Malware Analysis Report

2025-01-06 10:33

Sample ID 240601-ecrdsshe35
Target 89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118
SHA256 989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed
Tags
discovery evasion persistence collection impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed

Threat Level: Likely malicious

The file 89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection impact

Requests cell location

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Checks CPU information

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-01 03:48

Reported

2024-06-01 03:48

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-01 03:48

Reported

2024-06-01 03:48

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:48

Reported

2024-06-01 03:51

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

145s

Command Line

com.chaoxi.weather

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.chaoxi.weather/.jiagu/classes.dex N/A N/A
N/A /data/data/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.chaoxi.weather/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.chaoxi.weather/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.chaoxi.weather/.jiagu/tmp.dex N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.chaoxi.weather

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.chaoxi.weather/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.chaoxi.weather/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.chaoxi.weather/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/data/com.chaoxi.weather/.jiagu/classes.dex

MD5 a0c0f9b2fa7994d906ae85a91ac2773c
SHA1 a33ac80de47e0af5304929cc0cc547586da252e6
SHA256 d27e71a1666d2357c3e025c5c86f3a335ae395b0284c9898d78dc967c497ee7b
SHA512 eb4a92c43a921104e3768ebee8a30d7f3842e6aa80126973770187965dbdb327b0c877bc3ba89ad531c97c04ef1069f17365a483428064c4189cecf018e2a14c

/data/data/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex

MD5 18794cb038d4c7a39736bd1f4956d897
SHA1 0ad7810e087e3d3f50d42113448b923dc7e7bac2
SHA256 430da1f9f4861071edddfdd2a535531eb5159e933baeab9ac218c77435f7ab59
SHA512 5f2df51a3f425a2cc3bf3722dd46e5b93aa0fba5db6451a255af34536313f9a502058bedfb03db9d19607d5e68d12e8316208c156e22ea87d5e12b3f66fd9da5

/data/data/com.chaoxi.weather/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.chaoxi.weather/files/.jglogs/.jg.ri

MD5 b90a524ae72ea9b7e5c72acecf9b169b
SHA1 e8449893f37fee60d812284faeba232eb1c6b540
SHA256 c7576ea277242b9553416900437bf51f2c3fd09c521b56e324967cf7307f0904
SHA512 f4090a58830eb685720f6aef7ec1186a1c05e99e8705f7be54d5bbeb134e4ae57f3977e9977ffeee87aaadf686a49d5c952d9926f8a81bc0050343cf436da658

/data/data/com.chaoxi.weather/files/.jiagu.lock

MD5 3bcece042895a33297dd26093007c853
SHA1 9b84e06372e9ae6b0eb6198817db0b23f3944e5e
SHA256 6ce8760363a2f80082c85ce0dfb73ad9571cc9e019f939072e33117f533f7a40
SHA512 af2a193b4b41b37d75cda0cff9795c2ffcf94d9c35bab240b464aab20f1a64a1b6ebf2d46c0159801205fb8e0096d9a8b9f89e9309feeb6821b6be0ad27659bc

/data/data/com.chaoxi.weather/files/.jglogs/.jg.store.report_pid

MD5 21405b3fdc7c021457df4ecfcd90da58
SHA1 0ff0bb98b7087e4412f23fb834152533af4a7153
SHA256 af349d91f101c404e428df6da46cdb02fc6b2598c035b36a130d77a06cbfd27e
SHA512 f5250fda99af29d6947e81d878b0e7bb06c1cce04ebaf3a11f52c06bcd80bb81ab816158f156de58108a12621ce68a87110390dfd29fd27c0b787914b74a4aa1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:48

Reported

2024-06-01 03:51

Platform

android-33-x64-arm64-20240514-en

Max time kernel

42s

Max time network

133s

Command Line

com.chaoxi.weather

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.chaoxi.weather/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.chaoxi.weather

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 216.58.204.67:443 tcp
GB 142.250.200.14:443 udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.213.10:443 remoteprovisioning.googleapis.com tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 tcp
GB 142.250.187.195:443 udp
GB 142.250.187.228:443 udp
GB 142.250.179.228:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp

Files

/data/user/0/com.chaoxi.weather/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/user/0/com.chaoxi.weather/.jiagu/libjiagu_64.so

MD5 289fb443987b114ee4237b4dd97672bc
SHA1 9b898410845dfaeae3af212b5df41177ba9b8f34
SHA256 a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210
SHA512 debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508

/data/user/0/com.chaoxi.weather/.jiagu/classes.dex

MD5 a0c0f9b2fa7994d906ae85a91ac2773c
SHA1 a33ac80de47e0af5304929cc0cc547586da252e6
SHA256 d27e71a1666d2357c3e025c5c86f3a335ae395b0284c9898d78dc967c497ee7b
SHA512 eb4a92c43a921104e3768ebee8a30d7f3842e6aa80126973770187965dbdb327b0c877bc3ba89ad531c97c04ef1069f17365a483428064c4189cecf018e2a14c

/data/user/0/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex

MD5 18794cb038d4c7a39736bd1f4956d897
SHA1 0ad7810e087e3d3f50d42113448b923dc7e7bac2
SHA256 430da1f9f4861071edddfdd2a535531eb5159e933baeab9ac218c77435f7ab59
SHA512 5f2df51a3f425a2cc3bf3722dd46e5b93aa0fba5db6451a255af34536313f9a502058bedfb03db9d19607d5e68d12e8316208c156e22ea87d5e12b3f66fd9da5

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.ri

MD5 795131162b2cf840b0d52e14ecb93c90
SHA1 e8f4d2ca75f6f472db99b162f0b0fdd87b564013
SHA256 191ce88fd8ee65326ca8ce1c397516d8fadf2296675f5163979082c8187549aa
SHA512 2d544882427af90097d7c3ac091574c3f25d1e949c5a04ca189c700ad3e44d34cee3dd4648ac28a22ef2bd9bc510ee4683fa0b6f33f1dbe3b62e6c154ac5ec17

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.ri

MD5 9fcece230c3124596cdf34696b70c065
SHA1 f06330db9ad146136901c8f35c41c9ae23642807
SHA256 d77c8931f1e99379ef1f12b3692e0ee9c88620c2a003e406764a02a088c6a77b
SHA512 a7c38c0619207f73cca7bf782a879dd54a9f1ab636d23688c46315b1e3373ff8301fa7ab24bdd7ed1f92a8ac4795f4c54291e3b4fc605572df7f59ed983db774

/data/user/0/com.chaoxi.weather/files/.jiagu.lock

MD5 ba4d1274da866be4d086b692ff86293c
SHA1 07ba23690260107ef31c1d37183fb5b1a3e4066d
SHA256 b8b98d84075509d11d73df92fdad0f400113aab74da239cb173a7b683a264305
SHA512 a4703e89266903980b280e3e651fbc03ecc78d00cf637101fe69527cd34736c74f98c1b13cbfc14c29e317933693ba3dddb550dcac58e41c830454cd63a083a9

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.rd

MD5 7904b92292e819f991e1029ebe862f55
SHA1 06f8ca9dbd2140bf1d825c9c4e79aae7532639c3
SHA256 f01edf3edfe175f1e4d02916fe55fb133c4bb1a7d365c005f8fba7e9f8a35bdc
SHA512 7446f818a45f01b56920b30a0bb0d8d067a14088fd13e0dad400652a6aa29b183b269a478dfd6eb7b6afbdd1d9bd78a535a7949b19b75bb84aee94b598ec557d

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.store.report_pid

MD5 21405b3fdc7c021457df4ecfcd90da58
SHA1 0ff0bb98b7087e4412f23fb834152533af4a7153
SHA256 af349d91f101c404e428df6da46cdb02fc6b2598c035b36a130d77a06cbfd27e
SHA512 f5250fda99af29d6947e81d878b0e7bb06c1cce04ebaf3a11f52c06bcd80bb81ab816158f156de58108a12621ce68a87110390dfd29fd27c0b787914b74a4aa1

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.ac

MD5 00fc02c6ec985c26f5cd9cb5edca26b5
SHA1 5e132f11cf0271eb1f87dd610e4c63c2f56a4adf
SHA256 10a3c0ff573b107f26c8e9f11837a9c01e4f07bd26d7baa834bf8bb59cd1caf4
SHA512 bfc74490358ef8a747b9492b3fe37d071ae6b6580e5b2f58950a2180f7e038956479c935cdaafc88050c028b815ac7087a58964d9eeecf2580ee5837fda5d51d

/data/user/0/com.chaoxi.weather/files/.jglogs/.jg.ic

MD5 9a6185f2623013eb7c1d84edd120f681
SHA1 90045e636098c4553df13b43f2e76cd8598cdd69
SHA256 5278eff3270890b22569e52fbc5b8e0983492748be483f8bbb7e2dc64197c5ab
SHA512 5930ee9f0302faf6c60d394cac978a285a10a5eb218c3df3e7d852c9a664536cc35636b914ea03cf50a662d9da215cf0ee4a8c653c7e2fea93fbfaa6fcfede47

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 23751d0307bc5c20f98108f1882bfde1
SHA1 9844609f571ce3b3be25ab5f542f188ee4aa26c4
SHA256 918cf51f6116b3c4f781a633382e952c0cee3380b4c84c3fe6a4f443784950e0
SHA512 8b4e526d248c6964e0ae6e65855d52fc9225d4099aa84df70b0518026b20bc517076d053540840a5fcaae44753c34f08a4fb8f74fe39c6a5fc8f517b7620097c

/data/user/0/com.chaoxi.weather/databases/koudai.db

MD5 011d5cb693280f91a686bf5b8513d69a
SHA1 db80a21a0e7142ee322e8930d81a86b649448f63
SHA256 1c6cca811e07ddd717cc256bc3f494c08d354e94f667c9a9ff581a3dd1ec6227
SHA512 c034fa991837a97b7ff756c9d6d1b33942b57f7c97a066055faf0d7b92eac0e3c02572182de9bc450cfcb99b75514bf003f0ac3fb8faef4785c3cd7aecbc3bd6

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 f9be80c231617356fdc4fc4f6d6b6305
SHA1 26076a874222d8dc4d558a7199e6e6862839f6c9
SHA256 cb6365a09ae6ffb1c850dc912e04e6bb13cbd1b57f3706b2283abe8996ea8847
SHA512 2ff14467e9625fa2111da10614bf6dcf9f904d1efe661a758114edaba7ceb6c40b6df6a880d69fe1fb2e19d943dba59f2ca825b6cf6d74ec0b354dac0937a3b0

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 ce4a4937d505ced5adfd13ffaed56217
SHA1 a87e729753df029a59f275bde1374ec24bae9f97
SHA256 2f5e96007b1995c7ac42307c5d70147a60c00bbc04a29b8814ba9229a72f6ff5
SHA512 9beb340d6a646ac697bfb116fa3a6119caf7a68adc3f022a6204b59a684ba96ec64fb5ed58bf58ebaeb01ef68cc34c5a3a628c84343135b951a6597d8faa9c17

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 3ad8acdaa6facef67738185beaa09154
SHA1 9c7cd9000d579ce82cf13a64ea7decffc69af9b9
SHA256 e98de7086ad008a91d05e0581101b681ea7f5bcf20a0dd1831c1e97b331e5444
SHA512 4527f32e9c093d0e90a7675a2baeac731de87ef45fb962530807e15e4374a00ec287f177ff4dc9cbf4ac40f3816b9803501cf8ebf7224881274eb7deb22e56ef

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 7ed5bcce02ac01fb4bd5838aea277214
SHA1 321ba834b0e41c81199b06a5018f5f310124fdce
SHA256 0f309cf6d9ef019e5b349a98be819e413a58e596b0cb044679cd722d32c7e64e
SHA512 b3bc28be3411a6d82f5f45ebcdf1f981007d88c29e36fe60f969c1f41445c8e17076f8590e7d04acfaf42edd712574f0af3454cb1c43bbeb7d5d72dc0c69fa7b

/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.chaoxi.weather/databases/koudai.db-journal

MD5 3489342a664fe859673eb3261eff6a76
SHA1 9e3a3af8d1e1358835ad6e8f426c079a9f2f7c48
SHA256 7a64768bce651d3a7826b9897304f189a67aacf2176bd041d34228d02bc8f444
SHA512 6320700e2d447e9937941060c63c2666908a95b3c8ba96f3e023e478c82bbb374dc64d05e582d3cadd404916a713b7f1dcea116f241652aa32887f75583ef42d

/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/journal

MD5 a2f451297f56dfa74ca49112a287adfd
SHA1 fa36c4b7b19963fb22fd4582a1b996668ea39682
SHA256 d7476abc9b058c3dc7344c91553364b72f798d0f9e99deb89fe56811805a223e
SHA512 b82ad9420887559be88c64ec08554565f88026e48ea462ea6a4bd2c22d539a2d37f16c81daf16d564da4d0592f0bc5239c92403ff8936723f8d778710e219f3a

/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/d8ac8ba3c3dcf5e6aeaf37cfae4deca5bd56f221c2efbd3bc47729684d62f640.0.tmp

MD5 19adba9d3ce25a4c92693e97888a45e3
SHA1 b60080a92c7999dd8ce41ada8c1aaf9278dc75f5
SHA256 a6ee080e5c3128b004e846992d4e560ff8c5692cd2db875938eef111d8511529
SHA512 ca29a82b4811d46ce3d7529947caaeed60d47e88fc93c10da56795061e4273fac2c7a8a77f45edcd8a8351045a91bc862ec91cccc2f7e18ef7664fed2cd3dac6

/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/8757ac4fd47db724a11276397fe457edd27753098b1b426264f2a861957831fb.0.tmp

MD5 7275aae782f14e432edbac161a629ecf
SHA1 7c281c12f67a6171ef68b1222a4fee8259c74ce7
SHA256 ef05ec36f625eb0806c87f593587c74cf380eeeb3b956c7ea6f5b7f074068d25
SHA512 02c8ff72633bccbd5c0ac27c10252c187283a6e8a4a0d3fd0409f04ed91c5c3baa191292ce466374703ea0abb1a255ed3c1c494c6cc8f2a5690d08ab4dd056e8

/data/user/0/com.chaoxi.weather/files/umeng_it.cache

MD5 c1247c3a4dc3ee183e14b8d0e62c43d5
SHA1 a054f74da62ba74c7babc7c73bbbb16b737fbc39
SHA256 48f2f61668636cc39149f2030b6704c08814d1edc5f6f3ab5758b0b77b731e34
SHA512 7602b755a11305cc04f51d180e5f94c36d04fb295a6b3e6cb128b53eba13a55cd60f9be89f67b185d177a38c5ed0938b6a631925262b06dd51703195a2cd7267

/data/user/0/com.chaoxi.weather/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MjEzNzE5NjQx

MD5 c5d0eadbab68e0aed1959078abbed1dc
SHA1 f7eac85114362d11b329ff0b10c103c55e6f3117
SHA256 026f3558aa3d74af2a041911fbb00fae4c8ecd143b5d73c3e6d72227126dcdf4
SHA512 3399dcceb38e78276c578d5ff7bb9534030b6fc7daddddda502a39a124a8179bc056b0c87c3c6a9d6bf0784ce1cbaa99c2b8f38b856a4314208188619c1539a7

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-01 03:48

Reported

2024-06-01 03:48

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A