Malware Analysis Report

2025-01-06 11:18

Sample ID 240603-ewe5waba7s
Target 908145d4321e78182b7cac31697e8a60_JaffaCakes118
SHA256 048e9f8d47817336d1dd147f3c2472576600f7e59457455e406ff3f19110818e
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

048e9f8d47817336d1dd147f3c2472576600f7e59457455e406ff3f19110818e

Threat Level: Shows suspicious behavior

The file 908145d4321e78182b7cac31697e8a60_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Checks CPU information

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 04:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-20240514-en

Max time kernel

5s

Max time network

140s

Command Line

com.alimama.mobile.sdk.banner

Signatures

N/A

Processes

com.alimama.mobile.sdk.banner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-arm64-20240514-en

Max time network

142s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
BE 142.250.110.188:5228 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 muzrmvtit udp
US 1.1.1.1:53 mhxgaljgcfoqsnr udp
US 1.1.1.1:53 rwhndsodm udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-20240514-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:18

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x86-arm-20240514-en

Max time kernel

4s

Max time network

132s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-arm64-20240514-en

Max time network

162s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 zxbnsoekxcthz udp
US 1.1.1.1:53 bzgxjdvtlcwyrx udp
US 1.1.1.1:53 slncxoiffsiojh udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:21

Platform

android-x86-arm-20240514-en

Max time network

139s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 216.58.204.68:443 tcp
GB 142.250.187.195:80 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.204.78:443 tcp
GB 172.217.16.227:443 tcp
BE 64.233.166.188:5228 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.10:443 mdh-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

161s

Command Line

com.alimama.mobile.sdk.banner

Signatures

N/A

Processes

com.alimama.mobile.sdk.banner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-20240514-en

Max time kernel

3s

Max time network

131s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.212.226:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-arm64-20240514-en

Max time kernel

4s

Max time network

136s

Command Line

com.taobao.munion.plugin.cm

Signatures

N/A

Processes

com.taobao.munion.plugin.cm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:18

Platform

android-x64-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:19

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:21

Platform

android-x86-arm-20240514-en

Max time kernel

17s

Max time network

179s

Command Line

vz.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk N/A N/A
N/A /data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

vz.com

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/FrameworkPlugin-3.3.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk --output-vdex-fd=61 --oat-fd=63 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/CommonPlugin-4.4.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk --output-vdex-fd=62 --oat-fd=63 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/BannerPlugin-2.8.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk --output-vdex-fd=62 --oat-fd=64 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/WelcomePlugin-3.0.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 pubserver8.bizport.cn udp
CN 121.40.247.48:9998 pubserver8.bizport.cn tcp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp
US 1.1.1.1:53 smssdk1.bizport.cn udp
CN 47.99.124.99:80 smssdk1.bizport.cn tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp

Files

/data/data/vz.com/databases/vz3.db-journal

MD5 75c3ae36e2f7bda43cfbac74f392ea59
SHA1 c384eb01f5b8fce355a1617e65769b0991129830
SHA256 f663a4afe0db396f62e6f1ec363dcfcabfa3777ceaf7c106759878f95e588dfe
SHA512 9e2f59a5c7677d3b67e989371c5a9a6180e9b1fdfc5608b088bf3f1602b2620f321a03454ca5fe51ca5a8cc83a2f1da5c1b2d6413938d00ddd2dc837d9a85ade

/data/data/vz.com/databases/vz3.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/vz.com/databases/vz3.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/vz.com/databases/vz3.db-wal

MD5 cdcce24a69923c130a1f59480925e6e8
SHA1 4a7febd58b7a6553d27291e91dea63e9296b3974
SHA256 30a250f642765f44f45f0f38d9ba83bd4361f307b3377415fe4d8e9e221476f5
SHA512 99c7f3b107809978a5490e9b024fa0ccadd31bd7a2153dd9568d5aa300b2ea705003a50d90462409df46577b0f5194ea988de5a2c883864573730de9d4c3d7b6

/data/data/vz.com/databases/vz4.db-journal

MD5 abd760aab90909499104ccb4333cdee1
SHA1 c9e202de3d30cf5a5856254574e4f2bcbfd45077
SHA256 82501c0d064c6ad48fa1f7e3ea25b469bd7e3888a4e9163b79c220602c754460
SHA512 a8997240f363254058b1752e222a4db91c1d5b29e152439c7c5f13b770261104eb671dd9eb0ec1c1547b7eabb64b73de52c8b758b6dbdb99083ce253e2b4ebc3

/data/data/vz.com/databases/vz4.db-wal

MD5 ed76d8567d277bfa11e0e1d54a0f4a1b
SHA1 f228059defea47b1afa03f2ee225264e64129aa6
SHA256 a035d500f5632142a51c6ae2afa5eb52928a903cc6b4d81380de92cc940f0908
SHA512 1dc9b48b4dbf857d74c4612c5108b5f66c7a666a892552bb8f94a5e8e8a17d6038536994d65b25b0ce7a8d094983d1542be8eb1d5ac3f6f1473c7f2603a7543f

/storage/emulated/0/Android/data/vz.com/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk

MD5 b5d09bda650ec2bfb081844aaef26650
SHA1 d87a19cbf278b3e14309e9714aadc2b139cc3ddb
SHA256 47de5b649090505e1c7054bc3152b6b5f360fe90db35d2e32acfa2c5f7664ebd
SHA512 2e16d25e8ae1d6d39c11c6a81745c8b2b66efb4f10472ccb97dc02224a5dec6634ff1b682d93d5172f878c1c10ef5787e234b6995194da4c786f037ab77dc5a4

/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk

MD5 1587722fd6bb9c9f4c44bd781b5adddd
SHA1 58ae431bdb6bde42a1a211b1fb9bad96437a60dc
SHA256 9e50c350bcdf1516340c1e42299cc2df2ca2327c370e28184156d11bcbb79b94
SHA512 00ba9ee11b59879e35bedd364244ee8d6693e4d804b9ec68fbd6f4c15a5b04bbf34558bdb22059e15f5c27d8e08f83dc3a366841bc94b6a8b92a3ec90f04f94f

/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk

MD5 8505379d1f6c6d899ce2643d0f62cda0
SHA1 db6c07de7f674027b01ebf344ad42dcbbdb83e24
SHA256 9433a580293750e369bf25142927f974c5a132f066efda3b4d13f594015284e5
SHA512 4021c8bf083a60cd2983653bb25d9faf278dc9c592a324489033b0d6b6fbcaa5eceec20a699f0ba2fad59b562627f9aaeb170626c67adb8d09412741d73ead4d

/data/data/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk

MD5 848a0f6dee1f516e7ab7c03174370dbf
SHA1 efc3ee3430b0636d09a870dd0f5b0046f2d3208e
SHA256 324291e648daafc5a213e3535ee76e6ec9964f7d6c611d301eb671f53010d517
SHA512 5d154fa6eedabc9fc500c8b7645e780c5668789ded96599cffd2042fa1584c8913eb063e649c0d86e26496d57ac03180560328978c6661aebbacafd600c0b9c1

/data/data/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk

MD5 31b1c9c7bf5548dbcd03f35e01565b46
SHA1 0c50f07520a40a0db28e6439d4386fad47ee1b8c
SHA256 1bac6e3aa07a0fe1d29316d93dad4f3d82bf92f761971b61062a24a48296769a
SHA512 56ab20a59808a11a4a0c5408380a301d0887807262332671f3cec8fe8d5338f360edbdba7fa1f3c8d3007888706545927126266cb98713ee21017fafa2d999d7

/data/data/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk

MD5 53b5892acd6483e96ea19addcfe67da1
SHA1 9225a1b634136a74852dc556f38adae3a9b98530
SHA256 55c5682f6b1046c58d71239118e34ae39c478458077855ea138472fe15972db5
SHA512 1bdd98905c1083aeab7f8170afbba375928b6d979425eb5a7823ebc496639380e677a4b4149cd9ff8e65cd1e1234074fc2b2770b1f956dcf30150e2f6b8549a3

/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk

MD5 8e9a5c92465e7d192f28d65134a7e8da
SHA1 82263bc635eef4733cd42c24505d22716a3c3544
SHA256 93ad58103c7f502d0f52191dca17572b045623fc95663f31e29ffe5dcce7aae3
SHA512 f7caf2fc4ade3effca5a1781e0c543859de277a06a951f13e0f0c7e17be597e199c3885293365df6cfaa1cfe9135be4215ff2f107a1f1f5aa2de5e5011788ac9

/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk

MD5 ac7578e110e8f77a576a6f17898543b2
SHA1 ebe4729a430b96e3e6ceb6dc0c45f09dc09d8192
SHA256 a1a714988061aa11c89b66d6953ff6f1c624609929e76d251b0651499920e54d
SHA512 e4390b64e81548de7a292941be26232716fbb5e57cbc130c0a8eb40b18e49264883f8239c3d5a768f4a1d7fde959fb491daf0dfae9357197003375b9c8c42441

/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk

MD5 bc2187ed7449fcf95c4a3ccee26ce0d9
SHA1 fafbaeea97a4f4236c9ce0204cd3996b17e2b587
SHA256 02ff817a82b417072f303e57fcb517d7f1f17807abe31744c8acd5df03c1080b
SHA512 a11b423df7a7b2190f43ee0828d3d59d03eb0d8a3def9c4a0349d3e84748433e15cea2c05baafaf4112b6b7ee733dd46d58d865a1d995e09921613f1ed8bd66f

/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk

MD5 b5a6b81944a05a45841cfd1f5cc790f4
SHA1 85fd03f01447f0043bdb8e08628bf4806bd9a164
SHA256 6ed1e68f8cc6dca011ec16fa2b5511b0660a75ee8a2132294c265f3a805bb700
SHA512 ee09a057f235df41b99ff39d0d74374754a03b724dd41d76ebd690ecc46b29624c296a2b2edf1f1fd0c28f43ee8d7bb8ebf0efcdb788d91c4f81b6e9783afb7e

/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk

MD5 2b9f1af0c5054c50c486a71e5d50a82d
SHA1 a7cbe068d43045287876dc77ca0838762a433556
SHA256 ca97f3fa04706dfc6ad5d05a258b439f9d6b9af0aa024301c619cda459c3bf16
SHA512 780954d99ad38edfc0fc89b5915741e11ba63f49d84094a1aa1c52b865ed957732275dbaa725cb07427d0d87f8d45d1bb57a45f3fd7475b14f4ca72d594d7de5

/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk

MD5 2a34e1ad685e79e95d01f61c6feac5ce
SHA1 4927e639da999221faf902fc73b9aa6cbeae19cd
SHA256 0fe1689b29f0febfca2c8daf82bb16b15f13aa71f76da3100dd5673357e8af43
SHA512 cc7b80f058956aa0bef1609ef3e45bc54f3aa3d4128e2572e8e02ad82d2a0d89097b83a6812be0db0c0dc28257c99acb019fc03b89948015283f4c2413bbc5f6

/data/data/vz.com/databases/smssdk.db-journal

MD5 87635f87c8d623f8d928dae5b210a5a6
SHA1 a7ad5f662d732729724911b2f98999a357f3cd4a
SHA256 30df7efa625894ba62ce40ae2297d098a2191323e0e7394311417c8b2ee05ce8
SHA512 769a21e388a17fd2b4c27ae1227ba8d93b84fc609059d4fb467f73de0f316a3471d15bf3779c186f93a7372bfaa933dd5ec6d5d297288c8a5fcd0753b2aba294

/data/data/vz.com/databases/smssdk.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/vz.com/databases/smssdk.db-wal

MD5 5431f89d38f4497a694ea1d809c571dc
SHA1 73a544ce700a83ae40eebebd1a991d95c5a1ace8
SHA256 6fef2e3ef42223998cb897c10528caea2913c0153a4bfa6531154df723bb7853
SHA512 dd471bce5289508ce7ac763eb2096eb960c722185ba3c07dd23a06927a915a1b376f87805018b2206fc76cb9d44537e380d02641b92adcc8bdb1df1ce2ca3dee

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x86-arm-20240514-en

Max time network

140s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.100:443 tcp
GB 142.250.200.35:80 tcp
BE 142.251.168.188:5228 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-20240514-en

Max time network

163s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.226:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-03 04:17

Reported

2024-06-03 04:20

Platform

android-x64-arm64-20240514-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A