Malware Analysis Report

2025-01-06 07:55

Sample ID 240603-frjg6scd9z
Target 909fe9b6566368980d5b58f6c770b312_JaffaCakes118
SHA256 710fd074ebec8e98a11121e6b4727f97fab28c77c72df327764e27d59cb73863
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

710fd074ebec8e98a11121e6b4727f97fab28c77c72df327764e27d59cb73863

Threat Level: Likely malicious

The file 909fe9b6566368980d5b58f6c770b312_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks if the Android device is rooted.

Checks CPU information

Checks memory information

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:06

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:06

Reported

2024-06-03 05:10

Platform

android-x86-arm-20240514-en

Max time kernel

15s

Max time network

185s

Command Line

com.sdgd.fhdf.hgf.jgfjhgf

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/classes.dex N/A N/A
N/A /data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sdgd.fhdf.hgf.jgfjhgf

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 udp
US 1.1.1.1:53 www.houdau.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
US 50.2.64.219:80 www.houdau.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 1.92.77.21:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 _psis._udp.jpush.cn tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp

Files

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/libjiagu.so

MD5 015df5724b50b4fbc6dd0caf7ccb817c
SHA1 980780e98c9958aec97ab7a0de8d28a4c5fd9429
SHA256 183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6
SHA512 fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/classes.dex

MD5 9e2b2ccc85f0f2b9af1a48bd6b9c12e7
SHA1 3f7e1066f58bbdf758f8d92b997a1bae90067b60
SHA256 ef84a12d85fa6e87e0e637610345e568b0d3c64108c1224363eb484388dd82e5
SHA512 85fba25262fdd4a26a62181be1494e57b8d4d9fd0795c782453757d266ba235fc41d10915480334cd8b60651e33310efd4cd4ae26b67550bf98dd13227c3619d

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/classes.dex!classes2.dex

MD5 dc26a3e9649e4aaa0fc93dc123ae19dd
SHA1 d4924e4967cec1841fc00a7ade94091e7d31c415
SHA256 c85e69701fc4f3e72cc1bb8f271947b5ee7efbe753eec87468cb2f08b02c7e58
SHA512 f6fcaafd425f1fbfc0dc1326f606b2970c219d11ac599cebd3d25fcd89be8a2c6b17cba92bc353c42b38976412c707fb46463db64b787e162b4c9f9a630fafc7

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ri

MD5 9f3ea48bf1557b0465e553b362a8b04a
SHA1 44bbc6762acf7541d7c88c890f7977634903d665
SHA256 21d4e2c1369759034662760721c4ed1d54d4ace03b973e32ea0271dc1b624016
SHA512 44a4d055bb13120f1f4b5de6aacb67a32eaacf1775ed7d2773e1afadd0cb273dbb02ae386037bf23d5ffcd039cd309d06fac2136db75735b5d6bcabc7b13b380

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jiagu.lock

MD5 6ab8cb193f5f519bdb1aa92970705c86
SHA1 cabdecdcfa4e21600240e23f2647279eca10bb1c
SHA256 892ffd1924ce1995bcb7f0470b8d861a6bd1560e404411375fc2e290d9ef7ea3
SHA512 833c3b1b55303bf6c9771085491c26f115374cc5cde1b6142d47dba14a373536789f8413ca54ba2cab42e88b79073e8c70a5b7cd895cce134dff0c4071a977e6

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.rd

MD5 b52b94e39508115f06019243990d4d76
SHA1 f6ae7b1634bc54d9d89984eda66904f4c0f8183a
SHA256 34d4433e65c5619f52e7c7c725219962240b5bd5aa51c31c7cdc0dcce8b04731
SHA512 cbaddfdbda37c340f0da8287bf7a16aa72bfed05a366c4add4a747ddcb5891d0d55b246f59cadba4c4844d8651232ceac730ed0db1b99a1604d4b30d4215b4c2

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ac

MD5 1e964257def4e4274a043302e4b51738
SHA1 19866ce168a97162a61b5eb7c4d61112ee927b42
SHA256 091b654b953fcfea467a9f4bba6cf2c3e4569ddd818a53d779bdf57fceeec66d
SHA512 6fb8057dcebafeca6c18c364c642e6153a87ef4abf721a45a7bdc8c92753798231e3b73e4b5d5ffdab80ede6c761fa9a589864fe141f2a1b75ee6e735bdd68be

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ic

MD5 9f627cce55a34be27e4e407e136ced77
SHA1 80da9ed83e74f1bdd5869f3d67d2596e488ad50b
SHA256 1f46d12f4bd35093eba5db63f4b5ab5697110b288e2e614c8bb9754135293530
SHA512 95b3e23a0aae3f342433d522558987af0af70b8629193807a55346ea862fbe4a1f78d81c2e8d7a2d2a98ea2b1fe89f4b20167dff1f4d77095bb9814d64de4f84

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.di

MD5 ec5fa0387929d86fe1c8d09297684786
SHA1 ebaf715142c4a145440ef4e3f9092d41724fb9f3
SHA256 1e8a59f421e053220955be8fe1f1b69b62d4d5f318f2c8b029b7844ee75971c9
SHA512 07c87788add359dae420e563fae70098328de75ed1be2a1004c6c84bc00e840eeb7fe486e08a7a039135e49b2894b685491cd9f39b8737e144d98a183c733069

/storage/emulated/0/360/.iddata

MD5 899fcb147b70f5c9639fda5672553b4d
SHA1 863f4442e29bdaf7da00c0faa8240dceaae6e336
SHA256 7dbb379ea38163b835cae7262a9286fcbfb506f67388714634913e729cf0d931
SHA512 f0a6c84fe2424f376723615cbfa2ca92d2f9493a2a04746e614b600c066a83bffda5161a2b94dfa7fb563b13250b2e92f6300b250634a0f162756e3f98f2b402

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/data/.push_deviceid

MD5 b3c2fef346cf5fbd41306d4092bbd87c
SHA1 906ffb0ccb9ac305e2416519317cd89f127994ff
SHA256 a4215fa6168c1d66db69444fca4b4e1337d29b19321bec39293064d83881aac9
SHA512 0f1c767c4f0e9bab2a1c32147e14bf7f96f680f3276048b18ba1652873d253d57cca21ed7ee00745f5d5d72c3e2f210638f8cf8bb4a501b579d5862d437441ac

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 61322abc3cf76de47d0452662a87f9f5
SHA1 d1c61b0225b373cbdf8e5d3828e30115d597b018
SHA256 cd6ce43823272ef83915d04b091b20ee5222979e7b21126e62ac17487d7aeca7
SHA512 0c7e8996af398beaa5dde5508f1cf28302e730496965d19bd76c26d2c91f9e9a9b44c596412ecd7b2f1ce737f63ce3ca218a5564e27c66ce1ab7427c9fa3b964

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 53d162127e0869ab3b13141e575334dd
SHA1 39762d7db4fc3cad8c646e1e9e04c7d78c64d946
SHA256 584fab277aed7135b036abff515a0787d549f64d0d2686d60d2e073509e39ffa
SHA512 b1e3054ffdfaed35da441e09c5d8b4ac9f18006fa59f36ffcdf5a80a89bb78d61cbcbfdc957b48b578459127aa647a5dee90ff6d4a519020c4e2062bf2984a18

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 bb84856250f3a57eb1f210e363b40445
SHA1 b2a1eaf4e7da312efc74096a6322c4f0dc4eab1f
SHA256 6c099d6c5d0b951a16090dfb3c2f19dcbe2d52fe6f25ef72d02e4704b0fe9d4f
SHA512 2307aeb112cf1307b727c31f086a3d9763154e53b17490a1dbff2d4af9e883dab272c701b03eafdc3e6b606a003561de2737ccd94edec2474cabfa70434cafb1

/data/data/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_uncaughtexception_file

MD5 db2097b6ca1a2eb19d22ed16e4afd0a6
SHA1 611bbb8680722628af744bf188df32d838302365
SHA256 3acfc3ff8121683a41d88bd1f9a472ea28e070a89a63b7e8cc847f4ed15562f3
SHA512 7ca39ef79222c5921134a98b29c93b2a3be295d3565f215a246454f70bf20cb65d7ce1e7c333714830cdf82972b77f0c439cf3bb039fcf783c9839574e87e729

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:06

Reported

2024-06-03 05:10

Platform

android-x64-arm64-20240514-en

Max time kernel

11s

Max time network

186s

Command Line

com.sdgd.fhdf.hgf.jgfjhgf

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/[email protected] N/A N/A
N/A /data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/[email protected]!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sdgd.fhdf.hgf.jgfjhgf

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.houdau.com udp
US 50.2.64.219:80 www.houdau.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 121.36.193.140:19000 easytomessage.com udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:7008 im64.jpush.cn tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 110.41.162.127:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 121.36.193.140:19000 easytomessage.com udp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 110.41.162.127:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 121.36.193.140:19000 easytomessage.com udp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 110.41.162.127:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp

Files

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/.jiagu/libjiagu.so

MD5 015df5724b50b4fbc6dd0caf7ccb817c
SHA1 980780e98c9958aec97ab7a0de8d28a4c5fd9429
SHA256 183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6
SHA512 fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/[email protected]

MD5 9e2b2ccc85f0f2b9af1a48bd6b9c12e7
SHA1 3f7e1066f58bbdf758f8d92b997a1bae90067b60
SHA256 ef84a12d85fa6e87e0e637610345e568b0d3c64108c1224363eb484388dd82e5
SHA512 85fba25262fdd4a26a62181be1494e57b8d4d9fd0795c782453757d266ba235fc41d10915480334cd8b60651e33310efd4cd4ae26b67550bf98dd13227c3619d

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/[email protected]!classes2.dex

MD5 dc26a3e9649e4aaa0fc93dc123ae19dd
SHA1 d4924e4967cec1841fc00a7ade94091e7d31c415
SHA256 c85e69701fc4f3e72cc1bb8f271947b5ee7efbe753eec87468cb2f08b02c7e58
SHA512 f6fcaafd425f1fbfc0dc1326f606b2970c219d11ac599cebd3d25fcd89be8a2c6b17cba92bc353c42b38976412c707fb46463db64b787e162b4c9f9a630fafc7

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ri

MD5 eabbba7bb17f43746bca96acf31c862a
SHA1 d5de42943fa25d38f59b50746250d34c7091751f
SHA256 c1ed922122ea7afb92e59c4a405f0f56f76a5903af15315f7f224762e8036c37
SHA512 0125a199cc9720d811350eb55d6e883ba99f673369350a506700e2cff4c757aa0f717e8555b81c3c4a7762af7e04b9158c9e1a04646add252fddf4ceaddb3395

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jiagu.lock

MD5 410ab972d2b06524540e7bb030099082
SHA1 c37f8809b133fdfa6f5e2571525e5d77788597b9
SHA256 f2e0f1f47ab236d73be30a4bb4a73af480f779cbebb20f532af70bd0d8050a8c
SHA512 2684187b9940b2129cc8d4a36f7cb1246cb296d3ae680a362df6968b3103f4383c18dacabf3f321ff01c0ce947c102ccdc19bd031cecad20e751b4ce52559656

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.rd

MD5 7f063584aaa94e312b456bd3f1d05273
SHA1 8d3a1d1a8fa653e13050bfa22207129e93714126
SHA256 5d95af42231bc6c6be8d514d41dcdd8a5a9c1e20c139897e88f7096e4f15af93
SHA512 94d30bab405dd50cec9aaffb6c9966916eddfffc9d6e5cf0a24e80eea72495f94fee6d42ea8df25c22500c261ccb79a72702d9de4f1ef4b781ef5c0a5500d40d

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ac

MD5 1e964257def4e4274a043302e4b51738
SHA1 19866ce168a97162a61b5eb7c4d61112ee927b42
SHA256 091b654b953fcfea467a9f4bba6cf2c3e4569ddd818a53d779bdf57fceeec66d
SHA512 6fb8057dcebafeca6c18c364c642e6153a87ef4abf721a45a7bdc8c92753798231e3b73e4b5d5ffdab80ede6c761fa9a589864fe141f2a1b75ee6e735bdd68be

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.ic

MD5 9f627cce55a34be27e4e407e136ced77
SHA1 80da9ed83e74f1bdd5869f3d67d2596e488ad50b
SHA256 1f46d12f4bd35093eba5db63f4b5ab5697110b288e2e614c8bb9754135293530
SHA512 95b3e23a0aae3f342433d522558987af0af70b8629193807a55346ea862fbe4a1f78d81c2e8d7a2d2a98ea2b1fe89f4b20167dff1f4d77095bb9814d64de4f84

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/.jglogs/.jg.di

MD5 eeae268e1f5f61e4964e4ffca2894106
SHA1 f7bedc48e43d9e2f048e0faff07dc4275e6230b6
SHA256 49ca1d024eb7ac6714a7eb1e075092bbd0c54d1c92da8bac1152e3605c1f17d0
SHA512 aed67d6f8426d76c9b98f6c0e24f6a0ffe304515b8eae275a34832e5bab3cb407e4bc7922ec07897cfae191cf30d4a99d0feef8d83138fa8ff8b14d2d0aaedf0

/storage/emulated/0/360/.iddata

MD5 5563c44cf6b812dfab634d0ac0ba3383
SHA1 f5fc89e038fbdf45f377c0bd1646642df79e8058
SHA256 721078995a722f637ef2ef1d78a4ec24ad3b404f16cb284206bc46f981cbc435
SHA512 b43e36f137ccc3adef9a0649341f63c31f6f664ac6cc47c76caf70a98389c86fd785975b35878fd2e30a8d3e256dd4458d83d500404d857ca9293e243f7a0683

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/storage/emulated/0/data/.push_deviceid

MD5 1422e8198f6253beef42b87f320db46f
SHA1 2e3af3f9446635430f9d454ed7ffe68def307b38
SHA256 2630a6bfe73a7d63d8010d9ce0e30d38d2a8a8256121ca22ba61c8ecfcf1fa52
SHA512 b29100d2425a059f0dd9024009cfcadfcc2afd91a781fbdc5318d919cbed22b5512b3e587ba4e01ab78c075bb0e362131b2691799a5718198b12338d5f200536

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 454f11283e92e7a938c02027e5071439
SHA1 9d3616e8e2eca9d2e6de103859443035c812d582
SHA256 2fe033b2160ffea9088e1284eed34a9247ad89b84f4b5169bdedde2d012c22c2
SHA512 b07037d447265f8d8fa2acc7346c2d9dc5aea8f1ba329ec6956d7ea6fbd019e10798549cb5a3dbbab69bca8295c391d49cde536c203ec945a7356d82e71a47ca

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 325e8a066b187e865fd96d8944392f81
SHA1 1d5d6ecf9afb42c9060afc615dded54a1e42da00
SHA256 ccc606d58511b86fba19eea69b218fd6cbb0d5c72bd948c928a540750fa1c49e
SHA512 f364436d63fa37d3ff4397dc2cbaeee94f9388149f1bcf46b1612f48a02222b7517924a694ef6da19cf551047ac2514c7d1bd00ba743596bdc980e0988f7b848

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_stat_cache_history.json

MD5 735a50f8f939b2b7bd8cf01e86c6bbcb
SHA1 767c140e4e817bc03001c359664fc28f0f1f4ecc
SHA256 f577c566add7a52bdb292b357b90c5f62a42a717947ea9cb1ac91ee40cf2f551
SHA512 feeef5c98679788b8863dbe6456427965bc9f19e1c03b1cd90a619b9397a0abea7c9d5eab798a1de7efcb3b816a29ea02798708440cc77c2e865c754307b2a4f

/data/user/0/com.sdgd.fhdf.hgf.jgfjhgf/files/jpush_uncaughtexception_file

MD5 4accbadeb0eb38b38a532993e37b02ce
SHA1 2564d3fa32e59c0ff8d4abd114ff3ffa17962ba3
SHA256 e7a440938e387bac43b091ac1f3c1090e8d4af956f54c75b4fa70d1d68dd34f5
SHA512 369f5590025df7d69f4bd7e8ecbb570c8b6389da1fdfdfcd308ca8bbd3b8e49edee26c802b5f72e315ff73e21f2c9ff2dbc0ebeeb3deb5f7f30e5e84aad81f5d

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 05:06

Reported

2024-06-03 05:07

Platform

android-x86-arm-20240514-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.34:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A