Analysis Overview
SHA256
9a4996d48394f87f79ffe23c1fd5206869e32498bd339c3083a4c46f282674ad
Threat Level: Shows suspicious behavior
The file 897dd448cbcc10e7f18d4c0a2be4e013_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
Checks if the internet connection is available
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 05:32
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 05:32
Reported
2024-06-01 05:36
Platform
android-x86-arm-20240514-en
Max time kernel
10s
Max time network
131s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.maoqilai.paizhaoquzi/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.maoqilai.paizhaoquzi
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.maoqilai.paizhaoquzi/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.maoqilai.paizhaoquzi/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | verify.baidubce.com | udp |
| CN | 110.242.69.180:443 | verify.baidubce.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.maoqilai.paizhaoquzi/.jiagu/libjiagu.so
| MD5 | f07656a2f51ecb23edc102003c32b764 |
| SHA1 | 3ef18f74b609313887b9e825c56a54b5a9eef20e |
| SHA256 | f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913 |
| SHA512 | 34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238 |
/data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex
| MD5 | e7dcd80a0faf2099e00c898f2c2c96d3 |
| SHA1 | a4e1f3ae273b6de821473b145d7965dc83bd620a |
| SHA256 | 8112d5ff1c4c7b64e0cb490b80371635f21cedfbad98047339bbe8d5431366bc |
| SHA512 | b9e6972fc38f82bc7c617ab781f51200f985559dc90c50a43800d0eba3f522fa118ecff401179bc44223cec61c3872544b81f06e3b10abba58d98204351fa287 |
/data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex!classes2.dex
| MD5 | c03473f98d044422460e9585abaa3cdf |
| SHA1 | cc3eba6f9176ecd3884279c8e502396c867eb374 |
| SHA256 | ad6d568520ec95f2e867f194a64b64587149bd51440cbe5ab540dcfdac1ab043 |
| SHA512 | f0e9db70936815e38c8497573f8a64887bb6933eb0655751e4cb26130afd385a53cf10e95c8fdfea1eaea124b6e7f9b3e761b37d667727df5681456f8bb5eb0a |
/data/data/com.maoqilai.paizhaoquzi/.jiagu/classes.dex!classes3.dex
| MD5 | 1f593d4d987ac7628fe0616f3c96c723 |
| SHA1 | b49057a7e5b3daeef7513e4e5211260ca1894ae0 |
| SHA256 | 16e7bd69142853e49eed2d61f7be0a5d5812ca1944c55e6eb590a734bd35072f |
| SHA512 | e43e71ae09c61f0899f616073cb7f48560fbf24a3c628f463be72b541dece5a4f819b5be49cd8b2a74bc17c3e632a794d02a9d14bc7ca39b7a30211a0e71b2c0 |
/data/data/com.maoqilai.paizhaoquzi/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.maoqilai.paizhaoquzi/files/.jglogs/.jg.ri
| MD5 | a74b9f6fe117440b456ba9c33d157dfa |
| SHA1 | f136d78706756874d99b1212f6781d4012c005fd |
| SHA256 | 84d3e1682d91e9671deb72451eafac204390b913cc319db14efa5bd85b3ffa26 |
| SHA512 | 5a53f4cf6f10d4b7f592efa067bb51660196fa1a7942cd8c93cf11b99d2c256bc6d81573c801b6278c0cddb2fe2d8a6168908633c47be4c8b51c790761124107 |
/data/data/com.maoqilai.paizhaoquzi/files/.jiagu.lock
| MD5 | 2121180374c6dae5f172a5d1058124c1 |
| SHA1 | fed9cbc055763a5e95d67f97ae09e4e2c0cad3bf |
| SHA256 | 2e82ba94f5659ad4ca2aef26680963327ce15c6b02e11920f7f70333afc13044 |
| SHA512 | e38318237e27e55bb49e4777421d1781ea1afcba9dbeb0151cd420af6a4851d87b065af6a7dc81106ee62fbf0ebfed77e2ec4b02b844385a431e80d7e4e97029 |
/data/data/com.maoqilai.paizhaoquzi/files/.jglogs/.jg.rd
| MD5 | de53ce3cb9b7a82f97f95616aeba17aa |
| SHA1 | d3f14faf4c8492e824f4ca751294107c22eb8602 |
| SHA256 | 2454c91de7d0c5ee8dfb779fc4b26d313f37b39096f8c8b9ec10e2ea14155935 |
| SHA512 | c131158afad9eafbe8eccda967603cdecd539e17178a6ba6e3687ac2c6b462103f2e3f236040e074bc4f83d3337f5ec610f501d9e8cdc8fe3ae2c9832e98d1ab |
/data/data/com.maoqilai.paizhaoquzi/files/.jglogs/.jg.ac
| MD5 | d91aedf14cc17b508fc07d21f59f4881 |
| SHA1 | 51b8f79a994c24cf737af8b1ff4f985ba7341e5a |
| SHA256 | 96cc3c85b42d771441899e6653f55b80b2f4ff24d1b8813b33d32ce96f671e8a |
| SHA512 | e536fc173d60eca9e4f5c306f1b41741f2ec50837ee6b3d831932c8980d2bd24193e00afbe652070345947d72ef70c2bde89bfb6ddb1acd34e43d27628940f33 |
/data/data/com.maoqilai.paizhaoquzi/files/.jglogs/.jg.ic
| MD5 | c3f482eee5326e1a06160ee5b7c915f4 |
| SHA1 | e3e4c15bcc329f466154e4b61f1692262cbefe6e |
| SHA256 | b7630694a7d3941c4f8b53a1f0c84d463db35f3a1243f32d891f796af8d85a95 |
| SHA512 | 7493e51efc47107086c76dc7210cd3d62401c3e0a1b8de05db93bf71ab15f80a72269d3cc7d453f87d6ceaf9d1d07c18b9121b2c768a5e2a236d423a135568b1 |
/data/data/com.maoqilai.paizhaoquzi/files/.jglogs/.jg.di
| MD5 | f03f88cd40e59c6e7551dfc90e74b2fe |
| SHA1 | fc46337ceff6e90b471ebf6b6ad64b7e2f5d5e51 |
| SHA256 | 00cf124bc865a209782bb003c5dddd78686c31bb662e647fa8eb1e43607ec2f0 |
| SHA512 | 3184b4c80afde967ce378298e923fe4bc5cb42283f773d15a555877f1a084971bbee5029562fd90b6594902ecc8914ca6ba0cc81d819978a6803f5f806abb7d5 |
/storage/emulated/0/360/.iddata
| MD5 | 163d0dc9894f4627c50d6eea40dc749f |
| SHA1 | 3b92bf02e2baa97f4f917abd283d5bf766052b4d |
| SHA256 | 3951ec42a371c2eccc2a55b98f88b0533cbc5b767c4544b638a5c5fe56a5d07c |
| SHA512 | c688263b81ae975e3ec441f585d5836b98729aa75b01eb345cdaa65d76192c30e4d07d52d635484fae3a7be1677df77a6e10e8bada808688be4cd423dc42029a |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/data/data/com.maoqilai.paizhaoquzi/databases/MessageStore.db-journal
| MD5 | 29245b558a58fcc7da3b7a880a210e8a |
| SHA1 | 5f5dca9e0251a021b6a7dac0947cec75d4d9510a |
| SHA256 | 910d91d4fc0637a31dc04a64298eaca50f34ea2fafeaaf4f25d151e3ff4ad48a |
| SHA512 | 223bc2d392c7c839ad19665876c0f220ab66698aa92d60db69e3d608c19d4725bc6536f6d2efdf4986d331d021570370529a63fd7d125a52129a360b4e6a975d |
/data/data/com.maoqilai.paizhaoquzi/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.maoqilai.paizhaoquzi/databases/MessageStore.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.maoqilai.paizhaoquzi/databases/MessageStore.db-wal
| MD5 | 747b82c4b63e9a0b9e6472a4956862da |
| SHA1 | b42dcfd7aea2f59c9636d05ea7cf416212f8658d |
| SHA256 | d5d87a58a85ada0265d7b089a75e5e705c04b44c3d19e3996708c9ee4a2d8f59 |
| SHA512 | 92028bafe742cf708334e115c1558a97d8b8dff01e49978b2e09ca80cfd2a4cc589a302f3b48d5156d8c16485d615dbb7bd8f2e91c67d5567b06432172fb8b89 |
/data/data/com.maoqilai.paizhaoquzi/databases/MsgLogStore.db-journal
| MD5 | ce22b288f7636403d27715df65d99436 |
| SHA1 | c58325bfa994fd6d9b64507e8e7468c07ce4b2b8 |
| SHA256 | 2d253ebe96126594f5275cab55c51d5f636157b25b2e6ca9630682eb70e9f479 |
| SHA512 | ef609fc6dac2d97386dd88ae9f69e8d012bd511744ca6cbddc265b25fe3282a3fb2f27aaedce2850da094369d487b351a56728d815404fe54eee0f2795496d2c |
/data/data/com.maoqilai.paizhaoquzi/databases/MsgLogStore.db-wal
| MD5 | 976efd2bf55766ee3bb44d766fe56c15 |
| SHA1 | 60dd9769c70720aad18d802bc45044f56941da91 |
| SHA256 | 3889477f9d236e0265835387c5e95273ae5d68491126aed1a23f0d1a0b607c36 |
| SHA512 | abe03f384fbac0036a0298a32a37734cdf42394e336dd376a18b32877f88a479c83b7ed43101a703de0dd628642770759e8e53799b688f3ef424a81e0e48660f |
/data/data/com.maoqilai.paizhaoquzi/databases/history_db-journal
| MD5 | 172989689f8d23eb757cfa7e1806829f |
| SHA1 | 1d155663f0545d8246a25091b682bec0e9e0fa9a |
| SHA256 | e5806555c9f6582a6f31167c0d908d34dbcbce289bff821887e9c9ef1c815351 |
| SHA512 | 1d3450d4ba922638720f498216f8a0bf9d1ab33a8aa242113566a43ed116780eebbf75eeba1c1de00aeb013cc555aab7e6f2dea49d971661b8c1e7f0029d7e52 |
/data/data/com.maoqilai.paizhaoquzi/databases/history_db-wal
| MD5 | 5b429b16812adc68cbb146b13759f8ff |
| SHA1 | e44f9fb43c187e47ac80780b33238fb36d70a1a6 |
| SHA256 | 47f1f3a9bdd5abb8af8e9d582ca9a004c3f3a902406d9e993040d69d66e0d0b0 |
| SHA512 | 6417fd5d51f7e168f172b1939de66f8fd091c2d79377b38323eb1bce6d1cd9cce78dd4e77f9363c934270933c380fac5a831b2823b76ee39be5becb4ca25343d |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | f4392e36886579414f989894380d162e |
| SHA1 | 9bc4dcb1eb0bcc95c1b18616846f0665f9bae9ef |
| SHA256 | 3a994701c9a00313ecb60514cdcbc0e0f6ebf3af1527b0df8e9617589990747d |
| SHA512 | de6b5ec93a02addc5d5c23d6801e86937533139603f2e6bb157e5a06982d5e596fdfa6059fcda21ffbd25e0ab2a5311629f1e23b60e96f1b608727bb4474c466 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 99254f553325f6b0faca621ec39936e3 |
| SHA1 | 3bd65cbacfb69ddd4c7689926f10d2bcbfbf334a |
| SHA256 | e25de376383ab0554ab3b7a5160c52e75c56b72d7fa2f64fd8695b83ea68de72 |
| SHA512 | dd40eafbc0ca726aa81507208ba4c685c7871c0d42fb30201ca18eda14ea59227a1a60c0fabc5236fa3cf2f1905a44cda2adfe9a5f3b95e4a00be8f91dfe5f40 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 05:32
Reported
2024-06-01 05:33
Platform
android-33-x64-arm64-20240514-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp |