Malware Analysis Report

2024-10-19 13:18

Sample ID 240602-k5w3mshe66
Target 8d91d7043ed90a2a865051e4b0c55e75_JaffaCakes118
SHA256 dceb9da6a75947d4ca9d3fd8d636fd979522b85bfe4d4b40f52a3e4c822cc03b
Tags
collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dceb9da6a75947d4ca9d3fd8d636fd979522b85bfe4d4b40f52a3e4c822cc03b

Threat Level: Shows suspicious behavior

The file 8d91d7043ed90a2a865051e4b0c55e75_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Checks memory information

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 09:11

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:16

Platform

android-x64-20240514-en

Max time kernel

7s

Max time network

131s

Command Line

com.tencent.tmgp.hsxxl

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.tmgp.hsxxl

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 qzonestyle.gtimg.cn udp
GB 172.217.169.14:443 tcp
CN 112.84.131.72:80 qzonestyle.gtimg.cn tcp
CN 112.84.131.72:80 qzonestyle.gtimg.cn tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 a4b647c0c835b99edd8d681c20f0add4
SHA1 596f8f16b8852d073e293fa6ac3f388a5cfe976c
SHA256 245e9fc609f81f48a5c230e6ac73b23663d37009d9b254c4ed90e78c0035bf0f
SHA512 13ce2cc10b162b87ababe633ff011532056bdbb2464b38ce19be0a8962e7b8b8fdbddfaee19fd9381dffe996c16ff44f4c8b14383c49b2954d5c574ec7d39eb3

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar

MD5 b21bcf99bc6cfa9edadc401ebd168e21
SHA1 0f53b96fabd9e73c493a24b897276556ab2c49ba
SHA256 d1fac34723dd4d7188dd4a89aa369eb70e3dbec9774118a18aa0907ddba46517
SHA512 8d4e8239eb07aaad86bcb948e10eb278ae24e0c61a4b01ee152a380fc57187d473a0cc21d1e2d5cd896f893ed5eec3df1e3150b05ed495a31ec7c16061060a48

/data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar

MD5 3f2e7af379565ac1772b4737fc3916b8
SHA1 78c6f3723b35b8f7ddea69456d610cc6146ee7f0
SHA256 45a06a336efb41d7e51e5f2ff1c4e4c6e0bbc90beb022e572825321c1060dd4d
SHA512 8a166b8390eab2490451c4aff1bdcdc9b06e8a98a41b884a18e800d21caa35f1a16c622034e3684230073faa638ee9e4c9bef7756d027366676134c34ef68d5b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:14

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

161s

Command Line

com.tencent.qqgamemi.forumplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.forumplugin

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:16

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

137s

Command Line

com.tencent.tmgp.hsxxl

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A
N/A /data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.tmgp.hsxxl

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 qzonestyle.gtimg.cn udp
CN 123.12.214.184:80 qzonestyle.gtimg.cn tcp
CN 123.12.214.184:80 qzonestyle.gtimg.cn tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 a4b647c0c835b99edd8d681c20f0add4
SHA1 596f8f16b8852d073e293fa6ac3f388a5cfe976c
SHA256 245e9fc609f81f48a5c230e6ac73b23663d37009d9b254c4ed90e78c0035bf0f
SHA512 13ce2cc10b162b87ababe633ff011532056bdbb2464b38ce19be0a8962e7b8b8fdbddfaee19fd9381dffe996c16ff44f4c8b14383c49b2954d5c574ec7d39eb3

/data/data/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar

MD5 b21bcf99bc6cfa9edadc401ebd168e21
SHA1 0f53b96fabd9e73c493a24b897276556ab2c49ba
SHA256 d1fac34723dd4d7188dd4a89aa369eb70e3dbec9774118a18aa0907ddba46517
SHA512 8d4e8239eb07aaad86bcb948e10eb278ae24e0c61a4b01ee152a380fc57187d473a0cc21d1e2d5cd896f893ed5eec3df1e3150b05ed495a31ec7c16061060a48

/data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar

MD5 3f2e7af379565ac1772b4737fc3916b8
SHA1 78c6f3723b35b8f7ddea69456d610cc6146ee7f0
SHA256 45a06a336efb41d7e51e5f2ff1c4e4c6e0bbc90beb022e572825321c1060dd4d
SHA512 8a166b8390eab2490451c4aff1bdcdc9b06e8a98a41b884a18e800d21caa35f1a16c622034e3684230073faa638ee9e4c9bef7756d027366676134c34ef68d5b

/data/user/0/com.tencent.tmgp.hsxxl/app_e_qq_com_plugin/gdt_plugin.jar

MD5 a156d3de56d33c62fc172464a4ac7fd8
SHA1 d1be0e780387a3827f9d1873722bae0700501f24
SHA256 3a0486afeec301e795c85017bd3ac1ab09b3f6923e6b1ecab040c28e1f2b77e4
SHA512 4658e05f52b7d3f5936a5d1c29f42d671a167137e941ad0e0696d446398bd7f1bec12c38717ee354897f70bbd834c217c33bd016862a9a4f00b0149cfa7cd9af

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-20240514-en

Max time kernel

9s

Max time network

133s

Command Line

com.tencent.qqgamemi.forumplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.forumplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x86-arm-20240514-en

Max time kernel

7s

Max time network

135s

Command Line

com.tencent.qqgamemi.speedupplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.speedupplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-20240514-en

Max time kernel

9s

Max time network

133s

Command Line

com.tencent.qqgamemi.speedupplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.speedupplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:16

Platform

android-x64-20240514-en

Max time kernel

167s

Max time network

136s

Command Line

com.tencent.unipay

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.unipay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.unipay.qq.com udp
US 1.1.1.1:53 strategy.beacon.qq.com udp
CN 183.60.15.48:80 api.unipay.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
US 1.1.1.1:53 monitor.uu.qq.com udp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.48:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 183.60.15.48:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
US 1.1.1.1:53 strategy.beacon.qq.com udp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp

Files

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 0119e5c688abe4aa445f6934d1dbf589
SHA1 d5aa204ebe69be2b715ad5443de66f714cc231d3
SHA256 7e97bffa05e0a57f7dc5ce7d1aa2976180487972db8767b1b8bd05798dce6895
SHA512 04e510a763052a8f4db7314819a95ee542816fd4e1b8e2933551b2850e07e17839b68a179e0e325b54feceee6e95358f32d4f9db38d951a93a9d2828ffb7e2a9

/data/data/com.tencent.unipay/databases/eup_db

MD5 e1ab7cbed3fb53c12f309deb97988d2e
SHA1 bf26f7301643ca198721d10017ea63de94718084
SHA256 e4d36cbc27ce2fe1e354ac6a145cdecb096b55e6cc5cb6d1f00eca2a2cf05e0f
SHA512 9b162cad2eaa83ad93952b8a8ebedab0a32f014b6c74c357965f073c2cddad90582de7ce012d6fa012aba60bb2abe9f39fc159fce358a68a6422a4557e72acc2

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 c800fc82b31250a93a2095da9df1f428
SHA1 7cbbe82dc15068ee826b341d2e70fe3c6139eea2
SHA256 435255c44ff08967698357e51d481b6433ffcbd739676ba35322d18fa68d90e3
SHA512 fc5ee26a92779dada6265c8073145772339966c25b95cffdab12c3488445eb3399408798d5a5e696d54582a2853f0f0d620e8e04e4d3be772b03c40c929c924f

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 5c5b7c5c2accc983f7cca96147f0c86b
SHA1 811d7b1d86ca08dfec0d83bbd5d15a4b31b6f8b4
SHA256 8b62fda2f51c23b5e02681a3151f726c01003f346fa44d69f2e4b2c176b967ce
SHA512 27d19c349b4ccd48b2808a998fae68683051a9b02ae0d6f8a8c225d588291d9e33a0eafc2ef169e0edfd03630638125b3260efe421845a593ff9fd8526fd39af

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 37985507a254a0de3c22dbaca36633b5
SHA1 ea5e01d44354589bf84f9769b965a12a0d66ef5f
SHA256 a9a5f06ff5e9c0fe96d5206f6846fb850c3fc057dcaf8f6cd5aea4f1738227f6
SHA512 c9fc68d9ad718b0c4dbdaa912df701bd4205c40daa8b3f8bd120e4383befd43bbb70a9dadad4c0e66805ee7e46b2650918f4a24b5c86596c4c21efe054cbc541

/data/data/com.tencent.unipay/databases/beacon_db

MD5 e2793559b5254534a28c0924290789e7
SHA1 ef0e1f55a0637c668c592d09da52966ca54f2b2b
SHA256 0d05bf85979d09cff9937d659803ccea038c6e82863d82a3eeb51bcbcfb07471
SHA512 c629cfe887e5a183d82a891f997b7a6df69402297909e7f99a59b6d17fff46512e065cdcd82939b3d19d30d8fd36bbc659bec9cce5f81953f43342dc5f4d1e4e

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 eb8269ca2270ef86435b936c79258ac5
SHA1 7b48e2bb08e618904d90e8e55e3c2374716e90d0
SHA256 f88cadc26d8d68caefef7d9b0972588722ea2f9c9b95aca2a52c501b29f30ea7
SHA512 74e0a235d5dceac802409dc11a65a8073003e92951a14ce33a5abc050481ea3962ee35089691b90ad083159122c1dfc7eef8dcc4f845a7610ddb5c62b6ddf535

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 0e0abf4484733f109453a2af7ffbaeea
SHA1 2ee2a168d7e0eedc52ad22c6557898ff1a766e55
SHA256 b2ef0e82999a63d346b02fd5585df9b396ad7a5144d1e1f13eb9fc53b5beb0f4
SHA512 9819a26dcac69c65d333ad9022321ec28e1d4149004f21c235dd9e299133cdfbfbfb2bb3c76e6bd9ad97af72a17748b26cf50b7e14009278eb555eca78737236

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 0c2ed475a7c49c5a52ec3a677911c691
SHA1 c3219976cf2a1f5961b0044d6f0bafcf8d248a6b
SHA256 1208b4b93dd771985ac82bd25fd8b7a66565ce1c2f88207232a51c14d28f2bc7
SHA512 aea75757f227c0f96e519ec19147579606839e9a6245f83b70a3d15674524cb9a7efee6f938b45bf5521fed1ec36689393303a095a5ebc73016d340543f2d5b4

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db

MD5 3c718b6ee850793296421bf05d4a7ec5
SHA1 be4193ec279d4e06bce835fac63c0c02db9a07ec
SHA256 248c9e2b4251e15b129d129aead04f3d943ce8affd119eb9e1c412e423df4ed6
SHA512 e720bf6cd7c66efe2a7d3deaf7b14c4ec256b5b1af751f08706efd3ec14f26a51c52658fae9ee9a714eec6cabcbb9f70fbce5f6fc8e7c17330fd8e422e05d6c5

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 1b7029aa8f7eff7855f04769ef099dea
SHA1 eef356b56633b432fbfe0b58ffd31e75d8157275
SHA256 edcb33f3daabfd0d710a561930a078c3226cf514930640cd5b1331dd6bdb219c
SHA512 ff639164938c0b2d9e9fc73b4f673158cfd48f9e3d01a389b0328317c5e936034acb48bf34cd7f4906d9b29a1b7e1fbde4fc0402df00b2e099a044251884af66

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 b6fd8a0de608a12372a9b3e9384522ef
SHA1 b645cfb69b7e1e4b3a8ab81054b582ebce9a1f0e
SHA256 c53f4c6b824956c02dbb2942fee6ebfc7bc4f8c216b3f8e398db3b4c4d600889
SHA512 585376a7bfaaf4e789d770a5896ecfbb934f5830ff3e2a56cf03ca58a4be4caf0fb2bc302b4c33a83c7464af05b5ababdb15a14c9fb5647b730c40d2191b8c22

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 f2e23db46cc6919431eb95694a5d2698
SHA1 f6b6baa37728f529b9d2c5c57f4ef48865d3b468
SHA256 e825d91c88a9bd8a312129a3d79bae9dbd1d3737dcf88c7f72a5abfc638da6cf
SHA512 8b3d86ea3fbf728feed606b1e32e7d620123179f9c5a71c42159490d503d6aef0f295dafd2b21d97f60e395cf1f17384b827cd78c138aa4a6e09efe4f2980cce

/data/data/com.tencent.unipay/databases/eup_db

MD5 77862e5a988bcacffb5f3f4b56bcfd13
SHA1 224c79a18684cfdd66abaa9c3dec47cdf9533c8f
SHA256 27c65cf2634944ed63443c863c0081e694c7b2888361909b0764734093ab4687
SHA512 37f888d3b3ec0d087fd0f7eb5658b2cbd84b6ceae9511b9ed5acef22e31b2dbfee3a6aff27ca2596cd98c5449f897f4ca158b5e51d8d3731e707db40feac0e81

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 d247684c2c5bc574b86deeeec3356db8
SHA1 cbaa969f38391239d090ef33cb658bf3297481a9
SHA256 4e0068cfe3cc17d4a97d0a71df0dfb922db2f61c6a8554343dee665c4aa9470c
SHA512 f4d90b3b6e7fc3b04c52c2bc4c083f6db5b27d18bf847327b0e6eee1b148a7714b34ceef93891a825809183bbac55c5c492ebc986a37da3c3b550ce224d75ad1

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 c69590ffa445bb03bbe10729d5c3eb38
SHA1 cb6e14fd61f7eb69a084e08a33d7737e169dcb96
SHA256 5c80025b51a538c80b3db4747249c1e2af2973639f16651991c8f9d9414e5d02
SHA512 3737ca50bc943cc5614cbd8436cd85b91df88581dff53d92dcaf583b2bbdb4fe0b4e1139a5b6fc100249a22056513571e54e2f284ac8e740009f76f91a5ed19e

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 f96055092d9827353d7b3e7273dee22d
SHA1 22bb1b38aeb06905b4b9e347dde1ce09301206f4
SHA256 254f3a61d63ac2f18f720edb1087132c18f7c775acb59bc6070936e12b5632c9
SHA512 db02ada41fa9d17fc759691fb79a9f02a31fc1071cbaba8ecea258e2f37db47359923e570a82ab32bc3c9a0e7adcfca931f46943a3f88bc3763eb10a9086add1

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 6eb44b44e8ac61297882dd19bb7fb31f
SHA1 1939d3eb2e1368b6dbe96eca316c888fd2cc6dc9
SHA256 b481538312e0ec501ccdda7ae95bb463595ae7869d00494d0b78061b8258e9eb
SHA512 626f3a7bfa32dfeecc369c451f2c4fa4ea971b54ec2a963493512c2657b46d408db130234fb1eab50f9e1a6015d4c0d584c306e870e0610200eb67a33938b33b

/data/data/com.tencent.unipay/databases/eup_db

MD5 00097a66c7496f869a0384cf1d27102e
SHA1 dc10a654d3e4ba25521aa14f04e1cd8d8b2ecc5a
SHA256 cc14c4c43b03169a4fdd6305c1ec966984cd85747b58e7cb0b0e4832456b84ab
SHA512 5ec1ccd4bb37a263cd8c668e458940555b68c391aae64e1314a646412f76fe66f39ec3099a390932db39946654d33917bf0beb19059405ef1130465bf23aaac8

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 e4c9e773f23cc014220eaba326f63f70
SHA1 2cb17846f92db5a6be00aa65816903b9f994b2ba
SHA256 ee0187db788594f83dac4edbae21c875419fec663ea67180b8cf4d75ce25c670
SHA512 fa2c59928b6f2a681b89698831c3245c6486fc56fbf4fd59514027cc7d8354d6b2108cf836f9be7905bac714c86e5d6c1b2f9aaa1eebfc3bdaf44ee741f066ed

/data/data/com.tencent.unipay/databases/beacon_db

MD5 ebedcb93d3d987d6f26dd7b292168b65
SHA1 7c3fd83c2b5c985a7f195604cea72f8d7f198f1a
SHA256 8f2a98dba41d31780b74ca0cd622eb04740fa9e38f0e2c84e65c27ee30d3c583
SHA512 e82f80013cd89555253a6720ee7d79d8b510058d977d077f91c1689ad87e987b5e3bb1bf1b9e3a07bacf254028f4505a62b287a78cbab9d71cdcc024bfa0f2cd

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 bd50c4d93903175f7f0a3d6dfae6e142
SHA1 f897b75ecfac8a360c5795e99df486da1fa91ce1
SHA256 649711d915543bb627d7eacd4d1651970add4873519751a6510aa09feafea3b8
SHA512 e7550be048d333b5702ef11f834ffb80f4dc2e553cdf20c8b77b09eeb412ab69acade260683e91be7447e622e9b9f4d605f41b5ac1a7b39090aa5b8fd30b5950

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 8d10f63378ec988b807e3fbf48af2d2d
SHA1 5c11ab324e7d4e1be4c6fd064ade4c5bef9ab9f8
SHA256 6033f585d7fff3a4b4727d23941585cbfd2a2b874849b4849d65a459107d76a0
SHA512 67292ce36d9901fabad5cf2490c710ad22e9bf4a9ca9cf85779c0888136fe0a467830a86946354adb26ed72cfe1816c3d079aa1ec43e65c2aa6bbb96e3141d21

/data/data/com.tencent.unipay/databases/eup_db

MD5 a358d4627fbe772cef698de3ae8bb2ae
SHA1 dab2a528cc0827a8b9cb7e8a3be451d332dc155d
SHA256 7f75ebc9e6e6cc8a273edb3a23ed187bed3b608d786c7aadb407100d995846b6
SHA512 7790340fc4e4654debc0498e4246ee72f9b17eb2ee26835cfe80b5d90aafa725d195b76aa2277bdf4ba1e466ceb0ec03bff5f220d6f3e6b425b1a1c0d16cc4fd

/data/data/com.tencent.unipay/databases/eup_db

MD5 9334a760ea7639bad7a9c8351ba2e3d5
SHA1 8a4b44f86308948ca5a78af3c0b7e4645b8b96b2
SHA256 b8bd93f0aeabe32eb77a5b091c563d0fa1bd0a53f754cefd57c4e96f5a22074b
SHA512 5204d8882d43b8b1dbc41429008272a9bf0ad2ac8749a03229ff0486a52134a962d32e45cbbefdd8902b7091d8ec66497332379e097b11efba8f3996c58204e3

/data/data/com.tencent.unipay/databases/eup_db

MD5 b52b87c5b9ba748e1081bcc0179048ee
SHA1 69b737fa4f0526b08a409dbc05f1fe7a75068d3d
SHA256 a75350caec8441806ca429ebc0488cc30bd44ecd5545f1041d22edb5788a3e98
SHA512 3d43049b33385cf805e2d7c4b4c3f24dd7823f70ccee13df26a29d05b1b85ba3fb6d7481078ebf1b9b9a4beb428491c1d04aa691b5ae994185c9d04dc0cccaac

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 fabded2628f2c8eb5907c9ddc05ccf84
SHA1 d1c5f6ed792b8fa33d258148e1341800504f8ef6
SHA256 4e86bd6de1b027a59208ec4eebbdb3b3a69438c8b8435c59b40aa78b73eaa7fe
SHA512 c8a251938b55eeb3fffc71accd7f8c050677a9f9c6f27830abcfca3b3b03ef5c63bb3b14d57806b6c8d9f6ecb8a45bbb3cb0392ac3e1f7cd265b7c8997eb19f3

/data/data/com.tencent.unipay/databases/beacon_db

MD5 2a560c21697aeb400d7548445d90145e
SHA1 92ed8fb00e3df0903097cf9ea092b0769d84962d
SHA256 ba5c165ef60deac3b277884af6201bc9cba0ca87dd8c92d4c25b64ff6491250f
SHA512 cffd3819577e70f005974e97289d0a13ec8d15dc146791d64d7edad64800ba4ff424d6a6190b718a91d92d063badf2dd5f3f47343bedafcf1c2dffdc200e9d46

/data/data/com.tencent.unipay/databases/beacon_db

MD5 2841dd64015293cc8589ad8443110793
SHA1 79d7d5fe780af1616607dcb5800a9e2d18ea02c9
SHA256 d2e17dbc1a14993d2ffd20c649f5e8c1dff6498b86a1d150fecb8ffd8245b8eb
SHA512 ed56d60cee231584fde881b9a4fb4ff08333c6a775ebdd32e5899bdd3b4e9cb29e5ea73f3299724d12fc1ae85572a2e5a9837e1dc00682ebe70c828c9ae1d529

/data/data/com.tencent.unipay/databases/beacon_db

MD5 681b90fec0ac00f18562b00364946b1a
SHA1 39596ff05d730401d9c0a0638805639ea9da24e6
SHA256 7051d74ceb6bc94027afaeabf28707920b5fb85c2b5d85f818b629a9d4f16f0b
SHA512 3aac9104d0d039bd692ea225dac79299c3d8e1a249e9a32fa13988f3b762bd2e06a8b193e72f7b6a170c1a2c8dba284584255e818ee3edf52f8d51e43803d862

/data/data/com.tencent.unipay/databases/beacon_db

MD5 abcb84bf02456b53a678f16aa195919f
SHA1 37c8ed2e588a5a1e34a89e1e93adfbdb7f1aa7a7
SHA256 4ec14143259631a233872b2979c8a3a2f5bb11246edecae91136cd13c31f7262
SHA512 143cf085b6aeaaf7826be29972ab246a247508cc807635f9b0b4b676cb13a7640c238da7503b66417414aabd70e42fcc53995aa4ee2eab980e3ced5e6356e544

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-arm64-20240514-en

Max time kernel

9s

Max time network

134s

Command Line

com.tencent.qqgamemi.forumplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.forumplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-20240514-en

Max time network

147s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.228:443 tcp
GB 142.250.178.10:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
BE 74.125.206.188:5228 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
GB 172.217.169.14:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.200.42:443 g.tenor.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-arm64-20240514-en

Max time kernel

9s

Max time network

134s

Command Line

com.tencent.qqgamemi.raidersplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.raidersplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:16

Platform

android-x86-arm-20240514-en

Max time kernel

171s

Max time network

151s

Command Line

com.tencent.unipay

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.unipay

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

Network

Country Destination Domain Proto
GB 172.217.169.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.unipay.qq.com udp
US 1.1.1.1:53 strategy.beacon.qq.com udp
US 1.1.1.1:53 monitor.uu.qq.com udp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
GB 142.250.200.3:443 tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.60.15.48:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.48:80 api.unipay.qq.com tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.60.15.40:80 api.unipay.qq.com tcp
GB 172.217.169.10:443 tcp
HK 43.135.106.212:80 monitor.uu.qq.com tcp
CN 183.60.15.48:80 api.unipay.qq.com tcp
US 1.1.1.1:53 strategy.beacon.qq.com udp
HK 203.205.254.111:80 strategy.beacon.qq.com tcp

Files

/data/data/com.tencent.unipay/databases/eup_db-journal

MD5 9a4adf4b58dbee7c7c08e7a07bcef818
SHA1 075a8f67571a85a52adc2d4f84b680e70aec4ea4
SHA256 9761dfddcd1abef3ef11fbd7f5e24703fa8b7e67adef41d8c728631149295159
SHA512 2e240ebbea2313456c32c62a5e6b209747caecda4f63edfcdc680ceb1b77f7a45af59d393495c62e9e16c41f6ecafd77a3ddbec2fc01229ae8d8483f6f51b076

/data/data/com.tencent.unipay/databases/eup_db

MD5 ea25a44c5f7c3d2763b0cec8ea033906
SHA1 d4fd1e205f7ea89a879d8ac5bd8b0251da78f8a3
SHA256 f0319d89aea03a0cc6295b5a43c784cc4f91954e141c520c2b9e8070f9171837
SHA512 8f13640208499d841e6c0007909d2bab4f14e33ba20cc6e6440c429a7245bf352cc3fe9bd0538033668348415fbc20c9807fcee7201dba48e1070f56ab859cdd

/data/data/com.tencent.unipay/databases/eup_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.unipay/databases/beacon_db-journal

MD5 31ecdbbc1adcb93bdb15f837c0a5767d
SHA1 08644b89aaa0695f847ca9af76840066b258e83d
SHA256 2aeb2d4fe92aef205df09491158a202b08e75d25a365d45d25c6acc09a903354
SHA512 63ec7ba9515708b508d61d97c53d7953dde2979897815bcf0854e7b74cc96088a61a322472b35587afc41f0655b7fb48dc01e5f290916ee0a9989bcb7f14fe69

/data/data/com.tencent.unipay/databases/beacon_db

MD5 8658b7e4aad90873feab27bb63aef078
SHA1 bf67ed6496d4f45aa8971b8d4839d5f2f0f670e4
SHA256 d471f54c746accafbfa33ae520d4e382276ebff6aaded608e8951f4741f2342f
SHA512 f698c06ea2a578d0a056503b252f16ae5d50be1825409fcf97408aebc82a3e4f513a31b25971387f64ad61679c5970b00f2dde6a610731b6465307bec858e633

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 54bf5e4ce584d76e0ae4a01a3bff78dd
SHA1 f673267f9f6c8f3bd8e7d73728d51f2ec4efa819
SHA256 ef2bb25b4ff99bdced48a12b307608e454dd48d1829fd540dd1f8c0c71ebd58d
SHA512 17c7b905fcd7d89c3ac60600c361f9c182a2c13c3b41ce9611bdb042955a99ba23a4b6302cbfca1cd852997c6511ccf649d5cfc71e91bf91bfb6f5e2bd88d3b8

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 77777a1ba1a5dbc31bf694c005333066
SHA1 604b42c6d8d699c2243b75c63bf0294dce5cc176
SHA256 a6fad47894d33fda42f59ca30d3abb875400d6bd35047824a3d540b14f3d8082
SHA512 b69f4a838dd3c6ae44ed19fd64df0a6a8e409968fef1ea7dc87ba58a9a1aa9ddd26d95fc8f485ecef959104b9efe46e432a73dd54116a2d6f52935475ce1bd79

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-journal

MD5 eab864ea56f5d71443b5dcd515a96e18
SHA1 849eab9b2d0b14ce0d4037ee5ae6b1370a88847e
SHA256 3d64d11a70f5f8de332d8310bad58996f91b50f7ea8c5779e84f5c7a90b84498
SHA512 512802222268cf0a19d56172f6f97f779564e1b2c352cd004853c274039eb0326d7b3c4724e061c6b5f4c62c5778a4b97da867eddfc61243bc8b69907176e8b5

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.unipay/databases/TencentUnipayIPList.db-wal

MD5 562b2b815709cb78501d06ae8cba03f4
SHA1 b0f98af80c597e7249f46caa4e1108d6c6a4f2b4
SHA256 bab737752bc62a024321eae7a49b6886dac6765eb5b7e6bc8a33679c36ae87e3
SHA512 a79ff66cf3ce6a397530b2406b0a413390ea7ce1be93fd56e82976fd4c8c9a80cd8bd971b7cd80dd17e9747b307863ad80b4de7b3730de12af6dfccb44b37038

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 ffe16c13efe4c1f159100f592f11cac1
SHA1 41cac53c93c2bfba522be9c4e5aaefe912c1197c
SHA256 7039eac4ef168c04deaccdc39f8f163a7d180753e57b90b1ab0aa2e20b7a89d2
SHA512 92dd20d8e598b33cbfbf87f8a6fa9db37ef76fc7c93419c647cf3a68fe506344457bfd13435658e51f857696e0f234732e68feaf128bf3afac0c79592aa05f63

/data/data/com.tencent.unipay/databases/eup_db

MD5 bf9f5c88ba964a663a8f9411c1bf8d91
SHA1 54d91493df875d2fc171a1c5a6740329c1e56170
SHA256 b87380a44715cdbf2fd4452862db8b42d4771d9c848d63e9cce66b1ef9744fa9
SHA512 d173ee25712b6b52a67911d5114d611ff58e3a7ef78a4328d68917d2d1d18c703319939060b1694c6ca09091186a3bbf89541ae301974dac8799dec948e02d97

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 b8edb60cadb35b0666559502789ae59b
SHA1 74d9468af949c1806e1ce1395dc3b25277805dd3
SHA256 3186ac4d5334efb9300e6e2588c5a77651d77973285becef4a9750f04194a991
SHA512 dc6ffc47d277cb0ca5c069ec19d97d3d5168fc133bcd8696d88767a44d9edc239714a08bf119b1eb72b3f7a402002f582cd4ce777b6da3992046a86fcecd11f8

/data/data/com.tencent.unipay/databases/beacon_db

MD5 acb50d052d8aef43d1c29dff59b49262
SHA1 cafbfafaf379e1864a842214f754638015bacdd5
SHA256 dea95c2bfa8f1354116def16aa22ee7fc654959501775fa7abc02edefa28ad5a
SHA512 cfd96248a56ee72148d5365b0f14f6068f0448a633ae3695e4e294fd7c029aa63febbd2ebe0860a54f7da0276033d6f47246a1de53914a0b2f33a11b3acff3e2

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 90c5e9ca3fbd23b809f0a098ef2bf2d3
SHA1 89f6221f9c2da26c9350cd3febb25a07672ba4c4
SHA256 394c54ea5a0a704e9bfaef5bc8f7245d31d8f9107aaf7302b1ff129a9ce05b8c
SHA512 a4e363a1315857a081c473309fcfcb8bb1c980e0507e5af2a37c156c860e39693131c2f799bf7329fbc455bfa9840e4d783a31f8efd19eca86acb8c762faa319

/data/data/com.tencent.unipay/databases/eup_db

MD5 4cfe3d512a26991c29fd6ffcdf32327d
SHA1 cf991c652a79785a7e058e16927ad260204e6a36
SHA256 366d96e5100bea421a41b634980f46d3dcd71b1cf19dbfa0d739cfed5c48ee2a
SHA512 89ac0a77fd147f785f3669ef77c1618c6f7284f863bf9a218303c22666e861805e3a501679d1c170d92aa476d4a4a6a131f087c1153ac85a315f48f040d50874

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 8b873d5fc789d58643ad49c0de2cf75f
SHA1 9108ef7e85b03c067eab96b92e1b79fc60a53da5
SHA256 08295aff595f817334a81cbdbf9ca363d44c319ed68b4d0ec2279242433faf3c
SHA512 a1b24e51fd731560dcd0170a4eca6e829fa6e6d032a65cefb24719c229522f0a600e86a92f30205e657b9039c3daa666d0c78853b68032786813739a435d55ba

/data/data/com.tencent.unipay/databases/eup_db

MD5 a8ada0a65e2e1f109fe707664ce4fe43
SHA1 1e19dc928054214fee87df4393cdf4aaf0d9e1ec
SHA256 4d4937a41caa3e939dee7b06ff6eb71d8c3262abcd51d39681b51112d0ba8fbd
SHA512 f617f76d2054ea037e6ab30843094890131eab2ae354df2ed280a588c040f701e5718ae4cde163297ee11f8821f46bd9c218ef4271cf264e58f690aaa5622f4b

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 c74dda304b944af4083848f25c73ddf3
SHA1 e138f034ae72825b938604c0e4f12855a07fc6e7
SHA256 73342a8cea84f456925e5c0372692827a2e1383daa3793480eb4e0f0cf6dcbbf
SHA512 64c4770e652dd66716937b14884c62d7d916b95ffa73f385cbe443a6443f51ba9f35e469cd6d293f5af7943b643b2e459d3cdfe7b91360334b1e060b08682be9

/data/data/com.tencent.unipay/databases/eup_db

MD5 51017f531391aeda2a16bb92b5b4dde8
SHA1 3775521d64886aa7f2efaf3e1f13314c06c1b8b0
SHA256 ddec0c16e67b96e2e33607dd014f23e8dc30493f81fb8d8a9aade716d779f7d6
SHA512 1cf63a0b27602c74229a2c365aef20cc194068b3eb27afab4bc7858baca14ae37cd6af12734e64f9c32d6a6afdd1f54832d3101843037fbe55fce609d5b4ae65

/data/data/com.tencent.unipay/databases/eup_db-wal

MD5 b475c527a1e266fba08b32a9df4e8ce8
SHA1 274d75d4a4c10ae430148f6752056cecee270520
SHA256 2030f4137471e78a0ef67968ceb08ee279e5570d164ad06322b7d3aafdfd1f5d
SHA512 59296d950b9f80166a3d4fb80437b18a8eab6273330ca2016fed4c57ac4ef67fbed95cddd7044c95d476cacb02fbea38af0c18f1d3a1691e42d6d64627291c9d

/data/data/com.tencent.unipay/databases/eup_db

MD5 5a4240c9761d340f7304f3feb8b76a6f
SHA1 7b489c555ed354e7076f4e17be4a2e3b462eea3c
SHA256 a83b5c758260c340970776a8d208387fc4533a04bedaf2b667f80ff6fd852c90
SHA512 0fa6609d64ac4ad040fafdd040d19e057d3977feb4eeb961df46783a3333950eeabdc67a9513b7d72729b8cd0be4144c6b54f781221a2137591d7c20b5cb8214

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 fe3e91947e6687e759c8c651e960755a
SHA1 b2789127618356c4596e6fc8a067d3226d7462e3
SHA256 e3af89ecc3143efe74f0c6ba73d96ab43696efc3a7d04fae46b5e42e65e974c7
SHA512 2334f867bdf95ee201960becc90c2eaca0219e197385ae75ec5a0cd65c85bd190335b6ba5a6fe35097db490c8f15936501babfb547cdbc2e1160f7971d31f6a4

/data/data/com.tencent.unipay/databases/beacon_db

MD5 c4c2b7b5e0838495045ed3e050a8b798
SHA1 f1a92ab5623a4e019e12b387f4646538bdd97886
SHA256 4349763cd17a0adc477dbb70ca04967c35486b8c06d51929c605a85a08bc2b26
SHA512 746b3c1f87194bc4554a069294e2a7c128f776211172cad01c468168d7f48bbf05256931504e359dd1ff5f68ca1b3ceebaa802eaa15bb0124dcad7aaae382905

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 6903cee8dcea245bcf0e1f8310297be1
SHA1 0908213a5460596b02b293147529d53e26431916
SHA256 d302ae6e9f88a6268a8f3d7d28330cd9958185bd97a09c4d5af3c40aa7308599
SHA512 ff613f7f6ed1dbe50c958cc8e41aa774b6cac420940faf00b4c843a1401b2530aadeb10d97acf88261f71bfad3079a3f2cd4943ff55c7b5b7cdb553a82929e7b

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 4de26d9c8b148b6d0197902a2977229f
SHA1 238e167b242163265912df3da4093835410bfc6d
SHA256 5daf974e9a6ac1489ecbe905a899ef97bac689733b08d0477d0df5f3c99b518f
SHA512 6b08f32fd08929ff297948c1a63adbe9fde11f4734106687bd9a498552b448605c5fc1cfd57c384492a6bd248409a99e07755b9dd4c414fca04989d90f3fe2cb

/data/data/com.tencent.unipay/databases/beacon_db

MD5 51abc14ea778beaaa3ba6c1bbb6d43a3
SHA1 80ca4507b993007c5e7bba027b1e7aaba612e75f
SHA256 585914f6372b0941c0da6209898c82bfe7cf39a30d713db1a7d6447885464151
SHA512 97ac06dd4ce80c02bbed49023cc5d0cd2369f0eab90cd2a805e93e8f02df9b9476b7748f6f106f894f8a549a2f226177f8a99842c79f7a67284abff9eee8e7c4

/data/data/com.tencent.unipay/databases/beacon_db-wal

MD5 a4def9b1902c12ef9bcfc5f8ab21e5e2
SHA1 38350126c70bb7fe5c25fdcdd405190ba470ca2c
SHA256 08dd463dd2313a8dfab81d713bcfdde96cb5a7564be49284a1e34fa48dd0410a
SHA512 d3470524fbbfc29d99a8526c3d54f0257f0c9793e3d829f18fe5d5f59cded17fe17c7163525bff661399c8426e0ad9bd91efdab176a5eabdbaecb6cc4336071c

/data/data/com.tencent.unipay/databases/beacon_db

MD5 9c863c74f3e7eed0a2435abc29d6325a
SHA1 e397084981872fc034e30676327913f675b20d67
SHA256 96b6d828fa41673df3825937ecf4731344c0ff52c0d42d14b31c6971be10793f
SHA512 56b69d97dc113f01fcab19e699ab36df754d8a1434c9214d7e3b2c9be49f741bdccb6060cb654d17407e50b1feb68d375774447f475657b5906ac776b85c4488

/data/data/com.tencent.unipay/databases/beacon_db

MD5 ff94cc3a80b334d2baf3b2be20894c2b
SHA1 dbcc43fe5060359b6ab9049ff4d28b1a5c515490
SHA256 a1397ba70250b4c87330da8d9dd50433b78963b7f3e8ba6c92d2c8b7081c8d11
SHA512 48e50028d797d8f04537b82c10da8e1c5897900484c72b02289a91be0a8f868954e49e30258b03c775624e6cab3fcb9c4e55131dce89fba404cf3a21de1b42c5

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:12

Platform

android-x64-arm64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

151s

Command Line

com.tencent.qqgamemi.raidersplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.raidersplugin

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-arm64-20240514-en

Max time kernel

9s

Max time network

170s

Command Line

com.tencent.qqgamemi.speedupplugin

Signatures

N/A

Processes

com.tencent.qqgamemi.speedupplugin

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-02 09:11

Reported

2024-06-02 09:15

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A