data/data/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybodyso-5.1.25.so.tmp

Filesize
205KB

MD5
f95a3d7af777f807b0cf3ae5bf50a29c

SHA1
c49c526b09f8fb4cad87c84f086334e79ff31a76

SHA256
35a25f79e46f13ec5c6d1ec9f3c6ddbaa5906f318c25fb1997b2b590a79417fd

SHA512
c3647e60bf32fc4ccf46e7e910ca284e506e40a7e021bcfde0b049a256d5b19fae0ec70c1b44e618c41ec03f072ea579a93d17e95645713dc02a30b82d306a33

Download Submit
/data/data/com.dongxiangtech.ecommerce/app_SGLib/oat/libsgsecuritybody_312768000000.zip.cur.prof

Filesize
114B

MD5
44ef280a2c78bcde81a820245acdcba1

SHA1
806edd9181b2ffe7f2a1b9277ad54244a42e52f3

SHA256
e5e59a4991716f1dda1e961410437b881616fc918b1ebbd58d20452b45d53235

SHA512
5b680af23bc5fc4cec2844b42fac51652c23a6b622f121747893c8bec1222dfdf7b44036979a83365c6efd0adb1999333fce875807deade540fa13824dc1ae47

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db

Filesize
20KB

MD5
38616785cca0600a03205f84fe330b4b

SHA1
6ac41a6bdcae297d56dac5fdde70be5faccf0832

SHA256
b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8

SHA512
7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db

Filesize
20KB

MD5
6cd625cd1ad13a6ee614c92bae9ebb89

SHA1
7c20dfc19e1bc42c1abc4de6e79c9afd05f3c1d4

SHA256
b33d3f4183f6ae4cafeab79c01648308ad8013d9e37e943a2aa8ee8800c43147

SHA512
4b9ee8c54543ffd3ad2a5eacc3f19b4929079a8f352d301d16260c650aedeb57c9940ee879f785d3d238e1ee02f63fabc947c4e37b915e73e12cedd9161b283b

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db

Filesize
20KB

MD5
b5ea61ffb9cffafa9106276d672899c7

SHA1
8831ca82f6b768a3b0337cb9dd6d95a7f151b5f0

SHA256
1a63248d6de7449b74d29e711b3c89f2c975e5ce7a3ad527e4fb7c8b2c4bb90d

SHA512
b07e1a552b0d8248becc6368508d745696ae3c83fdaca8e5b11245036b8eec97868b4261639cb79799471148650d537cdf9e8e74ccf511aded436cead1f01596

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db-journal

Filesize
512B

MD5
e7a3ca4af64dbadfd2db0c4599077848

SHA1
ea9b0e24f39da9a3ca844a88b34f30892eb186d4

SHA256
7c8742b81e270e8006db74cb7afc2c6ea6711a9d5fa3a6dcb4f26615537553e7

SHA512
3a0c6de45074fbe62392fa45cbc038aa7b70ec1e0261419582285bf9e3d7459ae572070b86ba7d916191f5d844ba05e4fa3c5c453a39e64e5d14650888ddec71

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db-wal

Filesize
32KB

MD5
6e81583ed47d83ce5f4e046a9b85b717

SHA1
2d9ca130f35920b3a2c1ee88031ef9876199a92c

SHA256
cc62fdd8a17d5cfd8bb3d620da3e26de81275d3375350b67b5f0947b489bbc5b

SHA512
b526a54ca3bad81bfe9f6fde91313c7fb1f4cc78486e4f08cac3eba74fd9b879ace4c2a320d48ae9e9748c657d05e5271b27a146bfe50b3b1b8e71629ebbed6b

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db-wal

Filesize
8KB

MD5
01a61ae65c38be50c4d817b8fa25087f

SHA1
782c04db9c941f9f1bf835bff17d4a99c84d22e6

SHA256
469ada30c24d5c829a4b392579c9637726016359825fcc4148869515415ad764

SHA512
f1616136b4991c1c6b6d9b24218ac8cf03eb26300fd21b6ec99d38e08a8c4994138f5a45d4ad674020adeef6e812e5b4f408ce02912f2f757a752cf9e00faa39

Download Submit
/data/data/com.dongxiangtech.ecommerce/databases/ut.db-wal

Filesize
8KB

MD5
283ebaae506ef48d9b29cea634c8beda

SHA1
1fa037cfa53b118f2b0ec661ffc5be7a7143a74b

SHA256
e064db2b9a4d626a95b91bf06bb0b7d470560a9d4c182f498b986e325f9b89ee

SHA512
8d246dc1e3ff9a5777cbf033b07f1f467b3a5c3cd46ae4426e113a7adccc8ded17ad7378e57fe8fa321736f8cb9a56a32869bba37eda4f2c37de68a16942b0d4

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/0a231bd8575dcf72.txt

Filesize
40B

MD5
d8451948e27b042e5d1442bccdbf1a52

SHA1
02a6ab018e5142474c2e68161d75d69b25da5d1c

SHA256
dd60fcb8ebfa25eb8408f71094b8418937ad81dfec0d35b423d45ca6ce518070

SHA512
56aaadbc6f13c65b344771a35cb95d7f2c7c756134d203edb1fbd72c08b47418a72e6bb0ca74afa1e781230d360b0752530bf874ee34462c68d4a939b9fb7fb9

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/21c22f492aba3de8.lock

Filesize
16B

MD5
402dcb1cc7040d0286a092c6116a1eb1

SHA1
a0683fd090dcc4f8ea4b5e032575e7bc4e64db92

SHA256
90d051afd20bdd34739ef1eaa8229b6cd700ee27ab66a70c032ac4404df5d508

SHA512
178b978db0203a158b773fd9a9bbe349263b028f53a1468a7a6f7b0df2feeed427cd719e83a01444ef3a0d0aa9f5c1ed008a3d35903340485e03d56a32ecc1f4

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
72B

MD5
f58f13d0fc991322df1eec4c68481464

SHA1
fac54fd6dfb4fa6e0b0f548eb024573dca8cd259

SHA256
1d3ba112a38305e67ffb1aa4a0e0e70b3a22809904675efecec0c949d0b76396

SHA512
e1ef5bbe84095b5ed02d1d9b23bc7e034b67715b3535473553a2d797b86ddbb81028e0cd5ccc457be1828893413eb368e04f29b7c3a2878f933a025153cca535

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
143B

MD5
e226bf9446849dc009baa24a537ac74c

SHA1
b6b4de6d0febe5a29c94656ddbf85823f20d6204

SHA256
f4748057d8d507d1ff277a03fdef8184f0e215e4be2de5315b48c647fb0d8a19

SHA512
0acf633e9b926ee1c43ba5f11357a9f31524a62e7487fe95b70feee27740197a4cf725c3a0aaeadb2fdc441ce4af69e0800ae23bb7a64c7525e7044ed49c6541

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
189B

MD5
6a8863dd4be7802445180fb86132a879

SHA1
318b6be6ca08b4edd3c0e949f0c4ee34b1b1b768

SHA256
003384a9be52ac8b293ce45c557533b3e72efebf1165f128bc9dcaee5b414e08

SHA512
21c52dbe0c216efc38950433e9601102dbb0abfc1bcf844e24da21e047cface75f0fabacb07bc38042bd46638611dbd6b7cc7a41e25c824725ec8112f0094780

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
262B

MD5
0438489e26550304ace8e365664531ae

SHA1
cb4e150d8a2f36dcffb61bf28f01f2c6313f30e4

SHA256
a179e2d846f440a85be5d1837704df7092888784914b38b61067568308ec76bb

SHA512
6e0782109933287e1fc72b2da6db675e4ec1b0d3cd17e95e2769fe362b4a880664d2159c5521f7b15d7287cf2671d8e73a93b570d16888cc4280a90c38072dd4

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
334B

MD5
a1a77319eb30c766392c78acd1713486

SHA1
43b9894ea168f63d1928cee7311a3b3a78811300

SHA256
a9286d436d1578e8b9e8f20e9ce552cd287dd7b2a22ce99e94c644d59951f006

SHA512
83c219ddaf3b36d98ebaed820071219e3f90e4a39315dd5c44cfe8b7bf124f571efcfebc8c938e33efc571c188a4c1991ab9dd51fa3e5901ddd82d8077f8673f

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/SGMANAGER_DATA2.tmp

Filesize
980B

MD5
d357feab083f4835376405de3c33560b

SHA1
34a7eec3ee603299157bce5a3f359d8479aa780c

SHA256
86709cb0e759ab3a071f346b78ad1391f16f4b54b1cd5a8f0b65bdd53adf84a5

SHA512
d0e26a436491e1070f6f35adad5609a444837493cfdc813931d09abeec6055877db48f74065df0dd9e1ec8818dcbac1e6ce3740e089b2b00db2d8b2e1e453480

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/jpush_stat_history_pushcore/961d38abc2dc9fd2d2e75a03/active_user/nowrap/f31874f8-778e-4809-b54e-280650bb404d

Filesize
159B

MD5
4920f042df7271334bd40e78813b833b

SHA1
3a42153042e0de2cd9e33b2ab940229031967b7a

SHA256
2a8cab61e8cde0cacb3282209628f7052b8166a074e7e044c540c693720fc093

SHA512
d3e4b1fb1ee632efba32cfad41f491183343323763fa7b76b9571347e8513a8f9aedad633ce7cb8c50dc18d78d921a6700464bfb9d4980d9b0840df9a7986f3f

Download Submit
/data/data/com.dongxiangtech.ecommerce/files/jpush_stat_history_pushcore/961d38abc2dc9fd2d2e75a03/normal/nowrap/5049896b-546a-497a-8699-e8f90ab5a272

Filesize
202B

MD5
123560008f41e0a40d0e8959537aff15

SHA1
8da6f2d7e24f5578fff240796eb44ec7edc97753

SHA256
c6a9c982e034ef1ad78a7da5d52bea68d5860e4ece3acd901bbbe71947fe421f

SHA512
cb71f5822927ebb9c7e43b4546cf6dd80f435b4300ee25f9f4fb20184f316934144a3c46ffcbfb8f3352c836fbb03382a745e9997a8099ca314d48ed990e066c

Download Submit
/data/data/com.dongxiangtech.ecommerce/lib-main/dso_deps

Filesize
324B

MD5
5ada77112416e4982944a83a3033c5af

SHA1
5a6a81d1d2bb88819f898dcdb3a9a3fc06d8c874

SHA256
b861d1a0769ad520f0dc2500ec03d26681586986d162f0c3e76d5e98c0868b68

SHA512
472e2798c2c57ae3982efdc6f6e4b0d1c02685001efd1dd3190a4106402302344fc19d7cbf5e87a47287c687f02979c54fec00621ac5bf473e09f8bd407e4741

Download Submit
/data/data/com.dongxiangtech.ecommerce/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.dongxiangtech.ecommerce/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.dongxiangtech.ecommerce/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
522947eaa37b029a247e3973f3be3621

SHA1
31c88e0d7c9b51904c0f598e80245bba41b1c7d9

SHA256
d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156

SHA512
f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

Download Submit
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip

Filesize
10KB

MD5
3204fcefcc0eefb1fa76bc6f0fda6264

SHA1
b5a5fa1723ecc6c531d7728163489d72ab20cf6e

SHA256
15da7c769b4a6b8c48e85a27c3e052d6b2c88c53e4098ff4713f5afbc591102c

SHA512
a7ae4bcc5dec798d8b6934a361068698bba74aaae0e4443b73ed31f9696ca6f1953349e385172a5630f587ed64a17801ed3e1651c3a20d7b20ff3b6b33711a2b

Download Submit
/data/user/0/com.dongxiangtech.ecommerce/app_SGLib/libsgsecuritybody_312768000000.zip

Filesize
10KB

MD5
f59597732a9069b73e16c027faf78d05

SHA1
e3558f4e5041a6c6d4372001bed847f2ef77958c

SHA256
9e416ffbeda9461f3efca490dfaaee955f68fbc1f3e455f2394bf4c4310b83d6

SHA512
7a8dae723cf5fff494cb2fc16a75bf347732ee3da99f1cbda99d8c6d26a47e4a7526c5340fa33bf9ee98463a84c1fe276a3683ca8e7bfbc50206e589a82aa6d2

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
1ce2142bb930260bce8863164a7da167

SHA1
afa9c2b08d8301d546c4dc8869bad829b4b5d596

SHA256
49780872b7df5f9b2669c04dec3c6f5129a999adb86f8e94e9511f2a5d538a3e

SHA512
7975e1bd190bdee4253bb54433ad7b0c29b9a4332559d3d26c41afdde9bdd22cfb35ac08d39b0859f795bb14f6c797b4e9a1e25a4b2f1b669ffdeb4e6537247d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
b7d50019694c7dcb6b95bbdc977252cc

SHA1
bfb319ccd50c97bfdf7601dcacd825115b489852

SHA256
6720918cb53bb2181044afdb1c6a6166d2850cb56c1b82513b38eeccd386666a

SHA512
856b9d3db578724864ce6edd35d97182f91b7f42c435cf0ffabd143273bb47a48e10f8509c8a39d86bbef4f516f67ce7faf74573d54c7b97d6691d0a0a33010a

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
2021238068132eef08f48d08c8a3460d

SHA1
822b2c9d0a9cf95e587c48b324b581a90d7165ba

SHA256
c597250c50d93473a224fefad6c3b135f4b82aca0e4a46945b1daaffd22d18b5

SHA512
80db957db52ee05de0b5ef89757379ab344e0b707da86834fb07f4e6a3b1f18be0af59cf0e53222508f03b6b13d40bb77908db3b0a90e3244b4c5cc6f8f7d74e

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
319ce733f5c75e368be1e0781f45a04b

SHA1
f9a630a3eae06fba8fef8ec2f80008f1b15f6eb7

SHA256
5517da584f7cf8571d8f53c11847f59b5fa9851e752ac0db46e346226d761f40

SHA512
535ef499e721c38dd8a35881c80ac0ee3873f6a8cce503c2f558e8e3a17d92c1a6f24ad9877fd04955e7ca90a30a977ca00658b89430f49d175ed53e39ac1ae8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads