Analysis Overview
SHA256
048e9f8d47817336d1dd147f3c2472576600f7e59457455e406ff3f19110818e
Threat Level: Shows suspicious behavior
The file 908145d4321e78182b7cac31697e8a60_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Queries the phone number (MSISDN for GSM devices)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 04:17
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-20240514-en
Max time kernel
5s
Max time network
140s
Command Line
Signatures
Processes
com.alimama.mobile.sdk.banner
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-arm64-20240514-en
Max time network
142s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | muzrmvtit | udp |
| US | 1.1.1.1:53 | mhxgaljgcfoqsnr | udp |
| US | 1.1.1.1:53 | rwhndsodm | udp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-20240514-en
Max time network
129s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:18
Platform
android-x86-arm-20240514-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.180.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x86-arm-20240514-en
Max time kernel
4s
Max time network
132s
Command Line
Signatures
Processes
com.taobao.munion.plugin.cm
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-arm64-20240514-en
Max time network
162s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | zxbnsoekxcthz | udp |
| US | 1.1.1.1:53 | bzgxjdvtlcwyrx | udp |
| US | 1.1.1.1:53 | slncxoiffsiojh | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:21
Platform
android-x86-arm-20240514-en
Max time network
139s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.187.195:80 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| BE | 64.233.166.188:5228 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | mdh-pa.googleapis.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x86-arm-20240514-en
Max time kernel
3s
Max time network
161s
Command Line
Signatures
Processes
com.alimama.mobile.sdk.banner
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-20240514-en
Max time kernel
3s
Max time network
131s
Command Line
Signatures
Processes
com.taobao.munion.plugin.cm
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.226:443 | tcp | |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-arm64-20240514-en
Max time kernel
4s
Max time network
136s
Command Line
Signatures
Processes
com.taobao.munion.plugin.cm
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:18
Platform
android-x64-20240514-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:19
Platform
android-x64-arm64-20240514-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:21
Platform
android-x86-arm-20240514-en
Max time kernel
17s
Max time network
179s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk | N/A | N/A |
| N/A | /data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
vz.com
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/FrameworkPlugin-3.3.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk --output-vdex-fd=61 --oat-fd=63 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/CommonPlugin-4.4.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk --output-vdex-fd=62 --oat-fd=63 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/BannerPlugin-2.8.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk --output-vdex-fd=62 --oat-fd=64 --oat-location=/data/user/0/vz.com/files/mmplugins/plugins/oat/x86/WelcomePlugin-3.0.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | pubserver8.bizport.cn | udp |
| CN | 121.40.247.48:9998 | pubserver8.bizport.cn | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| US | 1.1.1.1:53 | smssdk1.bizport.cn | udp |
| CN | 47.99.124.99:80 | smssdk1.bizport.cn | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
Files
/data/data/vz.com/databases/vz3.db-journal
| MD5 | 75c3ae36e2f7bda43cfbac74f392ea59 |
| SHA1 | c384eb01f5b8fce355a1617e65769b0991129830 |
| SHA256 | f663a4afe0db396f62e6f1ec363dcfcabfa3777ceaf7c106759878f95e588dfe |
| SHA512 | 9e2f59a5c7677d3b67e989371c5a9a6180e9b1fdfc5608b088bf3f1602b2620f321a03454ca5fe51ca5a8cc83a2f1da5c1b2d6413938d00ddd2dc837d9a85ade |
/data/data/vz.com/databases/vz3.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/vz.com/databases/vz3.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/vz.com/databases/vz3.db-wal
| MD5 | cdcce24a69923c130a1f59480925e6e8 |
| SHA1 | 4a7febd58b7a6553d27291e91dea63e9296b3974 |
| SHA256 | 30a250f642765f44f45f0f38d9ba83bd4361f307b3377415fe4d8e9e221476f5 |
| SHA512 | 99c7f3b107809978a5490e9b024fa0ccadd31bd7a2153dd9568d5aa300b2ea705003a50d90462409df46577b0f5194ea988de5a2c883864573730de9d4c3d7b6 |
/data/data/vz.com/databases/vz4.db-journal
| MD5 | abd760aab90909499104ccb4333cdee1 |
| SHA1 | c9e202de3d30cf5a5856254574e4f2bcbfd45077 |
| SHA256 | 82501c0d064c6ad48fa1f7e3ea25b469bd7e3888a4e9163b79c220602c754460 |
| SHA512 | a8997240f363254058b1752e222a4db91c1d5b29e152439c7c5f13b770261104eb671dd9eb0ec1c1547b7eabb64b73de52c8b758b6dbdb99083ce253e2b4ebc3 |
/data/data/vz.com/databases/vz4.db-wal
| MD5 | ed76d8567d277bfa11e0e1d54a0f4a1b |
| SHA1 | f228059defea47b1afa03f2ee225264e64129aa6 |
| SHA256 | a035d500f5632142a51c6ae2afa5eb52928a903cc6b4d81380de92cc940f0908 |
| SHA512 | 1dc9b48b4dbf857d74c4612c5108b5f66c7a666a892552bb8f94a5e8e8a17d6038536994d65b25b0ce7a8d094983d1542be8eb1d5ac3f6f1473c7f2603a7543f |
/storage/emulated/0/Android/data/vz.com/cache/uil-images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk
| MD5 | b5d09bda650ec2bfb081844aaef26650 |
| SHA1 | d87a19cbf278b3e14309e9714aadc2b139cc3ddb |
| SHA256 | 47de5b649090505e1c7054bc3152b6b5f360fe90db35d2e32acfa2c5f7664ebd |
| SHA512 | 2e16d25e8ae1d6d39c11c6a81745c8b2b66efb4f10472ccb97dc02224a5dec6634ff1b682d93d5172f878c1c10ef5787e234b6995194da4c786f037ab77dc5a4 |
/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk
| MD5 | 1587722fd6bb9c9f4c44bd781b5adddd |
| SHA1 | 58ae431bdb6bde42a1a211b1fb9bad96437a60dc |
| SHA256 | 9e50c350bcdf1516340c1e42299cc2df2ca2327c370e28184156d11bcbb79b94 |
| SHA512 | 00ba9ee11b59879e35bedd364244ee8d6693e4d804b9ec68fbd6f4c15a5b04bbf34558bdb22059e15f5c27d8e08f83dc3a366841bc94b6a8b92a3ec90f04f94f |
/data/user/0/vz.com/files/mmplugins/plugins/FrameworkPlugin-3.3.apk
| MD5 | 8505379d1f6c6d899ce2643d0f62cda0 |
| SHA1 | db6c07de7f674027b01ebf344ad42dcbbdb83e24 |
| SHA256 | 9433a580293750e369bf25142927f974c5a132f066efda3b4d13f594015284e5 |
| SHA512 | 4021c8bf083a60cd2983653bb25d9faf278dc9c592a324489033b0d6b6fbcaa5eceec20a699f0ba2fad59b562627f9aaeb170626c67adb8d09412741d73ead4d |
/data/data/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk
| MD5 | 848a0f6dee1f516e7ab7c03174370dbf |
| SHA1 | efc3ee3430b0636d09a870dd0f5b0046f2d3208e |
| SHA256 | 324291e648daafc5a213e3535ee76e6ec9964f7d6c611d301eb671f53010d517 |
| SHA512 | 5d154fa6eedabc9fc500c8b7645e780c5668789ded96599cffd2042fa1584c8913eb063e649c0d86e26496d57ac03180560328978c6661aebbacafd600c0b9c1 |
/data/data/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk
| MD5 | 31b1c9c7bf5548dbcd03f35e01565b46 |
| SHA1 | 0c50f07520a40a0db28e6439d4386fad47ee1b8c |
| SHA256 | 1bac6e3aa07a0fe1d29316d93dad4f3d82bf92f761971b61062a24a48296769a |
| SHA512 | 56ab20a59808a11a4a0c5408380a301d0887807262332671f3cec8fe8d5338f360edbdba7fa1f3c8d3007888706545927126266cb98713ee21017fafa2d999d7 |
/data/data/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk
| MD5 | 53b5892acd6483e96ea19addcfe67da1 |
| SHA1 | 9225a1b634136a74852dc556f38adae3a9b98530 |
| SHA256 | 55c5682f6b1046c58d71239118e34ae39c478458077855ea138472fe15972db5 |
| SHA512 | 1bdd98905c1083aeab7f8170afbba375928b6d979425eb5a7823ebc496639380e677a4b4149cd9ff8e65cd1e1234074fc2b2770b1f956dcf30150e2f6b8549a3 |
/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk
| MD5 | 8e9a5c92465e7d192f28d65134a7e8da |
| SHA1 | 82263bc635eef4733cd42c24505d22716a3c3544 |
| SHA256 | 93ad58103c7f502d0f52191dca17572b045623fc95663f31e29ffe5dcce7aae3 |
| SHA512 | f7caf2fc4ade3effca5a1781e0c543859de277a06a951f13e0f0c7e17be597e199c3885293365df6cfaa1cfe9135be4215ff2f107a1f1f5aa2de5e5011788ac9 |
/data/user/0/vz.com/files/mmplugins/plugins/CommonPlugin-4.4.apk
| MD5 | ac7578e110e8f77a576a6f17898543b2 |
| SHA1 | ebe4729a430b96e3e6ceb6dc0c45f09dc09d8192 |
| SHA256 | a1a714988061aa11c89b66d6953ff6f1c624609929e76d251b0651499920e54d |
| SHA512 | e4390b64e81548de7a292941be26232716fbb5e57cbc130c0a8eb40b18e49264883f8239c3d5a768f4a1d7fde959fb491daf0dfae9357197003375b9c8c42441 |
/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk
| MD5 | bc2187ed7449fcf95c4a3ccee26ce0d9 |
| SHA1 | fafbaeea97a4f4236c9ce0204cd3996b17e2b587 |
| SHA256 | 02ff817a82b417072f303e57fcb517d7f1f17807abe31744c8acd5df03c1080b |
| SHA512 | a11b423df7a7b2190f43ee0828d3d59d03eb0d8a3def9c4a0349d3e84748433e15cea2c05baafaf4112b6b7ee733dd46d58d865a1d995e09921613f1ed8bd66f |
/data/user/0/vz.com/files/mmplugins/plugins/BannerPlugin-2.8.apk
| MD5 | b5a6b81944a05a45841cfd1f5cc790f4 |
| SHA1 | 85fd03f01447f0043bdb8e08628bf4806bd9a164 |
| SHA256 | 6ed1e68f8cc6dca011ec16fa2b5511b0660a75ee8a2132294c265f3a805bb700 |
| SHA512 | ee09a057f235df41b99ff39d0d74374754a03b724dd41d76ebd690ecc46b29624c296a2b2edf1f1fd0c28f43ee8d7bb8ebf0efcdb788d91c4f81b6e9783afb7e |
/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk
| MD5 | 2b9f1af0c5054c50c486a71e5d50a82d |
| SHA1 | a7cbe068d43045287876dc77ca0838762a433556 |
| SHA256 | ca97f3fa04706dfc6ad5d05a258b439f9d6b9af0aa024301c619cda459c3bf16 |
| SHA512 | 780954d99ad38edfc0fc89b5915741e11ba63f49d84094a1aa1c52b865ed957732275dbaa725cb07427d0d87f8d45d1bb57a45f3fd7475b14f4ca72d594d7de5 |
/data/user/0/vz.com/files/mmplugins/plugins/WelcomePlugin-3.0.apk
| MD5 | 2a34e1ad685e79e95d01f61c6feac5ce |
| SHA1 | 4927e639da999221faf902fc73b9aa6cbeae19cd |
| SHA256 | 0fe1689b29f0febfca2c8daf82bb16b15f13aa71f76da3100dd5673357e8af43 |
| SHA512 | cc7b80f058956aa0bef1609ef3e45bc54f3aa3d4128e2572e8e02ad82d2a0d89097b83a6812be0db0c0dc28257c99acb019fc03b89948015283f4c2413bbc5f6 |
/data/data/vz.com/databases/smssdk.db-journal
| MD5 | 87635f87c8d623f8d928dae5b210a5a6 |
| SHA1 | a7ad5f662d732729724911b2f98999a357f3cd4a |
| SHA256 | 30df7efa625894ba62ce40ae2297d098a2191323e0e7394311417c8b2ee05ce8 |
| SHA512 | 769a21e388a17fd2b4c27ae1227ba8d93b84fc609059d4fb467f73de0f316a3471d15bf3779c186f93a7372bfaa933dd5ec6d5d297288c8a5fcd0753b2aba294 |
/data/data/vz.com/databases/smssdk.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/vz.com/databases/smssdk.db-wal
| MD5 | 5431f89d38f4497a694ea1d809c571dc |
| SHA1 | 73a544ce700a83ae40eebebd1a991d95c5a1ace8 |
| SHA256 | 6fef2e3ef42223998cb897c10528caea2913c0153a4bfa6531154df723bb7853 |
| SHA512 | dd471bce5289508ce7ac763eb2096eb960c722185ba3c07dd23a06927a915a1b376f87805018b2206fc76cb9d44537e380d02641b92adcc8bdb1df1ce2ca3dee |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x86-arm-20240514-en
Max time network
140s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.35:80 | tcp | |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-20240514-en
Max time network
163s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.16.226:443 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-03 04:17
Reported
2024-06-03 04:20
Platform
android-x64-arm64-20240514-en
Max time network
134s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |