Analysis Overview
SHA256
d7b95c3ca7b7e3f16893bb4fde6851edfe3872139d255c2759cd9776f949e329
Threat Level: Likely malicious
The file 99555fb579d8851957f9cb6ffad64b71_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Queries information about active data network
Reads information about phone network operator.
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 21:51
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 21:51
Reported
2024-06-05 21:54
Platform
android-x86-arm-20240603-en
Max time kernel
104s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.baidu.group/mix.dex | N/A | N/A |
| N/A | /data/data/com.baidu.group/mix.dex | N/A | N/A |
| N/A | /data/data/com.baidu.group/mix.dex | N/A | N/A |
| N/A | /data/data/com.baidu.group/mix.dex | N/A | N/A |
| N/A | /data/data/com.baidu.group/mix.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.baidu.group
/system/bin/sh -c getprop ro.board.platform
sh -c getprop ro.yunos.version
getprop ro.board.platform
getprop ro.yunos.version
/system/bin/sh -c type su
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.baidu.group/mix.dex --output-vdex-fd=50 --oat-fd=53 --oat-location=/data/data/com.baidu.group/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
com.baidu.group:bdservice_v1
logcat -d -v threadtime
/system/bin/sh -c getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.build.version.emui
getprop ro.build.version.emui
/system/bin/sh -c getprop ro.lenovo.series
getprop ro.lenovo.series
/system/bin/sh -c getprop ro.build.nubia.rom.name
getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.meizu.product.model
getprop ro.meizu.product.model
com.baidu.group:bdservice_v1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | api.tuisong.baidu.com | udp |
| HK | 103.235.47.247:443 | api.tuisong.baidu.com | tcp |
| US | 1.1.1.1:53 | youhua.baidu.com | udp |
| HK | 103.235.46.254:443 | youhua.baidu.com | tcp |
| US | 1.1.1.1:53 | gsp0.baidu.com | udp |
| HK | 103.235.46.45:443 | gsp0.baidu.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.baidu.group/databases/bugly_db_legu-journal
| MD5 | 24195a2e17ef5741fde1656cd50b1a35 |
| SHA1 | 565ec904d49539f46e38e1478d8f653d62e5837b |
| SHA256 | 3eb511615d5341cb7c15b143f92b000bf8ca27533090ad9cc5b1a691b6e6c275 |
| SHA512 | eedfdb7bc9d7589f46359cf10b4bdf2a5cf02f77b616981b38a59fb53a00a0f278af8a68c40a88bfc8d6fdc78f5b91a0711a4c186c8f166f00bb1d8ec9099bfc |
/data/data/com.baidu.group/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.baidu.group/databases/bugly_db_legu-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.baidu.group/databases/bugly_db_legu-wal
| MD5 | d8b1bcc7bd0fb62fc00511748869d9bb |
| SHA1 | 9c4ebc6b1aa123aa7d2740569b0999e3a2329f0f |
| SHA256 | 958b6ea1090ff068050447c026b971e3a14df6591df47b35f68c6d3330680b32 |
| SHA512 | 8eb4d43ecbd5c2001abd7908bbb92c299d5801d09f62449be249b574261db89c9b0afbc93e7e8210de1940c7d9b23db1c8633e3102df781e6065d61d8c61e6e8 |
/data/data/com.baidu.group/mix.dex
| MD5 | 63f77f99bd2c2b772a479923bde11974 |
| SHA1 | c7632e7d301e4463fafce85f84e9c3d7da3fdbbe |
| SHA256 | 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615 |
| SHA512 | 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c |
/storage/emulated/0/backups/.SystemConfig/.cuid2
| MD5 | 5199aa16a6197ca75d50d2dfe1501435 |
| SHA1 | 7164965c6ec53b1bff7ab23022630dc4be240bfb |
| SHA256 | 559ac20a8c9c6f0cf944a8a879a3c21f605fd865472aedaadab324bef2faa390 |
| SHA512 | d9246488d254630777746f87857c483225afcb8c0d28708a1d6b6837844fb18b4bfed8fe22ad11c7111664d5d36a717613b2a3ff9732d38ad5d69d241431d2ba |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4BeginSession.cls_temp
| MD5 | 6cbbbeddbaddfb31f67b3c939f3fd4fa |
| SHA1 | 65bbe5775b3b4841ffa5f5dc4d6629036bbec858 |
| SHA256 | cda39b4023b802713958d2efe408e7b79941cae2e4a41c68184ffd73e317f594 |
| SHA512 | f7b817628c407dd2e7c8f0a593eb6610f74921b701e3026f9e951dfaa5725dc1466ff481feb4fc9ac1721aa7578d49142569ee4c69a75600291f9d74b5bbd440 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4BeginSession.json
| MD5 | be1c42511129307966eb5cb58486d3a4 |
| SHA1 | 2795c113499b1014d10a58891c648b06c261fa98 |
| SHA256 | e9c99a6ad1dda2e786358513dc9f6acd194a55a3480cfc7c65da81c63dc4bec9 |
| SHA512 | eed0280270e7d2bb4fa31179bdadde82126dd9ad3df093fe21dbd2b54230ec730415118bf0e00cdcf1b1beb0bef82449a71aa2e27047201cb998a66f29dc7827 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionApp.cls_temp
| MD5 | d07e4c46c2e2ba62a803128febe394f3 |
| SHA1 | 135b3fee394c1c141cf1dadc4c0e15e436b11f92 |
| SHA256 | 176996c29a792bb7dae9fc0e0fddb6b118e3f7b8cba81f2bf7d523346ea3182a |
| SHA512 | 7ebae19c968d1e704a851df6984af0a857f86403e8f4516f02d1b99274b71ad8e5735f1a75b953b9eab6666ff8e57bbd2a6b3703b7a35787b04f7a31fea5288b |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionApp.json
| MD5 | 9b27a4825bbca0aad1b23aa1e1b9d2f7 |
| SHA1 | bc1257091b78b4111c35613ab0beea723347b9eb |
| SHA256 | 44186071a515844f73208d7aca0607d68cbde88869fd7bab094484ebc6be9c62 |
| SHA512 | 8aa1db094b98a86dbb27577026d7fd87eff7559e482fbe87c56eb0eee8463cfef2fa115459bb4f16a1090f7bbf259157b515586d50faccbe5badd809806130b3 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionOS.json
| MD5 | 93023624eb8dff5c20050da136aaae0a |
| SHA1 | acfd1ffed752c28fb135ba83c0c6345ddf2f6995 |
| SHA256 | 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c |
| SHA512 | bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | 73a1c70083f03b4de025a2a14bd7879d |
| SHA1 | 5d9c85f41643db4191316f4f53cdf053ac33ae04 |
| SHA256 | b6fe4d359f200d14aff6dcec649711676f4d9ef464302ea98091aa4190ac749f |
| SHA512 | 14a100bc37ba1f92059c6608f56bab37e6040dda9ad4cc1f10ad065874aa8511d9988f4bdfcbbd27faf96d2ec3c6a882abd675dd6ff5591debfe647440002ee2 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_bd3e4f41-d3c7-4e46-a1c6-d408426976f5_1717624291643.tap
| MD5 | 839bf0d78ee19eb1f5a43757002e8911 |
| SHA1 | bf7152a36b3fd6eb1b4fa870abf01486c7786647 |
| SHA256 | 3361cc548eaef34b83fef2338d9df1640853397e67ec92deb364c50a32baef1d |
| SHA512 | 580f051a2abd091d8d754e94e599b59d42f76c74aa3e473a6d29d755180f3b8ef95e8b6f29134724b74fe08e3b859264e7f2c110f811ddee6e65eb68da860b4b |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionDevice.cls_temp
| MD5 | 1ae583edefd5b492a22860fcb3df686d |
| SHA1 | f90ca90996071b7484a634cb6b886617191567e0 |
| SHA256 | f722a86a7775e8f972802e0cd6232af8348e6e0d9120d05c6c29e3e676776b8b |
| SHA512 | 49a5b60baafb68408b98d75cea0bf23e708b0bf3462ad7edc1aa3180e3129ac2974e6ccdcdcd3709e30fceeb8c5cf1e15f31c1b45feab18e835a4c502042a01b |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4SessionDevice.json
| MD5 | 71215d8820809736b3f67c0d13aca469 |
| SHA1 | 62c03b2c23016ff6e3934b359099da149de0fd0b |
| SHA256 | 32275d53ea75da059fd86aca9facc7580d22e075fb006fe9f98a575fae06d216 |
| SHA512 | 425c74bfe6da820a7f2a3e241c7745434cdde8f164fa3ebe92ed6d73c22db5c7482cfc31508e7662a4388f58f313bf69d3d46c01f9fd1e707c08ad93892090ee |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4keys.meta
| MD5 | eae8c753996792d1eca680ef05547593 |
| SHA1 | 6ad076905fd8bb67bcc419cc9bfdbfecf3e83b1a |
| SHA256 | eb09487590f261758af7087bd695989400ca8bc135b47306dcc0b1d8dccb1724 |
| SHA512 | 5ecee58b650b9c638ec9a51945e1aeff8fe3ddb7e86f15377cbaf4038bd3977e50caa59d2e1b6473fbc89ee5170fc1786a4b3d40e93b472742abf4997642e33c |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6660DDE3014D-0001-10A9-D0B320E742A4user.meta
| MD5 | 75588e30ee654db2207ac3a84c966809 |
| SHA1 | f19657e3d97895ab04c72a51143e1f3503a0111e |
| SHA256 | 84ba1ba7e9dd8afeb3fb393c8dd8e0d1e4d973cdd575edb78c6126602e5af59f |
| SHA512 | a75f16f38fd027c535cd6dab58061f3ae3de9b67d5e26d6e61605affb75ee2a541fe2b3473e9a9a9083cab0b66019c1791f1b5ba6f7ccb78f5ebb92261af2047 |
/storage/emulated/0/Android/data/com.baidu.group/1120180703228980#nebula/core_log/easemob.log
| MD5 | 7f3c8cf7216d4d5bb21bcc69cd771429 |
| SHA1 | 1a7f2f7e1de58392c55a46c73d48a0a0f4e4585e |
| SHA256 | 762778465f874fba53241dc17be1506b96e43b36262f027af56e56e07a0004a0 |
| SHA512 | 6adacef0ad9965f538507d2fd828ea9dd503c9e225d145087fd0dca0f0708bb325676c744795c4d684158399273e50d444f4569bb23cad34774cc967018ec997 |
/data/data/com.baidu.group/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | b24f7c12a2414c3f62836bdfad8e3a68 |
| SHA1 | 8f57db160cf19c479e4c52a52b629557cd0bf428 |
| SHA256 | 8d0e35e5dbbb8dce37475999a8d6fd2f55338c0b87a3926cc57436738b5cdfc4 |
| SHA512 | 2495bf3938739b00c73d54ea1530dc4096b851121bc2fed3efc51b5c701cf6fe361f0972af1e1236a35ea11b0c8f0e3cb8d3afaf48fcbc770f05ee3fc4f2ec4d |
/data/data/com.baidu.group/database/pushinfo.db-journal
| MD5 | 918f6a6d0e0375b08cafb29021952283 |
| SHA1 | 67f50d5af5b113a0fd22c2c5842ffac984bed6eb |
| SHA256 | a1c9a5db84efc2dc1d51947cbbd80274b661b49711e3c4442252663554e985b6 |
| SHA512 | a5ceb1d137c52b0c31520a47de6124da9dfcb14bf982fbe7ba334d175995af204377320e4535e7293900d287606e47fb6ddf502cd55b910ff80c17d4fb0b0162 |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | 92b58b51e9fad6410ef3708fed1945cf |
| SHA1 | 93de530ff18548d606878a4c4d8055b690baa8ab |
| SHA256 | 78ba8d5a8b3a2787f78f3ad50bf624fcd73c4ada967a00383fb50b83f5dc7608 |
| SHA512 | 4bc19f181531fd072ac77a87c263fc9d6634d49319fc7806d6754fa2e7be4fa3ebd4bb05bfa39b735b06d3d7d05052a83f2ec195c1ba083c28e01705c6369d93 |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | 74748263dc10d20a387415d2453411e1 |
| SHA1 | e20cbfc1e3fe6736426f6c20891d32c6a7067754 |
| SHA256 | b1e1a2cd685671d173888369ef9786032a2a57c15b35820ac3646b25b672fa04 |
| SHA512 | 6bf41c108db928933a2966c56981faa2fa9dd66f4a1d45cbf7467ff8b7102c58062751e0d2027a19d51ae3b9fb93b50bfd3b9d415b20b49a413539808a007a34 |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | ff7751ac9a2a308bf6da26b63127c2fb |
| SHA1 | 6a803553ca31935a52236f47c21fdf0555a30352 |
| SHA256 | 3bef19227962532d25b0814486500a87f21c6fdb72821821e2e6d47aca2fd605 |
| SHA512 | f8bcac2e262bf7d709228f09e80ac9d92e095a01fde2f385468f294430cd7ce7a4538013dc82b8bfbbe301da50564425718c98d8d776934cde3eabe1afb2d3e5 |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | 2b7cf58c0f8ec96d289675ac688c5b35 |
| SHA1 | 6a74b0424c4e9ce28ab7bd46421cffba7db84bdd |
| SHA256 | d33e97fe8b9a8a2727c8bbe68324af259ea885da580e038c695ee57b76a4240d |
| SHA512 | 553736e2a0be054b136f0ed0326f69903fb5c620104d74fb19ced90b69d3fd6e2347dd8dc5fc91f156e00345bccd15f55514da5bab8647b8c73b82a1b16ed067 |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | e4b083ff22cb653e2cfcdaf765d5bf92 |
| SHA1 | 7608f2ce913c9c98b08312d5e91223f9bd5b0b05 |
| SHA256 | dd20848925bd0ff86169e61388b90a589358dc9be17d42700026256dfad25318 |
| SHA512 | cd49b04c62b23612979d80c812be823b9566bf531c693b46596f4562e65ce174feb5b5a13273296fae519b8cd7c4c936f0bc1bb21528428578a0e1540634d06b |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | ba9ce382a230c80a738d98aef5057537 |
| SHA1 | e12edd0d19d50b80ee7c9b62308e9ca163ab9171 |
| SHA256 | c85f2cedcc35bfe96db09c9d3f7137add78131f594d2f7fec8b1aa011a8456f6 |
| SHA512 | 7b5aba67d987e5566e9afe13bc14f8ae02e44ae690b9d3b69106468fa63ffd87752e999607b593de79d66341f1dcca0bdd76241d2686840cb62ad3b6c0a44c12 |
/data/data/com.baidu.group/databases/pushstat_6.2.0.db-journal
| MD5 | 2e43fc5d75608ddad8c1cb505f4bab7d |
| SHA1 | 6d3f0b9401c7bf6d4ca9547fdfa9f2b63b2a6f13 |
| SHA256 | a47c5c4099277552b7e0db2ebd25c14eb059957bcd628706ceb46ca0999d33fa |
| SHA512 | 57a206a8af128450d68d1cbf52f36b52feec994a23168bb048d658ec94ab1ed6f177f425bee8147022fbb016584bdf2c58fa2c8c2c88dd462d61470a618990b7 |
/data/data/com.baidu.group/databases/pushstat_6.2.0.db
| MD5 | 073d433ab688646de993b8514f108686 |
| SHA1 | 07b430f35e0d1976c6b96775825e2d39d4f0f1ff |
| SHA256 | 33c0d89788ddd01a61b69bf7c177bf729e4c16be5b92af060ce613206f679b42 |
| SHA512 | fc04b23e0b303097e49a09676e19239174ab789d66f1762232dbb78f4c390b7d41cf9d4c008d4d7bcb25e44ba956b5a71ad159211702c6bb8c58b726481cf950 |
/data/data/com.baidu.group/databases/pushstat_6.2.0.db-wal
| MD5 | 7c576b0fbba757b8722ac4358daa36cf |
| SHA1 | c9e58b672dfdc6348cfe7da19c312fdbbccce295 |
| SHA256 | 317d04fbbb3a60b2e5b2c296f13d2f1868612deaed1b6c3fd0d2a8f00ac6d1f2 |
| SHA512 | 746c1bf02f01846bb5539b84c73452cd0e5421b12ecb94bb2a8b1cb343ee00e6d336efbe384b0ba9bbe5b4b1c0b6e733d96e21b4f07906dc665b8c7d4ff9dc2f |
/data/data/com.baidu.group/cache/ultranet/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/storage/emulated/0/baidu/pushservice/files/.info
| MD5 | ad92db4681c4f407a44d554c4e410040 |
| SHA1 | a4660d7adb17af7cc74040f25c5edc8777a2da87 |
| SHA256 | ccab1b617d7cacde4b54532eadd137d3d1b02b2a93004f47704544e4109b5684 |
| SHA512 | f784e53261c3d050b64be89b02388006903a7f86c7d6c9d88c7c472c3ad1fc0ed2111384698e00122832399ccc142e450eb7564357eeb827d4d3679821b36cb8 |
/storage/emulated/0/baidu/pushservice/files/.info
| MD5 | 1b6ea46b7f2bc9426e4eb31237cfd85a |
| SHA1 | 1439cdfcf014479c84cdf34fe734729e7bd294dd |
| SHA256 | 290fadedba20595c2daac11aff6776820efcdce6e21c5c4df6a1a0352337a971 |
| SHA512 | fc5a9f6183a73e70e59cdb219d944325e41537d247cdd60891d236c47776670b5ef0bd43ad9c61875dcd372796f5fc377ee60f82203781335e84fa622860e5be |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | 083abffb8ec4f65b6e1b06e1c12b76e7 |
| SHA1 | 6249157fe0c8409ef0491fe3f23fa4c1d44a3540 |
| SHA256 | 8a6562e9b1623b7978af48acc69b29fec11074ab65f0a1e67c69c643dfa98209 |
| SHA512 | 47dcff66c734115c32ad08c1fd3b276f7dc722fbcd4b653ef90cbe710b540f7a8bdf03d0001a598f6676998b5f9e6305238284ff0612e20818ecb927d03b8acd |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | 5e7a00fff756ae5b4d67676fe08c2793 |
| SHA1 | c0ae373cb454aa3e5b597cd29debf23067a18b13 |
| SHA256 | 3f97b913c304d4e819570ce3fa7f10ea3434f3f1afd145cfefef7bc4a4bc4cc8 |
| SHA512 | 40a8674783af1cd20d5e6022fca609ae1820c13d021299517ee43ada08a21c1774c926fcc40b90c14e890703aeaeff60c4484a59b13932fd7cff2291751225d8 |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | 521dc3ef03ba84017e094673becf9abd |
| SHA1 | f7c7c7c9d243f1b8e9d357ed99b7f877fb47ebe3 |
| SHA256 | 83dc39c76002e6257123da8f96e4bfff56ca9be1246a03ebc2cf3368a968507f |
| SHA512 | 815cdc0f56108c9bfeaf067f6e28eed7cbab1140607635147dce02e84fcdb7a00e46b8607e7a1788b131d280b830345591dfca604dbc54ed4ca62e6438b4b81c |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | 9cc640de7c142bfb37bc37dc269e126c |
| SHA1 | d9ac6cafd5a5d05b057ce7ff00457808761b52e5 |
| SHA256 | b8bd9fede7b8b3541608083f7e8b4f03829535eca4ba083462c7b78c94832793 |
| SHA512 | a146b2ea50a0c500e3df3c210c71aa4e0e0475ec31a81e4ba3d60c12a28e22874ef77f4fcc96e146672c485b3d355cdd9c5ecb39104c62c6559d9eadf1fa693e |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | d375f1679db2b28679ae32ce867eaa80 |
| SHA1 | eff975194223ada0619b2e59c85f7f3a24c6a3fb |
| SHA256 | 9f66d4ccd183bcda8755cd6c28c296891953efc0ebd5c6fb55efb5b9e67c1236 |
| SHA512 | ec3180dd24022b480caade3ac8314c7056e64712a67b242fffff842c4f037f2cd736d8649fa51997dff25fb203583b1c7b19ffe8ea89d61f27e7057cba399307 |
/data/data/com.baidu.group/database/pushinfo.db
| MD5 | 2c7ebd99455c740af1c1adc73fabdd38 |
| SHA1 | 02a7d06c1833aa01aabb2e62484a4b4dbb1d52a3 |
| SHA256 | 54f00ec65907f6d8049731b00a39283f00589d2c979e20ef6924a78bebc77a81 |
| SHA512 | 9352d270f632429f2ecf3965353024ca96b94ace993172124aec866a8594591b32917a3b46583a37fdfe192e36c8ee454caf79774dbb117244088dac9ff1e9f9 |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | 0886c4669e2bca58bad3514e17f8d9b8 |
| SHA1 | 7f1fce084bee50f6db1cef86cb9584c2e40040e3 |
| SHA256 | 3b2380f8e6b6deedf8fafd4ab75444649b82982d27d745da26afa9b2e6207d7f |
| SHA512 | 0eebef441b8253399cf68b20f65133e2264fd049b2b5de5a7dd5f9c8391106b942059a26a08c33bf703333c09ec0cd8524f226296b9631248d7bd2e58dfa45a5 |
/storage/emulated/0/backups/system/.confd
| MD5 | 249e034c9703afc1fd6062371c7f3da8 |
| SHA1 | 9ca489179488e0fe5a35f7c0d5887f163e4890cd |
| SHA256 | 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a |
| SHA512 | b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | bf59561e8c84d61f8429ac0c4ea4b60c |
| SHA1 | cca4f7e0cb2d08a2159d491a9dd28e3a598db782 |
| SHA256 | d1c47e81ace48a7b2fb866ce17107f5b797cf48386319096a32893d9a86cdbaa |
| SHA512 | 80e50620190ae3fd789166f3f8d0e286deb12d712bd8062ac5528095f324057151e0c0dd7af0d29ccc17173955b0eb56bd96649a44bbadb930124a531694490f |
/data/data/com.baidu.group/databases/pushstat_6.2.0.db-wal
| MD5 | 18b58b366adc3d01434d9f4e09a5f249 |
| SHA1 | fdf30e74716e244ffcd4f30a9b0136fc2490afff |
| SHA256 | 9ccbc4f856687fb5c5d713364ad38aad249537465fffd48ba1b7c167f29f2e7d |
| SHA512 | 9e19260775a5978b405fea0ea073d6de0b59ce5b2606590133fd51631c80600babb7fcfd248e63b52ba6cc019e93bff9eee8030e8a84821823ba3eab8f93494a |
/data/data/com.baidu.group/databases/pushstat_6.2.0.db
| MD5 | ce99403d60ae9391abde084033b77bef |
| SHA1 | 99ad477ec3d1bebbf66a1eed7170bfcc49f7aea2 |
| SHA256 | ae65aa68923277a7aec626e22adb6a0193c4c16e7893a7d91bbfe2a90538b0cb |
| SHA512 | 3e0502b34b1c0d468dd2cfaca6b3ee82304845b33b3476e1cd00201e387721e85e9ec9aa54d02e0a5cb3b10262c4c97bc9778c2a0b0c01d20be6db8aff059908 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 25fe3cd1c2b453984d929aafbcbe27ae |
| SHA1 | 136df679e0f5bdb3ad5e3ff4bc50a82a02604262 |
| SHA256 | ed8ce756b8a39a058b971a1605d01f0d62317e7017bfa9b7e1ccaf266e735938 |
| SHA512 | 08e3a9be0eb667d35089a9ce30bd307f33a7695f5f4c135478c9fa57100ea320517f7b8c9321e7540ec31f157ca46284ae873683bb5891ceddfe73151c96daba |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 158859f752dba4b5e162c6dec7932414 |
| SHA1 | 0544b556685434f237ebf555774a5ef098f74470 |
| SHA256 | 2fd16790778b65aacf4e77274433f3f71195905365e103902b945fff927975d4 |
| SHA512 | 639375807b63a9a2618396d55874caad532a6b5166d8d89977d4cdd1edf0d688a1d85a06d1845cff48adebfc85a99eddcb47d3bdd246504da6c308ed8a7b2e5d |
/storage/emulated/0/backups/system/.confd
| MD5 | 8c7f6e3b52e6e841b895bbd13644ed43 |
| SHA1 | ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2 |
| SHA256 | 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c |
| SHA512 | cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280 |
/data/data/com.baidu.group/database/pushinfo.db-wal
| MD5 | c168711c560dff762acb24f3245e8b94 |
| SHA1 | 53a6cfb14f949ef370b4b30f6f09c4bce2e2a413 |
| SHA256 | 462c9d7badb42b29cb79f0af1c74c78b0130dd622c7d4fa894793a130beae437 |
| SHA512 | e68a03e4978ad6a99b5e80f3ba737c47aed0296b0aed0cd68c650daada05aa649a36fe0ebbbb87299dfc113d31ef6af3bc0d42389a9923b2fd265d75840f98d6 |
/data/data/com.baidu.group/cache/ultranet/journal
| MD5 | c7826e700802224ca553fbb32c3267af |
| SHA1 | 90f945f1672b3fcd5a2d4ef6e817a36c36c4fa03 |
| SHA256 | 6a41a479fc2a2efb8cd426dfe01d9941fe8ee117861c702c35206e5824cf234d |
| SHA512 | be24950b37c26537603584ca884a592df4dd8258c3a7d75e0fa9428539659759f101cf83e579cf2eff6258f57c130664c441d1c999b1342609021c94002422db |
/data/data/com.baidu.group/cache/ultranet/064785e3adfb7d7952f1df531237762b.0.tmp
| MD5 | f2328d59c0481d0e2c8dd54628f992ab |
| SHA1 | 2516bc3a9b7dd2e95a8e84ba3592a2a4b7a5ab2d |
| SHA256 | b7ce21e8381fd42883a12612288645b8ff5629d952e7db4e67e211b09c14e804 |
| SHA512 | 2fe857a1d5a37943441ed55cfd36dd9a151d314ddcd5dbd07210f15367a3a2ec364468197232db5e3348082fd5bdd3344c419d93de4ddb0a0db5bac9f736d1a2 |
/data/data/com.baidu.group/cache/ultranet/064785e3adfb7d7952f1df531237762b.1.tmp
| MD5 | 3d185a9e86d58e8be96181f76532e6bc |
| SHA1 | 102ff01805eea76fb19506041e5954903f1dcce9 |
| SHA256 | 991244db2cd6892ee78e8324b77065373a71d974552afe5b38010b48ee7238fa |
| SHA512 | 2f40b6f7b7b7b08e57e4d8e5a5f13b4bf6ca5c70cf79c98370ac04aaab61bceff18c0a06e9f5452cc5a2508339ce8c04ab600764b74f1ff179419eaa96765db8 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | a1497f70f8da2d48cf08e5c8162d7418 |
| SHA1 | c867e94e722dc97b315cd4bc66202219d5d0620a |
| SHA256 | c9c3a588c250f0d95a6ab80e0671334113a363c0b1892b6f1672591c2daba725 |
| SHA512 | fdcf4dc91b523c80b9c36cfcaa68612228c14714d5d74746da9a65a40745a1e7c4c9ec59b3531da092594c6d0099ff538a24cdda14d58165aa03d2e3aeb61447 |
/storage/emulated/0/backups/system/.confd
| MD5 | abb1c11ea9b175dab0141cd5320fc723 |
| SHA1 | 6d181d68f50b9ed8c2a4938623228b5018346887 |
| SHA256 | 29693e3b2859715c485e025f8de008eb956e64dc4491e3dc834192319ccf3823 |
| SHA512 | 27eb9c7633125b3478255ee71cb3b3a3ddfbcc2790d9e4775d28d124b04afbef6df7fe1e9d2b092599a03164193ec95655b8084b003aa6b6c55cc8cce2c66bd2 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 5f932100fdd996a49a9bee7420eaec57 |
| SHA1 | 90d1c778dc8313ac17878f3fc9b22b73ba925c50 |
| SHA256 | 8eb035ce8a90b286146bf95009c270d5530a9be55fda347c85c6847b46e3a287 |
| SHA512 | c994f34cf2e34a993684c8c96298cd3dc2bbc09e8d6b01159804762228423bbae99b4a06b23df68516a71fc044919abe1ca556c5f502d94f4cec45ca00647b99 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 052718ddac5786e2a3814e3326eae887 |
| SHA1 | cbd55c99ee7c14d3787071c2b9f2708dd05fee02 |
| SHA256 | 9c7c67e665cf26c5a2c365fbac83b075084ff446695b35b9b148f1096a2496c2 |
| SHA512 | 7f74185b4192bb9b6972819c6ab7a09351fcb74ee5f7dbbd9729802885b42268a23a1364679c8f4f656d935c88d6016d95184b1e5577875466352950174d042d |
/storage/emulated/0/backups/system/.confd
| MD5 | e4899d63d2750cde66b71374ba7b2f06 |
| SHA1 | 8d7b027a998e29c1b2472fdfdba7b718c08ba323 |
| SHA256 | e31ebfdf2a183ef073a170b07d6c43fe4bab45d3706dd5107df822d6a218a3d0 |
| SHA512 | 8e654d82abcc334b570581756558385bbb31706b4b338a0213e2cc83331d57958fd45b8add89aba5dc1df5c3848912a34a1c3ea52ea89ddb7ec72d1e7830598a |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 3b64d9514e768dfc76dcaa3be1082474 |
| SHA1 | cd398d2dbd6fff698e0a4a59e1fef162d74496b1 |
| SHA256 | f4416faf1158d1f7c8ceaa0f8e93d01871ca6638f7963461c3c43c514ed1c3e7 |
| SHA512 | bb37dab057c02557a8f4dcc01b9b4dec62c9a5856459e55377defd202d81ef0dff17735b561f1f56a97e7ef5a4caf5c9b81cb381a2dad9a301f5240aef1e0b0d |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 83de367a686da5d6ae9cb967fca0a33d |
| SHA1 | c75946a1d19382b5f405791a00287dab588477c7 |
| SHA256 | 6859ee8d3dfc552666a6cb865b3efbc4e1c66259ee4822266ad4127c568db82b |
| SHA512 | e8b6ad4d887abf5c181bcc0144a7957cc478454d6191b0f31b0df3a5db2dfcafa32b2ebd7a783e7354cc56b77af2d53fa2e4a185a6611f735eda953debd17d8f |
/storage/emulated/0/backups/system/.confd
| MD5 | 8b68c559c4eadbf4fb4d6df5c8a849f2 |
| SHA1 | 91ff4bd46e293e94e8fb25c27e7193f914fe51c9 |
| SHA256 | 019064e1c3c1683214564fb7cec167a3887dc412e34e751ce7f5c43d4a585ebe |
| SHA512 | 8d6b130de362d229ef563e20d8f0b29390259b368e1ba93385e2a1835a7402c062ee9dcb607c3b8fa63183d1f54be5aac7ad2b326a37fa20860135d4f9629be1 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 95691afa43b40fed1beb7d271f0a72bb |
| SHA1 | 41358d28f4a8df952ee96b5e12803c653d375ad4 |
| SHA256 | c8e069f2749e2babb057feb64c59d7cc122abce3f28b0ad583e35d151957f786 |
| SHA512 | 81b59eecf4c0f58f38aa6584519d14369ab50c1659666597a234169292093d14bcaccf5f4fac94b97280e6a4a250742e1fc0ed7a7dbdf1de735b4f5d45935235 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 6dad8c76d93fafbf67e4409637ba2583 |
| SHA1 | e6258bfa68b5abad2766ba019feddac209f05f4b |
| SHA256 | 5f835fc54daedb54eea1de156a9c0468f9310ee3c06bc9f2bb4a0ea8267ca678 |
| SHA512 | 88d2367fa11f78cd9b46469c0c2db8d3e9ce9ef58bbdaf21e8ebd8cd2d447acc6025ffa5847bb2dc64a41462f4525a500cd82c0bedb068a79f5ba249474e9f0b |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 0d49c851b70f6aaf62235e625ff747e0 |
| SHA1 | 0b29d6d15db50f388dace15da99b6a53fd088019 |
| SHA256 | 245faef6ccc3c715668144fa5c099aaf8214270725eab5010d67fb815b4ceb63 |
| SHA512 | 1ed18324e655961bb9bfc6fb04331b2295b80257201732d13c191eabfa40c2e9ce33ca9822fb6e23c63102fc07287877e91f6d962d307304202bed9b7853602e |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 678dab6a2683af21f6e8c6956c4ad780 |
| SHA1 | 88d28f5dba08dbac1007e5bab743b5aa43eec766 |
| SHA256 | 31e0765f0663c9335a02b1418efb6f5902a91c4031555837c5f8115ff347cd51 |
| SHA512 | 12b177f8e99a204a4b237e903e3ec7a8e3a0695d804c2aeeffe80dc85673b5e52bcef5273d9b39143a3e03b4e292016cdf5a972f6b6139b860076ca80f63ff86 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | ff85b9710508f0e2d389fd26928e3a09 |
| SHA1 | 4858c737ce9912bf77609b87b8a5ee68da70bcde |
| SHA256 | 7afb266e1ef26ce5ff33bd2e34c8a29b74c031c0edec3c51069731f6f11c7d62 |
| SHA512 | 49740562a8261b07b2c9c16c32a11d956dca79b6837489751348a9334825f9ea1bf84ad0bd10518706913b296987608365fbe84f5626ae54cec6f174bfde9f3c |
/data/data/com.baidu.group/files/statistics/1717624324580
| MD5 | 5f3fccaad1aa98ccb99b8f273d40897d |
| SHA1 | fe6422552e65abc59723858d4a084e5d05a9f150 |
| SHA256 | 673c764dd4829a229a1a736772d90045653924be0c17bcc5667e19c50e330551 |
| SHA512 | 8e875095bcb3aba793f96743e475667d58022eed545015fbfaf8fd2ea2172926cb3503b2c9421d9e1f3e1ffc7be65b4ae87fd6d20527e62a4f1c0cb20351c985 |
/data/data/com.baidu.group/cache/ultranet/journal
| MD5 | 63cb9d48f54c0b85995e6eb8b7b0a19a |
| SHA1 | 005543bdb877f51730b79e480248fb3e6a9597f7 |
| SHA256 | 39343eab3f865958c0f32e53458a84c4b1a3388d2c5c0eb07f618e967516d3b2 |
| SHA512 | 85373dc44740c5c04570022a85e996773a13826a38445ec0497326a8b4b0f7760da4b2179cf272e6cd2704e69cf234ebedad56160d2080b7faad35de7f36b74c |
/data/data/com.baidu.group/cache/ultranet/30888e039d66460fdfb60d69d0481cd7.0.tmp
| MD5 | 07122409515f29e7cc0c5f14ad7970d6 |
| SHA1 | 17fe74528400cc118746d8558ba8bddeb57970f2 |
| SHA256 | 2d403b84c0e25c12adf54847759c4a189ede8e33eab393cf3f4306551bb274d0 |
| SHA512 | dadbf6da9191b706c91124ebbd9cf4f62671b1a33e4ee5fcddb0bf5def21d6d35792808d4547daa79a7c818e63a4674affcae70758d104e133505349e487858c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 21:51
Reported
2024-06-05 21:51
Platform
android-33-x64-arm64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.4:443 | udp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | udp | |
| GB | 216.58.213.10:443 | tcp |