b7753bfe7184b5676e6b01b998465cacf35af40e85beb40c5bc894751710928a

Analysis

max time kernel
163s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
02/06/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e4e55ca458dccb4b115fb716d5dc0a3_JaffaCakes118.apk
Size

10.0MB
MD5

8e4e55ca458dccb4b115fb716d5dc0a3
SHA1

0048f653e0736edacecd7549cc640ef2d0ec4647
SHA256

b7753bfe7184b5676e6b01b998465cacf35af40e85beb40c5bc894751710928a
SHA512

046b39805b9f2ba522f4ba285999dc56445cb6998d6bda7dbed4c011816054839b604055b1bb03759b348a7965fe5e4af1c6cedebb49082521e0a2843629ff59
SSDEEP

196608:BsX4WcmgKmvlcCNOr7W3LBrmf/9aNB7PylJauEBjTn:BsMDKXPra7BrkANB2l0u0n

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.only.main

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.only.main

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.only.main:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.only.main
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.only.main:Daemon

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.only.main

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.only.main
Framework service call	android.app.IActivityManager.registerReceiver	com.only.main:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.only.main
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.only.main:channel

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
22	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.only.main

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.only.main

com.only.main
1⤵
- Checks CPU information
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4339

com.only.main:Daemon
1⤵
- Queries information about running processes on the device
PID:4499
- sh
  2⤵
  PID:4568
- sh
  2⤵
  PID:4646
- sh
  2⤵
  PID:4676
- sh
  2⤵
  PID:4714
- sh
  2⤵
  PID:4745

dd if=/data/data/com.only.main/lib/libdaemon.so of=/data/data/com.only.main/daemon
1⤵
PID:4585

chmod 777 /data/data/com.only.main/daemon
1⤵
PID:4663

/system/bin/ndk_translation_program_runner_binfmt_misc /data/data/com.only.main/daemon /data/data/com.only.main/daemon com.only.main
1⤵
PID:4700
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4787
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4787
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:4824
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4916
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4916
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:4964
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5035
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5035
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5057
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5131
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5131
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5154
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5221
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5221
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5246
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5270
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5270
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5292
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5333
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5333
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5363
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5387
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5387
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5409
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5434
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5434
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5459
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5508
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5508
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5530
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5557
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5557
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5579
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5606
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5606
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5628
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5652
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5652
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5677
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5701
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5701
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5723
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5749
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5749
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5771
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5797
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5797
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5819
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5846
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5846
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5870
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5894
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5894
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5916
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5940
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5940
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5962
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5988
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5988
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:6013
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6040
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6040
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:6062
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6086
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6086
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:6108
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6136
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6136
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:6158
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6183
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:6183
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:6208

chmod 777 /data/data/com.only.main/daemon
1⤵
PID:4731

/system/bin/ndk_translation_program_runner_binfmt_misc /data/data/com.only.main/daemon /data/data/com.only.main/daemon com.only.main
1⤵
PID:4774
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4829
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4829
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:4871
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4951
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:4951
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5009
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5069
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5069
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5103
- sh -c am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5166
- /system/bin/sh /system/bin/am startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
  2⤵
  PID:5166
- - cmd activity startservice --user 0 -n com.only.main/com.yy.only.service.FakeService
    3⤵
    PID:5199

com.only.main:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4893

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.only.main/databases/MessageStore.db

Filesize
13KB

MD5
f805bf7a59fceade8c052bfa3671b548

SHA1
c8b99055b7464687cddc160678121c66c141218d

SHA256
b5ddd16ef701d98e29ae6ca44a5e599fcbfa4fb822fa435e84fe005d5e81b81f

SHA512
c8879d24149b7cd1765f22a9c2ed93f0bf58a519e3fcce9ec12facc5fca9242c3c4ef71cde5cca0d9a854850b4e7b4733e1c6a0730eccab459710c1bbc8b22b3

Download Submit
/data/data/com.only.main/databases/MessageStore.db-journal

Filesize
512B

MD5
193285f6d2b04a6645f4a148554320b0

SHA1
f488192f3209a6d279983865a70aa2d018b2ffe3

SHA256
4ba3b6ad2d90edf53ea0c719e756a1bc3456cb9ba827a1ba671780303f07d209

SHA512
e1121e3fd6a0f1e7d4e5883bc697f939766ebd3e2fe8e76d41d91bc657f1e57911818a478851fe7b47fc3d314e3cd957aaad418b2cafa2b9f67020269f48d87c

Download Submit
/data/data/com.only.main/databases/MessageStore.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.only.main/databases/MessageStore.db-wal

Filesize
64KB

MD5
02f0c4ae08ae5827f3656ff4305f0c79

SHA1
a9b8053a0ee8a5015cca2c761489517d1a35c905

SHA256
b741fae57a4a652a3e3f60b852cc1cc14dc401ee5d9ce30d4979b2a68bde77ef

SHA512
4d03891ce3261d38d1ba6f133c34f6d836a51c349b6a13fa8786d47aae93e28c7ac035697252bd18ce58352b3116413f69b25a8f62c647dadea987d00d887b8f

Download Submit
/data/data/com.only.main/databases/MsgLogStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.only.main/databases/MsgLogStore.db-journal

Filesize
512B

MD5
e4afab1abe3ce7e58fd570216edb4c31

SHA1
9cb96ce7731ffb8fff753afb641692c16817f950

SHA256
abad67ad1de69e7ca536af24a04aecdb44941dae0049a1f8b3727fd42ec27f55

SHA512
79403ad045b8dcc2d51dfdfb7277b60b8ec1684f5554c78a5b3f4d8a39cf70936451777e10f5c26907e57ac65472875c05bbc5f6c66b9d641aa18d3c7f6503f4

Download Submit
/data/data/com.only.main/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
e1ec2c794e9ee490cb3a8e0308d657c4

SHA1
dbf1ec23e05802d5168c2e8d08f5613a9b8ed567

SHA256
5868f3e7e6ab50f02ecbc7e566e27d5593f5498a523e91ee1b20d81ee4c7e441

SHA512
7e931d99213f15e90562823af2f42bd60c153702bfdbf3956e61f071ab2276c9865ae20eaf90d28d0e0edbe923e8853e22ba2f9d9f48ab2f1650f9e129f1a29d

Download Submit
/data/data/com.only.main/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
baa52e18825e3b0de5fb840023a2cfc7

SHA1
8ebfc8cb95c4e0a8ea3cfd2725d5410893904865

SHA256
b3a61007c42ba830ff5dc9dbd9ab16cd8ea767eb883c1c759a7a3d9d0bfbdcfd

SHA512
b420535b6fb9388b3fe7a9a42c15723cda28c02aa05795d9c624c532e9b7409731bda606edc61fdc902698b2dfa989fe5fe2ba43c6b1d2ed4a6784f66afd746b

Download Submit
/data/data/com.only.main/databases/accs.db

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.only.main/databases/accs.db-journal

Filesize
512B

MD5
068958ce54765f1ea607d3f235037987

SHA1
94eb7250be4834e586b99a20c1e0ca5b2d93a394

SHA256
b30da5952eabdbdc752366e1ea35d11df4cd6ec940b1fd535887b3cf6b914d1d

SHA512
c06389fad86a4d2510f0fcfea16953d12c9297fd7ab19dc4d50bee8755b801a56ff407ec959e996f6e6097c15a79385823dd6c27fa36d9991719000adfa5caaa

Download Submit
/data/data/com.only.main/databases/accs.db-wal

Filesize
32KB

MD5
0d14eff565be801c908c6a75ba80a12c

SHA1
3a9c691c876c40666476fce5eb137ef18729401a

SHA256
037e21e0e6e21b0ee9cf330de72f2dbc9710788e319732b9160856ca8076552f

SHA512
c6122a74025bfb1c3b27dfc137c8b8d10e375630c044311d8295dfc23a0509402daaa41e29176c5e3c1ab62c28b0ee5051c1090f4f6feb7188e2edec16615594

Download Submit
/data/data/com.only.main/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.only.main/databases/cc/cc.db

Filesize
36KB

MD5
901e2db7a874ed61efa4eb28a211e2ce

SHA1
c2cf90527818d7cc8e03e3936d193a6fee401892

SHA256
e9ba7723d97f64097a4bf0576dde14052b559c940ff823ea38e3c834746f001c

SHA512
efad83e7ac81f8f4a94dab1cdac388d28ecc3293a95e496bc1aaa0b7d01e1afacad28fa604cb0de7f5e3430776619f25f324930a6ab63d595f1186533c529876

Download Submit
/data/data/com.only.main/databases/cc/cc.db-journal

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.only.main/databases/cc/cc.db-shm

Filesize
48KB

MD5
a2d5443faddcc0e7fabb044e6dab6a2b

SHA1
5daf6fcfc9e85b4b10bcbc00e751e5f60aeb4dec

SHA256
efce12f650d3cc6e1630af33bfadcd75d14767215b40f3395a230ddfef327f75

SHA512
9e134e37812ab052b233ad6be6d328e1b93ed53f1a73ca852d7957ef3c7000a1aee5f89fcda6481f32849f8be40491d10197833c9c6f9857a48a8eb1de5f9fa7

Download Submit
/data/data/com.only.main/databases/cc/cc.db-wal

Filesize
48KB

MD5
6ba104e42b2c8e659173022ef427146b

SHA1
6d3acfd22aae347afa69bdf331955a113ea887c1

SHA256
3a94f2f091f1931e3e1e54690aef725c74d21862a952b518ef8cae9e341ce945

SHA512
ab707185a8d6141224a1374e1397a9165e6400050631e2965ff40f5fe95277efffd8bffbefb4fd88108c68132ec790cfe9d3a1b66a793a8d4afbb7702fabebfa

Download Submit
/data/data/com.only.main/databases/cc/cc.db-wal

Filesize
16KB

MD5
0240878266514ad4c52253b215912817

SHA1
7466532b8f0954ce3e11ff9e3400bd14ab73de77

SHA256
ae0956ee2ed6127761d79c7561e2935ea26e3b2f5c8fbf9d2b21facfba8a0eae

SHA512
a289be2de38cd872fd4b078ba1190bf72303f4b43764e3ca6d73bfaff8bf72ce516db53372561477eecbb267643dd7744753c1783db0ac7df89a8024c43086fb

Download Submit
/data/data/com.only.main/files/.imprint

Filesize
1000B

MD5
ae71718d0927e70fd33190514dc26a51

SHA1
b5f8e4f8b4d8b4bca99f1677748bf05eb35a3984

SHA256
86da5cc60426de6320144c6ade9c8acfe8686bd2d442a074f822406e32de122c

SHA512
2222d3ebb834a32d63445612ed8a3d5aa3b3050b76aa9675158b40259c1c2829df2a77039dd7fb1006db195d4473aaff1db6122826d0964da06e70356174cc00

Download Submit
/data/data/com.only.main/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
baeec30808c6ba48d9734a7d7ad47b5c

SHA1
dbd37d38a7571340ece68e8cbe10e8847f47379c

SHA256
1a0280be6b02d4c076aed605a192db5f04fa21b58cb228e6234f7b6d99681b0c

SHA512
6ae6d237fdd524131cae60a355ac07a066ffcc9cf24c6b89df2893cd56a78070335ac1f8ae6470d0778a79eaf706e600f710f83aca931e9b7da604ab27df9baa

Download Submit
/data/data/com.only.main/files/exid.dat

Filesize
57B

MD5
034f1cd7d22de80f98a67d8cef419cc2

SHA1
24a63e2ea1f348ea6c0c76f0a59b86f8f4d5efe5

SHA256
5c354b487b74f377d35690348346f7e0dadeb20f50a3d2ea429483542508f075

SHA512
72e466014416565ce81901a448350a6fe0026357b88b2ea896d13ae1895f4498a4226b6201c1bd69f2a213d3df4735452822421245563eebe266b7bc9a70c432

Download Submit
/data/data/com.only.main/files/umeng_it.cache

Filesize
498B

MD5
5210ad7d54ebd5230dc1f1a6e5f25dfe

SHA1
e692e824874415ce56ec1b21d4527195641a7da0

SHA256
cd8460aecf69a1e9147be3b2b9974c592780862a5f6a3c052788651964d882b3

SHA512
e985bd3ac0ff44fa71849c07a2bef7b4471db1c2db79b3f1a034720ec1b01490fdbbbe48d8936fcb96c952d803eeb7d1632a304d0b2e383c0c74a2998e2de074

Download Submit
/data/data/com.only.main/files/umeng_it.cache

Filesize
253B

MD5
a8431e918b494ea0110a34bef0779dd6

SHA1
1a4c59fafb30408cf8f7bb2654e3f2578cfe0e9b

SHA256
090a8c89ba695bc6ec7e7c59e553927e1fa92855be2261bd72ea648b0c89f8b0

SHA512
d6689aeead6119fd735f3a14b45ccc7557787b90b92ca345e9ece3ad415a78aa71f0f90c17a5b8847336aafbf1b11efd1fc54dbfd015797d9f61081506a4f293

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
ad739e04b22efd1572d389ac623bccc0

SHA1
a83b9462c9640118ffd4a6df2974ca64605c5698

SHA256
2826e3629154c3dec5cb6792878f6cfa1ec9dd6fbc9a6f37780792bb8f4897b4

SHA512
7e621ec2c2ac73e1b42ed9303dab8f6a0e752398f29f838a720d5b6e4367e3673f9d3fbd639380684cba8fd6c361f63751cc7e0cf3e9369f6acfd940f6029fbd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1037d6ebcaca71fe8f8e3016a0bd394f

SHA1
ad4ab3c4237815049b86289ce8143e04e367a034

SHA256
a039048c44b625750463d1e65e1b934c2ea7b44f98ba36821397f8c9cc33da8d

SHA512
0bf6dbb5bb2795a57860e245d81ab1b483ea4e608b3651f0b6a114844119a872b15164f4b04e2068ca3aaa6260dd7775b7c6a42b15884bf549a67cfb64fdd909

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
c637db621a649b2560a712bb0d01217a

SHA1
4a993d68999ba4181d494f52aa142531c5815f53

SHA256
16568255785da32f273ff496a9c68c8d7684df8f87b1b4f03bba26c538157914

SHA512
a520314e4a43b6b49970892f8c8502591583caae0db86f48f21d10dca2695311a936156ac287d06829b7bd948e9544c2463d65dc66204e4bc8955d21057d9ba6

Download Submit
/storage/emulated/0/Android/data/com.only.main/cache/a1a92f5571884241b3bf2fea0937b4da

Filesize
5KB

MD5
2aeb61e96df9a19b98298c187cfa02d7

SHA1
2f9a4b073dd8fd4897f6f6a11ad8a179aaaa0046

SHA256
edca5da0574c1187194c65512d662bd6f1dec9d3ae702147193d9e70b65bd5a6

SHA512
f97e7a5861b0ff76a1763b3b1ec4c0f6d2454c6df7bec84485a90f41e409bfbd696f10af476376197e31eb9f9cc242ab674f11a535d134dd827e909dd84d7435

Download Submit
/storage/emulated/0/Android/data/com.only.main/cache/ab258b8372cb4008a38e902a07b8bf65

Filesize
1KB

MD5
4013f922d6e2b5127df7532c533abfa3

SHA1
d2c113e1b1527a8525d50ac571499d2cfb04eb1e

SHA256
8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e

SHA512
99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4

Download Submit
/storage/emulated/0/Android/data/com.only.main/files/tnetlogs/inapp_20240602.log

Filesize
65KB

MD5
f8b290127cd211e2e746567b39c44508

SHA1
70cc2aff2aacbd5078731b29ff6a674bf1e71542

SHA256
81a8f832d5acadfe3afb0e8639a545eb353cebb4298ba25255f477bc091781c2

SHA512
8c8404bf31a5a530f20ea75666c9c4a625a0613c4a5e6b21cceae798ee9fab2c47fc4ffa09289251a69c72da054ac638b62b35df5a79c8430d912782cb324afb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads