Analysis Overview
SHA256
8f7287ba377d7188a6520951d9622e9dd62232152f2f16b4d063d78aeec24d6f
Threat Level: Shows suspicious behavior
The file 8e5a7f1ae66071f859563fb36c480f77_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
Queries information about the current Wi-Fi connection
Checks if the internet connection is available
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 14:14
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-02 14:14
Reported
2024-06-02 14:18
Platform
android-x64-arm64-20240514-en
Max time kernel
97s
Max time network
145s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.touhao.caishen2/.jiagu/classes.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.touhao.caishen2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | game.touhao666.com | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/user/0/com.touhao.caishen2/.jiagu/libjiagu.so
| MD5 | 940317093cc329d45cf45ea8713b1c1f |
| SHA1 | 3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be |
| SHA256 | 57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc |
| SHA512 | 3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f |
/data/user/0/com.touhao.caishen2/.jiagu/libjiagu_64.so
| MD5 | a44c75172a12b00d8b420d9209fe2862 |
| SHA1 | a7f4b181857ba570d3942bf26e59cbd1ec445610 |
| SHA256 | 1be9b3aae5673a5682250fb218d427aafe3ffb4e6f54ab701a025dafa19c4c20 |
| SHA512 | 697e5d18f2278147f03df34c6d5065c34295188b13ccdba73a6ac48e3424b29dadeb96a9e35c3106eecefe49b6717ad2fc9a36ec4e85a2b2b8fda2de78943186 |
/data/user/0/com.touhao.caishen2/.jiagu/classes.dex
| MD5 | 8761f21a03aac949bc158028517117f9 |
| SHA1 | 194557e7bfa5ff528516881a4498f71e08ccd67e |
| SHA256 | 03a4c1183768252266b894630c3de46dc451474c8edba24c820a5ac9ac75489f |
| SHA512 | 67f138fd73d492e9963bf1936bba2f584208ccfa22f594d4e575c593bdcf38fcc42af6c25610f761300c2f385e86d86f5300b79ed6c6a44161832e3b4f7a2957 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | 88e5637f1059d92e3035f261c349a12f |
| SHA1 | 47458980cb9bf1ec58ecb8487234c446375bf885 |
| SHA256 | 764c5278ce06899baad56cfc4e080d8a85c257ba8b5b2b1d141d4f9bc2813a48 |
| SHA512 | 7768084b45c8d3ccef5d276c07b4572774be1320306fae7323c130bb024809b9c7209621c981b401445dbf0b1367a50ea17f01b8b5817e131c552de66e65344a |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | a050e91cdf07b050dae58083db0360b8 |
| SHA1 | 1cbf2f2e4bb1400e3dcc324684dfef716b4bd303 |
| SHA256 | e9b000db10b0179d5c9a4e64f32991a4a852773434523e539e28f0812844e5d7 |
| SHA512 | b1db9924e0be703d4a518726df7212bb0f17fe8d0af80789bf6396116b02e8f3d3aba1e4845826a38f107ccc98ab093a6b7608282aa4ca28d000fee93211207c |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | ccd8e739df5ca8c87d501eb4af5882b1 |
| SHA1 | addb13d828b4062f3728f5dd3ab40f5ba461686b |
| SHA256 | 021f1e9ad2d333f11235ea302c9ffaa5a547b5fbe0cd585f972756cb6a1d9e89 |
| SHA512 | 7ebb1bc52cd61ae915c9c712df9a0162ae3529c37d3be54cc180e89280b9ed2fd0d9600587a4c92c5e1bc5b15383c7e9cf9fd06cb74d3af3f4a7acba606e89e0 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.ac
| MD5 | fef6e4de7c1f4563fe8f6c5687d2a665 |
| SHA1 | fe50d5137208fabe770d3f2f3cb9eb4f7c9cc905 |
| SHA256 | aa73cbc4148ef4c6d8d3c5ac69f7b23411663b8e98cfd9512fbfcc4473ae4673 |
| SHA512 | 5cdec1a7ec8444bd7ab3b1de7eb192035eb08afe143ed539be4034de29fcb82c2aa2f0ac4fbca5887d82b89b9b704c7b61785c83d6d7118d2453e751d82fa0d7 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | 429a6d36e63eaa5a7069ad2952d8cddd |
| SHA1 | 9b938e2e896ff0cb6cc213a4f587579d9174a7fa |
| SHA256 | 9664cce22f44ffdc9110cbbe6f0fd95dcabd77e1d580c3bd9140d4b0aa3d09ca |
| SHA512 | c592fe064a100b52cab494310e6217cfccae54c98ccd6814187a345ddc1337f73e8771741afb296c458fc3828951fe8107ffa4b5eae9b17f72dc52d70ebdc101 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | c07f9cb51135f8a072b451596fa5a8bb |
| SHA1 | 2b08807ab4c6df78094e1e236fb787cad0aec111 |
| SHA256 | 1990efdea088c30774cbfbaf4b82e78aedc42469233ceab2f71a7d22a01a8604 |
| SHA512 | 44b2dac110b06868566cd1391f45b9d1cccfed34f7e29102b404709222b955216c71ea7fa99df55a2be9d6d034fd3c910d50e1950c6080c78ca6c3eebbbb11a4 |
/data/user/0/com.touhao.caishen2/files/.jiagu.lock
| MD5 | f134227badfe9c41d003282c5b8e9e55 |
| SHA1 | eae8432f88887a5f0f0a1b5dc45e0eb898cd72a6 |
| SHA256 | aa28336ef59d1c3b512ce254633ce4d8b35f75d8a156b64be2aee3371606b687 |
| SHA512 | b98c16d39f5ae5abc8da4e2a11798305d32fe71134247a7d7986580f77d430a04a179eeb66a8ce7b0b25f9cc3567c4916d1e80f67f013764ed9920c6bd6e9c08 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.rd
| MD5 | 253845a5b0b048520b84b6a6bb0ccf92 |
| SHA1 | 3c5f12a27da01d8fd1d150b44fc4a68b6cfa6184 |
| SHA256 | 89796b3fe153a0683f336a1d1d163a55ca0093a5f169ffcdc0bd70150aed6a9e |
| SHA512 | 07ac5976ef3b1e17a443c6cd50a7a6360de5d19ed5c11ef3d0705d7c8613909735cb1034c3a20c93e380b63d482f10b5a866c730e5dd3ff7c1d0131945ede031 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | 0ef7d16e354e3cd2e75625a675928817 |
| SHA1 | 7a3a7052f17934574043c6537444e74a49cedccc |
| SHA256 | be2e526a02fc752d3dcf41a641779d3016679f9065e0e15d85ce296a27cd8394 |
| SHA512 | 15742ae7ceb65cccae48c633ec47fe544becf7c5ca524d43a9c22af26d9dee83a265fe2b7ab707a00a78612f363ee29476b491b56ba0c794f9a0c644f70cfa8a |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.pk.h
| MD5 | f85c8bc2712b61148e88e757c28f8531 |
| SHA1 | 02d5f576fcd872b45dbda21edab77b8c26ef874f |
| SHA256 | f7a773ee9938888af788df75d90a300e7d1ee03c8f8e9ad7ee4db44c67aae6b7 |
| SHA512 | 3c85d32601bd3c8cfc68c9820605e67c1927494661fb70365e0cf8d950d05ec2ad76ddd5495793f6156f2cece528e08ea33ce926a27625ba5cf336ed138c7b8b |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.pk
| MD5 | fe94c9a921bf715f3f22abc0cc700ed3 |
| SHA1 | a2fa6df85a12adf879a9d248d6c6b91c889ad16e |
| SHA256 | 10dd7602ba4f529216e4a15916d3a6a30e2fc19b9d78b5beaa43fa631ba01ad0 |
| SHA512 | 0ce2de5821b7f3acf46863dfc09c1a7f24739160834c464a09c3421d479fe72237f972645c3c5389cfdb4c5f36afa5af2dde33e37b03a22ad8656c0c5cb65535 |
/data/user/0/com.touhao.caishen2/files/.jglogs/.jg.ic
| MD5 | 103ac50fc259d4e95134700690593966 |
| SHA1 | 2b4a978aa6a4269bdf0bbbd43a474efa923e0c9e |
| SHA256 | 9b306c484429ddb09cecdc1214d9a9bfddbd81beaffb7ee10e688acdb9301a15 |
| SHA512 | f4ce7d4993b581da4a6fe26e1b76aa4ef7b705cadf6fae19493b1379f16b8f44a26612c350291dc5a0619d94b742ed4051f7ba27a04cf6a919682b47381c666a |
/data/data/com.touhao.caishen2/.oabugaij/.fsgkea
| MD5 | 01abfc750a0c942167651c40d088531d |
| SHA1 | d08f88df745fa7950b104e4a707a31cfce7b5841 |
| SHA256 | 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b |
| SHA512 | d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 14:14
Reported
2024-06-02 14:17
Platform
android-x86-arm-20240514-en
Max time kernel
70s
Max time network
141s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.touhao.caishen2/.jiagu/classes.dex | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.touhao.caishen2
sh -c ps -ef
ps -ef
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | game.touhao666.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/data/com.touhao.caishen2/.jiagu/libjiagu.so
| MD5 | 940317093cc329d45cf45ea8713b1c1f |
| SHA1 | 3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be |
| SHA256 | 57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc |
| SHA512 | 3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f |
/data/data/com.touhao.caishen2/.jiagu/classes.dex
| MD5 | 8761f21a03aac949bc158028517117f9 |
| SHA1 | 194557e7bfa5ff528516881a4498f71e08ccd67e |
| SHA256 | 03a4c1183768252266b894630c3de46dc451474c8edba24c820a5ac9ac75489f |
| SHA512 | 67f138fd73d492e9963bf1936bba2f584208ccfa22f594d4e575c593bdcf38fcc42af6c25610f761300c2f385e86d86f5300b79ed6c6a44161832e3b4f7a2957 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | 88e5637f1059d92e3035f261c349a12f |
| SHA1 | 47458980cb9bf1ec58ecb8487234c446375bf885 |
| SHA256 | 764c5278ce06899baad56cfc4e080d8a85c257ba8b5b2b1d141d4f9bc2813a48 |
| SHA512 | 7768084b45c8d3ccef5d276c07b4572774be1320306fae7323c130bb024809b9c7209621c981b401445dbf0b1367a50ea17f01b8b5817e131c552de66e65344a |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | a050e91cdf07b050dae58083db0360b8 |
| SHA1 | 1cbf2f2e4bb1400e3dcc324684dfef716b4bd303 |
| SHA256 | e9b000db10b0179d5c9a4e64f32991a4a852773434523e539e28f0812844e5d7 |
| SHA512 | b1db9924e0be703d4a518726df7212bb0f17fe8d0af80789bf6396116b02e8f3d3aba1e4845826a38f107ccc98ab093a6b7608282aa4ca28d000fee93211207c |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | ccd8e739df5ca8c87d501eb4af5882b1 |
| SHA1 | addb13d828b4062f3728f5dd3ab40f5ba461686b |
| SHA256 | 021f1e9ad2d333f11235ea302c9ffaa5a547b5fbe0cd585f972756cb6a1d9e89 |
| SHA512 | 7ebb1bc52cd61ae915c9c712df9a0162ae3529c37d3be54cc180e89280b9ed2fd0d9600587a4c92c5e1bc5b15383c7e9cf9fd06cb74d3af3f4a7acba606e89e0 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ac
| MD5 | fef6e4de7c1f4563fe8f6c5687d2a665 |
| SHA1 | fe50d5137208fabe770d3f2f3cb9eb4f7c9cc905 |
| SHA256 | aa73cbc4148ef4c6d8d3c5ac69f7b23411663b8e98cfd9512fbfcc4473ae4673 |
| SHA512 | 5cdec1a7ec8444bd7ab3b1de7eb192035eb08afe143ed539be4034de29fcb82c2aa2f0ac4fbca5887d82b89b9b704c7b61785c83d6d7118d2453e751d82fa0d7 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | 429a6d36e63eaa5a7069ad2952d8cddd |
| SHA1 | 9b938e2e896ff0cb6cc213a4f587579d9174a7fa |
| SHA256 | 9664cce22f44ffdc9110cbbe6f0fd95dcabd77e1d580c3bd9140d4b0aa3d09ca |
| SHA512 | c592fe064a100b52cab494310e6217cfccae54c98ccd6814187a345ddc1337f73e8771741afb296c458fc3828951fe8107ffa4b5eae9b17f72dc52d70ebdc101 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | a6dad250573dbcbb6a7a7d4763379df8 |
| SHA1 | 8344c559f1515033d683004721d448e339149619 |
| SHA256 | ff478551295e1979fda9f587dcd7f23ff7247eb5ce4f9cde74b1e30e6b57d2dd |
| SHA512 | e96010fd905acae26ec42f3ad01e0fa883d9fe9eda49e7836056334c6db7113929a98dac57b5b61337c7d2ca2a97e87e965e5eeb90a7a662a0af16ba5bcdd3b4 |
/data/data/com.touhao.caishen2/files/.jiagu.lock
| MD5 | 0d5cd0d12eaf2b0b3b7e63f9f1eaa289 |
| SHA1 | b4c42deee7eb72a4ad2dfde1c66224ee825324dd |
| SHA256 | 1f65d6c932d6fecce23cb8d995dd2d6599cc9c6dee405ff045adb985e58b8e9d |
| SHA512 | 8eee81ba8c35e2dc0198c764054051dfaf1952b9c2bb18b0ee21ddb5f070986bfdbf4d66090059ebbb73f95a2b4bfb85790e132540e61ef8529c1a97793993e1 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.rd
| MD5 | 1bca7af1809620971bdd785c952c4e98 |
| SHA1 | 3fd2fec873e737f1990c95266e48a6b0a701c491 |
| SHA256 | 2e3768c651d893ed901fa577000309234c7d4fdfba802c42be338fa3f56fb75d |
| SHA512 | c33c3f998385a8cc1cd20ce9f01bfbfeb5cebc5472cd1eada1b3fa169a73f64ff2d7d5eb385cec31f68ed2f2b30e7b21c59bf714af5bfe714e5a7ca308d2fb03 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | 0ef7d16e354e3cd2e75625a675928817 |
| SHA1 | 7a3a7052f17934574043c6537444e74a49cedccc |
| SHA256 | be2e526a02fc752d3dcf41a641779d3016679f9065e0e15d85ce296a27cd8394 |
| SHA512 | 15742ae7ceb65cccae48c633ec47fe544becf7c5ca524d43a9c22af26d9dee83a265fe2b7ab707a00a78612f363ee29476b491b56ba0c794f9a0c644f70cfa8a |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.pk.h
| MD5 | f85c8bc2712b61148e88e757c28f8531 |
| SHA1 | 02d5f576fcd872b45dbda21edab77b8c26ef874f |
| SHA256 | f7a773ee9938888af788df75d90a300e7d1ee03c8f8e9ad7ee4db44c67aae6b7 |
| SHA512 | 3c85d32601bd3c8cfc68c9820605e67c1927494661fb70365e0cf8d950d05ec2ad76ddd5495793f6156f2cece528e08ea33ce926a27625ba5cf336ed138c7b8b |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.pk
| MD5 | fe94c9a921bf715f3f22abc0cc700ed3 |
| SHA1 | a2fa6df85a12adf879a9d248d6c6b91c889ad16e |
| SHA256 | 10dd7602ba4f529216e4a15916d3a6a30e2fc19b9d78b5beaa43fa631ba01ad0 |
| SHA512 | 0ce2de5821b7f3acf46863dfc09c1a7f24739160834c464a09c3421d479fe72237f972645c3c5389cfdb4c5f36afa5af2dde33e37b03a22ad8656c0c5cb65535 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ic
| MD5 | 103ac50fc259d4e95134700690593966 |
| SHA1 | 2b4a978aa6a4269bdf0bbbd43a474efa923e0c9e |
| SHA256 | 9b306c484429ddb09cecdc1214d9a9bfddbd81beaffb7ee10e688acdb9301a15 |
| SHA512 | f4ce7d4993b581da4a6fe26e1b76aa4ef7b705cadf6fae19493b1379f16b8f44a26612c350291dc5a0619d94b742ed4051f7ba27a04cf6a919682b47381c666a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 14:14
Reported
2024-06-02 14:17
Platform
android-x64-20240514-en
Max time kernel
69s
Max time network
153s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.touhao.caishen2/.jiagu/classes.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
com.touhao.caishen2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | game.touhao666.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/data/com.touhao.caishen2/.jiagu/libjiagu.so
| MD5 | 940317093cc329d45cf45ea8713b1c1f |
| SHA1 | 3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be |
| SHA256 | 57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc |
| SHA512 | 3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f |
/data/data/com.touhao.caishen2/.jiagu/libjiagu_64.so
| MD5 | a44c75172a12b00d8b420d9209fe2862 |
| SHA1 | a7f4b181857ba570d3942bf26e59cbd1ec445610 |
| SHA256 | 1be9b3aae5673a5682250fb218d427aafe3ffb4e6f54ab701a025dafa19c4c20 |
| SHA512 | 697e5d18f2278147f03df34c6d5065c34295188b13ccdba73a6ac48e3424b29dadeb96a9e35c3106eecefe49b6717ad2fc9a36ec4e85a2b2b8fda2de78943186 |
/data/data/com.touhao.caishen2/.jiagu/classes.dex
| MD5 | 8761f21a03aac949bc158028517117f9 |
| SHA1 | 194557e7bfa5ff528516881a4498f71e08ccd67e |
| SHA256 | 03a4c1183768252266b894630c3de46dc451474c8edba24c820a5ac9ac75489f |
| SHA512 | 67f138fd73d492e9963bf1936bba2f584208ccfa22f594d4e575c593bdcf38fcc42af6c25610f761300c2f385e86d86f5300b79ed6c6a44161832e3b4f7a2957 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | 88e5637f1059d92e3035f261c349a12f |
| SHA1 | 47458980cb9bf1ec58ecb8487234c446375bf885 |
| SHA256 | 764c5278ce06899baad56cfc4e080d8a85c257ba8b5b2b1d141d4f9bc2813a48 |
| SHA512 | 7768084b45c8d3ccef5d276c07b4572774be1320306fae7323c130bb024809b9c7209621c981b401445dbf0b1367a50ea17f01b8b5817e131c552de66e65344a |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | a050e91cdf07b050dae58083db0360b8 |
| SHA1 | 1cbf2f2e4bb1400e3dcc324684dfef716b4bd303 |
| SHA256 | e9b000db10b0179d5c9a4e64f32991a4a852773434523e539e28f0812844e5d7 |
| SHA512 | b1db9924e0be703d4a518726df7212bb0f17fe8d0af80789bf6396116b02e8f3d3aba1e4845826a38f107ccc98ab093a6b7608282aa4ca28d000fee93211207c |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | ccd8e739df5ca8c87d501eb4af5882b1 |
| SHA1 | addb13d828b4062f3728f5dd3ab40f5ba461686b |
| SHA256 | 021f1e9ad2d333f11235ea302c9ffaa5a547b5fbe0cd585f972756cb6a1d9e89 |
| SHA512 | 7ebb1bc52cd61ae915c9c712df9a0162ae3529c37d3be54cc180e89280b9ed2fd0d9600587a4c92c5e1bc5b15383c7e9cf9fd06cb74d3af3f4a7acba606e89e0 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ac
| MD5 | fef6e4de7c1f4563fe8f6c5687d2a665 |
| SHA1 | fe50d5137208fabe770d3f2f3cb9eb4f7c9cc905 |
| SHA256 | aa73cbc4148ef4c6d8d3c5ac69f7b23411663b8e98cfd9512fbfcc4473ae4673 |
| SHA512 | 5cdec1a7ec8444bd7ab3b1de7eb192035eb08afe143ed539be4034de29fcb82c2aa2f0ac4fbca5887d82b89b9b704c7b61785c83d6d7118d2453e751d82fa0d7 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf
| MD5 | 429a6d36e63eaa5a7069ad2952d8cddd |
| SHA1 | 9b938e2e896ff0cb6cc213a4f587579d9174a7fa |
| SHA256 | 9664cce22f44ffdc9110cbbe6f0fd95dcabd77e1d580c3bd9140d4b0aa3d09ca |
| SHA512 | c592fe064a100b52cab494310e6217cfccae54c98ccd6814187a345ddc1337f73e8771741afb296c458fc3828951fe8107ffa4b5eae9b17f72dc52d70ebdc101 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ri
| MD5 | 65c4fc09bc558003e8d407b55012c4c9 |
| SHA1 | 0d5236d2196ac056e08df4d4390535df64988d25 |
| SHA256 | 6d74ecc811c6db6316357bf960d402a392369d394dadf616c955106fe2399f95 |
| SHA512 | 403b4e33d1b773c38d2ecf797363bae623b9dfc3ceb8af56116ea2a82502965f32766ea3edcc07af1bb5066499b39979772ba089d86559a1c5aaa2f66247d2e0 |
/data/data/com.touhao.caishen2/files/.jiagu.lock
| MD5 | bfb5cf15830c4a20745fda7868d79f01 |
| SHA1 | 64011066164eead23d6748905488c5c2292be6e2 |
| SHA256 | 52160c10f7f49d0c1bd93e498609d0d6303f99c334e700ad47ac0f82e9befb91 |
| SHA512 | 920f497aa32b93e0a144383acbc1222f35d68a2e71dd9d69ffaef4d530b1c5d858e7bcf7aa28f533712a827b09f20444109bf8becc659788c2c479d167eeddb7 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.rd
| MD5 | 253845a5b0b048520b84b6a6bb0ccf92 |
| SHA1 | 3c5f12a27da01d8fd1d150b44fc4a68b6cfa6184 |
| SHA256 | 89796b3fe153a0683f336a1d1d163a55ca0093a5f169ffcdc0bd70150aed6a9e |
| SHA512 | 07ac5976ef3b1e17a443c6cd50a7a6360de5d19ed5c11ef3d0705d7c8613909735cb1034c3a20c93e380b63d482f10b5a866c730e5dd3ff7c1d0131945ede031 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid
| MD5 | 0ef7d16e354e3cd2e75625a675928817 |
| SHA1 | 7a3a7052f17934574043c6537444e74a49cedccc |
| SHA256 | be2e526a02fc752d3dcf41a641779d3016679f9065e0e15d85ce296a27cd8394 |
| SHA512 | 15742ae7ceb65cccae48c633ec47fe544becf7c5ca524d43a9c22af26d9dee83a265fe2b7ab707a00a78612f363ee29476b491b56ba0c794f9a0c644f70cfa8a |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.pk.h
| MD5 | f85c8bc2712b61148e88e757c28f8531 |
| SHA1 | 02d5f576fcd872b45dbda21edab77b8c26ef874f |
| SHA256 | f7a773ee9938888af788df75d90a300e7d1ee03c8f8e9ad7ee4db44c67aae6b7 |
| SHA512 | 3c85d32601bd3c8cfc68c9820605e67c1927494661fb70365e0cf8d950d05ec2ad76ddd5495793f6156f2cece528e08ea33ce926a27625ba5cf336ed138c7b8b |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.pk
| MD5 | fe94c9a921bf715f3f22abc0cc700ed3 |
| SHA1 | a2fa6df85a12adf879a9d248d6c6b91c889ad16e |
| SHA256 | 10dd7602ba4f529216e4a15916d3a6a30e2fc19b9d78b5beaa43fa631ba01ad0 |
| SHA512 | 0ce2de5821b7f3acf46863dfc09c1a7f24739160834c464a09c3421d479fe72237f972645c3c5389cfdb4c5f36afa5af2dde33e37b03a22ad8656c0c5cb65535 |
/data/data/com.touhao.caishen2/files/.jglogs/.jg.ic
| MD5 | 103ac50fc259d4e95134700690593966 |
| SHA1 | 2b4a978aa6a4269bdf0bbbd43a474efa923e0c9e |
| SHA256 | 9b306c484429ddb09cecdc1214d9a9bfddbd81beaffb7ee10e688acdb9301a15 |
| SHA512 | f4ce7d4993b581da4a6fe26e1b76aa4ef7b705cadf6fae19493b1379f16b8f44a26612c350291dc5a0619d94b742ed4051f7ba27a04cf6a919682b47381c666a |
/data/data/com.touhao.caishen2/.oabugaij/.fsgkea
| MD5 | 01abfc750a0c942167651c40d088531d |
| SHA1 | d08f88df745fa7950b104e4a707a31cfce7b5841 |
| SHA256 | 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b |
| SHA512 | d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236 |