Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-1qjf1aab7z
Target 99555fb579d8851957f9cb6ffad64b71_JaffaCakes118
SHA256 d7b95c3ca7b7e3f16893bb4fde6851edfe3872139d255c2759cd9776f949e329
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d7b95c3ca7b7e3f16893bb4fde6851edfe3872139d255c2759cd9776f949e329

Threat Level: Likely malicious

The file 99555fb579d8851957f9cb6ffad64b71_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 21:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 21:51

Reported

2024-06-05 21:54

Platform

android-x86-arm-20240603-en

Max time kernel

104s

Max time network

186s

Command Line

com.baidu.group

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.baidu.group/mix.dex N/A N/A
N/A /data/data/com.baidu.group/mix.dex N/A N/A
N/A /data/data/com.baidu.group/mix.dex N/A N/A
N/A /data/data/com.baidu.group/mix.dex N/A N/A
N/A /data/data/com.baidu.group/mix.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.baidu.group

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.baidu.group/mix.dex --output-vdex-fd=50 --oat-fd=53 --oat-location=/data/data/com.baidu.group/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

com.baidu.group:bdservice_v1

logcat -d -v threadtime

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

com.baidu.group:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 api.tuisong.baidu.com udp
HK 103.235.47.247:443 api.tuisong.baidu.com tcp
US 1.1.1.1:53 youhua.baidu.com udp
HK 103.235.46.254:443 youhua.baidu.com tcp
US 1.1.1.1:53 gsp0.baidu.com udp
HK 103.235.46.45:443 gsp0.baidu.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.baidu.group/databases/bugly_db_legu-journal

MD5 24195a2e17ef5741fde1656cd50b1a35
SHA1 565ec904d49539f46e38e1478d8f653d62e5837b
SHA256 3eb511615d5341cb7c15b143f92b000bf8ca27533090ad9cc5b1a691b6e6c275
SHA512 eedfdb7bc9d7589f46359cf10b4bdf2a5cf02f77b616981b38a59fb53a00a0f278af8a68c40a88bfc8d6fdc78f5b91a0711a4c186c8f166f00bb1d8ec9099bfc

/data/data/com.baidu.group/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.baidu.group/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.baidu.group/databases/bugly_db_legu-wal

MD5 d8b1bcc7bd0fb62fc00511748869d9bb
SHA1 9c4ebc6b1aa123aa7d2740569b0999e3a2329f0f
SHA256 958b6ea1090ff068050447c026b971e3a14df6591df47b35f68c6d3330680b32
SHA512 8eb4d43ecbd5c2001abd7908bbb92c299d5801d09f62449be249b574261db89c9b0afbc93e7e8210de1940c7d9b23db1c8633e3102df781e6065d61d8c61e6e8

/data/data/com.baidu.group/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 5199aa16a6197ca75d50d2dfe1501435
SHA1 7164965c6ec53b1bff7ab23022630dc4be240bfb
SHA256 559ac20a8c9c6f0cf944a8a879a3c21f605fd865472aedaadab324bef2faa390
SHA512 d9246488d254630777746f87857c483225afcb8c0d28708a1d6b6837844fb18b4bfed8fe22ad11c7111664d5d36a717613b2a3ff9732d38ad5d69d241431d2ba

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4BeginSession.cls_temp

MD5 6cbbbeddbaddfb31f67b3c939f3fd4fa
SHA1 65bbe5775b3b4841ffa5f5dc4d6629036bbec858
SHA256 cda39b4023b802713958d2efe408e7b79941cae2e4a41c68184ffd73e317f594
SHA512 f7b817628c407dd2e7c8f0a593eb6610f74921b701e3026f9e951dfaa5725dc1466ff481feb4fc9ac1721aa7578d49142569ee4c69a75600291f9d74b5bbd440

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4BeginSession.json

MD5 be1c42511129307966eb5cb58486d3a4
SHA1 2795c113499b1014d10a58891c648b06c261fa98
SHA256 e9c99a6ad1dda2e786358513dc9f6acd194a55a3480cfc7c65da81c63dc4bec9
SHA512 eed0280270e7d2bb4fa31179bdadde82126dd9ad3df093fe21dbd2b54230ec730415118bf0e00cdcf1b1beb0bef82449a71aa2e27047201cb998a66f29dc7827

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionApp.cls_temp

MD5 d07e4c46c2e2ba62a803128febe394f3
SHA1 135b3fee394c1c141cf1dadc4c0e15e436b11f92
SHA256 176996c29a792bb7dae9fc0e0fddb6b118e3f7b8cba81f2bf7d523346ea3182a
SHA512 7ebae19c968d1e704a851df6984af0a857f86403e8f4516f02d1b99274b71ad8e5735f1a75b953b9eab6666ff8e57bbd2a6b3703b7a35787b04f7a31fea5288b

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionApp.json

MD5 9b27a4825bbca0aad1b23aa1e1b9d2f7
SHA1 bc1257091b78b4111c35613ab0beea723347b9eb
SHA256 44186071a515844f73208d7aca0607d68cbde88869fd7bab094484ebc6be9c62
SHA512 8aa1db094b98a86dbb27577026d7fd87eff7559e482fbe87c56eb0eee8463cfef2fa115459bb4f16a1090f7bbf259157b515586d50faccbe5badd809806130b3

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 73a1c70083f03b4de025a2a14bd7879d
SHA1 5d9c85f41643db4191316f4f53cdf053ac33ae04
SHA256 b6fe4d359f200d14aff6dcec649711676f4d9ef464302ea98091aa4190ac749f
SHA512 14a100bc37ba1f92059c6608f56bab37e6040dda9ad4cc1f10ad065874aa8511d9988f4bdfcbbd27faf96d2ec3c6a882abd675dd6ff5591debfe647440002ee2

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_bd3e4f41-d3c7-4e46-a1c6-d408426976f5_1717624291643.tap

MD5 839bf0d78ee19eb1f5a43757002e8911
SHA1 bf7152a36b3fd6eb1b4fa870abf01486c7786647
SHA256 3361cc548eaef34b83fef2338d9df1640853397e67ec92deb364c50a32baef1d
SHA512 580f051a2abd091d8d754e94e599b59d42f76c74aa3e473a6d29d755180f3b8ef95e8b6f29134724b74fe08e3b859264e7f2c110f811ddee6e65eb68da860b4b

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionDevice.cls_temp

MD5 1ae583edefd5b492a22860fcb3df686d
SHA1 f90ca90996071b7484a634cb6b886617191567e0
SHA256 f722a86a7775e8f972802e0cd6232af8348e6e0d9120d05c6c29e3e676776b8b
SHA512 49a5b60baafb68408b98d75cea0bf23e708b0bf3462ad7edc1aa3180e3129ac2974e6ccdcdcd3709e30fceeb8c5cf1e15f31c1b45feab18e835a4c502042a01b

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionDevice.json

MD5 71215d8820809736b3f67c0d13aca469
SHA1 62c03b2c23016ff6e3934b359099da149de0fd0b
SHA256 32275d53ea75da059fd86aca9facc7580d22e075fb006fe9f98a575fae06d216
SHA512 425c74bfe6da820a7f2a3e241c7745434cdde8f164fa3ebe92ed6d73c22db5c7482cfc31508e7662a4388f58f313bf69d3d46c01f9fd1e707c08ad93892090ee

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4keys.meta

MD5 eae8c753996792d1eca680ef05547593
SHA1 6ad076905fd8bb67bcc419cc9bfdbfecf3e83b1a
SHA256 eb09487590f261758af7087bd695989400ca8bc135b47306dcc0b1d8dccb1724
SHA512 5ecee58b650b9c638ec9a51945e1aeff8fe3ddb7e86f15377cbaf4038bd3977e50caa59d2e1b6473fbc89ee5170fc1786a4b3d40e93b472742abf4997642e33c

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4user.meta

MD5 75588e30ee654db2207ac3a84c966809
SHA1 f19657e3d97895ab04c72a51143e1f3503a0111e
SHA256 84ba1ba7e9dd8afeb3fb393c8dd8e0d1e4d973cdd575edb78c6126602e5af59f
SHA512 a75f16f38fd027c535cd6dab58061f3ae3de9b67d5e26d6e61605affb75ee2a541fe2b3473e9a9a9083cab0b66019c1791f1b5ba6f7ccb78f5ebb92261af2047

/storage/emulated/0/Android/data/com.baidu.group/1120180703228980#nebula/core_log/easemob.log

MD5 7f3c8cf7216d4d5bb21bcc69cd771429
SHA1 1a7f2f7e1de58392c55a46c73d48a0a0f4e4585e
SHA256 762778465f874fba53241dc17be1506b96e43b36262f027af56e56e07a0004a0
SHA512 6adacef0ad9965f538507d2fd828ea9dd503c9e225d145087fd0dca0f0708bb325676c744795c4d684158399273e50d444f4569bb23cad34774cc967018ec997

/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 b24f7c12a2414c3f62836bdfad8e3a68
SHA1 8f57db160cf19c479e4c52a52b629557cd0bf428
SHA256 8d0e35e5dbbb8dce37475999a8d6fd2f55338c0b87a3926cc57436738b5cdfc4
SHA512 2495bf3938739b00c73d54ea1530dc4096b851121bc2fed3efc51b5c701cf6fe361f0972af1e1236a35ea11b0c8f0e3cb8d3afaf48fcbc770f05ee3fc4f2ec4d

/data/data/com.baidu.group/database/pushinfo.db-journal

MD5 918f6a6d0e0375b08cafb29021952283
SHA1 67f50d5af5b113a0fd22c2c5842ffac984bed6eb
SHA256 a1c9a5db84efc2dc1d51947cbbd80274b661b49711e3c4442252663554e985b6
SHA512 a5ceb1d137c52b0c31520a47de6124da9dfcb14bf982fbe7ba334d175995af204377320e4535e7293900d287606e47fb6ddf502cd55b910ff80c17d4fb0b0162

/data/data/com.baidu.group/database/pushinfo.db

MD5 92b58b51e9fad6410ef3708fed1945cf
SHA1 93de530ff18548d606878a4c4d8055b690baa8ab
SHA256 78ba8d5a8b3a2787f78f3ad50bf624fcd73c4ada967a00383fb50b83f5dc7608
SHA512 4bc19f181531fd072ac77a87c263fc9d6634d49319fc7806d6754fa2e7be4fa3ebd4bb05bfa39b735b06d3d7d05052a83f2ec195c1ba083c28e01705c6369d93

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 74748263dc10d20a387415d2453411e1
SHA1 e20cbfc1e3fe6736426f6c20891d32c6a7067754
SHA256 b1e1a2cd685671d173888369ef9786032a2a57c15b35820ac3646b25b672fa04
SHA512 6bf41c108db928933a2966c56981faa2fa9dd66f4a1d45cbf7467ff8b7102c58062751e0d2027a19d51ae3b9fb93b50bfd3b9d415b20b49a413539808a007a34

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 ff7751ac9a2a308bf6da26b63127c2fb
SHA1 6a803553ca31935a52236f47c21fdf0555a30352
SHA256 3bef19227962532d25b0814486500a87f21c6fdb72821821e2e6d47aca2fd605
SHA512 f8bcac2e262bf7d709228f09e80ac9d92e095a01fde2f385468f294430cd7ce7a4538013dc82b8bfbbe301da50564425718c98d8d776934cde3eabe1afb2d3e5

/data/data/com.baidu.group/database/pushinfo.db

MD5 2b7cf58c0f8ec96d289675ac688c5b35
SHA1 6a74b0424c4e9ce28ab7bd46421cffba7db84bdd
SHA256 d33e97fe8b9a8a2727c8bbe68324af259ea885da580e038c695ee57b76a4240d
SHA512 553736e2a0be054b136f0ed0326f69903fb5c620104d74fb19ced90b69d3fd6e2347dd8dc5fc91f156e00345bccd15f55514da5bab8647b8c73b82a1b16ed067

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 e4b083ff22cb653e2cfcdaf765d5bf92
SHA1 7608f2ce913c9c98b08312d5e91223f9bd5b0b05
SHA256 dd20848925bd0ff86169e61388b90a589358dc9be17d42700026256dfad25318
SHA512 cd49b04c62b23612979d80c812be823b9566bf531c693b46596f4562e65ce174feb5b5a13273296fae519b8cd7c4c936f0bc1bb21528428578a0e1540634d06b

/data/data/com.baidu.group/database/pushinfo.db

MD5 ba9ce382a230c80a738d98aef5057537
SHA1 e12edd0d19d50b80ee7c9b62308e9ca163ab9171
SHA256 c85f2cedcc35bfe96db09c9d3f7137add78131f594d2f7fec8b1aa011a8456f6
SHA512 7b5aba67d987e5566e9afe13bc14f8ae02e44ae690b9d3b69106468fa63ffd87752e999607b593de79d66341f1dcca0bdd76241d2686840cb62ad3b6c0a44c12

/data/data/com.baidu.group/databases/pushstat_6.2.0.db-journal

MD5 2e43fc5d75608ddad8c1cb505f4bab7d
SHA1 6d3f0b9401c7bf6d4ca9547fdfa9f2b63b2a6f13
SHA256 a47c5c4099277552b7e0db2ebd25c14eb059957bcd628706ceb46ca0999d33fa
SHA512 57a206a8af128450d68d1cbf52f36b52feec994a23168bb048d658ec94ab1ed6f177f425bee8147022fbb016584bdf2c58fa2c8c2c88dd462d61470a618990b7

/data/data/com.baidu.group/databases/pushstat_6.2.0.db

MD5 073d433ab688646de993b8514f108686
SHA1 07b430f35e0d1976c6b96775825e2d39d4f0f1ff
SHA256 33c0d89788ddd01a61b69bf7c177bf729e4c16be5b92af060ce613206f679b42
SHA512 fc04b23e0b303097e49a09676e19239174ab789d66f1762232dbb78f4c390b7d41cf9d4c008d4d7bcb25e44ba956b5a71ad159211702c6bb8c58b726481cf950

/data/data/com.baidu.group/databases/pushstat_6.2.0.db-wal

MD5 7c576b0fbba757b8722ac4358daa36cf
SHA1 c9e58b672dfdc6348cfe7da19c312fdbbccce295
SHA256 317d04fbbb3a60b2e5b2c296f13d2f1868612deaed1b6c3fd0d2a8f00ac6d1f2
SHA512 746c1bf02f01846bb5539b84c73452cd0e5421b12ecb94bb2a8b1cb343ee00e6d336efbe384b0ba9bbe5b4b1c0b6e733d96e21b4f07906dc665b8c7d4ff9dc2f

/data/data/com.baidu.group/cache/ultranet/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/storage/emulated/0/baidu/pushservice/files/.info

MD5 ad92db4681c4f407a44d554c4e410040
SHA1 a4660d7adb17af7cc74040f25c5edc8777a2da87
SHA256 ccab1b617d7cacde4b54532eadd137d3d1b02b2a93004f47704544e4109b5684
SHA512 f784e53261c3d050b64be89b02388006903a7f86c7d6c9d88c7c472c3ad1fc0ed2111384698e00122832399ccc142e450eb7564357eeb827d4d3679821b36cb8

/storage/emulated/0/baidu/pushservice/files/.info

MD5 1b6ea46b7f2bc9426e4eb31237cfd85a
SHA1 1439cdfcf014479c84cdf34fe734729e7bd294dd
SHA256 290fadedba20595c2daac11aff6776820efcdce6e21c5c4df6a1a0352337a971
SHA512 fc5a9f6183a73e70e59cdb219d944325e41537d247cdd60891d236c47776670b5ef0bd43ad9c61875dcd372796f5fc377ee60f82203781335e84fa622860e5be

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 083abffb8ec4f65b6e1b06e1c12b76e7
SHA1 6249157fe0c8409ef0491fe3f23fa4c1d44a3540
SHA256 8a6562e9b1623b7978af48acc69b29fec11074ab65f0a1e67c69c643dfa98209
SHA512 47dcff66c734115c32ad08c1fd3b276f7dc722fbcd4b653ef90cbe710b540f7a8bdf03d0001a598f6676998b5f9e6305238284ff0612e20818ecb927d03b8acd

/data/data/com.baidu.group/database/pushinfo.db

MD5 5e7a00fff756ae5b4d67676fe08c2793
SHA1 c0ae373cb454aa3e5b597cd29debf23067a18b13
SHA256 3f97b913c304d4e819570ce3fa7f10ea3434f3f1afd145cfefef7bc4a4bc4cc8
SHA512 40a8674783af1cd20d5e6022fca609ae1820c13d021299517ee43ada08a21c1774c926fcc40b90c14e890703aeaeff60c4484a59b13932fd7cff2291751225d8

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 521dc3ef03ba84017e094673becf9abd
SHA1 f7c7c7c9d243f1b8e9d357ed99b7f877fb47ebe3
SHA256 83dc39c76002e6257123da8f96e4bfff56ca9be1246a03ebc2cf3368a968507f
SHA512 815cdc0f56108c9bfeaf067f6e28eed7cbab1140607635147dce02e84fcdb7a00e46b8607e7a1788b131d280b830345591dfca604dbc54ed4ca62e6438b4b81c

/data/data/com.baidu.group/database/pushinfo.db

MD5 9cc640de7c142bfb37bc37dc269e126c
SHA1 d9ac6cafd5a5d05b057ce7ff00457808761b52e5
SHA256 b8bd9fede7b8b3541608083f7e8b4f03829535eca4ba083462c7b78c94832793
SHA512 a146b2ea50a0c500e3df3c210c71aa4e0e0475ec31a81e4ba3d60c12a28e22874ef77f4fcc96e146672c485b3d355cdd9c5ecb39104c62c6559d9eadf1fa693e

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 d375f1679db2b28679ae32ce867eaa80
SHA1 eff975194223ada0619b2e59c85f7f3a24c6a3fb
SHA256 9f66d4ccd183bcda8755cd6c28c296891953efc0ebd5c6fb55efb5b9e67c1236
SHA512 ec3180dd24022b480caade3ac8314c7056e64712a67b242fffff842c4f037f2cd736d8649fa51997dff25fb203583b1c7b19ffe8ea89d61f27e7057cba399307

/data/data/com.baidu.group/database/pushinfo.db

MD5 2c7ebd99455c740af1c1adc73fabdd38
SHA1 02a7d06c1833aa01aabb2e62484a4b4dbb1d52a3
SHA256 54f00ec65907f6d8049731b00a39283f00589d2c979e20ef6924a78bebc77a81
SHA512 9352d270f632429f2ecf3965353024ca96b94ace993172124aec866a8594591b32917a3b46583a37fdfe192e36c8ee454caf79774dbb117244088dac9ff1e9f9

/storage/emulated/0/backups/system/.confd-journal

MD5 0886c4669e2bca58bad3514e17f8d9b8
SHA1 7f1fce084bee50f6db1cef86cb9584c2e40040e3
SHA256 3b2380f8e6b6deedf8fafd4ab75444649b82982d27d745da26afa9b2e6207d7f
SHA512 0eebef441b8253399cf68b20f65133e2264fd049b2b5de5a7dd5f9c8391106b942059a26a08c33bf703333c09ec0cd8524f226296b9631248d7bd2e58dfa45a5

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-wal

MD5 bf59561e8c84d61f8429ac0c4ea4b60c
SHA1 cca4f7e0cb2d08a2159d491a9dd28e3a598db782
SHA256 d1c47e81ace48a7b2fb866ce17107f5b797cf48386319096a32893d9a86cdbaa
SHA512 80e50620190ae3fd789166f3f8d0e286deb12d712bd8062ac5528095f324057151e0c0dd7af0d29ccc17173955b0eb56bd96649a44bbadb930124a531694490f

/data/data/com.baidu.group/databases/pushstat_6.2.0.db-wal

MD5 18b58b366adc3d01434d9f4e09a5f249
SHA1 fdf30e74716e244ffcd4f30a9b0136fc2490afff
SHA256 9ccbc4f856687fb5c5d713364ad38aad249537465fffd48ba1b7c167f29f2e7d
SHA512 9e19260775a5978b405fea0ea073d6de0b59ce5b2606590133fd51631c80600babb7fcfd248e63b52ba6cc019e93bff9eee8030e8a84821823ba3eab8f93494a

/data/data/com.baidu.group/databases/pushstat_6.2.0.db

MD5 ce99403d60ae9391abde084033b77bef
SHA1 99ad477ec3d1bebbf66a1eed7170bfcc49f7aea2
SHA256 ae65aa68923277a7aec626e22adb6a0193c4c16e7893a7d91bbfe2a90538b0cb
SHA512 3e0502b34b1c0d468dd2cfaca6b3ee82304845b33b3476e1cd00201e387721e85e9ec9aa54d02e0a5cb3b10262c4c97bc9778c2a0b0c01d20be6db8aff059908

/storage/emulated/0/backups/system/.timestamp

MD5 25fe3cd1c2b453984d929aafbcbe27ae
SHA1 136df679e0f5bdb3ad5e3ff4bc50a82a02604262
SHA256 ed8ce756b8a39a058b971a1605d01f0d62317e7017bfa9b7e1ccaf266e735938
SHA512 08e3a9be0eb667d35089a9ce30bd307f33a7695f5f4c135478c9fa57100ea320517f7b8c9321e7540ec31f157ca46284ae873683bb5891ceddfe73151c96daba

/storage/emulated/0/backups/system/.confd-wal

MD5 158859f752dba4b5e162c6dec7932414
SHA1 0544b556685434f237ebf555774a5ef098f74470
SHA256 2fd16790778b65aacf4e77274433f3f71195905365e103902b945fff927975d4
SHA512 639375807b63a9a2618396d55874caad532a6b5166d8d89977d4cdd1edf0d688a1d85a06d1845cff48adebfc85a99eddcb47d3bdd246504da6c308ed8a7b2e5d

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/data/data/com.baidu.group/database/pushinfo.db-wal

MD5 c168711c560dff762acb24f3245e8b94
SHA1 53a6cfb14f949ef370b4b30f6f09c4bce2e2a413
SHA256 462c9d7badb42b29cb79f0af1c74c78b0130dd622c7d4fa894793a130beae437
SHA512 e68a03e4978ad6a99b5e80f3ba737c47aed0296b0aed0cd68c650daada05aa649a36fe0ebbbb87299dfc113d31ef6af3bc0d42389a9923b2fd265d75840f98d6

/data/data/com.baidu.group/cache/ultranet/journal

MD5 c7826e700802224ca553fbb32c3267af
SHA1 90f945f1672b3fcd5a2d4ef6e817a36c36c4fa03
SHA256 6a41a479fc2a2efb8cd426dfe01d9941fe8ee117861c702c35206e5824cf234d
SHA512 be24950b37c26537603584ca884a592df4dd8258c3a7d75e0fa9428539659759f101cf83e579cf2eff6258f57c130664c441d1c999b1342609021c94002422db

/data/data/com.baidu.group/cache/ultranet/064785e3adfb7d7952f1df531237762b.0.tmp

MD5 f2328d59c0481d0e2c8dd54628f992ab
SHA1 2516bc3a9b7dd2e95a8e84ba3592a2a4b7a5ab2d
SHA256 b7ce21e8381fd42883a12612288645b8ff5629d952e7db4e67e211b09c14e804
SHA512 2fe857a1d5a37943441ed55cfd36dd9a151d314ddcd5dbd07210f15367a3a2ec364468197232db5e3348082fd5bdd3344c419d93de4ddb0a0db5bac9f736d1a2

/data/data/com.baidu.group/cache/ultranet/064785e3adfb7d7952f1df531237762b.1.tmp

MD5 3d185a9e86d58e8be96181f76532e6bc
SHA1 102ff01805eea76fb19506041e5954903f1dcce9
SHA256 991244db2cd6892ee78e8324b77065373a71d974552afe5b38010b48ee7238fa
SHA512 2f40b6f7b7b7b08e57e4d8e5a5f13b4bf6ca5c70cf79c98370ac04aaab61bceff18c0a06e9f5452cc5a2508339ce8c04ab600764b74f1ff179419eaa96765db8

/storage/emulated/0/backups/system/.confd-wal

MD5 a1497f70f8da2d48cf08e5c8162d7418
SHA1 c867e94e722dc97b315cd4bc66202219d5d0620a
SHA256 c9c3a588c250f0d95a6ab80e0671334113a363c0b1892b6f1672591c2daba725
SHA512 fdcf4dc91b523c80b9c36cfcaa68612228c14714d5d74746da9a65a40745a1e7c4c9ec59b3531da092594c6d0099ff538a24cdda14d58165aa03d2e3aeb61447

/storage/emulated/0/backups/system/.confd

MD5 abb1c11ea9b175dab0141cd5320fc723
SHA1 6d181d68f50b9ed8c2a4938623228b5018346887
SHA256 29693e3b2859715c485e025f8de008eb956e64dc4491e3dc834192319ccf3823
SHA512 27eb9c7633125b3478255ee71cb3b3a3ddfbcc2790d9e4775d28d124b04afbef6df7fe1e9d2b092599a03164193ec95655b8084b003aa6b6c55cc8cce2c66bd2

/storage/emulated/0/backups/system/.timestamp

MD5 5f932100fdd996a49a9bee7420eaec57
SHA1 90d1c778dc8313ac17878f3fc9b22b73ba925c50
SHA256 8eb035ce8a90b286146bf95009c270d5530a9be55fda347c85c6847b46e3a287
SHA512 c994f34cf2e34a993684c8c96298cd3dc2bbc09e8d6b01159804762228423bbae99b4a06b23df68516a71fc044919abe1ca556c5f502d94f4cec45ca00647b99

/storage/emulated/0/backups/system/.confd-wal

MD5 052718ddac5786e2a3814e3326eae887
SHA1 cbd55c99ee7c14d3787071c2b9f2708dd05fee02
SHA256 9c7c67e665cf26c5a2c365fbac83b075084ff446695b35b9b148f1096a2496c2
SHA512 7f74185b4192bb9b6972819c6ab7a09351fcb74ee5f7dbbd9729802885b42268a23a1364679c8f4f656d935c88d6016d95184b1e5577875466352950174d042d

/storage/emulated/0/backups/system/.confd

MD5 e4899d63d2750cde66b71374ba7b2f06
SHA1 8d7b027a998e29c1b2472fdfdba7b718c08ba323
SHA256 e31ebfdf2a183ef073a170b07d6c43fe4bab45d3706dd5107df822d6a218a3d0
SHA512 8e654d82abcc334b570581756558385bbb31706b4b338a0213e2cc83331d57958fd45b8add89aba5dc1df5c3848912a34a1c3ea52ea89ddb7ec72d1e7830598a

/storage/emulated/0/backups/system/.timestamp

MD5 3b64d9514e768dfc76dcaa3be1082474
SHA1 cd398d2dbd6fff698e0a4a59e1fef162d74496b1
SHA256 f4416faf1158d1f7c8ceaa0f8e93d01871ca6638f7963461c3c43c514ed1c3e7
SHA512 bb37dab057c02557a8f4dcc01b9b4dec62c9a5856459e55377defd202d81ef0dff17735b561f1f56a97e7ef5a4caf5c9b81cb381a2dad9a301f5240aef1e0b0d

/storage/emulated/0/backups/system/.confd-wal

MD5 83de367a686da5d6ae9cb967fca0a33d
SHA1 c75946a1d19382b5f405791a00287dab588477c7
SHA256 6859ee8d3dfc552666a6cb865b3efbc4e1c66259ee4822266ad4127c568db82b
SHA512 e8b6ad4d887abf5c181bcc0144a7957cc478454d6191b0f31b0df3a5db2dfcafa32b2ebd7a783e7354cc56b77af2d53fa2e4a185a6611f735eda953debd17d8f

/storage/emulated/0/backups/system/.confd

MD5 8b68c559c4eadbf4fb4d6df5c8a849f2
SHA1 91ff4bd46e293e94e8fb25c27e7193f914fe51c9
SHA256 019064e1c3c1683214564fb7cec167a3887dc412e34e751ce7f5c43d4a585ebe
SHA512 8d6b130de362d229ef563e20d8f0b29390259b368e1ba93385e2a1835a7402c062ee9dcb607c3b8fa63183d1f54be5aac7ad2b326a37fa20860135d4f9629be1

/storage/emulated/0/backups/system/.confd-wal

MD5 95691afa43b40fed1beb7d271f0a72bb
SHA1 41358d28f4a8df952ee96b5e12803c653d375ad4
SHA256 c8e069f2749e2babb057feb64c59d7cc122abce3f28b0ad583e35d151957f786
SHA512 81b59eecf4c0f58f38aa6584519d14369ab50c1659666597a234169292093d14bcaccf5f4fac94b97280e6a4a250742e1fc0ed7a7dbdf1de735b4f5d45935235

/storage/emulated/0/backups/system/.timestamp

MD5 6dad8c76d93fafbf67e4409637ba2583
SHA1 e6258bfa68b5abad2766ba019feddac209f05f4b
SHA256 5f835fc54daedb54eea1de156a9c0468f9310ee3c06bc9f2bb4a0ea8267ca678
SHA512 88d2367fa11f78cd9b46469c0c2db8d3e9ce9ef58bbdaf21e8ebd8cd2d447acc6025ffa5847bb2dc64a41462f4525a500cd82c0bedb068a79f5ba249474e9f0b

/storage/emulated/0/backups/system/.confd-wal

MD5 0d49c851b70f6aaf62235e625ff747e0
SHA1 0b29d6d15db50f388dace15da99b6a53fd088019
SHA256 245faef6ccc3c715668144fa5c099aaf8214270725eab5010d67fb815b4ceb63
SHA512 1ed18324e655961bb9bfc6fb04331b2295b80257201732d13c191eabfa40c2e9ce33ca9822fb6e23c63102fc07287877e91f6d962d307304202bed9b7853602e

/storage/emulated/0/backups/system/.confd-wal

MD5 678dab6a2683af21f6e8c6956c4ad780
SHA1 88d28f5dba08dbac1007e5bab743b5aa43eec766
SHA256 31e0765f0663c9335a02b1418efb6f5902a91c4031555837c5f8115ff347cd51
SHA512 12b177f8e99a204a4b237e903e3ec7a8e3a0695d804c2aeeffe80dc85673b5e52bcef5273d9b39143a3e03b4e292016cdf5a972f6b6139b860076ca80f63ff86

/storage/emulated/0/backups/system/.timestamp

MD5 ff85b9710508f0e2d389fd26928e3a09
SHA1 4858c737ce9912bf77609b87b8a5ee68da70bcde
SHA256 7afb266e1ef26ce5ff33bd2e34c8a29b74c031c0edec3c51069731f6f11c7d62
SHA512 49740562a8261b07b2c9c16c32a11d956dca79b6837489751348a9334825f9ea1bf84ad0bd10518706913b296987608365fbe84f5626ae54cec6f174bfde9f3c

/data/data/com.baidu.group/files/statistics/1717624324580

MD5 5f3fccaad1aa98ccb99b8f273d40897d
SHA1 fe6422552e65abc59723858d4a084e5d05a9f150
SHA256 673c764dd4829a229a1a736772d90045653924be0c17bcc5667e19c50e330551
SHA512 8e875095bcb3aba793f96743e475667d58022eed545015fbfaf8fd2ea2172926cb3503b2c9421d9e1f3e1ffc7be65b4ae87fd6d20527e62a4f1c0cb20351c985

/data/data/com.baidu.group/cache/ultranet/journal

MD5 63cb9d48f54c0b85995e6eb8b7b0a19a
SHA1 005543bdb877f51730b79e480248fb3e6a9597f7
SHA256 39343eab3f865958c0f32e53458a84c4b1a3388d2c5c0eb07f618e967516d3b2
SHA512 85373dc44740c5c04570022a85e996773a13826a38445ec0497326a8b4b0f7760da4b2179cf272e6cd2704e69cf234ebedad56160d2080b7faad35de7f36b74c

/data/data/com.baidu.group/cache/ultranet/30888e039d66460fdfb60d69d0481cd7.0.tmp

MD5 07122409515f29e7cc0c5f14ad7970d6
SHA1 17fe74528400cc118746d8558ba8bddeb57970f2
SHA256 2d403b84c0e25c12adf54847759c4a189ede8e33eab393cf3f4306551bb274d0
SHA512 dadbf6da9191b706c91124ebbd9cf4f62671b1a33e4ee5fcddb0bf5def21d6d35792808d4547daa79a7c818e63a4674affcae70758d104e133505349e487858c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 21:51

Reported

2024-06-05 21:51

Platform

android-33-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 udp
GB 216.58.213.10:443 tcp

Files

N/A