Malware Analysis Report

2025-01-06 08:02

Sample ID 240603-gdspcsef73
Target 90b6eee861f365f727a35bcd787a6e10_JaffaCakes118
SHA256 823c292932584826ac0cb7e01c90c9fa498a1dae385e948f9d6e39f8deb6e0d3
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

823c292932584826ac0cb7e01c90c9fa498a1dae385e948f9d6e39f8deb6e0d3

Threat Level: Shows suspicious behavior

The file 90b6eee861f365f727a35bcd787a6e10_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:41

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to add voicemails into the system. com.android.voicemail.permission.ADD_VOICEMAIL N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x64-20240514-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x64-arm64-20240514-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:42

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x86-arm-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:45

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

182s

Command Line

com.excelliance.dualaid:olle

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/main.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.excelliance.dualaid:olle

com.excelliance.dualaid

chmod 755 /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

chmod 755 /data/user/0/com.excelliance.dualaid/.platformcache/main.jar

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excelliance.dualaid/.platformcache/main.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.excelliance.dualaid/.platformcache/oat/x86/main.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.excelliance.dualaid/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&

com.excelliance.dualaid:smtcnt

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lbcore

/system/bin/sh -c ps

ps

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

com.excelliance.dualaid:lebian

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 mto.multiopen.cn udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 log.multiopen.cn udp
CN 222.186.57.209:80 log.multiopen.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 log.multiopen.cn udp
CN 222.186.57.209:80 log.multiopen.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp

Files

/storage/emulated/0/.com.excelliance.dualaid/game_res/verinfo.cfg

MD5 39cf6507b64743565f0f89421e581189
SHA1 bf885497d87237fe52345c280e5f03a7f2c0720b
SHA256 1e8540fc4ea9b9ba1f3ae495b8d0c9e4ded10b2afea8fdbecbde28bdbdca93f5
SHA512 51d53d8686b17577f2dc48b2a4339fc52a10950915e7ee4e7404bc1f037a1675b00a77ca00f80ed5aa0baf3d9c309b59a20f2d544eca32dcd2dc80439a916c95

/storage/emulated/0/.com.excelliance.dualaid/game_res/compVersion

MD5 ad529bfa04c840a029b5828cf7b249a2
SHA1 f913d8819eaf0c32c44cfeb7548f0f4da7c8718b
SHA256 68eb1d90a1ebb54408d3d33c1ed34a1482d03c6bee419c97f5c0428fe5f4f111
SHA512 d2133cd7cc233abee82311919efe5d6611c8d22481c77e4dd7c4eef864a5d812986e48841e329bc42e93c46825b3c91288be01842805e7e71c2adc536d77bceb

/storage/emulated/0/.com.excelliance.dualaid/game_res/verinfo.cfg

MD5 a6d5236ee3f3246b794f5e0f1e8affa4
SHA1 d221274406ae1360c90a6f6094dcd81d5de47b2f
SHA256 91044e749d0f935fc226de42a992d650dd5c3afbce0114c581b3dc36d0e49751
SHA512 68cef18ef3f56cdbb25cf2e7141fa89dd746f0f69bcd6c165aa4eb8a90b0b32401b2e7ac3675f7ffc5d089302258f7aebec04c4015aba62e8e21cf307502461c

/data/data/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

MD5 0801d3ae0228500aa71660aff9a97d05
SHA1 17ce8a8e3c2debd496f63a1c0f8dddda54aa409e
SHA256 b545a5b9cd95bc7f19168cc7142eb9aa5ebba2b8c077f23a1f594de64dbb3d49
SHA512 4f0a90d0b8aa43ec80f3e7684acfd666e0503c29b198cb3888fbe6c756806747087a19caeb985103265fe5d9f94202a0f2bbee9beef8400814992423e423357d

/data/user/0/com.excelliance.dualaid/.platformcache/main.jar

MD5 84503799997e4d5bd86c0d0b5e7d51fb
SHA1 2a000686637a264c181e6643abf5c92ccb28e223
SHA256 897fc1c8d9d82b42f886be83a838ca470e44d857362e8fb120070ea721c6fbc5
SHA512 db1c9b5ce2cdcd7fc8ac37a7e48cf340be69bb7174e8c228bfcac497bb548f6b95a37df5636c011e66208316e43e3c26bf94ffb05095e146c09c8e8e39eea948

/data/user/0/com.excelliance.dualaid/.platformcache/main.jar

MD5 8eb93f838d6caa7bc0137c41a11ba3dc
SHA1 ea9c530772ed64f39ed234c74734dcbf9634a785
SHA256 48336f8fbb2e722262c9d7cf89b866149880d98dc65d279a94495064a1b7345a
SHA512 46384d1c8c6c5632a3ba534225a3d3f5bbcb6faacfa9a32b5b99810bcf646b5a72b756246fdfc414c96e0e774893f10e99d70c813f1f4603e05d72fbcf0bffd0

/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

MD5 959a7f62ed2c1d8c66fa175971aa40b4
SHA1 24a2556673e8d0c44ac331ca6a41ed925b7d7e84
SHA256 50a93fff3074814bac21d003a11bd25d08474d818533efea9d4164fd74a5960f
SHA512 ed29dc30671a0089f74b0da3f81b25efe956e75218e36b7b452b752df5be2f77a693f1e3725e705a12dd80b1bec15288a7fe2b3f521a24e5bc7b58e90cfb0361

/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

MD5 d5ceed5a549045a1decce16a25228511
SHA1 334ab52c75b9c37a7839460592bf7bdd77f9e03d
SHA256 cc6c7092ccab4a79ab44a307c9f658ab940434de2dfe4331c079a9d5ee02b5f6
SHA512 db4325cde0b3802d3aa5956eef50b595bd27eb90e807332629574e67361ec09bea4e41e649644b492f2c44890f6d94b7e5507afb9527100cb0f501b7eab1814d

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-journal

MD5 a3dc9b5d68be7030eb922ec12ad32038
SHA1 3947c26297d549a61c90204ea1420c63178d88ed
SHA256 8fd63185109a1165772c8918a83b6f90e8402af689cad09ca1e9b6bf35428a1e
SHA512 02bf37de9c6470111be27461c6b30cf755e4c543811dbb86e29fd7794a0d91274839908718df98b2eb9af8e525d87ad2c97515e38398688a8e285f72c151ecef

/data/data/com.excelliance.dualaid/databases/lio_statistics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-wal

MD5 2200648be2a78bbf485ead2dea013768
SHA1 6bbef9acbb2d8435ea8ec2921067ca42ed82d21c
SHA256 4b36e8f4889252da9823e6d2d83d8fb556397d36b12a20b271b07c81624f8538
SHA512 48c1379753540310e87b0b3c966bb8f4c4a704d03397105f7b2f3331ebd80a27e18f13cc04c7d7f37c75583c7a4fb8956d606377186ba93f7c62ea5933eb4c32

/data/data/com.excelliance.dualaid/databases/airpushitemnew.db-journal

MD5 fa2e284656602a5f792eadf9cda7c3a8
SHA1 b05c1f78ff305673d9c5e55dad11c871d8a8a5c2
SHA256 6da9769ef23feee9c2fe4148f8938a0306dba5b071fc0265c3dbbed3198a95a8
SHA512 3cf46227766b975a495f538f84f5d8987c3821ccc3b20eb6aa99c1929a7acb1949a58aaf2b236f5d6aa3de846a2eed4e7383f4b3e752a926d81d5f329d9a6522

/data/data/com.excelliance.dualaid/databases/airpushitemnew.db-wal

MD5 87e0fd46f3ca1517397caca10b485ed9
SHA1 df6bc53615947438d03c57f60cbafeb07fb7cb93
SHA256 ff67d18474f74fe81bfd7ffd976535924a261ac18e38c9b172394c9415fbb9f6
SHA512 ae156b55f5d14c10b1453f995af1c90ece040cdaa194aa909a4d4211e1eaba5fd665f88507fbba92d721876166a4dea24b9cc559475ad820427a0d4c7fd3f34e

/storage/emulated/0/.android/.systems/.idcard

MD5 752fec3483d673795815e49066004b6e
SHA1 8c68c64850ee5b8426f2e0412583ac24d73df9e8
SHA256 3d6be975eaf69124f1531293a86df51eb23d0159beb89104313cfac3429803d4
SHA512 c337521dc453e280c4ef23385c487f0a6acb467de1ab3f758d9044155a37de5c0a4078e4fddf93f5f1c77810f572fa0be17b34b4cd31c80db35888a11c85dd0a

/data/data/com.excelliance.dualaid/.platformcache/lib_kxqpplatform/libkxqpplatform.sinfo

MD5 d89474c184f19328d7224e26c9807080
SHA1 0edc3e86d148b08431c0d3442d4d009e7e6e6ea7
SHA256 5bede343abdd4ba563f066ac909359089ec0bcedb3ad2b52af25e077ea764c49
SHA512 1e2221e7d2e9893b77641c0a44ec1b0b1ef352456098a63c1d491a3922340ab07d332a27fce50719837f2bf0692ef4e2202e66a9bcc1788c844cec30504886ab

/data/data/com.excelliance.dualaid/gameplugins/lb_packages

MD5 7a38281cc6a78cbe8cfacbad61f305c3
SHA1 4cb5482c5900a51f7e87b69dff5ca8980c1e1aa6
SHA256 d041845439f0abd1099676e99e2d23e6cd9807777136949c96257dd8df1b15a3
SHA512 417db05e535872b8118540bb61266bc5908e87f82b0de056473506684ccb792c2a34b397c1d7f3c9ed3340397f2876ce7500e61324852b5c4ba0aaa840e2af05

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 05:41

Reported

2024-06-03 05:41

Platform

android-x64-arm64-20240514-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A