Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-pt98caff2z
Target 982ee9329e5168fd620cadcf3218ba1c_JaffaCakes118
SHA256 8d44e0235408aaf9b3c4dcb54ff9d1bab080fbe2aaaf1ba175690cc837758b9b
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8d44e0235408aaf9b3c4dcb54ff9d1bab080fbe2aaaf1ba175690cc837758b9b

Threat Level: Likely malicious

The file 982ee9329e5168fd620cadcf3218ba1c_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests cell location

Queries the phone number (MSISDN for GSM devices)

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 12:38

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 12:38

Reported

2024-06-05 12:41

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

187s

Command Line

com.dt001.cp09

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dt001.cp09

com.dt001.cp09:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 s.jpush.cn udp
US 1.1.1.1:53 ce3e75d5.jpush.cn udp
CN 120.233.114.194:443 ce3e75d5.jpush.cn tcp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 9pynjn09cp.mpgyw.com udp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 1.1.1.1:53 codepush.azurewebsites.net udp
US 23.101.203.117:443 codepush.azurewebsites.net tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 1.1.1.1:53 nsln3a09cp.mpgyw.com udp
US 1.1.1.1:53 oc6gsg09cp.mpgyw.com udp
US 34.205.242.146:443 nsln3a09cp.mpgyw.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
US 3.94.41.167:443 oc6gsg09cp.mpgyw.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
US 1.1.1.1:53 4adcc9c5873ca9cc0d5e977e76ae4b38.s3-accelerate.amazonaws.com udp
US 1.1.1.1:53 4adcc9c5873ca9cc0d5e977e76ae4b38.oss-cn-shenzhen.aliyuncs.com udp
US 1.1.1.1:53 4adcc9c5873ca9cc0d5e977e76ae4b38.azureedge.net udp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
GB 18.245.190.190:443 4adcc9c5873ca9cc0d5e977e76ae4b38.s3-accelerate.amazonaws.com tcp
US 13.107.246.64:443 4adcc9c5873ca9cc0d5e977e76ae4b38.azureedge.net tcp
CN 112.74.1.127:443 4adcc9c5873ca9cc0d5e977e76ae4b38.oss-cn-shenzhen.aliyuncs.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 103.229.215.60:19000 udp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 54.161.222.85:443 nsln3a09cp.mpgyw.com tcp
CN 123.196.118.23:19000 udp
US 52.86.6.113:443 oc6gsg09cp.mpgyw.com tcp
CN 117.121.49.100:19000 udp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
US 1.1.1.1:53 xagy2u09cp.mpgyw.com udp
US 1.1.1.1:53 9pynjn09cp.zgtygys.com udp
US 1.1.1.1:53 nsln3a09cp.zgtygys.com udp
US 1.1.1.1:53 9pynjn09cp.mumubaobei.com udp
US 1.1.1.1:53 nsln3a09cp.mumubaobei.com udp
US 3.130.204.160:443 xagy2u09cp.mpgyw.com tcp
HK 168.76.252.42:443 nsln3a09cp.mumubaobei.com tcp
HK 168.76.252.42:443 nsln3a09cp.mumubaobei.com tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
CN 123.196.118.23:19000 udp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 103.229.215.60:19000 udp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
US 3.130.253.23:443 xagy2u09cp.mpgyw.com tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 112.74.1.127:443 4adcc9c5873ca9cc0d5e977e76ae4b38.oss-cn-shenzhen.aliyuncs.com tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
US 18.119.154.66:443 9pynjn09cp.mpgyw.com tcp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
US 3.140.13.188:443 9pynjn09cp.mpgyw.com tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 1.94.137.180:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 9pynjn09cp.mpgyw.com udp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 103.229.215.60:19000 udp
CN 139.9.135.156:7006 im64.jpush.cn tcp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
CN 1.94.137.180:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 120.46.84.108:19000 easytomessage.com udp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
CN 117.121.49.100:19000 udp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 103.229.215.60:19000 udp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 123.196.118.23:19000 udp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
US 3.18.7.81:443 9pynjn09cp.mpgyw.com tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
US 3.19.116.195:443 9pynjn09cp.mpgyw.com tcp
US 1.1.1.1:53 9pynjn09cp.mpgyw.com udp
US 3.130.204.160:443 9pynjn09cp.mpgyw.com tcp
US 3.130.204.160:443 9pynjn09cp.mpgyw.com tcp
CN 116.205.165.66:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
US 3.130.253.23:443 9pynjn09cp.mpgyw.com tcp
US 3.130.253.23:443 9pynjn09cp.mpgyw.com tcp
CN 120.46.84.108:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 103.229.215.60:19000 udp
CN 139.9.138.15:7009 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
CN 139.9.138.15:7007 im64.jpush.cn tcp
CN 139.9.138.15:7005 im64.jpush.cn tcp
US 3.130.204.160:443 9pynjn09cp.mpgyw.com tcp
US 3.130.204.160:443 9pynjn09cp.mpgyw.com tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp

Files

/data/data/com.dt001.cp09/lib-main/dso_state

MD5 93b885adfe0da089cdf634904fd59f71
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512 b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

/data/data/com.dt001.cp09/lib-main/dso_deps

MD5 95ff430980df97d438e78f48706ff8fd
SHA1 9a5c7a2c8f3fe9be9fa8169af6891833b7b6b6f5
SHA256 0e6fc59780e8481b6a1b46d3dc1a4b6cd9eec4202a960ff3ce972d8d5042310c
SHA512 0d8c046b5f8b6797cbf693294e96b678c1f16b51e3411514041a0630225ec418b18d48409b27cd88109f44122b41531e9089ed2bc1c433c4b4b0c45efaae5be4

/data/data/com.dt001.cp09/lib-main/dso_manifest

MD5 1de2ebceba5173676c084491cb4fefe8
SHA1 8b41dc0af999fc92550c407c0f76563f432456e9
SHA256 aa48af2be12b5273adac46cb088ec690cf832241cf2062a9633348837f28358a
SHA512 eb77e4a0a0f2bbac1300d8d4ce355782661eacfc62ed868595e8424573330f1cdc9865655f36d34c0e3f9fddaf6d7470f8e18ea611d029c98be61897a84943c3

/data/data/com.dt001.cp09/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.dt001.cp09/app_crashrecord/1004

MD5 3040a140ec70e34f3cbf9352a4ca5da8
SHA1 b8274f3caaf9aaa0de645127376c11eb2ec23e7e
SHA256 80c7348aafac0d0db0ea978aaffec2724d6dd7cd1c061d4db1396dca0dc64afc
SHA512 6a407ddaa35d9140687b94b5cf01f627de395817abb2d2c8162c9283b5dc9fdcd6020af0204e63e832f10689700f1aecb915ff8ff189e75774b9e8fb676425cf

/data/data/com.dt001.cp09/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.dt001.cp09/databases/bugly_db_-journal

MD5 f3f712db62ebd79e5048b29c28cbf92a
SHA1 c1b63c57de924b14b53adb24fd92397c1af6b987
SHA256 278f1a7d1823f63cb888f75408ccddceaef2d1b174e16e58200969d53921b29c
SHA512 c4fc2c46598ad946d60decb082558f6c1ee033ec8e267be41778baa92bc49885c7c9acb4395c92376a8ffdca249261c306363d6f46d6b0b9847ae8772d2211c1

/data/data/com.dt001.cp09/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dt001.cp09/databases/bugly_db_-shm

MD5 4e8994d4beda752e9d28c1d44f678185
SHA1 c358a00bc95882ef1d86ae8eceb90cc81a69ebae
SHA256 b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611
SHA512 e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263

/data/data/com.dt001.cp09/databases/bugly_db_-wal

MD5 86c07405a534eae6cd3f4b6cb054a8de
SHA1 4ea279b0a28f70b09559ba14ec28162d8e2a6e44
SHA256 e1cd9c620f9304ffd2416e4c9776eead0e02d379cafc806326e9a91ad6ff7b2c
SHA512 4077a1c706a62f27672b719529952d69faf8b46288f486d4211f7f522255d79881daceee67cd8ad58e72bb836ac1b57efb07129af8b3723c3540b8b1d9544550

/data/data/com.dt001.cp09/no_backup/com.google.InstanceId.properties

MD5 4e73468a561f431438c13f9bd8003a27
SHA1 6f8e490522c5576137a06cc7d2b7c6f7e6849612
SHA256 7adce594ca3f799cd3ce5c4dcbf6592ea1188b8c97816855a49fc492527869ec
SHA512 7b2b73b715bf0c606b506716e8fcae9b4ebf421b2a02d5bfb7bdec4eb5603075746a995f11e2d95d3952d4c65b4b70e6ead4a52afd0dc204adf6045932de7b78

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2fb585048c46ad895c8acbaf0ea69848
SHA1 dad0b06503f2bb58d3d303a64b2953ad8993a138
SHA256 b5bee00fd9857fd8d653073970f24010ec7b97141d6dbbf1cf7b4f4d9c483f3f
SHA512 a9d2f109bb8f6bc055d6b65a3fd87d7b4e8243838e16a3d8af3a7940b9dfb8652ad01624d4fff33e650ede35d52024ec0dbdb8736beb5af47bccd3e94cf089ce

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 ed5a9723fda25c9f4bc0066af6e8c149
SHA1 8328b176f35bbe7ae0c49d01d1d6ed025c394dcb
SHA256 51d6581d311e02ce45bde62349490f450c8b8e9a1b611f030ce48e87fb93893a
SHA512 75fb0412b49584b4c16b6b3237ca5383aaac935cf3ca2982778bc1e97c74d9a6867c20b7cbe799e6d82f90423dc1c9c24d64466661f958fb4ecb4e09665c1421

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3d2962db80e06375ef48447a8f5e8949
SHA1 c6395e573aebd5c510d28d034f8ea8d37792decb
SHA256 160a22d78267df59b7bf2a76277ba80abc54714340025358d3439bb8ae5d67ec
SHA512 4438c80aacadbb20259055e8cbc36ced7d4db6b6049fcbe8f3ca16dc88ab150dcb0876b6561422aa33f25f5c7f69408bb2f6c0f499a7841de9f7335fc89c1acd

/data/data/com.dt001.cp09/files/jpush_stat_history_pushcore/04ce807942ad0c2859438b75/normal/nowrap/ed9178e5-bba5-4e44-a7d3-fd930334c707

MD5 187e52f63fc6434e5fc5cbe1c89b8095
SHA1 2e5407fb300025f724beeb0edcf28205d89c4fba
SHA256 9cff1b3e889cbc0885ef20686133a820184aae9baa9b29e423687afa0250cb53
SHA512 49429e11ac200cd128a37737879b447e9eb0a711233b94953da1bb94e09bb3025af9d442d590355c6f6d44359224a4527a177f3b4074add22a5b2775d9b044d6

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 428d3127e129d94f0f8e43af0aaad17b
SHA1 d6b43ad75d2fb1bad600263cd9615ced14367764
SHA256 9a9db0a82f3606c6ebb961dc38eb1d87fcd15731f59797f328c7fb97433e0594
SHA512 58b56fa8fd9064a0a65e0f0dada996a359f582d61410daa1c38f871576a59d3d88cf90bb7e300355c208e2a72b0918a1154691e62715a8f1f036b1952c13da31

/data/data/com.dt001.cp09/files/jpush_stat_history_pushcore/04ce807942ad0c2859438b75/active_user/nowrap/acccc62e-6440-4cf8-afd1-9d4628d9d977

MD5 d4db7098eb759216ab8238f67a863586
SHA1 a9909df85167c1e2bea856160ff963ba14771248
SHA256 c9ebd1030a4b898178b60fe2178e928e78a0a4b9572229be9d5dd1c227cb45f0
SHA512 c89197f819b77423c1526363758e84e215afc22aae92b1d7726dad90e4c3293f785e513c9a368e2b1c3152ffbca064e7cd3b2a9e501b3b34e45c06db7d6a0344

/data/data/com.dt001.cp09/files/umeng_it.cache

MD5 1b37d772009ed2d1b18cdbd4221e4e42
SHA1 63052dd47c2b565b96cee38e05d5ac9c0c865ed3
SHA256 a76bd86e5039ff132c18dd72e4ab063e860df6e7ed87078f732a499c072a1c6e
SHA512 54342591c27e4020c7e31a985a1d3f3aeceb344e2914e6d5868619e29012674c1932f2e81df481e6bf501af098a858e1932e8c658abb3fb1a0c640c0fbcdda09

/data/data/com.dt001.cp09/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NTkxMTM0NDYz

MD5 27183c612690826698fb90d8aece8008
SHA1 b35a76c5ae8bd7643cc63725fbf45923d528aa9e
SHA256 005a17c9397a1054e7c2e1da6ea2218931cee8a180492ca6493651ad16350617
SHA512 8c54b162d601f775037480cda6155f4d7c60aa2693d9ded582ea15f2d75d2d62a1db554ba0cecc03f361d90cd71022bdf233177d116991ec804ae887583eadf4

/data/data/com.dt001.cp09/databases/RKStorage-journal

MD5 9b2d48b14f7a3c26be30f442100e2b28
SHA1 41fb48b2d61a7b3e9c7b0994529e27bf9a3e478e
SHA256 a2c548ee60419c778092b068cdbc9fc02c5be821ef092e38614cc31b30706ea9
SHA512 298c79a4300a9a510822a5c17bc76cba47c99f1b220236847d50747cb34463a28378119d19bccaf82cd235cb32090c10ddb00b2892fda7c4cd670355dd8ee11b

/data/data/com.dt001.cp09/databases/RKStorage-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dt001.cp09/databases/RKStorage-wal

MD5 a8058c2bc4e28d3ab27b477c239c1388
SHA1 ef59466ac766ed1081daae5051eb160a7b2457de
SHA256 0f9fa6b2fb820bd297e3a8eef337ca8ea547da5de3c863f19e8c4c6ddcd6dba4
SHA512 df988dfcd4d75a0bf0145e16838c2c3cd468105bea0377108ca505bee20787ceac78c1c398fd2a60f18687b9d7003aeedb48ab5eb6dd0b7e169ec774c45e01b9

/data/data/com.dt001.cp09/cache/http-cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/journal

MD5 f516f0aa2741aa217df5ff00c9beb1ce
SHA1 2273e18962b474b9470cf94677f8ca39136748b9
SHA256 d741bedb5bd2298edadda5aba1f2bbf9fcbf8ab493ef4f734816beeddf15daf9
SHA512 9411f99d720ba38180edf78feefe43df7f43a1a0af49ee661148f6542ceacd4ac853330fe3e01112771a65d741df520d2b129ff35060610dd08cd4a46071505f

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/1b9840ae579231e75c178c620eb093bd85f16588c2475ab0002208f3434463e2.0.tmp

MD5 d35ca7306012b9597616d401c43e81ba
SHA1 45772a2cbd9e8c9102053a226e632a606747a545
SHA256 49849935af7839f91a86c286dacfc6c84277471a5b2375cf99b4a424af2a7d4f
SHA512 b854acf540bb717b98b5f9ab45345c0ff9272dade41b824f57a330d7a4fc9c86a5d7a75ff66fa2c12d63010faffb984ac4480d68277049b93e471c0bb5619759

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/efe87492f42195387a6e6ace827a44b7e812a2591d423bdbe97ac21e4e2c2bf4.0.tmp

MD5 19aac66b0bb6060c67d4f83b4989d795
SHA1 9c1ecfc044e43bbffe500979a37de7eaac9db43a
SHA256 c58fc144de8e6b1e54ac68c83ce45ba5d0f7f681bb013492ebe015b88d0c94a9
SHA512 425ba208299b4d195aa5327d0c97832f73ac27d427ad8ed0272ee26bf6b2ef43219719ed7f41966d493b9abe74f85917ad2a87b5656012942dc51fca2e0a8da7

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/51ca8c9b4c1d9520deb99eafd2f95ba264b8115b21e45e34e23d936c13a0e4c8.0.tmp

MD5 38f91684ce6f121539c8a0456abe9028
SHA1 bfaba37cdf86e64e312032093bf3b96b1214a795
SHA256 0d96aac1963a06be99675b70aa08f5b1823325eaa6413905f5efb91ceab025e2
SHA512 434d8db46199bca3717c7f60c2d51f86fedbb885734c97de396932609770a9d53b9c60b5d8e4184d2d5254b8c3fa4cb09e26e45b79ee0a1a5091cf4880092e3f

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/dfd749bbf0b0b592f41303fbf2f0de0aeefb7767b24a7ea89362ad4cfa4ac7b0.0.tmp

MD5 e28725677b87a458f581a8a135701cf4
SHA1 93cd8447d9b12922b5eb021e52745b88d71213ff
SHA256 078e245fb4de55acd21a8b84628f86f97bddd1812f78d9be6afe23d13ab37c72
SHA512 342150c98087b0d36b347440c4b8e24a1d8b3c146ad5f265c34f50cb9322c78e220e21ee270e056fe8a3610cc857934875751df1e9ab09ce1a7264a3ee85dfbe

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/dce17128a450752d44a4568491221f9cf07d537f27093a0bb33081122db2ff0e.0.tmp

MD5 be35350109003a2f4bd1ccd733d889ac
SHA1 518511a7883d5338aa8a336e1668e415538d44e4
SHA256 d3e6a5c541768cffe9f5668daadc7f8f07a07dfb36f361f810ad58e84818aee3
SHA512 5c51067fa8e8b2b403e57adef58657cc6d646f2c1e6b34b8f90f7d58d0b1a14415ab98425f780418992e713c9dcc0f1528a26511f93ee6497586b09ee396fcd6

/data/data/com.dt001.cp09/cache/image_manager_disk_cache/d6dfb395db72747c9c141a6b7be3edf3cbf16e8ca1e217da5ad614b17c581193.0.tmp

MD5 c448deeee187ad7cd21b04ece2316f5f
SHA1 0574e21173c0768299c7571fccd83c799d104832
SHA256 9b9ccbb80889ced4cfcbaf2b8cacd4a08a7d68427c7f78d333e72abbe0cddfd5
SHA512 e5ee76023863476922089b7c9e6a98da1a18757bb81378fe1dd33a492cf753291a1be3fd4afaecc1ea6baa53bc9d24bccc6e86aa76ebc6f27ce4a47c598a7012

/data/data/com.dt001.cp09/cache/http-cache/journal

MD5 81c28a600c4b2a432128c4d4ce08f028
SHA1 3d63c2430ef7ffada606b06e066fb98d9dd1e835
SHA256 54c6f8f074baae8a070af67ae74317f88f37c66eeff300b0e826a70e81d6a8db
SHA512 3868941e0bf8ac603aaa9d96461d9cd76599f8aeaa4774a001b1cc430d5f277e2a59ef0e470d6b6d13284bdf59dcad58348cbc53fb0592f497e0f5752b7597ed

/data/data/com.dt001.cp09/cache/http-cache/e3698359317fadfeefa42c26cd5fb1e6.0.tmp

MD5 1a8fa4a26ffad61befe3b4789c93b818
SHA1 d0ed6d894a61158145af8d148f35ef171fd7bada
SHA256 9be0c865a4319946be4bdbbe2fc5d3eee4364574d30ae59de601d62bb4dbebbd
SHA512 eaa0f3ed31e672a5f482a74e8e8d221c9b8d279a340337639dd73c5e47f3849a5e45283642cb66965899e6e5128f2240985f4f1413b0a7c19831b33bb26a9d1a

/data/data/com.dt001.cp09/cache/http-cache/e3698359317fadfeefa42c26cd5fb1e6.1.tmp

MD5 64492b9c2d1753e11a560ea107f8a228
SHA1 44d77469a771b089c00eaa6e91a21f30302b32f3
SHA256 d092a05cd30ed61ad9cc4e242c10369ee82acc7b7b1df7cfa9073deed3042c3b
SHA512 19cfe27702cfc306b46e352bd77466aaa306887ff33e9a9fccf5edb90aa2a76a9f3a2ca169154a77347f8e5e30bd5d350c53af8d946b04cbdcc96817eb198af9

/data/data/com.dt001.cp09/cache/http-cache/5b0209cc5b4df7364b13ed57578beac2.0.tmp

MD5 8d3fd01f550efd4de2cbefdf80816382
SHA1 20953cd8f65775d36d18b2d099e24d9797fe915c
SHA256 e46be25d7409d080453d2ac81c28943dd9222c2a100d271938e110b12dd3679d
SHA512 59e01134708dbeeaa0adaed93061fe48d51697e6147c704326bd83af69287474cb101edc6a7e20f3135bd733a4916f6a0007a705ecf50a7879de92f90d8a518a

/data/data/com.dt001.cp09/cache/http-cache/5b0209cc5b4df7364b13ed57578beac2.1.tmp

MD5 dc871e6789bf2f531d7dde175fcd8dd2
SHA1 5f0de2436e343fa7e4d5bd17e80918576318eeb7
SHA256 abbb32563bc2c027051610cbc7d9821b5f36d628e3c0363b3aef8277381a4179
SHA512 6fc60c992b0d3da177b1c2ff477b669a708ef002046633b64b3ddb4c64725d95c194a1cc60b8810b6d3ee509b2941b329f0d61d5d33955ea9929a908df98e116

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 12:38

Reported

2024-06-05 12:38

Platform

android-33-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A