Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-jaj9xshb98
Target 90f3a0c50f9c37701e6fec5bb19c1ee8_JaffaCakes118
SHA256 56d786fe29aa7bfe08663e684fb12909996164a2872cb5563f2d9dc1d35ae23c
Tags
banker discovery impact persistence collection evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

56d786fe29aa7bfe08663e684fb12909996164a2872cb5563f2d9dc1d35ae23c

Threat Level: Likely malicious

The file 90f3a0c50f9c37701e6fec5bb19c1ee8_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery impact persistence collection evasion

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about the current Wi-Fi connection

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Requests dangerous framework permissions

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x86-arm-20240514-en

Max time network

172s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 142.250.178.3:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.200.46:443 tcp
BE 64.233.166.188:5228 tcp
GB 216.58.204.68:443 tcp
GB 142.250.187.195:80 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-20240514-en

Max time kernel

7s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x86-arm-20240514-en

Max time kernel

123s

Max time network

160s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 11b9c74b17f6cf750ba9b993bd9b781b
SHA1 27bebc57573b1b96d939005e2f3f5307db8eec0a
SHA256 af2098650270f640b89b24eba402b0a439d39a436dd92e6b84e24d4225f2ae82
SHA512 62fdb89fb3b125d560d2baadbccc2c781e87f481108e7252441f548a75159e212306363b7e432f99a00c11756ba3f02a0a8d9e6e243d7aad844fae53b0fcaa3f

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-wal

MD5 9bb152eeae708ee4a5abd963df7bd8d4
SHA1 4e7108e1b28dbadba092a37798c95f6dc332e4ce
SHA256 06f30899b42c99ea7a2cdafc3833d7a3177d166236c467136ad2bd5e9f2a8343
SHA512 8154a037634ae2cbb8698fc4afcefd75bd9cf2dad523c2e9a6aaf1091a52c13154b081a308c219178d62a57288e0706732c825cbe293b4145c1f2170ea8075f2

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 87773dc29959014d5504a7fa01a3f2f2
SHA1 fdd6fc3be4f71c3867a5d9dd323f941a4c159f05
SHA256 1cd77b97c78ad2aa51597a1f119ec0927eb63081bc427691e99b3ee4bda0de8c
SHA512 517f3898c6ca9e38437ac430f5d24e7846d258c414b2178d3ae114b5751a6effd4970fc8291ba5f33672dfb9f1c4b97c82d215bbc95ef40f3ac181d688889bfb

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-wal

MD5 ff798ab16af78e2410ec6e1c7e78ae77
SHA1 1a398a4ce9e4dda57763ced84475498ed729807d
SHA256 3bf6caafcc2b292308d91db103a8229973e893b3d7e13accf7a3fb8d3b13dc77
SHA512 feb807550af51ade5d86fc21e4581b8acda5aa16d37326cefb40ad4652d55c04e6697ecef3ddd8a0268e7bb20576e6b61a3519d785cae1cdbdec9097e973b5a8

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 c44d700372d89b0ef1aff873fc090af3
SHA1 40eed2dc313889e0bb2a1cf236b5f43f3d4fc0bf
SHA256 d682405cf634f09350c5e9a90e86226cde9ea4102e3a161a03bb6de935b80a11
SHA512 258e5a2ea1cb9493dc7a0abcbfd9699d02352e12bea7da4865652a1704e2c2b0e1a6d68168ec7147b21e5e04fb4b9f2d473456405c482d8128a3f3263c059d00

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 c3b333c0d87d512470260cc91d7f4039
SHA1 1f97e766cfff8d43a445c121eaf72d5743a3ed6d
SHA256 d93073310984fc5d5b0c17cd6058b729bd369992f274228880964f0ba9ef4156
SHA512 eec6697d341d2cdb388a1a9d9e5f450f3875b8868b5e694231bae160f725249e8ba40919cc4f8908844a189926046292c7b84c35e87d6afa7b50cd6ecec13f55

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 abafb740fe52906b8a700d40519a6172
SHA1 71e3b0b866eccd53671acd6528a7b523ee8e4ff0
SHA256 9caf4ef084f55b360bbc8422cd4d329218b3f92e0f143dd56287dd1adb4d220c
SHA512 c6d111390b9da990fd02ba58d5b9441d1dd235d32091ab840def1b505293d80b5885354e0dbf7b1fb554a3845a8cc73f4b53bc7723af8a1bc1b6047f46e2c601

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 956965dff5c02c5a58e9eb6791ab8a52
SHA1 fdb5917d9f8b7efb8fac49646b529ea93fc503e3
SHA256 2810b191baf0fc8b4c516bae1fcd4978a7f6433049fb2c42ac2a4f68259b1b2e
SHA512 a351ffdfc84e2677ea6700e9144d293d17089b4ea9e6c9f44b1b8cd761df32b596065a912c08fba762f88a3e78571aaeb72495836401a8313904860d0956b870

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-wal

MD5 338a13f9d2ec804e1426ffaa515e5be3
SHA1 5f3ac01f77609330c44c62c72d73f0cba1106034
SHA256 c87a5d38c8b00bd362c475f1f5eb5971f369516c18f56420459bbacbe58544d1
SHA512 00b350c4d7104db7c819ef113d3bca2b0c5b14ab5cd038e8165bd100eddf2f54a58a8d62d1cab6418d94d8952488a8d39c2c17e5699e24732db5e12a8b725158

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-20240514-en

Max time kernel

123s

Max time network

153s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp

Files

/data/data/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 a1617db449645269c67c6afb15ea0234
SHA1 69abf25d15268b6ec8a582a3da6a7daf66f7c115
SHA256 ba628c4208d3464c1b75bfa582acd30e0ceb62209f072c0461d7c423cc60a9c5
SHA512 a27463972b19da284472adf57ca1ee14fd4067201ed50a3f0626fdbdbae5c4da353e228a102bd943e6c980b6a86f12f422f6aed9beb4bcef29184bda2e2489ce

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 8b98fcfb48ddf707159c829ddbdc3c5b
SHA1 eaefb36a0e09a623e75ded3b959dc9afd1065e47
SHA256 59f8fabfb23252ca1bfaa126ae9d337192e6c105a60ede20fe5f567782899628
SHA512 7fb2801d83961e0d0fad96da6fa3b1c8713945544778e1235b68afd60697c7d3940f6542cf7556a56c41f8dd5e40a90c3cd9102914092e64b581d0b15c890b0f

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 f017ee4362a8c3148b4f9e375594e542
SHA1 b14463f88ba3dc590b29ad46203114deffa4692e
SHA256 6e0587baa6af4b64ba4a39bb237b21fc7088f443cd1bb0163e0ebcaca5d944da
SHA512 088bbac8a3cb4bafc5b1e30be27eea4ca1055f61d1a9aead48d9b0edffd5edb4bc8d3bf115b010095871effda1b2ca27aa176d5492a4ff3180684296c74191c0

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 3aea12441d00b09249c62246e17f260b
SHA1 2360e37827da883ba1691aff6d4d28ba1e0322f4
SHA256 52e36991e04276b22a5395987f7e978b6104e095010076c476204f45f928c35b
SHA512 b56e7a1af14e8bcced09ffe8bd772f6fc49c0bd222c228ff5444e9f4bc60c01c6a50cb732f386b36b603429da2d7e7521ea01243ef4349620e5f0bde6d3df93f

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 975ce47b8cc163659be6fe4b9022a756
SHA1 4d6ad6a43bb86f4c8f78dade7d7bb0c69f6ed582
SHA256 582c89043b5f7d682f193fa330d5cc26c440227752643dc62d0a423e8c849b09
SHA512 5fd9c3e13ed9c87c89cece78f18811b8a88d488fe5319dec1cd4a1526f092c348b1a9d9731e9152c5cbbc1c10a4d03102bbabc06e4b140e7ca385cfb63ca8e92

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db

MD5 cab9a10c6b1fdd948cfc52d06f75d961
SHA1 f9aba63d5fdd0bbd49227824502e21b7870a1243
SHA256 76454b2ff99e875447542a27745fe67f7fd1bbddffdbfb459ac18546ab58b4b5
SHA512 0e7ab1496508179ce88ee45fe49d39672190fce5a785bbeed8e0031fff14c9e42a7ace9fd60bedecf1c2562a05e82e12a3814cdbf8fb5dd2f11a87ee42fbb8f5

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 6cc23af35ed9e0ab23dd74eab5d60959
SHA1 dee7af6132026e56a9b2fb39f949a93175a20022
SHA256 34a34e224d45b93339b55383abfd31aaa44b4449a258fc6f48d0640e64df1de1
SHA512 c77b237620b95614cd7a8c996bc7dd6d73c645f3a62c7f1b092ef73542163728dbfc4ea3e61ea03b27a4861b03edc8c25680d11121b8c9b55660802bd579f688

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 f7a19c562129d0fde3039f9b44059674
SHA1 0baeb815832920c6cce2dba5dd593d57b2436341
SHA256 4a17c4a135323215b38651af510df1ede789c9167c5534c8130b67e2803b5105
SHA512 181c28687476923cf9a2576e4194c5f3af27a72f538e97c2021e7f59c7bb8b6fd9b4f55a338ce463a30c4897258f052793f945bd0fc7e86230f5bf25792dbd3c

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 00d8d9a4e6df22244a6c427365994541
SHA1 275bea1d2a04baa194fddb7f7047a9e03ffb7c9e
SHA256 b774fb13cf9351e43757b8e926e0f2adafe7c88fb360c7acc59f6ea3ed023b16
SHA512 da578e67a90950c24147560f78d31021e6bafb06b88f838ee9c46aba1481996269916d118ae7c6626d322d09ae2ef4bd7cd1d73ff410fa77db7e4c6fe9d9595b

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 d229d213784a242996a41d305c03a62f
SHA1 8fe619d5a0a24bd2d2ec30c4dfc05c4106e42aea
SHA256 a59e62af4cde16b955fe3db695310f13a885c5b0d767b50e7820adadc407267b
SHA512 d0c90ead46ad35ef1bb3fe5b790542fbb27e00e9178f4986c804ade69e64e0f5b5a3d755100babcbd4e0f2fd947d453e1c542db76152409f978fafbed07dc96e

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db

MD5 73c3bd154bf35fad6b909e8da67443e3
SHA1 841c18c19602d86874a59739ae408338bcd3050d
SHA256 3a827ab548ed10797e28d4380d67236fce431e77dd4f4e4c6406480178afccd9
SHA512 f22abd2a33e8684f3e8487b36e0e2a37f50760fd2a8291689e662a71b2e64c6b07993585b31a511b118dd66c043b4506abfb34abba19168eb911ed749f711036

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 b5e2faa5db9e12064b5bb846b97aafc0
SHA1 1126f2f2055f55193e57862681b96f9262117557
SHA256 3de7d6641a3c56d818138a2c7ee0adea90179e14ed300301fe145af85dde0a8e
SHA512 aa626be9a563f6dda8f00ee38046b0039ecfe9fb380d6ef54c48643dc1ff9fb1b3de592f1b47954c6b387af55c37535a133b9a8e3e8b039568fb2ce4ceed241c

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 0c4b8b152bc87739626090024adcf7c4
SHA1 ef7602463c7492bf5ab7c0255ed07a7646ae9a61
SHA256 da893f99e70513651ce45c754a037170a4c9d9d381e55a80667057e3efc901a2
SHA512 372b76279fb4aab9fc4cd14f75aee7b0ee55efe0a4ef456edc5eadf1ba9bfb5a2d247e94ad11305193cf967c6e9f893b39224bcad07de2a17447808a58c1149b

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 c1a22871af7306c55fc3487b8b7f079d
SHA1 7a53ba34dedecc83d04a2435c7dc00d21b1762f7
SHA256 b6a81b9d7fc0eab98161b37ee99ab02a749fbc8d84da182d370ffe7b8ca8a826
SHA512 e5983f50d424d495391008dcd9bb0b41dc228c0e1ce80d8273aa8624ab42787248fd8fab2531b47e0d3349786737694cfd4f89fef6ee4fee06532ed539fcbdf1

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 9229e47396b93099521d86081286c56f
SHA1 a84bc4d9abdca29454058c4131e078ced0156531
SHA256 4e29124807d18d1257a4e7a9b98c0764fa8d197bb4d3519f70f6b831e6f11f5c
SHA512 e4bfbef2d55313c3f5b98f858fd37499f4a46eaca9225f7b2af617915232fd19783833ecbce277758d2e7f86080839565690837ff6ac5a069b27d2d8512748dc

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-arm64-20240514-en

Max time network

160s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 yflixixfr udp
US 1.1.1.1:53 lyrgvfavtc udp
US 1.1.1.1:53 pgplesabopgbd udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x86-arm-20240514-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-arm64-20240514-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x86-arm-20240514-en

Max time kernel

9s

Max time network

141s

Command Line

com.yifeng.yuanqi.mi

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yifeng.yuanqi.mi

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk --output-vdex-fd=68 --oat-fd=66 --oat-location=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 zeus.ad.xiaomi.com udp
NL 20.47.97.231:443 zeus.ad.xiaomi.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 f1.market.xiaomi.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 file.market.xiaomi.com udp
US 152.199.21.175:443 f1.market.xiaomi.com tcp
GB 104.86.111.137:80 file.market.xiaomi.com tcp
US 1.1.1.1:53 f4.market.mi-img.com udp
US 1.1.1.1:53 api.ad.xiaomi.com udp
GB 104.86.110.59:80 api.ad.xiaomi.com tcp
GB 104.86.111.137:443 file.market.xiaomi.com tcp
US 163.181.154.233:443 f4.market.mi-img.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk

MD5 bf0be21e40885f5f682349db415ba2f8
SHA1 823bcad773983ab798565f7b64b95783dce14d80
SHA256 aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb
SHA512 3c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81

/data/data/com.yifeng.yuanqi.mi/databases/ua.db-journal

MD5 5a474a860f670b3d70cbd28125b2369a
SHA1 fa342677a3686f002fb7b7a2219e647f4bb2fa80
SHA256 52b2077f689bb2b61a548e53fbf8a7120b9c7da5f942921462d55d4fe306e01c
SHA512 187f625703c866fb310d971ab0d54f8e86b81ee05aff7e800cfd3d98da2da85127fba4eb4f90049b99490570d5577bff76a63aef43dd22a29e237ed6c608ac0e

/data/data/com.yifeng.yuanqi.mi/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.yifeng.yuanqi.mi/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yifeng.yuanqi.mi/databases/ua.db-wal

MD5 c821d5d4205c6a7c9ed1955fba34da3d
SHA1 448a22d9a993b97dcb35db4458eb8fa278811c9c
SHA256 551a3d1376b0e2c5742b7790b776696815e7d49f3bb3a69366660e680f51c903
SHA512 95fbf1e056ca8d2cec3670d9d6a278933367f75a5e53448e36121564f9e5bf0300e8984e58b6ba58899c05aeb6aca2056808e1a8d8f59a9d13d68f877a86abfe

/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk

MD5 5a15af670a78139158914e6c23a74dab
SHA1 86ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4
SHA256 454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2
SHA512 b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d

/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk

MD5 373141c85a02e8dbaf4f18ce2a1f8ed4
SHA1 aa9afd7a48a9764edebedc6b990a66fb00128b1c
SHA256 836547e33cc5bd9c234b62cde28d530929c49bbc396313d136c4ef3e3661f9b3
SHA512 8b26e87b818b9369d18a1914453a6af4540dbcef22401b07d71e309f805aa7abf3ecdc9344895e1d807d663c03a095927979beabeea22d4680028e72ad72f77d

/data/data/com.yifeng.yuanqi.mi/databases/ua.db-wal

MD5 7fd7c2146d04c2d92b37f21a9e566a71
SHA1 f268b2e4a512d7a28593bec295cbfbf794ddf6e6
SHA256 bb2e834334aa2d40f28890d541b7bc8c19905cc7d4d0aaed9bee3715a67855e9
SHA512 f75efb27675e5e4037571e9fbefc18b85e4ae9ec0406b3d7f2e63cc424fd75ab03732f8c6248715fbacc06b4e5b6421c4d92dd6d57aaf868dff4aa163b1ff520

/data/data/com.yifeng.yuanqi.mi/databases/ua.db

MD5 4b39ea438e5349229ae0310b37cfbfa3
SHA1 93e6ce8ef35e92eeaeab98cff8f0fec0d70da8ee
SHA256 724e9a265dc9ddd600661fdf1d4ab5b24f717bb17b2d1c0bbc31a59eace6f15a
SHA512 15884d119371ab9bf82c708a12633f9bd3f603f0023a55f0b1bfbb9db18113034cef7b954c5c579324f7925cd7c56cb75e5b03f85c142f9cc0d808fde62b2f83

/data/data/com.yifeng.yuanqi.mi/files/umeng_it.cache

MD5 bc2c1eed988ab6707ae8f1483973d563
SHA1 a8e2e53113763972115e2aeb8814330b39aea20d
SHA256 0f0a421df355dc9b67fb88ef933d914cb09ecca23e02c93f3166eb77081bfa02
SHA512 a3980d305807d4285b665e7f6274a5b0611ba2b7d43fab43105cea7a4fbad891197fdad124d6b240fbcfe80754dd78ff6fda7e1a478b34cb3c49ea06118e15e7

/data/data/com.yifeng.yuanqi.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3Mzk5NzIxOTM5

MD5 67655e2686e23465a76a23c865af1d94
SHA1 7b076e6f05ffed7a469090a8a5bf80d8d5088df0
SHA256 fac56dd572eb6b007ec3ef6c83880c2f28f4290a523c201d31f570561fd87709
SHA512 d23f657707f10e99c6434d9d1d0671de572fca5320eed165f736d9a8f29c0e434b3c7f60d5800b4230bd7d412869c8505080cd5f23115b258ba7acd0710585ad

/data/data/com.yifeng.yuanqi.mi/files/.umeng/exchangeIdentity.json

MD5 1953b0d4981c7ac399aeaa0abde1492e
SHA1 3f9d8fed76dce79f804e950ff0cc2628d446a5e1
SHA256 307811aa81c4038ac8f8a326950da056d9ece709b11a3f504bf8a5024eb6f376
SHA512 8b9559a10874fd2923b1162e08bb9b3314f9e434aa42df23a383295b8492b9eed0ee56b76df01bb771bbb138e3c3551e7292ba2439abaf92c7acc759dfb7dfe7

/data/data/com.yifeng.yuanqi.mi/files/exid.dat

MD5 c4efb87cee38ff9e750412df0b64a89c
SHA1 6b39b84e499df021723438d0587792b0ffc8f0c5
SHA256 10872683c206448354ce45c63bfc38a93f5fb03cf1017fbce9276a5188c1c133
SHA512 d78a851930e7d78d06dbc1293b83f8a5242235624ab901d59e34f33fb7829783b30f61d6e0c07be94be2e391ea404733dcfa1d5003a4377da027f29b94c61dcd

/data/data/com.yifeng.yuanqi.mi/files/.envelope/a==7.5.3&&1.1.2_1717399723116_envelope.log

MD5 692dbd8d4a8af68879137bd7785ec55f
SHA1 efc30ca553fa6b4ed25ad4b68b0c1cf3d256a7e7
SHA256 ee02aae4efc68234bd06c0fdb6c46e6322172f6db8811c2d15201fda0410168d
SHA512 0e579d9216107977c31af884645efac79e3f5c382aab8d7a5e0b3bc9d720f6ddc9a8a66eb436b9048ff34f00baf0d26c3c981cd4092fa85643c6056277c631d7

/data/data/com.yifeng.yuanqi.mi/app_mimo/mimo_download.apk.tmp

MD5 06626378889c5130e9d7657f7ce4a7f3
SHA1 0d99220fbedcfec9e054148a4b625be148007931
SHA256 474eeba2e6e26b8711e8210af60f45374697781cadd4e57653ff41a553ef9ed1
SHA512 24f117e8afdff4547b83b4bb6bcadefa7e83402f4f63906b9d36623f0fce81c83aa098ae3c2442dc9fa85c9ec9a008400f11ca8c37ed1d9e2f20b6481ca16c46

/data/data/com.yifeng.yuanqi.mi/app_analytics/analytics.apk.tmp

MD5 771fec16708ba01a54092a540fb0c2e5
SHA1 0692bedf423d86056187fbd9a399111d7988265a
SHA256 0d3a196df1b7c5d0a7c0e522fb72527a4463872d68e58d339f0e90606336a745
SHA512 f2f799a838c4fa869ce350361172ed5f925b8b94b25019913c899feb4ecd671fffd8cb5a9eebd63722a28d537223622bbb83c65675ba425bad2cb0b8c3823445

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-arm64-20240514-en

Max time kernel

122s

Max time network

145s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 962d74450554b0ccc03a47b6ee414c8f
SHA1 bcfb8c8fd5c3611b42cf207a31d634d5c9f010f3
SHA256 536815c0292490670748a174cf23884aab8a76c4d633cb3ca38bf6e06891bad3
SHA512 e9cfd6793d7e8fec5b37c25b512f30ee743bee58e36a29bc8b6b0e804a6658eba0e523db88781d212b8c628e1fae5aff9349738b4dd5525c74923ad64e1d529c

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 9f65b262cbe83b21bcf92e9d67f603b5
SHA1 432b425584d27300c979221d87d05185e452d7ae
SHA256 554ee22f7dac402863003b53cd5cab48c7857b1fc1e8897674ac1b4f8f6d9bf7
SHA512 1a387b771213d44d4743c1194791d24c42e8ffe48ca5eb5a1fbfcfc429842426f9fce194b45b39eaf5f0fd4517654631e5d7e191f8ac989eee6286de2c994649

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 b6eafdcdae76aca3cbe5754f2c947596
SHA1 91d56f8d3d4e201113e4321c86fbf0c5b00417ea
SHA256 79ec19fc30a8cc512c69e570db02f6952e14e03acd4533950a2428c2e048e811
SHA512 b04ed9ae91505c657da91d37828afa1db1f4004bef31daf830b40b60c73959d1c6b0a6c6c1eff159e58608368ccebaff2f9580a84de07759c43a1fc365fba642

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 022e4700d305c59e468001c3aa22c6f7
SHA1 074469c33fa2b6dbd2fbafce30d8a6d423a81f4a
SHA256 2edf758daeff5c7b35042ff29132ffc834d08cc8b38f6f3b9966f3bd7d526eb3
SHA512 2e1742c2159d57ca0bcca80f3d48af84cc2a3cfa5c3c8a375d5b892fbd32561e1832a13327555e7177c4d0d02c70e74629e977c263fdd5ed877063e77c68e280

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 ca8b741e335e4286c221b6e365506d32
SHA1 9ec7cf15fbb8fceabecaaaf6553d4bc97c7a2688
SHA256 40cffce28eb55a68c86b6d507aefca7b3f32555fc78467510fb04e51e489b586
SHA512 219f9f6304d63b5fb2fcb42701b6baa0e884a35256e8ba1678ab2a7faeffbf956b2fd301ab000de25e6c8e9e1d1345cf5bec764c3a22452108f81014acd81706

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db

MD5 875e0ff3a59a87b9ffec5c3d97bd04b2
SHA1 0c0223987aefd2a3e3db2cdf9a2bdafc2c820282
SHA256 c72c1935c5aea58c0cc8cef80f33b1a0d4d2e8d9c6b72607a442419e87c106f2
SHA512 1b4d4d31c3355975181db99e441428caa63ffcac5648a3315e7f051c7bf468c0c750f014f23894e482ca3b5c234124029a021e15e646f4b33e8bca95d97f01f4

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 095aaf02a560ae5328a8d2d98c33b9aa
SHA1 2429f05951df5f72bf86f3cba220037afdb74add
SHA256 6016ebf1fb8fcf043aaea6187316f80d7bd1588e6a192325a74d44b383db08fb
SHA512 2b49466e66ad2b3aec5591c0f96fffb63c48645b5701ec9448471af6c983eeb0791ca1bcf9980cc9dbb9be3bcb464c837e83b35a84612f368e4c272ee5ea4d6b

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 b543ebeadf30d17958a939f7595948ae
SHA1 1dc4fbf346dda26303ee8d2fdbfec2ddb832ac4f
SHA256 f243d629c089bd3e5ad6a43675f8d2fa0d8be0ed286e4f77e5c86717b2916328
SHA512 be1e6bc336526085929d289c61a3a6b73c1f10acf70bad5c866e3ad59c2db96164ccb063b91809a3c7a6b700b9d151b8f85b63dd771ede2d0a87cbade0e1ef0f

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 c44d700372d89b0ef1aff873fc090af3
SHA1 40eed2dc313889e0bb2a1cf236b5f43f3d4fc0bf
SHA256 d682405cf634f09350c5e9a90e86226cde9ea4102e3a161a03bb6de935b80a11
SHA512 258e5a2ea1cb9493dc7a0abcbfd9699d02352e12bea7da4865652a1704e2c2b0e1a6d68168ec7147b21e5e04fb4b9f2d473456405c482d8128a3f3263c059d00

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 f44f61c2388824da069253cf49c572b0
SHA1 f2c5358ec5c834d68d41c0de3c04aad65520ee9d
SHA256 edeff99524b4a5ee897d1beccb32f84d11b3304c2118c909e5b51aa0ff323200
SHA512 b8e99e9987477f9d1465c5db76d9ffca15f70b277c02af174535fb73f71b9d1e780769e948195a0608228844360e6b3ced49a83cb44f651678c8f35eed7c01e7

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db

MD5 a1cc69abfc62b18f6672daa99ee951b1
SHA1 269056c4eadb5a999550f1c8397bb5aa43b90241
SHA256 d67fc13e1ed71b8f91e3d40dc3df2c3f5dd89920778a1b9d74b611696f315d99
SHA512 3cfd8a72906c303b1276f3a8285a74f1597f6b77a18d8f1fd6beaca4487a0a48e6566041f59e8b431f6962e5769e899795579afce58ff7b40dd8a6099ec6bd11

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 ed0844f5e5d697c8300644bdc18735d7
SHA1 69b14773a7c57dd564b3daf6306d8fa78fd4d9cc
SHA256 88ef01effbd319a079ac4e283e008cb7c144898ceb6e3f57a199202e5cc924f7
SHA512 e474f0e7606911b516497b5dffd0ed99568837a476b9fb5d071ac604d850146074987135b0c2634782aacef95751f8decf468499ab7dd9756c178fde130d2dad

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 b543bb62df94495c01de1ff269a122d5
SHA1 eb707d5bf2d2f6630b55e941fa742f26071eb451
SHA256 6ce1d55f923e32e936e9bb9e4269c3a928b622700b1f949e2ed949ff4b820ab7
SHA512 44588f20f6ff6bd8bfe8563ef2e2bb4f5a40ebbac1fdb3e68d16c2ec7ecd47a4d89ed28479082ebf7818f68bcfa6cf6cefa1e2865fa063309f5d3e8d89ed1344

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 ae70898fb7090e0b98907c034ddeae64
SHA1 88915649a1b4e5b1c1f20ad21e080359d16e5ec0
SHA256 4a0343fbff4d86be357352345b176e71e714de8301c725f9c8cf21e239039b54
SHA512 fe26f736db6fa895c750b074c0f53d26e0d687485550c099db963e1adb02f4b7f6421d8756ff33aeee11892247d35cf22188f9580f8b69c2125f860d64275ab2

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 99e3c218e3962d3bed771567ad096ad9
SHA1 bf3070801bdb232532a9844411571c747b622ab1
SHA256 0107312db00f43699d0a745d01a2d7e511dd714faaaa05a3c58e2a1515069865
SHA512 566b9e5f30ee61e26da688e6c715032b9e612aa73658a07c2c674b4b54647c268e6d2740972438565bced4820812024d11d0d59440e57fada8880443fa6a617b

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 07:27

Reported

2024-06-03 07:31

Platform

android-x64-20240514-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A