Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-la19jsbg31
Target 97b98fd7183181b57fa7a01b4354b160_JaffaCakes118
SHA256 6eaf074a19851e487c506b897a5664c0ec15fe5883d163c57a25eed221fedc31
Tags
collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6eaf074a19851e487c506b897a5664c0ec15fe5883d163c57a25eed221fedc31

Threat Level: Shows suspicious behavior

The file 97b98fd7183181b57fa7a01b4354b160_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion impact persistence

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Queries information about active data network

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 09:20

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 09:20

Reported

2024-06-05 09:23

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

185s

Command Line

com.yaoyu.youyang

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.yaoyu.youyang/.jiagu/classes.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/classes.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yaoyu.youyang/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yaoyu.youyang

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yaoyu.youyang/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yaoyu.youyang/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.yaoyu.youyang:remote

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 sslapi.cqliving.com udp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
CN 47.99.14.15:443 sslapi.cqliving.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.yaoyu.youyang/.jiagu/libjiagu.so

MD5 a52e43451ac88b0daa62ad9d4abff6b0
SHA1 6667c6fabec4e8fe2717ce4f69cc566c40574b41
SHA256 b3ed458702541e6f975d7bc61cc8412c7025267a9a7dd2dd25db24a21b20a667
SHA512 704e89cd80a73034b22188f44027d15cfbeec65efe7fc5379f58558829969b1f7b986247c99f0ae46ca94a99c0fa551e7a5c60fd94155a5e9cbfa44528c3907b

/data/data/com.yaoyu.youyang/.jiagu/classes.dex

MD5 6ca6c3f0d2c0f8ee5fbf10c705b4592d
SHA1 6b46ab49a525b2041dfe00ad51d0fbc4a342faf8
SHA256 39156a0b842de3231115f2e32c7f80aaa18735ab7ef6a830a99319822fedbc05
SHA512 9c0c9860fe3500045051bb34c1ec6bdec6f95953fe39a2204b8de2d9796afeb9326a65afa4fc2ef100432ae381d4e88413a1202db5e529f15e4f3ac79e449c07

/data/data/com.yaoyu.youyang/.jiagu/classes.dex!classes2.dex

MD5 197fa7981ff0dc5ce19928d49f9ce676
SHA1 2ca348c123d8ca3e0eaaaf4543eadc472625ebc5
SHA256 e5f4cf6788d8d4158b60700536f015cea54ea75d0ae55f541cb13c666fae69e7
SHA512 5ec59658af53b16db98f4cf283a606d497028b7fe12047b489deda569103cf84e061492729bf3fabe2c458056f20a33f5a493aa27e17138e4b9f7555d6206bd9

/data/data/com.yaoyu.youyang/.jiagu/tmp.dex

MD5 1aad16c721367ad3819b3a45ff1b4acb
SHA1 91f84fb1f1c6f60fc8f3a23015cc125be5646203
SHA256 9e59c2c6a6dc08247d111ab7b0987005220cb32c3f414cdc64044946b9b9c52d
SHA512 cf978d4731bd341a49197270de7ad7b3e462e85ea7f083b23bc1d8f171831584dbe4019228c711914cb3a514250835ecd00b506f3e3047ae961afcdcf0a7ad2f

/data/data/com.yaoyu.youyang/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.ri

MD5 4cbd73501c8ce9f60680c7c494a1010c
SHA1 5bebb746ebe662c5fec6b4205b5a29088050aeea
SHA256 c27342de31ef932b351d4f593cac2a484b51c081f2f3dbd2c1863949db024df7
SHA512 ffca5675996c1805ce9d530aedf512293a912085924c3637065c0fd5487be28fe4920fa5963f2dfd7c3e33504a9297c884d99e3bb9ceb4a695adbd4971e49c39

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.ri

MD5 a141a6127ef217a391af7fdcd245cb7d
SHA1 d9a187ac1b2c216ac5ab68aa9a2d40a33f4990ac
SHA256 e0f0495c7ff4ef71bbc653794ed2adb8e0547f9b0de209eed091a490bfd5981d
SHA512 ebd27483f6ae24ecac42bafcbf3125c5f654bd0ae930515f8514be4a037222c677217102458c0836e492c3e0e9d51e89c9327ca091430aab43555ae488928635

/data/data/com.yaoyu.youyang/files/.jiagu.lock

MD5 dd06f2fed9b81e826ca229b37b71e014
SHA1 2fb0d20976f622fc7ff1e0a928c9b45698227364
SHA256 87157c950b11fc95f188bcf49f97ac2a026007bacc36d9c3c90c292e40b74d4c
SHA512 f10efb25cf663b54a7f06eed4b05e7aac8802ac3b6b5e0e8af96965d9dd682a4e85d653a877ab4368d913fac1b7fe5d23fa8b6f4fa6f8ef33a31a2fa7a7177d8

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.rd

MD5 c3db9fb358a60f7b2353dc6d7c98c85c
SHA1 f238e326312a50a9007088e533c79b24597b2f7f
SHA256 b49623704090e24a5407bf2dc521c940ead3439167de346416a21393d7510b39
SHA512 3987ac60b25835b61f6e1a3c232f46a2379d4795104551a7e464a011ccbca574707827242fad43b52980dfd7c619f6ae4189f1b795f6a866782e94adc3ce35b4

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.store.report_pid

MD5 9ef4409655a8e54834b96910cfd81157
SHA1 84260484c7995ca272ade70cbf70bdbd815a3629
SHA256 ec1ca69a15a2bc6eb558a1556b0bc855f7769a4db1f92bd6728406b862e5f9d6
SHA512 9876e2bf391be1b0c24b54fe34132f7b852b7b57593c6250ddb83e42b2a14b7a271ae6e31dbdaf5bbed12c65fda6e433ddd49e068daf4294f28cde8bacdcea18

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.store.report_pid

MD5 5dc341d35e283e1fd1727d70a36d50c6
SHA1 5ae12d390590bf9ae8ad4e647274ad917d0e11c0
SHA256 3e6da9fb971ba4bf1544d50d1277553d65abc33e978c5c14ee04163040a46d6b
SHA512 bc7d57733c8321ab4d3cba53e0b0059fd5d4c7fd8d808e2d3df46ce9af06425395b58be1386b07a7248f2c4ed9492b18241a525a574e463c37619ca479de539b

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.pk.h

MD5 37bc53dabe218b102981a34d05e57265
SHA1 9cbaf2a17b9bc59b92524be360bffaa61f8bd335
SHA256 c2217d34d5079ab03939a3c14ae30d9b0ef7323b7fdc748eecd72e75e6a0432c
SHA512 19c93a9312a8827826a96cb3bb531719b870ee417f6e856e3ead53c4017e6362c37dd32a5cf0cf182e93c4fa2e1c7102ef09109202cd50411c49774edb1f4bd1

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.pk

MD5 5fd520067f032a22e905ab05f8ef80ba
SHA1 bbbc330fac326e6fb4fb8f12061e80af11db4642
SHA256 cae350b98b4e8ecac13df9973068df355b7f9874f7f93d08a6686db87f38fa3b
SHA512 e4ca50cac57990fccfb2a9fe8e541e7107320655b6fb837072f4a8341c024561ea846a17054e4f6465c302253c5837011c5f6974b8a8177b3c096dea8d5e2f23

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.ac

MD5 c131d394895cfa449736401a965d3482
SHA1 47b9dddf6be5d4c25fc138033741fbdbfdb17f68
SHA256 314247fb79748ff9cd24f6b43026c3dd8fd3a0860a54e9f37959fe9490204bf9
SHA512 a83ded84470800d10f8203ca0b87e54cffa44c6dbba18745812ce604d4d75e2abaac545a4963c9d8fa65772c7c4463b228813d051dad0477bcfd05d3a79ce63d

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.ic

MD5 18878222697f67636e448a97e913e4d7
SHA1 bb67f6c9f04a1bd76af6bdcf043fe732e2c27b0b
SHA256 6bb79739d50479cd13aa61c9d3a8312a69c8c6e57911cc8f82382a9f386b4f76
SHA512 e2ca5d21542c333d4f9ac81e7c599db7a142cf05a6c22744be6ee707ea1f4c53bd099845ea89cea6f97c0c1afe75f9622cbcf66f29898262eff98ec55c3755fe

/storage/emulated/0/Android/data/com.yaoyu.youyang/files/tbslog/tbslog.txt

MD5 ce3b9e73773ce8cbe0cfbe43396e0a1c
SHA1 11472ff5a361fd0e4b56d04a15dc1c7c22b6b597
SHA256 b869bce2e8d075545fd58494e2daaec97d25bf748f342c6c5d6e5fbd31d94a98
SHA512 2af67d640db55aa25d2f3b86810f72121435fe29d33506d0bd88dbfe7ca6529e06d67197df5d53bc81bf50f46b59a69b91e6af4232fe2a656fd6a28824f0cb56

/data/data/com.yaoyu.youyang/databases/cqliving.db-journal

MD5 50eded7d1cef0d88ab04bb0b63de52aa
SHA1 247c953a90594c1e0f86c2b9f0d8feb28f5992d7
SHA256 1866ccce2466b67f6d6f28733f90cd9960e41fba69a682835abf5bbfbc351980
SHA512 dbb95833690e09165f6a67bef6cf76644974453f8109078f6d4e6ed92bcc35a1aabac364fb598fe49f246b1fd3e76db7e21317b498cd15124927895e897c1d93

/data/data/com.yaoyu.youyang/databases/cqliving.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yaoyu.youyang/databases/cqliving.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yaoyu.youyang/databases/cqliving.db-wal

MD5 f5278a4d0af7f00abc5f251d212548df
SHA1 96e0bce4d0c5e6216846b773dfd8b6ac11cbb7c1
SHA256 c996f38d0deb38fe4810b7da419cf6e54976559a74c034248520800e0ac977e1
SHA512 7831cdda573a264bc602dd89ab8457d1752748553a9afe60d45b6e60a49738ff2cf41b43438313880f51991ee02b5c0c1f6f52d1dcb650bf8c108a462428e298

/data/data/com.yaoyu.youyang/databases/xUtils_http_cookie.db-journal

MD5 7de925374429e7476513b6a66682162b
SHA1 3950eb5955f54de2db7e83b67b15595d829257a0
SHA256 e4bcec6c53a2a9aed75782b8f536c0bf798578fec5961d5cb4968a7a1314904e
SHA512 50611042616d4295ab9d837aa4998f59dc313a3dfe19dbb3f42a5f5039801f36ca7e697411952454b292d484dbe24cd474bc611e985b932bca08483e1e66d779

/data/data/com.yaoyu.youyang/databases/xUtils_http_cookie.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.yaoyu.youyang/databases/xUtils_http_cookie.db-wal

MD5 24efe42b696c05995271d0eaf1cd0491
SHA1 65dce72aca11f2a53da2ad28b1b191e90329541a
SHA256 f6ca9476e2924e956f8d9c9ba3bd2b6e062154ef42a3c074977283b2ce39022e
SHA512 73b6e63c303ec61cfc3127ebf3893c24bdec8fb2fa94734b3af2d8e9a6bc6b95e5ecd2ac03385b7bfa788d87a5435c2a2448e993ee8e1d9b5b50e28a81acd520

/data/data/com.yaoyu.youyang/databases/cc/cc.db-journal

MD5 d8925c84c15a5480160db0ffacb2ce43
SHA1 cc9f94d759f98005eebb5c68a2abb2fd65a6cef2
SHA256 2b1169dacbbbe6b413e21aa0dc69035554cba852abffe781bd2e2a946faeef30
SHA512 dd4dd64fa7a200ef21d6e55c322fa91e629dfb05be6266ce571a1357946e61018306c190a4a3eef37ae72ea8ca8ad7febaa5a773986480d6bdda79aa662a7e28

/data/data/com.yaoyu.youyang/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.yaoyu.youyang/databases/cc/cc.db-wal

MD5 b304ff20fd8edc94abfb055302bc4f62
SHA1 1a0fece93524bd2deb9869a4d51ac6db92ac2f20
SHA256 32e2c84d2142689f47a20b8f57a9e96c84e978a0142c8f23fc8f13ad8ff6adec
SHA512 17918d69d8c75e6ebb923a905911511d4c8f18f9f512d2626346adecd71a26f49bda6971aa628970a23a340376785ae92b60f1337dddf81eb7a13cb5930f44a1

/data/data/com.yaoyu.youyang/databases/xUtils_http_cookie.db-wal

MD5 fba7668cbd934da6990c9530c379b5b3
SHA1 b3481e61452aa7eba9f473d71f29c98051e3d9fe
SHA256 6a0c82a93c71496b15299fdd618ab35edce41fb634fb84f8c741e96d0259307f
SHA512 b41118164b6cf22cd4c1588a3f2205beb8798bdd69733b575e0329ed98f97a0588281a0315d1b093f27cd163c22bb7a0732162251da1444954fb485279fb10b9

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 f3fb14a0e513f058571c6fb426ad11ad
SHA1 1515478e093520fe0c1c055804093e46766bd334
SHA256 0f5cd973aba02cc8805a9dc4f32e88285395cdf2213dc15e3337066865da9e5e
SHA512 ca5a1b450d08506effb4f0d70c6a26163eaa8a19df1da4392b59f7f7f671316c2997e7fb3f5ef3d7f84844d94805ca2b0c04dc6ab8f5a49633959ee3c49494d8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b8151db95650f04fc6c0160fbcc4087f
SHA1 767c6e339c672d42cbcae14c9387f17b68122dae
SHA256 c1133c811b7da8b7f56e67164d36daa03a95e8e69e684f8ee85d8b40dade86f7
SHA512 920b3e5766492dbb5f9737a619b8f8071701bb66aad245ff426f73c08fb8e9a679f233cd27f9519010683b5a1006fa6443ec8523560f1842409d365951ad24a4

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 8a2c002eb9339a89c679543742347028
SHA1 2c3fe19fdc4253648edd24eabfa4ddee2d410bf5
SHA256 3374205e43e042a025c1858a70d480b7054f120aec69c304813cad9abab039b6
SHA512 74bac85533c4e59a41b561fbfae6b9c800c7f6209706367440ef9e32040a0e0d981bf43cc834aa0472cff729c905b51da95027dea5c0b1381afb4b2bd720ca72

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d202dc6271c2000e14903df5a635f554
SHA1 ccd9fbf9a8a61f64f69e93b70c1e4f79b353d7a5
SHA256 da5e464193cc501484f359601697f6730de0f25bd71bf28378b7dde746c7c5e7
SHA512 782e174bebce1e163d1f6fe659bdc1e0929ef3ba0f7c6e29043d0d844eecdc3618607890be4b796548ebc567d920db1c02abea7f64d6ae123c8d0c3dda2f59d1

/data/data/com.yaoyu.youyang/files/umeng_it.cache

MD5 7a48a4f16dc65e3bbb275a7e5fbd7d13
SHA1 6d1c52ace2cd8f4d7d77c84e1142a202d6dfe7e1
SHA256 812bd619748ba1a1cb2f1da8ce2d0e629fba36eb2d1b7bd72722ba93fba3c0bd
SHA512 3f27c6c371e8a4aad6a0ab127208376e392b17ffb110948a775ca67a48b960b59f9e0542a77fa6063c7f9e09171175f6e0b3748b0c14914cc2c6a5b0c4829757

/data/data/com.yaoyu.youyang/files/.umeng/exchangeIdentity.json

MD5 b76f1b8b3d4e0f13681d111fdf9ec1d0
SHA1 bf6748496876ddd8bd5b3ab8023516e92a7dc614
SHA256 89fd40196e28a7fdb2c751c481c46afd62e89f386549b303314b906497e1778e
SHA512 80371d844c26dd2f86411bc5a32ffcf59297e4753e77a9bc4c8edff60083f0233874819e66fff6b4bec3f0e258ffe5f67c8a4aa9f34e515523f55dd041908263

/data/data/com.yaoyu.youyang/databases/cc/cc.db-wal

MD5 20121056a081ab847b1f52902e45dae0
SHA1 4fbbcd52a9ebd7869e8b0daacc08c3279abc6ead
SHA256 0dfad78c75daaa67be53fbda30fe9262f43aef257759c711962da6411ee741f8
SHA512 019491e688ebbc03f3a30a44d81d83ac0687bb84294011b33b76969454c6d3697c00a33950e0a3da206565402990db5b85dc5577fb38643fd7ba0a707613871e

/data/data/com.yaoyu.youyang/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 17e572a83c47e8d89975c7a4343ea7a1
SHA1 f5175ee5c244abc810de17c7ace0ba7257dac11b
SHA256 1b7dfbb5a8fa7df18c6cbf7ab2ab44ee1870477c54a7ce761148bfcb4ea427be
SHA512 83455771d0dc969bb48fcfaa235f3e6da31e0099fb4a34fa0018304b4d0d94c816a27688ddb66bee3be242b5785cef32e017f983e6dff475907b32e1daeaf13d

/data/data/com.yaoyu.youyang/files/.um/um_cache_1717579319385.env

MD5 ca44b13229bc0e43c5818408d7c7d5a7
SHA1 607a452b2b4dc0b5f806303a35ec31c5e7f4019d
SHA256 37835ef18f2d1f4f7feb5445168668e84824af27c724f7dcd17ca21f602625b1
SHA512 27e5f572242f168773f52a020c39e61f8af5b70ba60d3c9cf6e0908ef695503026dc4c35dd06280135b8ba2fb67b2977f9b8f83781f468d9d343291de0876fe6

/data/data/com.yaoyu.youyang/files/.jglogs/.jg.ac

MD5 77507f59fa0806db8944dd64aa7900d2
SHA1 2aa56b83b05421748e1fea5d88933e248ba2e99e
SHA256 a3e4b6093202ee536cfb1e09abf723e693dbe3095938b855efaedeff8749ed83
SHA512 8a6b33007faaa0035b2524e16ebae0c5378300e4e8f6eee3a17f750337ebe8a41e00e16e5c267dbcc628bf9fa1e7a3c52fa1b921299a61ea600062acec0afb28

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 09:20

Reported

2024-06-05 09:20

Platform

android-33-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 udp

Files

N/A