Malware Analysis Report

2024-10-19 13:18

Sample ID 240602-skf5pagb92
Target 8e8069293783668c84b449f0fe24e3b2_JaffaCakes118
SHA256 a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b

Threat Level: Likely malicious

The file 8e8069293783668c84b449f0fe24e3b2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Queries the mobile country code (MCC)

Obtains sensitive information copied to the device clipboard

Checks CPU information

Requests dangerous framework permissions

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 15:10

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 15:10

Reported

2024-06-02 15:14

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

131s

Command Line

com.qky.arealracing2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip N/A N/A
N/A /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fx.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fx.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fx.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fp.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fp.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fp.jar N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qky.arealracing2

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ca162e81.api.splkmobile.com udp
US 1.1.1.1:53 api.tridrongo.info udp
US 104.21.66.157:443 api.tridrongo.info tcp
US 1.1.1.1:53 google.com udp
GB 172.217.169.46:80 google.com tcp
US 1.1.1.1:53 zzwx.ru udp
DE 185.53.178.7:80 zzwx.ru tcp
DE 185.53.178.7:80 zzwx.ru tcp
US 1.1.1.1:53 epcontrol.yhmapi.com udp
US 1.1.1.1:53 epupdate.yhmapi.com udp
US 3.237.86.197:7013 epupdate.yhmapi.com tcp
US 3.237.86.197:7014 epupdate.yhmapi.com tcp
US 1.1.1.1:53 epget.yhmapi.com udp
US 1.1.1.1:53 epreport.yhmapi.com udp
US 3.237.86.197:7011 epreport.yhmapi.com tcp
US 3.237.86.197:7012 epreport.yhmapi.com tcp
US 3.237.86.197:7011 epreport.yhmapi.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 3.237.86.197:7013 epreport.yhmapi.com tcp
US 1.1.1.1:53 ecupdate.yhmapi.com udp
US 1.1.1.1:53 d1qxrv0ap6yf2e.cloudfront.net udp
US 1.1.1.1:53 ecget.yhmapi.com udp
US 1.1.1.1:53 eiget.yhmapi.com udp
US 3.237.86.197:7014 eiget.yhmapi.com tcp
US 1.1.1.1:53 ecreport.yhmapi.com udp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:8011 ecreport.yhmapi.com tcp
US 3.237.86.197:7011 ecreport.yhmapi.com tcp
US 3.237.86.197:7012 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp
US 3.237.86.197:8011 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:7014 ecreport.yhmapi.com tcp
US 3.237.86.197:7013 ecreport.yhmapi.com tcp
US 3.237.86.197:7011 ecreport.yhmapi.com tcp
US 3.237.86.197:7012 ecreport.yhmapi.com tcp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:8011 ecreport.yhmapi.com tcp
US 3.237.86.197:7014 ecreport.yhmapi.com tcp
US 3.237.86.197:7013 ecreport.yhmapi.com tcp
US 3.237.86.197:7011 ecreport.yhmapi.com tcp
US 3.237.86.197:7012 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp
US 3.237.86.197:7014 ecreport.yhmapi.com tcp
US 3.237.86.197:8011 ecreport.yhmapi.com tcp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:7013 ecreport.yhmapi.com tcp
US 3.237.86.197:7011 ecreport.yhmapi.com tcp
US 3.237.86.197:7012 ecreport.yhmapi.com tcp
US 1.1.1.1:53 d1qxrv0ap6yf2e.cloudfront.net udp
US 3.237.86.197:7014 ecreport.yhmapi.com tcp
US 3.237.86.197:8011 ecreport.yhmapi.com tcp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:7013 ecreport.yhmapi.com tcp
US 3.237.86.197:7011 ecreport.yhmapi.com tcp
US 3.237.86.197:7012 ecreport.yhmapi.com tcp

Files

/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

MD5 903f28652432627489b5a538ea86bec9
SHA1 ba1f589036af496318fdd7df328e9c231e590ca0
SHA256 9bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe
SHA512 2349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f

/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

MD5 9c9e2d273606d14831b64b59f37017a2
SHA1 64ea038a4d42efe54bd24a23ddbd89f0702710e2
SHA256 48cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c
SHA512 ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370

/data/data/com.qky.arealracing2/app_jni/frame

MD5 840dbf3852edfa1261435df285ff1e88
SHA1 26dc95a1ad5261207f83b4e36c783f868ae0e73c
SHA256 96dc394075da003d52317d18a42ff5cda408aed74c1850de0cf10b8c33ed3922
SHA512 05e06d7b40a975320732e4f1cc6550e87c08a438892bac3c3aadf9f1429e6bc0c092a03d672ad31f79d788721e12e1ba49a26f5c1166104c301c1b7a471e8b3a

/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

MD5 d14ca1113a0e79962b5f2ce86188fcbb
SHA1 95aa1ae1169812f065f3ef78a7cb88342284c25f
SHA256 a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e
SHA512 14b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00

/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

MD5 925c4be52ca0973bd2b10cd8569c3a23
SHA1 a7b189f3557c4461fdffde2ba888c5a815fb1a09
SHA256 704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c
SHA512 1f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8

/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

MD5 20393d4c6d20f59468554114cfe35d30
SHA1 23c536fde6b4231476cf19bf50ccd8bf3df37ae4
SHA256 7c2fb8e66db8557aea86f3cdb925779ed1dad2255b9485f34df73d4f4d133188
SHA512 4d8084537073f3397f963b3d5b8ca80d5ba9f84ad202c99c52c148003aa602a0226360e782ffd9060f0851539c727fdf1dd3c5391cde31d1e5279fe2400b827e

/data/data/com.qky.arealracing2/app_jc/tfx.jar

MD5 e6af523b04ea1f0c64c48e8e94c35f96
SHA1 eaa37708f0e4a7fef0d197b73a03c2e830254442
SHA256 820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9
SHA512 0faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1

/data/data/com.qky.arealracing2/app_jc/dfx.jar

MD5 59705f3af17d5b6695ddc0d11a3a63af
SHA1 dbf6ffb0a256cff76db302a7022c18174ed58c28
SHA256 7a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762
SHA512 fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3

/data/user/0/com.qky.arealracing2/app_jc/fx.jar

MD5 73f49c3686814005f266cc14e24fce54
SHA1 fb059dc5248a7334ab947be8cb19876af04657f6
SHA256 5e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef
SHA512 6133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b

/data/user/0/com.qky.arealracing2/app_jc/fx.jar

MD5 e785d4334614a792ffc90542432dc10d
SHA1 2d6b9d63864fb2d62932d23d6b8a9974b61dbd59
SHA256 7c5a4eb113cb46d852cc491ce7864da475104c2baaf21863163e48c9db8bcedb
SHA512 5c28f561bab5c7f0d49128a9a7c08ba24e8787301f06160420442ed45f47a378089a926f81fb0c987aab0efb7e37a92d7f056c114e2da190775a80327dbdc636

/data/data/com.qky.arealracing2/app_jc/tfp.jar

MD5 0941a865befbed90cf7bc86a1af0602f
SHA1 e161a14cd80fb88d81c7181301bb59120e1fff46
SHA256 d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd
SHA512 5fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117

/data/data/com.qky.arealracing2/app_jc/dfp.jar

MD5 1047cc5aaa16cd39cbe53cfb73002f1d
SHA1 560edce1216eedb4911cd06c7ab19090c08b5ec1
SHA256 028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714
SHA512 e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704

/data/user/0/com.qky.arealracing2/app_jc/fp.jar

MD5 6ed19d0fda7f59cdc1d8f6586a3b3ed1
SHA1 843e50f2458eb8946a0452ff4e6fa3e72d277cd0
SHA256 1920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c
SHA512 8b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b

/data/user/0/com.qky.arealracing2/app_jc/fp.jar

MD5 fa6d23be417a5dec12791ffc748a5ecf
SHA1 c3dea4c61c83ebc3d918b1d7ed570a8ca633ad58
SHA256 56886a3515106e4b010a7d12c36631b67852b2ab73099309cc28d5894906e555
SHA512 d468d3fcb79755142de0e20557cb2592eb723ff40027a776a346b221fd1aa6169bb760be14bb7b6abcfd36627d739072aa9dd0424cd243550111a9fb3e70cb00

/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal

MD5 4ae5272012acac88d8985ea4a8717f3a
SHA1 f384106f9bda632a355fb3e2e8d23f2fbffdabdf
SHA256 86efcf85a4a9753ec326a828995bdccad943cc48bdc2483776b205ffac1f5e5c
SHA512 bd99ed6f0ac33ab34c127dd2618f0350d6319d04c591ae033014493d7a302380d5cd501e81ce4c4e4867fd934fce7a4fa44195623de2050c09f4935b4cf5bf5e

/data/data/com.qky.arealracing2/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qky.arealracing2/databases/db_default_job_manager-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qky.arealracing2/databases/db_default_job_manager-wal

MD5 15c6bd3f0b5aaeebc21d381ae394de3a
SHA1 2e7ea1ca66be75ad34b73e28c03fc17f89d8260f
SHA256 a14db60d140826f287f3053f1cdc8cae53ab631711b3cf9569ce4d490bb2db37
SHA512 92ccb16a132bfe0c2d7275f8670c45de607faec966c19b27651687b420ae6c5680651f5cc9a559a579bb4a4c3909fba3a3289b098867e5dc473339c6fb347588

/data/data/com.qky.arealracing2/files/MintSavedData-1-1717341070715.json

MD5 c41744ba4484a86d06e72e2b514966a4
SHA1 894c4c04b99cef8b75c9cf7ded5bfc1e2eaa6e1c
SHA256 03abed0799b1ca573c2e7cdaa3a6aa4814f360ba28ff13ffa3d3d55aaa8c2484
SHA512 f33872170a683fd30fe200ab3969bc1f79a80b71384166248c8791daa14dd0987d79a75290995b660cab4a2616fd71f2f3c6addbec6abcf8231d8b31c52c4376

/data/data/com.qky.arealracing2/files/Mint-lastsavedfile

MD5 8bca52a35d540c5a6042753280995305
SHA1 8d536262c521e8a2d71e7c41a0845024407f9ebd
SHA256 1753aeb43c4318d1473be99f330d99a74a2344b0a0809eb65d1579456a584a3d
SHA512 3cd4252329aa0ed9ca8a678036b75eddd499f2a049a61ed58e83d4d1a478a9970505c6ddc7a98dee55a83d44ffe5b3db14b4f5585dd69b062ddbf71e514db824

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 51a3622b1405450b6e0bd925a4ca3f7c
SHA1 075af3d896c66016736938fbb9507a770615ccd8
SHA256 4b4961301ac7fa2c1cf0786f5fee140f90f5821779b2f033ec45069a0ebcb46d
SHA512 959fbe884a0145dee170980cde89d4ecff17108ebb1cc6492d86b11660eaa1171195c6312efad02d66aa4946d153f38e3dac4ca8c811ed143a28608049218913

/data/data/com.qky.arealracing2/databases/fx_dd.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.qky.arealracing2/databases/fx_dd.db-wal

MD5 d9eaf3a080b5fbf3e9af16a3f8eb46fd
SHA1 235397f6d684c7da1be31e376ca32593a40b22c7
SHA256 3f10cc4be6b17185f35bc0c4708cd2e1f79ae909a0233218031e5aaa19a5900a
SHA512 dd0da047daef2a9a8e43c7c5c19e2d3060481018d44a59e152245d8adba5bdfe2afb3f0c3f0004a6ff6bd2849535cb0d8c523c3c8be6480038e03fbf7124300d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 15:10

Reported

2024-06-02 15:14

Platform

android-x64-20240514-en

Max time kernel

7s

Max time network

131s

Command Line

com.qky.arealracing2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fx.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fx.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fp.jar N/A N/A
N/A /data/user/0/com.qky.arealracing2/app_jc/fp.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.qky.arealracing2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ca162e81.api.splkmobile.com udp
US 1.1.1.1:53 api.tridrongo.info udp
US 172.67.161.129:443 api.tridrongo.info tcp
US 1.1.1.1:53 google.com udp
GB 216.58.201.110:80 google.com tcp
US 1.1.1.1:53 zzwx.ru udp
DE 185.53.178.7:80 zzwx.ru tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 d1qxrv0ap6yf2e.cloudfront.net udp
US 1.1.1.1:53 ecupdate.yhmapi.com udp
US 1.1.1.1:53 epcontrol.yhmapi.com udp
US 1.1.1.1:53 eiget.yhmapi.com udp
US 1.1.1.1:53 ecreport.yhmapi.com udp
US 3.237.86.197:7014 ecreport.yhmapi.com tcp
US 3.237.86.197:8013 ecreport.yhmapi.com tcp
US 3.237.86.197:8012 ecreport.yhmapi.com tcp
US 3.237.86.197:10071 ecreport.yhmapi.com tcp

Files

/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

MD5 903f28652432627489b5a538ea86bec9
SHA1 ba1f589036af496318fdd7df328e9c231e590ca0
SHA256 9bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe
SHA512 2349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f

/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar

MD5 9c9e2d273606d14831b64b59f37017a2
SHA1 64ea038a4d42efe54bd24a23ddbd89f0702710e2
SHA256 48cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c
SHA512 ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370

/data/data/com.qky.arealracing2/app_jni/frame

MD5 a997b9dc5a7f028f33c331c5999383c2
SHA1 0c163f9ba2796e47669999dfb349021a15d670d9
SHA256 b263aa2dff9f516ad7cd11c5d0393b09ef32979d8481692b55b88d9a3643c149
SHA512 05c6fb8f7e6d41cb3cf68c9ddb21ed772cb9f236d586327e60c7da52ee1182b25e539b206371c0dde75600f66d31259eceb3c798ae81e5317aedafbaa7af78d4

/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

MD5 d14ca1113a0e79962b5f2ce86188fcbb
SHA1 95aa1ae1169812f065f3ef78a7cb88342284c25f
SHA256 a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e
SHA512 14b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00

/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip

MD5 925c4be52ca0973bd2b10cd8569c3a23
SHA1 a7b189f3557c4461fdffde2ba888c5a815fb1a09
SHA256 704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c
SHA512 1f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8

/data/data/com.qky.arealracing2/app_jc/tfx.jar

MD5 e6af523b04ea1f0c64c48e8e94c35f96
SHA1 eaa37708f0e4a7fef0d197b73a03c2e830254442
SHA256 820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9
SHA512 0faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1

/data/data/com.qky.arealracing2/app_jc/dfx.jar

MD5 59705f3af17d5b6695ddc0d11a3a63af
SHA1 dbf6ffb0a256cff76db302a7022c18174ed58c28
SHA256 7a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762
SHA512 fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3

/data/user/0/com.qky.arealracing2/app_jc/fx.jar

MD5 73f49c3686814005f266cc14e24fce54
SHA1 fb059dc5248a7334ab947be8cb19876af04657f6
SHA256 5e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef
SHA512 6133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b

/data/data/com.qky.arealracing2/app_jc/tfp.jar

MD5 0941a865befbed90cf7bc86a1af0602f
SHA1 e161a14cd80fb88d81c7181301bb59120e1fff46
SHA256 d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd
SHA512 5fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117

/data/data/com.qky.arealracing2/app_jc/dfp.jar

MD5 1047cc5aaa16cd39cbe53cfb73002f1d
SHA1 560edce1216eedb4911cd06c7ab19090c08b5ec1
SHA256 028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714
SHA512 e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704

/data/user/0/com.qky.arealracing2/app_jc/fp.jar

MD5 6ed19d0fda7f59cdc1d8f6586a3b3ed1
SHA1 843e50f2458eb8946a0452ff4e6fa3e72d277cd0
SHA256 1920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c
SHA512 8b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b

/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal

MD5 db8a5888274c639989537bfe5cd58f75
SHA1 6d11ba36563e9750d0886e39d63a3e0b59b8b356
SHA256 9c07f323224b2eb0154d8f9478c166e0233dc658c230c426137f9f8162df4ae2
SHA512 97cce59a2a717639a0d4d37dcaf812675bcb676cbe5d77c0e782d7baac494ce04d4849bc65ab0b1c23893dcc78b47d6f608ce648988278b6697d39917055f014

/data/data/com.qky.arealracing2/databases/db_default_job_manager

MD5 c2810d7e661b18a9ebc3d1b2f4993403
SHA1 ef14c987c020481a22fb475223cd3d4b86d64692
SHA256 eed45ca74837fe7ffd934a7359ac11dc2394ec4f3a55226fd752c186e96fa337
SHA512 90be91836668216f3f9f0c954d75816efcf6fdf296a76f997f7e4e845e89509f6d923f27c9d2a1b0c7747f57100e2d2a63f1fcb32a164be923ffd9886f5f2732

/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal

MD5 625443419fff1d8215091759fe10e9dc
SHA1 9927b3a6da84d10e2a8d6cfd2f157670c10ce467
SHA256 1ab1c7fa89a657f68a579eaa4d8d48c879808448435bef0b80cacd86fa5f4c43
SHA512 9776b06a1990f984a20c9e5f981676b91b699d309fb3ed66dbc69df9bc1a6ddcb6c0c30b6ac3c07cdf002ada01d871101cea497730f5c8ae7d1b8d0a150b50af

/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal

MD5 7556bddad6ff958ae858b315c8610cb0
SHA1 badeae1ee0dce2980039b05d32921d2a8d83856e
SHA256 315192d0763e8bd86071465b8fc836b3d7a1fc16b1abb7a4e5699553d2c02837
SHA512 fc6a505cf954362a9d0db43629855e70138387950ba53d4e58d03bf9710dbadca9bf42e6d0618eda9ac5e906aa592c42467e10e98f5c0af8624cbfb008bde2a1

/data/data/com.qky.arealracing2/files/MintSavedData-1-1717341067902.json

MD5 7bd19fb9bf9e09cb26af06606fc777eb
SHA1 f1d528407eaae497995be9a6143efb12c5799ce7
SHA256 42503db351a8f052e57065c7dcd371d950f488fc11ea2dad81cf43e7339cc724
SHA512 27c11957e3d209b7f2d7d50072441a6dc2c76d63cd3f16b5f88fdd5dda81b860156683b69f1a198dd3d2b896613a7f5709f8118a6e3ed8c3519462d265c8bcd3

/data/data/com.qky.arealracing2/files/Mint-lastsavedfile

MD5 846414187252099435cbb816da0584e7
SHA1 2ca54a41b26340533690e48add283d8b1f438bb2
SHA256 29330ca9ab25c7f9ef70d8270d8370e094aa2a0d15ec7d30164993c65873a25f
SHA512 70e799aea664a81d283a5ee944227b90287096956dda67dbe28367e1462d2565518cbee8c4f914d89f86c7feefe5b7f7c8986387f34fe189cbe187b8ebebd7b7

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 a27bd8f0ba499c2f85dcdea3dff93d10
SHA1 83403fad3d142eb1d34f4dcadc5658b5f37de7d0
SHA256 894e693e0f21a8fd34ced046fd2ff449c0f31e7faa2449b144e797b735a2b379
SHA512 6eeeb939f22f978f1e7731c8fd4c58d2a1b345e113e5dda544885ade4eec334d9d2a05117b39dcbfe037729bc54d61cffdac41464485e5836d62fa5a8124243b

/data/data/com.qky.arealracing2/databases/fx_dd.db

MD5 1a10d94b9f872d4d84d08a12fb45596f
SHA1 c20c8af8550655c3ab32365fee2fb109544f118a
SHA256 9aee05d94cab147521dc1c78a3f5cae2e5371e1d2fc4a41cbdb554e9c13bae6a
SHA512 c5a34d7af36f16d31d014bc11b7b823fe6b6cbee1266bca049bd974fe0be0ff68faf8b3bdaea12d5246871df31488566c8bfb31ead0a0f732df0c148249adcb6

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 76c946734148df44156be58f78414265
SHA1 858fedf822ab5b985895c4f92d85c476a1fd21c3
SHA256 558498b0d7bbfb7c7a6e963db191530ade19410b31748b2e134f62fdfc484450
SHA512 e79e8d3961a0863b36db2e23680320ae570fe34839c702910a153af5f58c309c63b1bb6d63c048970cb6eecf8086cbc295a4faf073ddb1854f29d76aa02391cf

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 d84700b58756c1abc3efaef2ac8468f0
SHA1 cbd9ba22db26f102a2b3d6df977d33935a1d19dd
SHA256 e35c7001b177ff57114d9642bfbcf8039562e060aee712a88ea918fb067560e7
SHA512 ff4e93c8a3f8603c04e6de940f26e5da3803ba54ec8843656bfbf3664d7f968081052d2d9ce3dcb8b04534cc6f097b01c1f59994fb51f73161673b32c106bbde

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 5c82ee78efca4e730da4039d90f61b90
SHA1 2fdd66341de4c110f2cc2416f2d9dca7d56ffa97
SHA256 710b7d38117b279ad41a77ac9c12404e85471fd4a39e95b6669c5c7832a36015
SHA512 4b2f5658a9a674494fb12b8be0a4d86972989551f86476b557a216f18f19532af99efed2e7fc4667dbc4055b0b4b4fcbcf9c591b3fca1ddcf0aa4728510cc37c

/data/data/com.qky.arealracing2/databases/fx_dd.db-journal

MD5 19ddc151a4492249cc6db9726fced20e
SHA1 7fc2ec3b1ddf98cfcfe440d566b9f63dec9226aa
SHA256 7f014a62705f23bf7e9a59da9575869db9d95114c18b8cbb38321886fb8037e3
SHA512 c6793726b433a870851b98cb07f4f8f08d46a28bfd3cc28bc8eca39ada1c8bb416a3de042885cb69c2ff2045d3b7dc671457f5b28b084a1e938994b602bfb17c