Analysis Overview
SHA256
a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b
Threat Level: Likely malicious
The file 8e8069293783668c84b449f0fe24e3b2_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Queries the mobile country code (MCC)
Obtains sensitive information copied to the device clipboard
Checks CPU information
Requests dangerous framework permissions
Reads information about phone network operator.
Declares broadcast receivers with permission to handle system events
Queries the unique device ID (IMEI, MEID, IMSI)
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 15:10
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 15:10
Reported
2024-06-02 15:14
Platform
android-x86-arm-20240514-en
Max time kernel
8s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip | N/A | N/A |
| N/A | /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fx.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fx.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fx.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fp.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fp.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fp.jar | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.qky.arealracing2
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ca162e81.api.splkmobile.com | udp |
| US | 1.1.1.1:53 | api.tridrongo.info | udp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 172.217.169.46:80 | google.com | tcp |
| US | 1.1.1.1:53 | zzwx.ru | udp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| US | 1.1.1.1:53 | epcontrol.yhmapi.com | udp |
| US | 1.1.1.1:53 | epupdate.yhmapi.com | udp |
| US | 3.237.86.197:7013 | epupdate.yhmapi.com | tcp |
| US | 3.237.86.197:7014 | epupdate.yhmapi.com | tcp |
| US | 1.1.1.1:53 | epget.yhmapi.com | udp |
| US | 1.1.1.1:53 | epreport.yhmapi.com | udp |
| US | 3.237.86.197:7011 | epreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | epreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | epreport.yhmapi.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 3.237.86.197:7013 | epreport.yhmapi.com | tcp |
| US | 1.1.1.1:53 | ecupdate.yhmapi.com | udp |
| US | 1.1.1.1:53 | d1qxrv0ap6yf2e.cloudfront.net | udp |
| US | 1.1.1.1:53 | ecget.yhmapi.com | udp |
| US | 1.1.1.1:53 | eiget.yhmapi.com | udp |
| US | 3.237.86.197:7014 | eiget.yhmapi.com | tcp |
| US | 1.1.1.1:53 | ecreport.yhmapi.com | udp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7014 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7014 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7014 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | ecreport.yhmapi.com | tcp |
| US | 1.1.1.1:53 | d1qxrv0ap6yf2e.cloudfront.net | udp |
| US | 3.237.86.197:7014 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7011 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:7012 | ecreport.yhmapi.com | tcp |
Files
/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar
| MD5 | 903f28652432627489b5a538ea86bec9 |
| SHA1 | ba1f589036af496318fdd7df328e9c231e590ca0 |
| SHA256 | 9bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe |
| SHA512 | 2349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f |
/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar
| MD5 | 9c9e2d273606d14831b64b59f37017a2 |
| SHA1 | 64ea038a4d42efe54bd24a23ddbd89f0702710e2 |
| SHA256 | 48cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c |
| SHA512 | ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370 |
/data/data/com.qky.arealracing2/app_jni/frame
| MD5 | 840dbf3852edfa1261435df285ff1e88 |
| SHA1 | 26dc95a1ad5261207f83b4e36c783f868ae0e73c |
| SHA256 | 96dc394075da003d52317d18a42ff5cda408aed74c1850de0cf10b8c33ed3922 |
| SHA512 | 05e06d7b40a975320732e4f1cc6550e87c08a438892bac3c3aadf9f1429e6bc0c092a03d672ad31f79d788721e12e1ba49a26f5c1166104c301c1b7a471e8b3a |
/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip
| MD5 | d14ca1113a0e79962b5f2ce86188fcbb |
| SHA1 | 95aa1ae1169812f065f3ef78a7cb88342284c25f |
| SHA256 | a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e |
| SHA512 | 14b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00 |
/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip
| MD5 | 925c4be52ca0973bd2b10cd8569c3a23 |
| SHA1 | a7b189f3557c4461fdffde2ba888c5a815fb1a09 |
| SHA256 | 704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c |
| SHA512 | 1f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8 |
/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip
| MD5 | 20393d4c6d20f59468554114cfe35d30 |
| SHA1 | 23c536fde6b4231476cf19bf50ccd8bf3df37ae4 |
| SHA256 | 7c2fb8e66db8557aea86f3cdb925779ed1dad2255b9485f34df73d4f4d133188 |
| SHA512 | 4d8084537073f3397f963b3d5b8ca80d5ba9f84ad202c99c52c148003aa602a0226360e782ffd9060f0851539c727fdf1dd3c5391cde31d1e5279fe2400b827e |
/data/data/com.qky.arealracing2/app_jc/tfx.jar
| MD5 | e6af523b04ea1f0c64c48e8e94c35f96 |
| SHA1 | eaa37708f0e4a7fef0d197b73a03c2e830254442 |
| SHA256 | 820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9 |
| SHA512 | 0faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1 |
/data/data/com.qky.arealracing2/app_jc/dfx.jar
| MD5 | 59705f3af17d5b6695ddc0d11a3a63af |
| SHA1 | dbf6ffb0a256cff76db302a7022c18174ed58c28 |
| SHA256 | 7a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762 |
| SHA512 | fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3 |
/data/user/0/com.qky.arealracing2/app_jc/fx.jar
| MD5 | 73f49c3686814005f266cc14e24fce54 |
| SHA1 | fb059dc5248a7334ab947be8cb19876af04657f6 |
| SHA256 | 5e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef |
| SHA512 | 6133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b |
/data/user/0/com.qky.arealracing2/app_jc/fx.jar
| MD5 | e785d4334614a792ffc90542432dc10d |
| SHA1 | 2d6b9d63864fb2d62932d23d6b8a9974b61dbd59 |
| SHA256 | 7c5a4eb113cb46d852cc491ce7864da475104c2baaf21863163e48c9db8bcedb |
| SHA512 | 5c28f561bab5c7f0d49128a9a7c08ba24e8787301f06160420442ed45f47a378089a926f81fb0c987aab0efb7e37a92d7f056c114e2da190775a80327dbdc636 |
/data/data/com.qky.arealracing2/app_jc/tfp.jar
| MD5 | 0941a865befbed90cf7bc86a1af0602f |
| SHA1 | e161a14cd80fb88d81c7181301bb59120e1fff46 |
| SHA256 | d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd |
| SHA512 | 5fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117 |
/data/data/com.qky.arealracing2/app_jc/dfp.jar
| MD5 | 1047cc5aaa16cd39cbe53cfb73002f1d |
| SHA1 | 560edce1216eedb4911cd06c7ab19090c08b5ec1 |
| SHA256 | 028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714 |
| SHA512 | e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704 |
/data/user/0/com.qky.arealracing2/app_jc/fp.jar
| MD5 | 6ed19d0fda7f59cdc1d8f6586a3b3ed1 |
| SHA1 | 843e50f2458eb8946a0452ff4e6fa3e72d277cd0 |
| SHA256 | 1920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c |
| SHA512 | 8b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b |
/data/user/0/com.qky.arealracing2/app_jc/fp.jar
| MD5 | fa6d23be417a5dec12791ffc748a5ecf |
| SHA1 | c3dea4c61c83ebc3d918b1d7ed570a8ca633ad58 |
| SHA256 | 56886a3515106e4b010a7d12c36631b67852b2ab73099309cc28d5894906e555 |
| SHA512 | d468d3fcb79755142de0e20557cb2592eb723ff40027a776a346b221fd1aa6169bb760be14bb7b6abcfd36627d739072aa9dd0424cd243550111a9fb3e70cb00 |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal
| MD5 | 4ae5272012acac88d8985ea4a8717f3a |
| SHA1 | f384106f9bda632a355fb3e2e8d23f2fbffdabdf |
| SHA256 | 86efcf85a4a9753ec326a828995bdccad943cc48bdc2483776b205ffac1f5e5c |
| SHA512 | bd99ed6f0ac33ab34c127dd2618f0350d6319d04c591ae033014493d7a302380d5cd501e81ce4c4e4867fd934fce7a4fa44195623de2050c09f4935b4cf5bf5e |
/data/data/com.qky.arealracing2/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-wal
| MD5 | 15c6bd3f0b5aaeebc21d381ae394de3a |
| SHA1 | 2e7ea1ca66be75ad34b73e28c03fc17f89d8260f |
| SHA256 | a14db60d140826f287f3053f1cdc8cae53ab631711b3cf9569ce4d490bb2db37 |
| SHA512 | 92ccb16a132bfe0c2d7275f8670c45de607faec966c19b27651687b420ae6c5680651f5cc9a559a579bb4a4c3909fba3a3289b098867e5dc473339c6fb347588 |
/data/data/com.qky.arealracing2/files/MintSavedData-1-1717341070715.json
| MD5 | c41744ba4484a86d06e72e2b514966a4 |
| SHA1 | 894c4c04b99cef8b75c9cf7ded5bfc1e2eaa6e1c |
| SHA256 | 03abed0799b1ca573c2e7cdaa3a6aa4814f360ba28ff13ffa3d3d55aaa8c2484 |
| SHA512 | f33872170a683fd30fe200ab3969bc1f79a80b71384166248c8791daa14dd0987d79a75290995b660cab4a2616fd71f2f3c6addbec6abcf8231d8b31c52c4376 |
/data/data/com.qky.arealracing2/files/Mint-lastsavedfile
| MD5 | 8bca52a35d540c5a6042753280995305 |
| SHA1 | 8d536262c521e8a2d71e7c41a0845024407f9ebd |
| SHA256 | 1753aeb43c4318d1473be99f330d99a74a2344b0a0809eb65d1579456a584a3d |
| SHA512 | 3cd4252329aa0ed9ca8a678036b75eddd499f2a049a61ed58e83d4d1a478a9970505c6ddc7a98dee55a83d44ffe5b3db14b4f5585dd69b062ddbf71e514db824 |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | 51a3622b1405450b6e0bd925a4ca3f7c |
| SHA1 | 075af3d896c66016736938fbb9507a770615ccd8 |
| SHA256 | 4b4961301ac7fa2c1cf0786f5fee140f90f5821779b2f033ec45069a0ebcb46d |
| SHA512 | 959fbe884a0145dee170980cde89d4ecff17108ebb1cc6492d86b11660eaa1171195c6312efad02d66aa4946d153f38e3dac4ca8c811ed143a28608049218913 |
/data/data/com.qky.arealracing2/databases/fx_dd.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.qky.arealracing2/databases/fx_dd.db-wal
| MD5 | d9eaf3a080b5fbf3e9af16a3f8eb46fd |
| SHA1 | 235397f6d684c7da1be31e376ca32593a40b22c7 |
| SHA256 | 3f10cc4be6b17185f35bc0c4708cd2e1f79ae909a0233218031e5aaa19a5900a |
| SHA512 | dd0da047daef2a9a8e43c7c5c19e2d3060481018d44a59e152245d8adba5bdfe2afb3f0c3f0004a6ff6bd2849535cb0d8c523c3c8be6480038e03fbf7124300d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 15:10
Reported
2024-06-02 15:14
Platform
android-x64-20240514-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fx.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fx.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fp.jar | N/A | N/A |
| N/A | /data/user/0/com.qky.arealracing2/app_jc/fp.jar | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.qky.arealracing2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ca162e81.api.splkmobile.com | udp |
| US | 1.1.1.1:53 | api.tridrongo.info | udp |
| US | 172.67.161.129:443 | api.tridrongo.info | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 216.58.201.110:80 | google.com | tcp |
| US | 1.1.1.1:53 | zzwx.ru | udp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | d1qxrv0ap6yf2e.cloudfront.net | udp |
| US | 1.1.1.1:53 | ecupdate.yhmapi.com | udp |
| US | 1.1.1.1:53 | epcontrol.yhmapi.com | udp |
| US | 1.1.1.1:53 | eiget.yhmapi.com | udp |
| US | 1.1.1.1:53 | ecreport.yhmapi.com | udp |
| US | 3.237.86.197:7014 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8013 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:8012 | ecreport.yhmapi.com | tcp |
| US | 3.237.86.197:10071 | ecreport.yhmapi.com | tcp |
Files
/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar
| MD5 | 903f28652432627489b5a538ea86bec9 |
| SHA1 | ba1f589036af496318fdd7df328e9c231e590ca0 |
| SHA256 | 9bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe |
| SHA512 | 2349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f |
/data/data/com.qky.arealracing2/app_app_apk/arealracing2.dat.jar
| MD5 | 9c9e2d273606d14831b64b59f37017a2 |
| SHA1 | 64ea038a4d42efe54bd24a23ddbd89f0702710e2 |
| SHA256 | 48cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c |
| SHA512 | ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370 |
/data/data/com.qky.arealracing2/app_jni/frame
| MD5 | a997b9dc5a7f028f33c331c5999383c2 |
| SHA1 | 0c163f9ba2796e47669999dfb349021a15d670d9 |
| SHA256 | b263aa2dff9f516ad7cd11c5d0393b09ef32979d8481692b55b88d9a3643c149 |
| SHA512 | 05c6fb8f7e6d41cb3cf68c9ddb21ed772cb9f236d586327e60c7da52ee1182b25e539b206371c0dde75600f66d31259eceb3c798ae81e5317aedafbaa7af78d4 |
/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip
| MD5 | d14ca1113a0e79962b5f2ce86188fcbb |
| SHA1 | 95aa1ae1169812f065f3ef78a7cb88342284c25f |
| SHA256 | a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e |
| SHA512 | 14b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00 |
/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip
| MD5 | 925c4be52ca0973bd2b10cd8569c3a23 |
| SHA1 | a7b189f3557c4461fdffde2ba888c5a815fb1a09 |
| SHA256 | 704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c |
| SHA512 | 1f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8 |
/data/data/com.qky.arealracing2/app_jc/tfx.jar
| MD5 | e6af523b04ea1f0c64c48e8e94c35f96 |
| SHA1 | eaa37708f0e4a7fef0d197b73a03c2e830254442 |
| SHA256 | 820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9 |
| SHA512 | 0faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1 |
/data/data/com.qky.arealracing2/app_jc/dfx.jar
| MD5 | 59705f3af17d5b6695ddc0d11a3a63af |
| SHA1 | dbf6ffb0a256cff76db302a7022c18174ed58c28 |
| SHA256 | 7a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762 |
| SHA512 | fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3 |
/data/user/0/com.qky.arealracing2/app_jc/fx.jar
| MD5 | 73f49c3686814005f266cc14e24fce54 |
| SHA1 | fb059dc5248a7334ab947be8cb19876af04657f6 |
| SHA256 | 5e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef |
| SHA512 | 6133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b |
/data/data/com.qky.arealracing2/app_jc/tfp.jar
| MD5 | 0941a865befbed90cf7bc86a1af0602f |
| SHA1 | e161a14cd80fb88d81c7181301bb59120e1fff46 |
| SHA256 | d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd |
| SHA512 | 5fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117 |
/data/data/com.qky.arealracing2/app_jc/dfp.jar
| MD5 | 1047cc5aaa16cd39cbe53cfb73002f1d |
| SHA1 | 560edce1216eedb4911cd06c7ab19090c08b5ec1 |
| SHA256 | 028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714 |
| SHA512 | e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704 |
/data/user/0/com.qky.arealracing2/app_jc/fp.jar
| MD5 | 6ed19d0fda7f59cdc1d8f6586a3b3ed1 |
| SHA1 | 843e50f2458eb8946a0452ff4e6fa3e72d277cd0 |
| SHA256 | 1920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c |
| SHA512 | 8b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal
| MD5 | db8a5888274c639989537bfe5cd58f75 |
| SHA1 | 6d11ba36563e9750d0886e39d63a3e0b59b8b356 |
| SHA256 | 9c07f323224b2eb0154d8f9478c166e0233dc658c230c426137f9f8162df4ae2 |
| SHA512 | 97cce59a2a717639a0d4d37dcaf812675bcb676cbe5d77c0e782d7baac494ce04d4849bc65ab0b1c23893dcc78b47d6f608ce648988278b6697d39917055f014 |
/data/data/com.qky.arealracing2/databases/db_default_job_manager
| MD5 | c2810d7e661b18a9ebc3d1b2f4993403 |
| SHA1 | ef14c987c020481a22fb475223cd3d4b86d64692 |
| SHA256 | eed45ca74837fe7ffd934a7359ac11dc2394ec4f3a55226fd752c186e96fa337 |
| SHA512 | 90be91836668216f3f9f0c954d75816efcf6fdf296a76f997f7e4e845e89509f6d923f27c9d2a1b0c7747f57100e2d2a63f1fcb32a164be923ffd9886f5f2732 |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal
| MD5 | 625443419fff1d8215091759fe10e9dc |
| SHA1 | 9927b3a6da84d10e2a8d6cfd2f157670c10ce467 |
| SHA256 | 1ab1c7fa89a657f68a579eaa4d8d48c879808448435bef0b80cacd86fa5f4c43 |
| SHA512 | 9776b06a1990f984a20c9e5f981676b91b699d309fb3ed66dbc69df9bc1a6ddcb6c0c30b6ac3c07cdf002ada01d871101cea497730f5c8ae7d1b8d0a150b50af |
/data/data/com.qky.arealracing2/databases/db_default_job_manager-journal
| MD5 | 7556bddad6ff958ae858b315c8610cb0 |
| SHA1 | badeae1ee0dce2980039b05d32921d2a8d83856e |
| SHA256 | 315192d0763e8bd86071465b8fc836b3d7a1fc16b1abb7a4e5699553d2c02837 |
| SHA512 | fc6a505cf954362a9d0db43629855e70138387950ba53d4e58d03bf9710dbadca9bf42e6d0618eda9ac5e906aa592c42467e10e98f5c0af8624cbfb008bde2a1 |
/data/data/com.qky.arealracing2/files/MintSavedData-1-1717341067902.json
| MD5 | 7bd19fb9bf9e09cb26af06606fc777eb |
| SHA1 | f1d528407eaae497995be9a6143efb12c5799ce7 |
| SHA256 | 42503db351a8f052e57065c7dcd371d950f488fc11ea2dad81cf43e7339cc724 |
| SHA512 | 27c11957e3d209b7f2d7d50072441a6dc2c76d63cd3f16b5f88fdd5dda81b860156683b69f1a198dd3d2b896613a7f5709f8118a6e3ed8c3519462d265c8bcd3 |
/data/data/com.qky.arealracing2/files/Mint-lastsavedfile
| MD5 | 846414187252099435cbb816da0584e7 |
| SHA1 | 2ca54a41b26340533690e48add283d8b1f438bb2 |
| SHA256 | 29330ca9ab25c7f9ef70d8270d8370e094aa2a0d15ec7d30164993c65873a25f |
| SHA512 | 70e799aea664a81d283a5ee944227b90287096956dda67dbe28367e1462d2565518cbee8c4f914d89f86c7feefe5b7f7c8986387f34fe189cbe187b8ebebd7b7 |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | a27bd8f0ba499c2f85dcdea3dff93d10 |
| SHA1 | 83403fad3d142eb1d34f4dcadc5658b5f37de7d0 |
| SHA256 | 894e693e0f21a8fd34ced046fd2ff449c0f31e7faa2449b144e797b735a2b379 |
| SHA512 | 6eeeb939f22f978f1e7731c8fd4c58d2a1b345e113e5dda544885ade4eec334d9d2a05117b39dcbfe037729bc54d61cffdac41464485e5836d62fa5a8124243b |
/data/data/com.qky.arealracing2/databases/fx_dd.db
| MD5 | 1a10d94b9f872d4d84d08a12fb45596f |
| SHA1 | c20c8af8550655c3ab32365fee2fb109544f118a |
| SHA256 | 9aee05d94cab147521dc1c78a3f5cae2e5371e1d2fc4a41cbdb554e9c13bae6a |
| SHA512 | c5a34d7af36f16d31d014bc11b7b823fe6b6cbee1266bca049bd974fe0be0ff68faf8b3bdaea12d5246871df31488566c8bfb31ead0a0f732df0c148249adcb6 |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | 76c946734148df44156be58f78414265 |
| SHA1 | 858fedf822ab5b985895c4f92d85c476a1fd21c3 |
| SHA256 | 558498b0d7bbfb7c7a6e963db191530ade19410b31748b2e134f62fdfc484450 |
| SHA512 | e79e8d3961a0863b36db2e23680320ae570fe34839c702910a153af5f58c309c63b1bb6d63c048970cb6eecf8086cbc295a4faf073ddb1854f29d76aa02391cf |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | d84700b58756c1abc3efaef2ac8468f0 |
| SHA1 | cbd9ba22db26f102a2b3d6df977d33935a1d19dd |
| SHA256 | e35c7001b177ff57114d9642bfbcf8039562e060aee712a88ea918fb067560e7 |
| SHA512 | ff4e93c8a3f8603c04e6de940f26e5da3803ba54ec8843656bfbf3664d7f968081052d2d9ce3dcb8b04534cc6f097b01c1f59994fb51f73161673b32c106bbde |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | 5c82ee78efca4e730da4039d90f61b90 |
| SHA1 | 2fdd66341de4c110f2cc2416f2d9dca7d56ffa97 |
| SHA256 | 710b7d38117b279ad41a77ac9c12404e85471fd4a39e95b6669c5c7832a36015 |
| SHA512 | 4b2f5658a9a674494fb12b8be0a4d86972989551f86476b557a216f18f19532af99efed2e7fc4667dbc4055b0b4b4fcbcf9c591b3fca1ddcf0aa4728510cc37c |
/data/data/com.qky.arealracing2/databases/fx_dd.db-journal
| MD5 | 19ddc151a4492249cc6db9726fced20e |
| SHA1 | 7fc2ec3b1ddf98cfcfe440d566b9f63dec9226aa |
| SHA256 | 7f014a62705f23bf7e9a59da9575869db9d95114c18b8cbb38321886fb8037e3 |
| SHA512 | c6793726b433a870851b98cb07f4f8f08d46a28bfd3cc28bc8eca39ada1c8bb416a3de042885cb69c2ff2045d3b7dc671457f5b28b084a1e938994b602bfb17c |