Malware Analysis Report

2025-01-19 08:09

Sample ID 240605-3cz8psbf61
Target 998223ab4d891963bb7c45efdcf87e7d_JaffaCakes118
SHA256 ebf49341e5816b7889c75d9c0d9ddafc1d19cb0897013dfc498716c97ba31cd4
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ebf49341e5816b7889c75d9c0d9ddafc1d19cb0897013dfc498716c97ba31cd4

Threat Level: Likely malicious

The file 998223ab4d891963bb7c45efdcf87e7d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Makes use of the framework's foreground persistence service

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 23:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 23:22

Reported

2024-06-05 23:23

Platform

android-x64-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-05 23:22

Reported

2024-06-05 23:23

Platform

android-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 23:22

Reported

2024-06-05 23:26

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

151s

Command Line

com.txbnx.windwing

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.txbnx.windwing/.jiagu/classes.dex N/A N/A
N/A /data/data/com.txbnx.windwing/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.txbnx.windwing/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.txbnx.windwing/.jiagu/tmp.dex N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.txbnx.windwing

chmod 755 /data/user/0/com.txbnx.windwing/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.txbnx.windwing/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.txbnx.windwing/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/user/0/com.txbnx.windwing/.jiagu/classes.dex --oat-file=/data/user/0/com.txbnx.windwing/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 trseacher.duapp.com udp
US 1.1.1.1:53 dht.libtorrent.org udp
US 1.1.1.1:53 router.bittorrent.com udp
US 1.1.1.1:53 dht.transmissionbt.com udp
N/A 10.127.0.1:5351 udp
US 1.1.1.1:53 outer.silotis.us udp
US 67.215.246.10:6881 router.bittorrent.com udp
FR 87.98.162.88:6881 dht.transmissionbt.com udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
FR 212.129.33.59:6881 dht.transmissionbt.com udp
CN 120.221.80.193:6884 udp
SE 78.73.175.217:48019 udp
PH 49.145.114.187:6881 udp
EE 136.0.161.172:54406 udp
ES 181.41.130.243:16168 udp
PA 201.225.0.187:45521 udp
RU 79.139.179.127:2101 udp
FR 128.78.152.80:54164 udp
CO 181.51.33.130:5032 udp
HK 218.102.170.39:24736 udp
RU 5.206.44.56:6881 udp
CN 222.137.152.148:28409 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp

Files

/data/data/com.txbnx.windwing/.jiagu/libjiagu.so

MD5 bad90524bd3a2facf926e649e320a5b3
SHA1 0021e1051f80aef052862f69b97173483736505f
SHA256 77bb7b4333febc6ad0fa04ce2a27abae8749825e1beac46fe5f03662c8e4c1ef
SHA512 4673c453ad0185020b07f351004e56abeacbd15f90a2dfb59cdcde52b3354cd9f2db39b1d941409bbc4c6f46655b833c1100ab5587304f0d35b809a6e7c830e5

/data/data/com.txbnx.windwing/.jiagu/classes.dex

MD5 adf97fdd51200a48ded4388f7b2fb590
SHA1 c3616a768fef8da281ba56bed96d8116be2e1d58
SHA256 3170fe8262c5ad5d93ca4fa20c02e04ea6af073225199d1398c80ee1e88b5665
SHA512 38ac5065808f7458322b82be45b39950183373cbc3bf957b914472f5de6bde414d5f38891b6af606bbf93582a84959404eda3ca18410f27317902cb3cdab0b6e

/data/user/0/com.txbnx.windwing/.jiagu/classes.dex

MD5 3157330bbcf63698d029f80399fcabc1
SHA1 cd1f463759ba550e10c04df7de141a3e174a7b22
SHA256 dd2059af84fc0c88f6dadc7e78f3c5d94b6795f10779f0aa20f943458d2b92e8
SHA512 f269cb4b1043bdd161678f2c9df9d23ec7f46e171924ba128b3e3152fa216e63d940233a94be572437b889ead488fa63d5c390feba74957ffc12512b3bda2652

/data/data/com.txbnx.windwing/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ri

MD5 d111dd2192bf0580774bfb9197971f64
SHA1 9d4ac489721f2d625d97e9802036248a9b35ea74
SHA256 fecc69d20693f9bd49fa0377b88a454a106267ce36aae2bafbb3488fe401282f
SHA512 7fbe93b782890ee99fc435946848a48325e3e5c7763f9d523282ec41507a11ede9c6fe5ad73b21bb4e07ca0d5dc25f75aa55cfb0226db2a73dc0db85f67b46ab

/data/data/com.txbnx.windwing/files/.jiagu.lock

MD5 63b60c02b845478b19a899d68b819072
SHA1 e6edd537ef4d3ba473d81a4c22dac7531cd9cf51
SHA256 61a95a3e8ab7dc31f691a5da14bb57b306cff516674fd9723f7b3ec3007ef16a
SHA512 380b3a435d3c4b35e62547a14348f7ea153029d908b4c179e558696f98e4421df937c6a0487cbe2bae41b6a7ee5df7aed0a6470e156a21b16d74f2cdb41a2833

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ac

MD5 8f07934df07dd64f081201f024367ad5
SHA1 8d6cfcdda9da7d2c1cf51cd1a8b0ec8e88ac6f68
SHA256 4aff0bea35b6b8011d8258a519cb1951e44d6c1c63332bd54fdb636978e9fd18
SHA512 a30a8e0b1e74d9616a6e231bb04013f7fb77c84201b24eebe0c8c9fa070294d8682267e2a2e094a4bd2dff2f627671b0677f704c225bef25daee1e9540f46d06

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ic

MD5 7870fb4d0fb70ad81528c88c9f14929d
SHA1 36d15529741af1045a5646c9163bf4fa2792b48b
SHA256 1c056fe40b6a2e24d7dd221800e1dce7831d877ea3280a9d6ef2fc58e938eb68
SHA512 be235b006c7785ad8cb8308d9de3bf197c360ee56d233c4159599bf2f44a8184438a71fbf9e653e651ec4c950c0bb50b4c1bcfd06fed4ac17c3a005de7fff0ed

/data/data/com.txbnx.windwing/files/.jglogs/.jg.di

MD5 b65e2707f45b8c9b16031a401cfd5e00
SHA1 9ccaf2b49caf780a936c7e7614e046540ec88201
SHA256 ee3e79b553f6dd723c501d097e8a77ac9954d7471da6231e421a450ca383a329
SHA512 eed11458d996cde760b41563df156a1481286d43b1cbd326ce0440469194d0321b702b30607c26cfa19aa330859a62c582092dbc3098bb20d8ab11aecd56d910

/storage/emulated/0/360/.iddata

MD5 bec46a490dab2e2fd272335b7b8c76c2
SHA1 a9937539ba80393d56d2fb4358f1c6591c5463ce
SHA256 cf97d177b3f497b9652911ed634b51d53835e5c61deebbc6a51f78c5ac4d3000
SHA512 b8a857bd8614674f2f8ed8cb0604285465641d4d837dc32a6deac9ef833209979f5daf69f1d9cbc5a4b5c727943b6c0d260d495a1f41a73a6342fdd5b24b83e6

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.txbnx.windwing/databases/tray.db-journal

MD5 56c789db09663171691baa8d6ce57e48
SHA1 555fe30e4caa926e5e9a1e773e82f973a4c9085b
SHA256 170f5f61d56a27240bebd9069c4aaf380b0b0b8d23c85344d60f01edbb82645c
SHA512 cd33d0b1c36f7500e8ce9cbdaaec748a154b1f48c205aa67bbdc1d5195632ba74f1cc04fe9541c1084aef70fc33ed1052da4d01c0efb929602a38e949e1de09d

/data/data/com.txbnx.windwing/databases/tray.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.txbnx.windwing/databases/tray.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.txbnx.windwing/databases/tray.db-wal

MD5 522acdd5df29f439602484d4cd1c9b1a
SHA1 0828372be2d9e37a1a804c4397f16bcf44397996
SHA256 1ccfb1c30fc3ea378cb24480279990846227961580f1494a6b44bacedb9cde51
SHA512 4223ffac19a3ecc007eb89d79b71cf5bbc64a6797d401d1f498e621031e9ae2a2328fdb288da7dac8dc5a5b67195ab28aa8ce4e6a32192e42f3d7d93a3811f5a

/data/data/com.txbnx.windwing/databases/windwing.db-journal

MD5 f22fec0f9978a30c805681dfe9452556
SHA1 340f15d7fca7d31466f2a9c7577c28b0db88c9b5
SHA256 df780c910a71567417b4ab183a2e4b26fa67d628435d2738f479f6dbb1b3df26
SHA512 6bb370098acb4e0d6ba1a01bbec4e49e0fcb56d0f2a4d5b5299c41a872b9662b981a91635d83a56741487d89d95fa8e5939d53a4def1438e3bb7611bf3c75a8e

/data/data/com.txbnx.windwing/databases/windwing.db-wal

MD5 f7359c2be716279d31b5224fe3d58f2a
SHA1 858131d21b87b21557ac8d5689b09675ef0a97b5
SHA256 197dfda936271d257303076ed2d9c36cd2e26dcecdb28b4180a6df65d2dff05b
SHA512 6de949a207d936eb1350482bdec9f6ebb942f7257d462ea580d082fb5d9ec955c4c91d852387abf009858dd98f3ad9180c2d5ef8683cf38b040a29328538d201

/storage/emulated/0/Android/data/com.txbnx.windwing/files/session

MD5 58373acb51cf9e6ab598743376d5ea22
SHA1 85337759f89f3663e135105513df6052123dc839
SHA256 c13a8518890c8a4d7f58affe2170a199bb11b3107c67909feb06eb33da96e1b6
SHA512 8750c775a23f3220e6b0c140649331de3b486501814915bfb9366a3c96a25cf9db8b3fd026de7db377dd9fefe5e3d715114c3214c4f1c5bb4b82714cf9aa64e9

/data/data/com.txbnx.windwing/files/.jglogs/.jg.di

MD5 d1055f58a099d30d7e9cf8abd1d4cd5e
SHA1 11f696d7ce4a03bf40a4f6cc54d6f093655a48f7
SHA256 dc1eddcd5393085df8450074c6f3f4e613462f46f904d3afada4c273d60bb9de
SHA512 ec5a3b1492f3f613211ad83bdfcbf196fba0062e6f163953cdf014e0df88897230964369f274f4d0cc3adce65e4418f65d4b50d136deaa28d99f719e45609a79

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ac

MD5 07e01d83abfb750e316e4bb6c0c8e773
SHA1 94f5c2960c566fe020c06c60a4f4744404ebaa1b
SHA256 4fcb16d20a89c8e12757991eccb55dce042d7238fedbaa3d87890b4149b56be8
SHA512 2ccb9dd4ad539291271d8e8478b9e6ca16725c750c394444593ce6422cd493104209e03d59fe301ae76cb285a046d029a2f8e39c4b33cfb97239e8edb11b675e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 23:22

Reported

2024-06-05 23:26

Platform

android-x64-20240603-en

Max time kernel

8s

Max time network

131s

Command Line

com.txbnx.windwing

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.txbnx.windwing/[email protected] N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.txbnx.windwing

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.66:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.txbnx.windwing/.jiagu/libjiagu.so

MD5 bad90524bd3a2facf926e649e320a5b3
SHA1 0021e1051f80aef052862f69b97173483736505f
SHA256 77bb7b4333febc6ad0fa04ce2a27abae8749825e1beac46fe5f03662c8e4c1ef
SHA512 4673c453ad0185020b07f351004e56abeacbd15f90a2dfb59cdcde52b3354cd9f2db39b1d941409bbc4c6f46655b833c1100ab5587304f0d35b809a6e7c830e5

/data/data/com.txbnx.windwing/.jiagu/libjiagu_64.so

MD5 33471153cc6883513df99d3db999d983
SHA1 84d15fb0d322405f23954a5c68c26acca7280449
SHA256 0e0ffba84eb91c3d04b53e27df127a09dc779cfc27fd1d70f25c52033f226993
SHA512 2ece4302ebdd43106744ed450dc967b64feae013c7927543903545b0ce187d6f840976f7db1bf8c1e7275ba59811f52895af90b006b4e1b328004134ff5c3f10

/data/data/com.txbnx.windwing/.jiagu/classes.dex

MD5 adf97fdd51200a48ded4388f7b2fb590
SHA1 c3616a768fef8da281ba56bed96d8116be2e1d58
SHA256 3170fe8262c5ad5d93ca4fa20c02e04ea6af073225199d1398c80ee1e88b5665
SHA512 38ac5065808f7458322b82be45b39950183373cbc3bf957b914472f5de6bde414d5f38891b6af606bbf93582a84959404eda3ca18410f27317902cb3cdab0b6e

/data/user/0/com.txbnx.windwing/[email protected]

MD5 3157330bbcf63698d029f80399fcabc1
SHA1 cd1f463759ba550e10c04df7de141a3e174a7b22
SHA256 dd2059af84fc0c88f6dadc7e78f3c5d94b6795f10779f0aa20f943458d2b92e8
SHA512 f269cb4b1043bdd161678f2c9df9d23ec7f46e171924ba128b3e3152fa216e63d940233a94be572437b889ead488fa63d5c390feba74957ffc12512b3bda2652

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ri

MD5 b3852c0010df74a146dcc4599b909d6d
SHA1 6d28ecefd804773aa9092c9bde3781aaa24f1f66
SHA256 9c4ffb6d55db854ce75c62b45357366c7b43e56652295375e2aa19af2672d141
SHA512 52d2c01885e726da8f72f5c7ceb18bf02d9157af98c1a031af5f5f15c40787b5f21dc508f2d4c9da1c64aaaa7fb06ce3d2dc8ccee17e73cb3c80f604687dc00d

/data/data/com.txbnx.windwing/files/.jiagu.lock

MD5 fea9afcc4749a3a8de4f2e055bc114b4
SHA1 4621ab8ef7a468f8d8a593f77a15e65aca1f7f51
SHA256 3a972ccada070feaf5465fbd95a2eada239aa51efc910fb11224107c13496203
SHA512 4fe81b1c38ab0e915642d9f06d7adfaf1501cba514a61e2e58b5a212980fa0fafd3408457c1b4650b124f6e323359f802348484faa623352483759e2b91390fd

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ac

MD5 9872a3a5bde9d3fa8a40ab07b2dea132
SHA1 2348fd49608e33663e5677172ed97771ded5c03c
SHA256 8a63859d0c0590c363d049adf08f0ce1c9accfcf0b65778d82ce2e9f773aba42
SHA512 23a774b9700e593a065e6eca486c2f2f79163ecdc1232727c10026e80481489657e911366f3d905903f3e0c468d5e00b669fcf7d4dbcb7d2f4d67c6ae10a9042

/data/data/com.txbnx.windwing/files/.jglogs/.jg.ic

MD5 4a62d4d70d4692059bd507c8b941741d
SHA1 73a049d3cc59a8aa8991efe2ba424e0f48d95560
SHA256 4de9ea887d79d3c8e49078a20b498d7f40a085e04078087f21baa19536eb83e7
SHA512 bb4a9971a7cb51f32d86f71b7806311fbe73ab0550a04fb818f4f3f72418ddf0ec703dbd805c16d7a669058320e87d661be46a87407e1d7e36ccfe550a02d911

/data/data/com.txbnx.windwing/files/.jglogs/.jg.di

MD5 0decf69060c383d5a5ced12762bde240
SHA1 b77ba9ed44cb139b3480bdbedd07a07443843a25
SHA256 415af71cfb801c670807f047e5ed5a76f5e78aa2d8750fc9e3fd3bdc01bf9d03
SHA512 7570227772ef5e9e0111f14ce34f9db571db4429451f2ca1d675d67efa0303e5cc57e2be6b47fcc0d7f569b1f0d76ce6dc80c5434197d28910ee2ec1623f7606

/storage/emulated/0/360/.iddata

MD5 8a1dcc1ae0b404dd2d08c489aad35858
SHA1 c44f6387494601f38c443c3883a79132c9e4f24a
SHA256 0e8ff05b8f109d5f4f909f432262db6a112f5cc43836bf8fd0a6342faa444893
SHA512 ae3498d3780b5154d26d353fc24d585c74be201281723b39472cdbc02f0becef310696b3be62b22794b8faf91c59fcb6b9d6dfc42ac9c7c4a4202cb90bc41f55

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 23:22

Reported

2024-06-05 23:23

Platform

android-x86-arm-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A