Malware Analysis Report

2025-01-06 09:25

Sample ID 240601-f6lababd8z
Target 897be8fe0eb563fee6401ffdda99fc76_JaffaCakes118
SHA256 d245e2f727ffa0f2d1334a3b31e14ad82ee871fa0a19c0ee7d17bee4c9ece483
Tags
banker discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d245e2f727ffa0f2d1334a3b31e14ad82ee871fa0a19c0ee7d17bee4c9ece483

Threat Level: Likely malicious

The file 897be8fe0eb563fee6401ffdda99fc76_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks if the Android device is rooted.

Checks CPU information

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:29

Signatures

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.179.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:32

Platform

android-x86-arm-20240514-en

Max time kernel

22s

Max time network

160s

Command Line

com.tomas.dw

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar N/A N/A
N/A /data/user/0/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar N/A N/A
N/A /data/user/0/com.tomas.dw/app_.gpg.classloader/a78b5186146942a3ab2c978cff25538a_nearby.jar N/A N/A
N/A /data/user/0/com.tomas.dw/app_.gpg.classloader/a78b5186146942a3ab2c978cff25538a_nearby.jar N/A N/A
N/A /data/user/0/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar N/A N/A
N/A /data/user/0/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.tomas.dw

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar --output-vdex-fd=106 --oat-fd=107 --oat-location=/data/user/0/com.tomas.dw/app_.gpg.classloader/oat/x86/28602b02de4a697cc341dc253644a5d3_games.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tomas.dw/app_.gpg.classloader/a78b5186146942a3ab2c978cff25538a_nearby.jar --output-vdex-fd=106 --oat-fd=107 --oat-location=/data/user/0/com.tomas.dw/app_.gpg.classloader/oat/x86/a78b5186146942a3ab2c978cff25538a_nearby.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar --output-vdex-fd=105 --oat-fd=106 --oat-location=/data/user/0/com.tomas.dw/files/raw_up_dexes/oat/x86/inner_analysis.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 app.adjust.com udp
NL 185.151.204.15:443 app.adjust.com tcp
US 1.1.1.1:53 www.google.cn udp
GB 142.250.187.227:443 www.google.cn tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 ecommerce.iap.unity3d.com udp
US 35.241.22.100:443 ecommerce.iap.unity3d.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.66:443 tcp

Files

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/data/data/com.tomas.dw/files/AdjustIoActivityState

MD5 1d8c5cfe8467319a74653b269a965c41
SHA1 25668ddc35a8f5daa4acb662940ed4d209468d42
SHA256 092f7e358bbbcb0e330b3510f4998e9ec00a438162f397ec3e13d395057e1433
SHA512 d95286f650d55be25332a3fd605364111fdf90376833958cef8a3246883853ff1a26438707e9379dd6300444ace59a295b1c520964d5e8453efb24dd730b232f

/data/data/com.tomas.dw/files/AdjustIoPackageQueue

MD5 a74ff724b5063131573854e4dae76fe6
SHA1 d713fc1e15629cbc05b0a710c6633d3b53281737
SHA256 79240d45b25dafbc965977cd69596f11674bf31c7732e7f1c5983a83a2f644d5
SHA512 f23c6578e33b2b95002f34c86d8c2117876b4a1a5526b375b1654b6cb938497597bab454bdd73ccf7d2235f4650128b9f3dafde23e9ce0307aa183a7415859ca

/data/data/com.tomas.dw/files/AdjustIoPackageQueue

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/storage/emulated/0/Android/data/com.tomas.dw/files/user.bin

MD5 7e0dfe9f75986377ed871569eeccdfe7
SHA1 d938115cf8b7ec4329896366d49d1bc1aec27461
SHA256 88886a8a06534ad151a98982252cad0d13e444d3c4e2f8a87ccb6581a2cfce03
SHA512 2eea43453c2e78d7746e3d55d54b4ca96bcb6f916763ab2a40e5ea3a48beeac08ce53a9e9239572b6c601dc73e051218c09e84a7dd8e6a2918c1b87fbe26ea5c

/data/data/com.tomas.dw/files/AdjustIoActivityState

MD5 b2f63ffc18234eb9fc3490479ad39031
SHA1 4012eb565b28e663d8e42899875590fc79235ff8
SHA256 db2b6c0d32bf25cf7cd2690a098730b03009273c4f1255bae1e819063fb73aa6
SHA512 7cde089d7bf66a67a7a0384cc23e7008f71f039c7ebb7e1b24dacf8e4c0f3645d8fe783d22b161bb0cda9abd02093e2e13ca96cee38a0d30ac9993deb30005a0

/storage/emulated/0/Android/data/com.tomas.dw/files/user.bin

MD5 dcff8faadd02b8d7f75ef8697072d1be
SHA1 70c642c8a31bfac0ba448b16e98d48bf3861098c
SHA256 8cc679c1e36e1698b6f253b3d3840446194c0f8537f4c19231b24c26c1b28ac2
SHA512 5858d34639a636407ca57712bfeff15e02a3af01f493f4203762f12a649093d322f4308fada92789bbc835a4d7b680a6cc423aa7a170471487fe7bd555f10a3a

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400000.11a7bcbb/s

MD5 7aaee917581e5450449217e9527ba831
SHA1 984d84429076285b0e13a50f0d2d87053434072e
SHA256 905141eb10dfdb8b7517998a1c5e86394277c810ed0815b8ee70d00a4a302d30
SHA512 b489588440da114f0e31dd757012e6cd5d9bcc882f625ed15d8a7de1ccf9c4d224c43de3b0fc7c846bfcbfcb9c005e8758502cf718444b874076d16b8d19cd53

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400000.11a7bcbb/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400000.11a7bcbb/e

MD5 496093607cf6f5a6411a9f0bd8a9f95b
SHA1 8489e965a3364a817bfd70c18464eef5ea56c30e
SHA256 b10bd40e4cef3888e5e9344c7d3d283c0849b53b5ec3f1df23c71a3602260c3c
SHA512 fee2f730f83366cedc2828a6b4ecc32caa440b48e8a35eb481261c6d8b95b84920e51324f42a65285527429f4582ab5884a8735c48803aa7f1042b0ee6188b4f

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400001.11a7bcbb/e

MD5 9e72d88be05a84d339fa724ac2070318
SHA1 14b7e4c4faff7a56e0d7200d044f9229eb581630
SHA256 4c713924e1a8822d3ec6e2e126ce3890c772366880be056020b9974ab95cb576
SHA512 28d40abf1137fc58e1947a0f398092ef2900930491565835811c5c0aa710efb7f3eadefc7987adfbefc7faf2994004f8d4f96ae1b2c877cb06cba28d49904e05

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/values

MD5 0d968f3c63ab019b2cdc5ef6d23109f6
SHA1 9b6a91cc1c71ffbb828f1a7a6730bfe92e84887d
SHA256 497fe75676585e851d95d183dde8d97f0775b32678536bcb6caf0d0c2aa74a6a
SHA512 519ff9fefd75c31258cf16242d2a2c41be86de8a1a8557c007026e03eeb07be9b98904f70820971f2de8f35b68a1be6685a5524e401a694b243105fa813b2f72

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400002.11a7bcbb/e

MD5 a9a16ef355db4693a2a5227e3905d314
SHA1 5e012a37dff84fe5c44fb6e7875e1f0f1de4463f
SHA256 b102400dc0d2b85e1cee84d6b7578d66a79cac5534b2256ad599aef94d1a6043
SHA512 701934fdbf7f7e59e423fa4ca4527b381364a945eb5b7c012dfc3644ffe4e09dc9f0a3357ccb3d0b91e3bd5353e6b4ca33ba30e8eb8e5da8d216df5a7ad5cffa

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400002.11a7bcbb/e

MD5 11d69d89980cb570d85f43a1f96961e1
SHA1 317623c3ace4ec7ba339b7c1b3927dcaef314207
SHA256 59b354dabd553bfe5aef8cdb71a771099793a0011e44bad68fec5e33ef509cdb
SHA512 fc71a1a067fc9440c5a80daf1ce48632ae0cc8b300b23e31cee0edbf67126a98c9fc4b1507f5ef3689525c11f2f7e04cfe95b076052a4077d1bc522cafcfb249

/data/data/com.tomas.dw/files/AdjustIoActivityState

MD5 208d0cf2956af9a0f8b1d9d689e0e371
SHA1 a9140db26c9a7b187d96853c7870632f6b96373b
SHA256 102f72d6d5ff991bde512ddb81b87a770445fcd54401cfd169802ed677acb726
SHA512 da14b7b8a13f23efc2194443f9adb99e078aaa9055dbf75d5947500a309a1e59af6968d0d9563e18daf5e9c2e6583bf8f43a340d5ae88446c5369d649c787f12

/data/data/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar

MD5 28602b02de4a697cc341dc253644a5d3
SHA1 f5fd771823dc7f8951fb906656941a4333f1cc02
SHA256 46a97995adee5e24b4d4a601afeb10b9f79162c35569c22d1b76000cbf52c5d6
SHA512 ccec6b19403e1b96383199823a017122bfe92fcec55cf6d5b4b3722f2ae5fdc4f640d3409ef16058e6c4a4a7b4b4d3bcefc541cbf77025aefa9e40ae4abe32ee

/data/user/0/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar

MD5 ef02c076f334c92f242425ae06f08dd5
SHA1 6c4e48b52519595b847393dba1a258457b761663
SHA256 aced7234b3770bf9c0e8b69b010c2e55aec38e15202351c09e1caa58eeeee5e4
SHA512 9cb62ac0e89a6d07e8143aabe7a79e76405524d62cb2797af5f82de4130bf33f509fa5efab2224e5582b93fa5cb805e76d88ebda394ce8420b90609c6ec47196

/data/user/0/com.tomas.dw/app_.gpg.classloader/28602b02de4a697cc341dc253644a5d3_games.jar

MD5 c028fad8fcd0bd9dc1c56630463d73b2
SHA1 b765e064bb3e64a4a20fe31137abe2a5120ee401
SHA256 0a98c1fe9a65591fbfb3e9189d4d5047876ad67ebc0ec67118dd4b49bcb51ba1
SHA512 2c8a4dfb1756e27cc2d4bbd93602a92ec7ab0262ff0619f8909a54899331abf20674f725922ccf1089c85804b5e087b5d378c8ae3b376b375c6882bb9dd83d5c

/data/data/com.tomas.dw/app_.gpg.classloader/a78b5186146942a3ab2c978cff25538a_nearby.jar

MD5 a78b5186146942a3ab2c978cff25538a
SHA1 f2d382b9234cd1d7e0e9c1697620e95baee6c556
SHA256 762f0ce02c517f03a2a6bbe9de91267ac25ee27aa6a374488dd8ed67a92ce82f
SHA512 c5187e03a298ee0313da36be21427ccdc44641a7b58562ed4a39ddae4b252779903880b19ded559635ab26171e9ceaa5dcacda4b9cd2ed8b3570b7314e3c35ac

/data/user/0/com.tomas.dw/app_.gpg.classloader/a78b5186146942a3ab2c978cff25538a_nearby.jar

MD5 4bf80007560006a755c1fe686d481a27
SHA1 58e2720fd803e2bab0d19df419dd9884354037f7
SHA256 1ab0f91721254f8a38137182fd2699cdebbcc6e31546795e61d1051ca894c632
SHA512 60f999174054c641d059195a0dd157cd8008a0213c25d0d478881d1db7551f8813c9a05cfe82f6cb78500753b5b41b33b110916ca3714f6644614346d78ae7c4

/data/data/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar

MD5 b172d3b7c8daf1ee417efcb04b9f16ce
SHA1 1c92c49d989c6ab054deacbc8480bfc368b6cf52
SHA256 1da366d36f9d2d02d160779180597950a4b9f0844718ba0df7640d43c6ba9905
SHA512 e74aa3db16a0d0518834c037780fbf0575c15c6d4da67f0f4caa5f91a041bbcb182396554a22eadd4f4a0a77075e2807134c9650c5345f18317c79a5e3f9c42c

/data/user/0/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar

MD5 38c246686809d644484c7ed245919e34
SHA1 3e1873e28bb1f7b6f5114f410099f3bd6706f11e
SHA256 fef5ec2abde2facc8414db3224de0d215289131ebd41462a46a68aca8026fb78
SHA512 3ef1c8bd87b9cf390a79f7984cb799388b7c21afddb7dad0dc72d4eab42ba15cba88da7482bd1c85cac7cc61af92207c82a55abe8ed8b8f7fe6208de291a033e

/data/data/com.tomas.dw/files/AdjustIoActivityState

MD5 b7868696c7291f21318447050668ca91
SHA1 83df82746f9a33d4de7c473ca23fb8ec51589fa8
SHA256 36a9e97fdcb327e7c04bcfc50a70343e112021eacb8aa964d7cc71c9f3a719d3
SHA512 00e27f7066675fc0ccea29d188080ba51feb86363e5f75494f6c65f6c37d49fb858d6128f4cc6da66bcd105030e7d7f4770e07414b044406e1cbd593a068a1e3

/storage/emulated/0/Android/data/com.tomas.dw/files/Unity/a1951f14-1839-4d0e-9037-69bab0181db7/Analytics/ArchivedEvents/171721980400002.11a7bcbb/e

MD5 1d3b55fa41df734290a36de800335efc
SHA1 bd58532e1221242e51fc264905dddfc2bf18b3ee
SHA256 f2efe6214125901fbc319f55c0ac0a3f268339997f177c31d9a4a52922d73503
SHA512 1727e364f853ef46616a5945f20c5654e4f1df5ca71f78cc79bc1323e994125fca1e2acdebf95b4ce2ef129f190d6986826535aeda3306f9b39b2c9a4ecfd12d

/data/user/0/com.tomas.dw/files/raw_up_dexes/inner_analysis.jar

MD5 c0e2160a0bdd348ca50c8e4a396c1166
SHA1 e576d182026d500c23adf07f772b5c9432d212fd
SHA256 01a2234fb9163bcc04cc3659f87ec9a3d9fd1a1ce07ec278c4323dadc4b824ce
SHA512 3fd8432dcef93a4882b9d4b7ff2d3f7b7e2bb938b786a5ecff303154154db25e58a009deb2b34dbccf42e3120705aeda7e7f0097513e393c7b1fad5bf478f9ce

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.195:443 tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.179.234:443 tcp
GB 172.217.169.74:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.187.195:443 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:30

Platform

android-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.227:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x64-arm64-20240514-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-01 05:29

Reported

2024-06-01 05:29

Platform

android-x86-arm-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp

Files

N/A