Analysis Overview
SHA256
6b8813d6a197908e07dbf43d696a4af8483ec8591ff08f27dddbaef64a75ddcc
Threat Level: Likely malicious
The file 9884c6feb3637276da862bea26922ecb_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks known Qemu files.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks known Qemu pipes.
Queries information about the current nearby Wi-Fi networks
Queries information about running processes on the device
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 15:38
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:38
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:41
Platform
android-x86-arm-20240603-en
Max time kernel
134s
Max time network
180s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/qemu_pipe | N/A | N/A |
| N/A | /dev/socket/qemud | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.tieniu.lezhuan
getprop ro.build.version.emui
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sf3-ttcdn-tos.pstatp.com | udp |
| US | 1.1.1.1:53 | superman.cmcm.com | udp |
| US | 1.1.1.1:53 | is.snssdk.com | udp |
| US | 163.181.154.233:443 | is.snssdk.com | tcp |
| US | 163.181.154.234:443 | is.snssdk.com | tcp |
| US | 1.1.1.1:53 | a.tn990.com | udp |
| US | 1.1.1.1:53 | z.tn990.com | udp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| US | 1.1.1.1:53 | ip.adipman.net | udp |
| CN | 59.82.122.127:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| CN | 114.55.146.25:443 | ip.adipman.net | tcp |
| US | 1.1.1.1:53 | sf3-fe-tos.pglstatp-toutiao.com | udp |
| US | 163.181.154.235:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| US | 1.1.1.1:53 | game.lushihudong.com | udp |
| CN | 119.23.61.87:80 | game.lushihudong.com | tcp |
| US | 1.1.1.1:53 | sdk.ipadview.com | udp |
| US | 1.1.1.1:53 | speed.adipman.net | udp |
| CN | 59.82.122.127:80 | ip.taobao.com | tcp |
| CN | 114.55.146.25:80 | speed.adipman.net | tcp |
| CN | 114.55.146.25:80 | speed.adipman.net | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 163.181.154.235:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| US | 163.181.154.235:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | helpgamemoneysdk1.ksmobile.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 119.23.61.87:80 | game.lushihudong.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
| MD5 | 5e9a3a3d42bae63adc7ecaf366fbc2b5 |
| SHA1 | 231b89699787ae58f5da8c46e8d86aadc990de6f |
| SHA256 | 5946c62feb8b8df3261020163370140171b7bbe7778d3d71870ffe457154a7a8 |
| SHA512 | d8194d7d310a11def096d37b0467dde3c9abf83798b3a6c67debbb6d07062f508afd661d2f4927d7286b82da094c0b086654fbe0a6344fc5a39a6e68febb1a67 |
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-wal
| MD5 | 9224fcfb90a00c130af1c2b7c77857ad |
| SHA1 | c23ff1b54283390a6c3cd896e04ff0a9a2d22c67 |
| SHA256 | 1de93b0532fee3fc767bb309827dcda7b6fd21ced6e8647e86346592067ba705 |
| SHA512 | c7b37c8f2eedfde1dab87e51dc174e1a66c24624248585c80013be67c8be8c2ab3eff1d24e60e17aba65feeebae34fa69e3ccc223591313d906a29c4889c0c6e |
/data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | 3a7d801d2eadb86e921703a8c416c9de |
| SHA1 | 1dd64e5d20f0bad82f7b63d895e5d38932ba022e |
| SHA256 | ecc6ed74760aefd860380aaa654d9f96695cb61747dc67001ba05ac561cd194f |
| SHA512 | 177d65030b93dc8262a8af2a2b4c3841636c3d93ef02474d190903c2434d0902d2523bd82339a7540efc6673840067de233b73d255573c460e8eee8a951d19d4 |
/data/data/com.tieniu.lezhuan/app_crashrecord/1004
| MD5 | f82a7698c08826c8db0e29ce279136bf |
| SHA1 | 91f60e2c1a2dcb6ca81ca2836147e7f87732c01a |
| SHA256 | 31c5e5e1118dcd58b20fbfd35410e4fdff7daa42fffea452f7397b38fe284b56 |
| SHA512 | 1ce2e2ccbb5f59e7bc771d5dfb877cf6b48cefe109653046690fda678923067f6ab3efe30b4bb2c664d4182bf3d1c1f21bb077ec2f222c73ef3e036d9838d8dc |
/data/data/com.tieniu.lezhuan/databases/bugly_db_-wal
| MD5 | c3e3b26c3d7a05a7e73da0897570b775 |
| SHA1 | e9a44bce66ea64b3738844f6e3e07a53495d9e3f |
| SHA256 | 067dbb160c34dea4dc2867b4ceb430b1720c945f4763a2b4acaa293e6f67579d |
| SHA512 | 3316be708b784f5197ce0916bdfa04059766b26ea09dfc91c49cf4a0d4fd78491937fbc5ea6c6b2a1cb1fc7629918f404f355d1b84a3f21211461d275fa071e3 |
/data/data/com.tieniu.lezhuan/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.tieniu.lezhuan/databases/downloader.db-journal
| MD5 | 59c654f89a957af807b060ab277b9de0 |
| SHA1 | f0f1e9c66ebeae1670780ebfd8d9f896cc40907d |
| SHA256 | a2a9d294fbfa9ad69382293f6417cf0d54f7ab7959e5bcd6834948e8eb5ded0d |
| SHA512 | a4e28b2edc3bddb870fbafbb8947f7767024a2ca359c4f0fb0e15dc8837a94b42ff701b66b4162b89e73cccd3e413d266a01eeb97d7660d8c0d6b5d2281c8d17 |
/data/data/com.tieniu.lezhuan/databases/downloader.db-wal
| MD5 | 92002578cefd622df26990a3db7152c3 |
| SHA1 | 7bca175af7653c7f43a492cb4f6de08d10aaae7d |
| SHA256 | bad3992ceefd7b28f5b7a99cb6aed7a8e417c9704839d4cc52f1df8c688cb807 |
| SHA512 | 5bc426031d91ab8d915c186e74588625d0c9dfe009a46cd9c3f2fdc10c6513f9c3360f693ce0bb3afb669ea0159c600ee58f62387fae899f4c6aac9295460a01 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 8754014fa751741dc465de09bd0e3e9d |
| SHA1 | a393d44fb89d0b65f72dceac1218c67be6d71603 |
| SHA256 | 05a30b5212f340d9b99352ec68f3aa6e8ae8406593fd5cec016dbacdabb93f2f |
| SHA512 | ccf69856fe08875c552acc806432acb15671a4052da764c55f7ee87627575067bf480a7692b9b3e11b1733a1d4f62a7c210c279a483b6592bbfc121907c922b7 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal
| MD5 | 47aacc6796c19176745619061b0eb39b |
| SHA1 | 1455bdc43e457917ab15d35def319ac334a05f70 |
| SHA256 | 8ac1b21e45dc38064c783a52dbe530988711e5189a1b93635fa2e2f979e1ea88 |
| SHA512 | b1b6da5ca2c86c135f448839941e64f423b501fa201361b1d5d52f4bbccb0601714a11ee576b8ef2e30986ae0b454412f068811d4ad88d62c0d30f224902a6a4 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | 37c12c7aecea7a6a3b7c252dc10e1750 |
| SHA1 | 0039976f4909efb7709478722a42840ef3f76e57 |
| SHA256 | 1ba62c0fa575d1be6b9bb118f6e9891694fe452913f3b8b0b786940e587aecf9 |
| SHA512 | a36dc98c4cda39d729904a65ca671026fc8f696005d642a6b6eb45c063d69cc8277667f0c0e6ffd68c497e2d7c443bc908e5ac1e25f1a1453489e4f87a345ce7 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | 46f0b69d8c3245b1490b2092bf981f61 |
| SHA1 | d409150f0bab6797359bc2cb83373f37a4f8bc8c |
| SHA256 | c3be0c96e95912e8913ce875f03783065b98c7e4ee242a24085b02527a3b6a00 |
| SHA512 | e7053de650e090e54546a199e0260b7e3f262120544878be6f66d4e9e3a30e616801d480e1d9f514e4d455f01f9e134a8de43ffee80f5eed533382ec962cb0ca |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal
| MD5 | 15fdafad1fa55b2a40cfd3a5c962a48b |
| SHA1 | 10fd7abbf4d172b54110b959b21146510c7aa452 |
| SHA256 | 3e838c8b92ed58ca379c6ba5f6f85d56a9791f1d46b3dbbf9e9c8aae30fcd902 |
| SHA512 | 930417ef0f029cf1bc4a0123313df74eff1f144faaee5a36651e322ec6f6c9158a406d373b0756d93954860339fdef4723bfad82328d839574d8abf73e43d6ea |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/0cc18b8098d970d2de9ad71216b476e3.tmp
| MD5 | 9cb74bf197a709c7e4679727642177b5 |
| SHA1 | ae53b8ff8e467656aac37ce4d2faf5133a3516de |
| SHA256 | d59260959faaef2cb45e012675cb393fc4dd1634ca8b7cba776eead06b462060 |
| SHA512 | 01af76a7f0320afd812347be4b5cec4caa02ea9e423c7223123a476c2c3bfe8c13e7a57eba84699ab09ef66961156b7a0ddb05bdfab91ea4f23438d1c12d0e5a |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1c438a43ddb78366455b34e7e519ea3c |
| SHA1 | 8de15b5d879a7edcbf1cf87861cbebf53f6b20eb |
| SHA256 | 9eea3b9a22644723fd78501de9b362e4fc99a063e226f0a6a7e26eab2a69a35e |
| SHA512 | 49cc59ca6b64b04d07ab95bd1058476185ee3f35e882bd676b2c08cada9573fcb2b9d2c4b7dff2b195aabc6f4270c08c4d0a8e86279088491329241601338d55 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 7513bbaa9c7e4a7dbe7f5cf60edcc337 |
| SHA1 | 5a649a5eedb0ff57c8cda21bc4db5f43243c4273 |
| SHA256 | ba57b641c9479e97844e8871254b1640a628828d530453a4eb375ceb1a705e2d |
| SHA512 | 227ef2c9dd0817e05fca611711d3b67bea3dfc2bf9ce27de7ea197d90dc3d5cf98c6f41980da787847647969bea40ec6feb54963eae77d97165b9835f12b5a2c |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1fa260aa1a0a071e9aa5a0940c2a5697 |
| SHA1 | 2e5c5e1d3fec765d76ba10e1319f2f389ae34f30 |
| SHA256 | 830b9527e62824d87bc4f923b98a6992a7b3a6ecf1e85866c529498a4e703b12 |
| SHA512 | db6016fecc56fec9186b821bd423b30736253e1c28f765c4c6f95a7c6459b066b473048f7de91460f8065165b4db0312f5fcda68d0fec9cac2f95d6772bc8b4f |
/data/data/com.tieniu.lezhuan/files/umeng_it.cache
| MD5 | 7b051bec2c9b6267f637a98858933629 |
| SHA1 | 3420c136a5aadf2d457b42281aa521776e79e06a |
| SHA256 | 83b7d5515757d60a4eb8b1bf6fd5f83e1fee6991f6db0543440bfd565d16139b |
| SHA512 | 266d040f76666a4af1099123d9fcbdb057056ad026e5947e250c4db0f1611bb86b67c4f5b307bc8a2b3fef0d7c3bb657a00e1dd9328a4af4cfe99b55e0434c48 |
/data/data/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json
| MD5 | ea5731bf34195c8e33f2417c7864f7a1 |
| SHA1 | ab35db37c1a1572af9bb44c1f3953038e51870a7 |
| SHA256 | f3283553d75bde874e898ca80208df3d4b4d21afaf38dbeefe3da376641038da |
| SHA512 | 7cbaf9e4052186a7ad3801c0bf44594fae39ce77964d80c0dc05b34e256a04f0c1a93e725f1e1c66b9dd93e2ae888b289b71f3f95ea1e01b7c1d467f07b18672 |
/data/data/com.tieniu.lezhuan/files/exid.dat
| MD5 | 34e8f8b1b59f94ad27144f5789865347 |
| SHA1 | 0491c38d75754ce14c20ee5a03dc6da17914fb0a |
| SHA256 | dbeab81ce0c45a85bfa87a3efe0d1f94790c3da37eb5aad86afc24f73a56c2cb |
| SHA512 | ca698c62c45275dbb52a235450725482a3547a9c58d6c45bf4e895fbce24029aadb9c1fec8a7411d20e56fbcc757f3ac8c6ed88194552fbc0465e20e3b2a5c2e |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal
| MD5 | f609bef6a6ffdc10fc3bd81dc274f48c |
| SHA1 | 83ea40d2651b22898ce446616257ea2464c98fe3 |
| SHA256 | 0f885e804e1bf621511284fd72ed7baf83683debea702b2f87acae22fcff53e1 |
| SHA512 | 1b0c1cb614f45c338614044be77d465b68c589f85b16408b279b20dd7b70b7025474e92c26e1e4eeedcf20f1f5c1066a5a19b6a443ae56e5d79e976755ed99ed |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal
| MD5 | 00737609065850cd890eb6e3655a9217 |
| SHA1 | 1f34ca9ec25e2c33e5281e91d21746b94987ba9f |
| SHA256 | 82e1ee4922772a4f80e870b33e9fa4c315ea823604f4e21adf710680560ec8a4 |
| SHA512 | aa7d85dd1ea35e1ef46be643514fc20384f32fd5c703e9cf9c186a1386f06fb6fe6f34206d7debeee6f315675d67f7fe50e74ecb55e1143eaa0318062a2d482a |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e83acb900275502e0eab20a7e89b0542.tmp
| MD5 | 3610043095edfae0fde800376f4f63b0 |
| SHA1 | c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c |
| SHA256 | b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088 |
| SHA512 | d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e590283b7d720fa9fd13176d8d65f1c5.tmp
| MD5 | 3cb18addbd563508da9d8b24af3e9bad |
| SHA1 | 9b6ce986414cf209e720bf0f7515688df1101062 |
| SHA256 | 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3 |
| SHA512 | afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp
| MD5 | 8be957db31f115449c38041a12010a70 |
| SHA1 | 9f2d77462d722156cd5fc55530b22d7ea7cc0afd |
| SHA256 | 49ee01811ee4af17511058ccabd7eca6ac279d46af748801e96967cf46021bd8 |
| SHA512 | e93639bd3a0f5f9571ab9e34a6be98b0271214100b41a4fb9953a90331248ad243666fcbf437a71d94709ade63f427bcfac6df2ae917d3618f33bff3b02d81c9 |
/data/data/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_b8db720e-87d1-44cd-955c-0491527d130e_1717601951260_0.ich
| MD5 | 9e0c6c610a1cdb36a1d350f3a069975f |
| SHA1 | 3151a8ed320a90450d78aa69e8597947d68ff16f |
| SHA256 | 2911287491149f75bf4872534f6735a6f8c694f539bd6b04e4e26d83fc90cec2 |
| SHA512 | 75c189cbc56b0fac3d80b2523385aed6db10bbed07f4fac3d854a3d509d6056871da3ae02ed279768ecb42850dc447b4ffb07f1cb72c265be7e26143489878d8 |
/data/data/com.tieniu.lezhuan/files/infoc_sdk/batch/86_3ec4b328-6f1c-4a98-8ae1-a07f5864ab5f_1717601958865_0.ich
| MD5 | 582a67d5983a1c36e87989a6ab8daba0 |
| SHA1 | 13f90e0953f9e395025c6ef38d749c15772edf5b |
| SHA256 | f5e3d058c068346c2d145441627acd121d294b2f3ecc6c7b03acebb2d15dd8b9 |
| SHA512 | 2f1a45e3ed1dbd8c4deded39826898c7636c4659d501e722c29569e7efa998664d2d22e0aec328905a1d3d1997118c83ccc0fc4281d1c047dd4e344988b0fd26 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal
| MD5 | 40726dd0142641f2ae6951282027b303 |
| SHA1 | 9fdad71f0a8ba0a935dbe7c59c0ffaaa32a23692 |
| SHA256 | f329dcf29e6058fd50fd0bfed4da08ff7993cbf936bf95a31b7e62346e2e32f4 |
| SHA512 | f3b2bf2e1cb43243cd61b04fbc612d94995a83bac13bacb5b2a353ad636e98dd47a01c0362e3739bddea326bc93dd4f4af9760f7f4e1d744f3dcec3ce09ac1f4 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | 90891f2a5df3ab66643fda244480ec95 |
| SHA1 | 0ddbd6e5e59a2190b0201bc9acfeae210408043d |
| SHA256 | ebf3ef029bf5d483683a7dff351fafea7fea3c9edb7170634067dbfc51844ef9 |
| SHA512 | 9bfcba908db1ff6a2651800a9d9ead28ced15c9dd2a28ba86cfe9c6dc0e3ec0b489a23aa8a76c52ef365a6ee6bb4a5a9fd39c7df94490f7028def2e95ad73206 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal
| MD5 | 29495c552f99251e9937814a9606ef96 |
| SHA1 | b2da4fc3a955ff84ed9d86c1ec09619dfc0dc212 |
| SHA256 | 9fe0a092aca222cc966a148f1a23e08c29994e0dcd8277206ef29cbf10a2b0c3 |
| SHA512 | 9600bc691c06270295aac05ca8608b48c6b0368875840e7580a5eee4b7c12cfbad01014ad8f265f61570833df3c8704c61bb1a4db278c675a420f5fe23aae53e |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | 24e85d8337cf7c9ce57d6a1a0507da27 |
| SHA1 | 53f1422be1cf8c7e69b10fc49c703475e39cac3d |
| SHA256 | f3f7e419ac02439f2a48b7efc7707974f87023409bbc607c5f2e71c379e87b05 |
| SHA512 | 23b1357f6ea1abf001219dc40102ef3f6df94ec6c33db1d1b4836715d237cbbd4598dc3a14c25785fbbce4454c60a16dffbdf96e924ac5f3dc3228a86e05a27e |
/data/data/com.tieniu.lezhuan/files/.um/um_cache_1717602050679.env
| MD5 | c3d7c2f4c5723f735f7822da4099dfdb |
| SHA1 | a48de75bf25593ab495f4a6e1960c428376e0857 |
| SHA256 | 00d13798f4fc4ba436afa2036d0f481333e8514ee6a5c2ea80df2d48b1d4a11d |
| SHA512 | 06843643a15c98c7aeb5a0edffc82be281ef936cf8048e7b3c7875860b9188ecde5ba580dec0df3aab3779dce411ecaf92051527f3f09d8710442ed7729554a8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:41
Platform
android-33-x64-arm64-20240603-en
Max time kernel
48s
Max time network
173s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.tieniu.lezhuan
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.196:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.196:443 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | sf3-ttcdn-tos.pstatp.com | udp |
| US | 1.1.1.1:53 | is.snssdk.com | udp |
| US | 1.1.1.1:53 | superman.cmcm.com | udp |
| US | 163.181.154.235:443 | sf3-ttcdn-tos.pstatp.com | tcp |
| SG | 103.136.221.67:443 | is.snssdk.com | tcp |
| US | 1.1.1.1:53 | a.tn990.com | udp |
| US | 1.1.1.1:53 | z.tn990.com | udp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| CN | 122.96.235.166:443 | superman.cmcm.com | tcp |
| US | 1.1.1.1:53 | ip.adipman.net | udp |
| US | 1.1.1.1:53 | ip.taobao.com | udp |
| CN | 59.82.122.10:80 | ip.taobao.com | tcp |
| CN | 114.55.146.25:443 | ip.adipman.net | tcp |
| US | 1.1.1.1:53 | sf3-fe-tos.pglstatp-toutiao.com | udp |
| US | 1.1.1.1:53 | sdk.ipadview.com | udp |
| US | 1.1.1.1:53 | speed.adipman.net | udp |
| US | 163.181.154.233:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| CN | 114.55.146.25:80 | speed.adipman.net | tcp |
| CN | 114.55.146.25:80 | speed.adipman.net | tcp |
| CN | 59.82.122.10:80 | ip.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| CN | 27.185.201.167:443 | superman.cmcm.com | tcp |
| US | 1.1.1.1:53 | helpgamemoneysdk1.ksmobile.com | udp |
| US | 163.181.154.233:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| US | 163.181.154.233:443 | sf3-fe-tos.pglstatp-toutiao.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 216.58.201.99:443 | udp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 216.58.212.196:443 | udp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal
| MD5 | 24fd49e6c64d7e695a87f136b94b8a24 |
| SHA1 | 955742541d9f3b9c09f8bfb80d6ad8f28bf96c89 |
| SHA256 | 8f0323f80efcf0a216a141431388be7fc935c24bb0fb27e55d83aa5af5b5bef0 |
| SHA512 | ecc482b082e087c02b79b3e1f2b58295ffc840ed3a32acd57917d173f78eaefe3fc32da84b4a54c930095d0a1c3ec48e28415471c1adf1136f025bdff17e6378 |
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db
| MD5 | 0d382cc9713d63bf0992e5f68f85cfb8 |
| SHA1 | 2decdcee572ed111d4e81bf60ada5f66285733a3 |
| SHA256 | 51208ae052a85622e2af48a13dd304e6d96739398110b3b7ef58b87b93150cc4 |
| SHA512 | c7a4c42ea67302b7e3c2d9eed646bb8376d21b18f6b146dac3598df188b945e565bf230066cc3179fa58ab64bdf6cc5c6812df92ded7f3508312034e6a9ebb7f |
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal
| MD5 | 4a4beb8ee6933c65c3854745d03bdad1 |
| SHA1 | 8c29afbb946de24379f3c73c4381ab5bc311f549 |
| SHA256 | 07258557c690669ebcbc85775403227d2a676e5bc91e99b8262c38ff4cd2e4bc |
| SHA512 | 7790940dfeac81c626f93eeffabbb9d3d174cc740bdc71cf66726106aca7dc8a8b79a05a2f5edb2ec5b37da1eb8df0005260ca3113ce25fce4047c247a3acc4b |
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal
| MD5 | d3ba34c3d961a4d18f4528f6ecf07abd |
| SHA1 | 8e24b45b438b32fc6721c711f39cd43b6edadf61 |
| SHA256 | 58fcb80f4222c70fd8ca681fc06f89b4f38f318721809be372bc264122df4759 |
| SHA512 | 7f7c3791eabcc7b0f35769ccbe8474cec8f9fe67bd90c251e6f8a7c7fdf9af96d0c6f0b1d47a1111f3b6c21ba27fb5ca92ac8516e1444cb34813ac9d5e250e88 |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | efc269686df61d5eee3f1e67c87d3d55 |
| SHA1 | ef6113f441958fb288d6d917e8399b36f34a0ecf |
| SHA256 | 677870470d5ec6687990f4b20ff523d156e95899ee29bd0023f146a31e20d073 |
| SHA512 | 1c63f2439d143550638ae265f1e68ae331bb3e8ec844bccfff46f73ce2555bc545f422f27f02df4938bbc3c412af5bf825be54365758025796dcab205fff0698 |
/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004
| MD5 | 1e4d18093b2efdcd66b7a5c31f30cce3 |
| SHA1 | ec84d058108611aa5255b48ae15b4724f33fc2f3 |
| SHA256 | 4e6d28137f0bbf5a454cbd8c01531824e168c43da07993e58849517253aba163 |
| SHA512 | 8e5fe51ad132a58e4e8e5683708ee373da2f90d91c96f04cb918d822735e9f4fa6692710147d99d101e7fe4df385036d0cedbf07189c7507c39f06eec1d899f6 |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_
| MD5 | 980b57538360dd38f5f617721e625f73 |
| SHA1 | d223d8934e1e4d6bb9c6e98d0bf9a93e71b2dc2a |
| SHA256 | 98504dc896678199e6b9181507db81b30d3fa7c0c1ebc164e0e6c3e4aeea202f |
| SHA512 | 341678d4da68672d54b0e44eafa8ea8172e28df14c77b099eba72736525a34f54022125b47e61b43bd541d78f6370f8e869ac02d209c08c7094a18ff83fb772e |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | bc96f06211d63071c62fd0e0e8a7fb38 |
| SHA1 | 5abb275a10f391497b0b4e5ef2571b5c5ae7fbd5 |
| SHA256 | e05dc1de5ce726f7140b485d65cae85c58945d2264eda73e0b7c33e99dd666c1 |
| SHA512 | 2dcdfd404f14d24f36f7811249cadf2ab7c65f59168ccad0e0ae6ed62837be9e41d4be3beaaaa762bd901829a8ad8a7f1cca97bdecbb42956bd2595ca8734182 |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | 5887869ee0c2c42cd412a0ff3fd05dee |
| SHA1 | ce21eae8770e368da8c5d7c6a7d5f0d5d3fbe3dc |
| SHA256 | 9a97b3e14923ca5fb0967b99080dc47708e7c7af2d03f83135b4ac728bcb199b |
| SHA512 | 284de018ef615cf86af8b8017276259b5ed7204f5dc364e6cc622c8a1e965aff29ad6764e5575a65449b68bbfd8e00acb6dd0f3af5c66f51a497881a3705d3bf |
/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | 7c77ce68b73d58f2405e34ee15c30ea6 |
| SHA1 | e87bd770d008c60c8fd5f3d128b641376d5a8d6f |
| SHA256 | 6bdffad3705cb76cd1087af77fd1617c990154b2b11e50fa30f285a7dd349f87 |
| SHA512 | c4a0d181caeadff4136c7425e68ab9d72d7c807087eea911275d0f563e1a6efdeaefc4f44917cf756c0f4f36e3494b42ac3c557728d7363fc78691a1adb724bb |
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal
| MD5 | 9684ad2316a495f68438590fd624b5d7 |
| SHA1 | 1dd1f3b02083b9ea3e06adf405fd438b9925d999 |
| SHA256 | 5bbd5fb0bf603a16427e2af3e0c58eb018c56e4b2343863852b11aeca1ba670e |
| SHA512 | aa812914e86e5a4d0079c0f9e80c1b4aa4b573c2c828a41fbbdb1b6b06396d1bcc5c4c790929831db3a9f1d847ae365c98d4680cb2d3929ce4b3a7f007a45c98 |
/data/user/0/com.tieniu.lezhuan/databases/downloader.db
| MD5 | 164003cd2f2ca602e085b2c7758e692a |
| SHA1 | 35d839c7073e6f32e79679e45a820420f69d882b |
| SHA256 | 000ff263ff1343333e4303023f5df267ecd8c9dd4b87d188fc57765a9c54a7da |
| SHA512 | 5c439d2abb2363b052f66a7681cb9f9d8a097a60065c29681095bab7287554cbb191a8924853b65fb924734a9a31dfc13181faedc890a3d4bebe0e4a6c12e157 |
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal
| MD5 | 8940d3918ae7ca54907ba5c3e380bab1 |
| SHA1 | d7bea11330e6dd5868159bd1d339abf841c9aa8d |
| SHA256 | e122ecb7931ec8f98070dae39b40b4ebf84a00e8fa13d6cff156c75e4eef4105 |
| SHA512 | 1a2ad7a9db2bff56711cc4fbf06a9f4b8d69bf8d021fdda810b99a1269ef5ea24a906f7ccf355776ebe6ce850d933898d42f928313b34bc94d73b0dce4df597f |
/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal
| MD5 | 469627900cddccd53f0294d03af89e22 |
| SHA1 | 31121f2bacd320f06d4c9e20a00df742263d3a2b |
| SHA256 | fd396ddcfe7970974ff69a2f2b837f51d85210a87a8182b962e1bdf296f4feda |
| SHA512 | 8c384170da3017c0790b67ddfb5c1190d22d2323ccfe9d92acffa81429cb8569458f54d6e5ef7d821af447477a3c26f2e7e4574466e54f01eefcdbefbeda336d |
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal
| MD5 | 5d7675ebac7f023e766103cabd07fc39 |
| SHA1 | 290297d12f9ec1655426e38c597c1c50bd3fbdb2 |
| SHA256 | 9c59866813ea28095e086136349202f51068a938a44c97a126c6af048c49a965 |
| SHA512 | 9c37ac97739f4fd150a98ffbce1c212a4767e7230330574abc5a75a5dfb7354deef0e5500869eca1914a350f0f2882b917af361d643b1bde81df5ffb6026068b |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 8726ca8f2af5fe4e36e4b3c9c10a0f5f |
| SHA1 | c5a982de634e0ad1412705270b042b16248d10e7 |
| SHA256 | bd9c22a69edb95aa839079067f06117f63c369ead8b05bbbd19a1f3dff638926 |
| SHA512 | 130651723a5b7a2ca66a61d8b2ea04f054a1c1aa21c9c1f730ad5803bc99e2406c32d0f9edb0f07d1d7601498e0a774253a1ae23263fa280abb1834247baf165 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db
| MD5 | b986a138e325f9ed31653e246087baa6 |
| SHA1 | 1cda06c101efbf7c89305f44b552e38282225064 |
| SHA256 | 6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058 |
| SHA512 | 5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 2e55fc8684e2e81c0a45f9fd97a0731b |
| SHA1 | e5c496ec6c7f98748eb292ee3a6c54528d1d0579 |
| SHA256 | 448c6cb62f1aeaed506bdb9112d8e9bf4eb7b9100ebf80ef0e0ce69111c073c5 |
| SHA512 | 766f930a95b1ed5c5527f8d052320f6333b6a54cdef830e22e6d86a043a3c1455ba42f91c0fc2c8a9fabeda577e21790fcb43a3f2d926533928d1a291e788fc3 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 861810f6b86dfc077e509a744c4a7641 |
| SHA1 | f570bced453051e87ca073753b955ef85e21095f |
| SHA256 | 5758a340405e0c28a7a144e1c6deecc184896fd9d4b77c7fd21c6ca8946f61a3 |
| SHA512 | d456e50140a24cf0d4e414406e1e946624a6ec7ab36c4bbead157990c582e62e75d30a66e67ed6765e7af9cb2a69fc04ae9f110801d3797c8deffd9441a45dfa |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | 0666bd0cbc72eeea93c1d53c9f102fa5 |
| SHA1 | 47d8da85a8994105bd0c4506b0d463bc3f8823fb |
| SHA256 | 41d2596d545f9b1993e9c16112d6567e2678b7302b7611c1d123152c4b35bb3d |
| SHA512 | d53f7b4f5d282c495b933ffa6c87165cc2a5f44cf80ede75b4949e258b54b69c900a460e901a1f020e09dd25602d31570c989db44533d07d90363e882501e461 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | cd68b2d15c487f1f61d7ac2f7046c87c |
| SHA1 | a015b785fa7e971c759253689d0019be8376e224 |
| SHA256 | 7821e23bc4a0a0f6b9a46232f7e246da7ac3968e1c47a7db120b013ff8bc707c |
| SHA512 | 0c913609427397eb0b22810425020f6e6307f4bc4ca2e9e5980a1f43190dfc1e01f218949b674f84610ff011bdea1ffc4c480b7b9b19747cce963ea93b912ab2 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | 8b46924bf5aa8584c5e7a57cd899dcee |
| SHA1 | 6d71334628cf2403d56297f9bd682c2ca81a85e3 |
| SHA256 | b86bd761bd256a6013b539901e7171e0a38d60c75777e75b8af2970efab48c52 |
| SHA512 | 86711249db59cee58d4d39572199c94f5ab8befc8b5371a32c8b750f09ab6d3eb307acb4aa8a9168a386b511b8d4dcb2e60080bf44bdb0225317af67ddb4e346 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | c762059edfce69184c6a7dc9f5f08d01 |
| SHA1 | 0d8221ff867529711bf8a447f9bf7c177befe360 |
| SHA256 | 80d32fd2bc8c2cdb04435a2b358895021f47f8207270e5f98f31828eb3501b1c |
| SHA512 | 528765dcbab4e91c10bb7f43f70ddb093866656b7a95c1a47abf30956cbd87527701f4b960a0678e4462555a8837342c61978af8d9f773819396ffb31b6cc38c |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | 957d0f3b6241a9d02620deded95cc51c |
| SHA1 | dcbbeb150dc824308760cf6cdc083f51a3b00c7a |
| SHA256 | a1606445c00385ee5390a63370211e6a637af6ba7b06ac1acd20ce51359ff106 |
| SHA512 | 82c3cf03173339ef68757dbea5eabb74c05d97189cbfaa9218ce026584438dd20b188da97ceeda8736fb8b6af51bd6732e1d3f1d874e820ad51dcf345d245572 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/0cc18b8098d970d2de9ad71216b476e3.tmp (deleted)
| MD5 | 9cb74bf197a709c7e4679727642177b5 |
| SHA1 | ae53b8ff8e467656aac37ce4d2faf5133a3516de |
| SHA256 | d59260959faaef2cb45e012675cb393fc4dd1634ca8b7cba776eead06b462060 |
| SHA512 | 01af76a7f0320afd812347be4b5cec4caa02ea9e423c7223123a476c2c3bfe8c13e7a57eba84699ab09ef66961156b7a0ddb05bdfab91ea4f23438d1c12d0e5a |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | b9ae06e057d8a04c0e8947a8c7914370 |
| SHA1 | 487402b1e73204bce6784b6343401c46be2eecec |
| SHA256 | 14ace989963cfc9c7778ee98f3154b835949dfd836e0fbb4d7c3414fe1b26943 |
| SHA512 | f888f1ca65ec382c3e063a29f522ec032c507067ca0ecb419fb811d19151291a8a1dc9d29d78f3cbe84376605559d40569f8b8de2d010fb01d913071975af1a7 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | cba43310e043a81bae0c51a0b30d2125 |
| SHA1 | 724a93c969b9b6cbe42a65d2b7390637b91d76be |
| SHA256 | 2532799a30da55326e7d1a6fce24a5d5cb8cebe869df9c78b48d9328399fa4ba |
| SHA512 | 0fa8a9fde82efdfa88d484705c2d13785820e2cb54604c18a64531aac70334193d56bb33aab5ccf59322b038fc30fe01518297e3b75d3296d4ce1988775bad5d |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 82305faaa7ad04343c3142ab1ef809f6 |
| SHA1 | e324206b59cb5155ef50fd51cb06b95dc39f5dea |
| SHA256 | e428e3143fae115ae541a07841d95a821bba535880197eaca60cc31c7a083232 |
| SHA512 | 138296ad801006978a2d2218e6f8fa844936c7d2709ccf298a45949aa8f85d650c62953c31e05a3786bd3ddac56c43587073e8934c52784accfbbf622e4f4194 |
/data/user/0/com.tieniu.lezhuan/files/umeng_it.cache
| MD5 | a106f5e724f2141b57d3f2a15886f17d |
| SHA1 | b47f708704942bba65f2975db9f153715280d171 |
| SHA256 | c5c018491035ba1a4dfc6413e9c5ca09477af8c1ae434d84a64f6a4cac438613 |
| SHA512 | a2cac083022ef02145b4baffc7e092535654c636ff44002f127f980af7a7db7de936b00a632ba6e4706509328588214897a49b60bd75b19a1c9fb064a5e5fd73 |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | 6c50c77d4b966320ebf138cb483e32f7 |
| SHA1 | 57fcc26062bb1686b8aea31f6a3eab2ac98bf3dd |
| SHA256 | 4b9f2a7a35d7a4bd1b894b3c08bbe9f323d76fcc4cab4bfcfa72218dcf4906f6 |
| SHA512 | abb1f6401a90b5d0401ac3836ed47546b59e02bb11291d4740ca8a0d58b48fcba57091f4fd1cc99f7ca702dfaf17197c4a02ac97eca2f5ff50495a0e3a534d2c |
/data/user/0/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json
| MD5 | ca18d3aac272ac02341913225bdf59ab |
| SHA1 | a7cae002e1297649c061b6cf1fbe8cff36f4023a |
| SHA256 | 3df1315a05af215066b0d2afbe32bbe38538c5a478042b39c4b4b89b2df26ac2 |
| SHA512 | dd7162cf75662c63cbbecd25ce7beb466f7cca928d70470f705f87ade6e4ffc73be66d67ccb6b7ad597bc6d900143c22a365fcbbf143058a1ab2869df7a3be6a |
/data/user/0/com.tieniu.lezhuan/files/exid.dat
| MD5 | 34e8f8b1b59f94ad27144f5789865347 |
| SHA1 | 0491c38d75754ce14c20ee5a03dc6da17914fb0a |
| SHA256 | dbeab81ce0c45a85bfa87a3efe0d1f94790c3da37eb5aad86afc24f73a56c2cb |
| SHA512 | ca698c62c45275dbb52a235450725482a3547a9c58d6c45bf4e895fbce24029aadb9c1fec8a7411d20e56fbcc757f3ac8c6ed88194552fbc0465e20e3b2a5c2e |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db
| MD5 | a44eac4e8a4b9da4d6c510077844f2d1 |
| SHA1 | 6005d0f4b0e171d6dbde4a9e45c9588395f01ffa |
| SHA256 | 10ea7e3551bf0bb6ddbfa3ecc71a7c48c4fe0ea7176fb3fb20afc3c3cdbd1947 |
| SHA512 | 85aa4be356a383b1d1a4a9b6c29e07178c8c90fb368eff351070e15f095e7bb8714978ceea4662130dceac501cc8f11c8d8d1531478f52dca6745e76d5a7d39d |
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal
| MD5 | f8f8741a7c0b24835fe4fe9410a812df |
| SHA1 | ea01122cac46e33d76cfd9e40d15f11e009b52c0 |
| SHA256 | 1f7058ea02dadd95392f6a2e76a25daa449590aa18597c0f614bf09512b063ea |
| SHA512 | 08c932692e0a291064d1f5bb79484664af896875c472a582eadef74c800ae30eec5513212f6df282e0af8bb5177f51bc3614309f0500788a125aea22a97546c4 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | aa5491427474c5f154c35ebaaa83e204 |
| SHA1 | 0a85ca80f0522c98f6d9668fb3802ab5e0432de0 |
| SHA256 | 67e35554296df85230487a1ea7a7c798f39032ea2291771a5133cbcd7e4816db |
| SHA512 | 28348085919fde5bd3efcbf7fedb2a0b2e4e58b95189df34f68b040af72fd968906ba5385c789deb3ee7a23221002d0d42631a3a2c2e5726aed38c46a45fee83 |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db
| MD5 | 1b77217d803a7c04af9466680b92d104 |
| SHA1 | 0cb959f4773c6730e8aed5746706c0f3ecb35c1f |
| SHA256 | 66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3 |
| SHA512 | 39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 386987c5b72e5b5b8d57d01d07c2e0f0 |
| SHA1 | cdc8b07be4705e991b008c9abdbfb9d9ef1f5b2b |
| SHA256 | 9b6013096301a24bc03023786a4bed6494d0ae544c69cd4ea9d430b2b309406a |
| SHA512 | 9aef743be1128abd7a508a2b7e86ca3dedcc3875eb236eaceb9f89159d8a72d65ffdff7de8cee98d20aa7d9dbec683fbc2b74fc70599d762706434dd2e7c91ad |
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal
| MD5 | 54d1a2e1a7414e514f4d11ef29e50a53 |
| SHA1 | aa034b76b14456166067ea3fd1684b8f1b944f20 |
| SHA256 | 992306c0e53e4b1921504146b2fc28ea665ac15db86ff43434a8b5ed706512b3 |
| SHA512 | 8d5c714ff7e1fe07baa8c6a0eb52c2ea841a53a9caa79b5d95a2b67d8560cf913fe1bca938e913733b2902bd3a41c703f7186299975f19208b225cc619e33965 |
/data/user/0/com.tieniu.lezhuan/files/infoc_sdk/batch/86_233687d7-944d-46fb-ab3c-f48c09cabeeb_1717601934737_0.ich
| MD5 | 3205a39a6e652d3c88c9a6700061a760 |
| SHA1 | 27326f197145ee5b5797d53f309f12aeec1cadab |
| SHA256 | 3d57991e034099f82b3d009d06c318fd61d3abb4370160f1893c5d53e3dd9f8f |
| SHA512 | 29329a1ae3efeea5dfcf4cf2096add9f717fd512e16d682af779f2f02aa3d918e42638d4816a982d305a34956c63d3d8499c94e9d9bdbc67c3cd20792129c8a6 |
/data/user/0/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_44c592ec-b3c0-4259-b706-16aadbe4e696_1717601935070_0.ich
| MD5 | 15a639b9034080a048ccd399945598d4 |
| SHA1 | 2de3eab0297051276063d1f8b99058b4d0ef57b7 |
| SHA256 | 5fde9bd9372759c0c3635eb355a0bd2425221d4536de7594cb94a746de99462e |
| SHA512 | 5edb8683ca7d52543c30570ad953a75ce3757df1a0308502bc3f42ad7bc390c179b253843f76d4510c0cfe2d8b6f37ff0dbfa41b4d3fab66255da9a3d002099c |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e83acb900275502e0eab20a7e89b0542.tmp (deleted)
| MD5 | 3610043095edfae0fde800376f4f63b0 |
| SHA1 | c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c |
| SHA256 | b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088 |
| SHA512 | d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e590283b7d720fa9fd13176d8d65f1c5.tmp (deleted)
| MD5 | 3cb18addbd563508da9d8b24af3e9bad |
| SHA1 | 9b6ce986414cf209e720bf0f7515688df1101062 |
| SHA256 | 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3 |
| SHA512 | afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379 |
/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp (deleted)
| MD5 | 8be957db31f115449c38041a12010a70 |
| SHA1 | 9f2d77462d722156cd5fc55530b22d7ea7cc0afd |
| SHA256 | 49ee01811ee4af17511058ccabd7eca6ac279d46af748801e96967cf46021bd8 |
| SHA512 | e93639bd3a0f5f9571ab9e34a6be98b0271214100b41a4fb9953a90331248ad243666fcbf437a71d94709ade63f427bcfac6df2ae917d3618f33bff3b02d81c9 |
/data/user/0/com.tieniu.lezhuan/files/.imprint
| MD5 | 0ddcf2561c8e1040598c24ab4ae182c0 |
| SHA1 | e999a7c649426e031f7816df5a31f4b6f43d3cd0 |
| SHA256 | 98688e9d317c5519067255b32cb3c2f5d2ead37f80d07cda8313fe6fc9ea860c |
| SHA512 | cb43669af63b5ea6e82766c790b02377bfe4ab74e3938d745d6e14322a64f598d97a074071970f0f1fca55c02ed2faaa06e549150a50071308c1ff7c20c375fb |
/data/user/0/com.tieniu.lezhuan/files/umeng_it.cache
| MD5 | bf2405f8c7b4f8d71e29a8615215b79c |
| SHA1 | 6fe443853f5fffbb3aa4e8eb87a447f758ad6781 |
| SHA256 | c64e2e92baa0d2240e8257460f9d0be1df42473b3f7c26dfe49eeb3fe4855c55 |
| SHA512 | b743669a92e472ec34786a0263dc04734d7daf5d05a2f5cf3e75830c71d91c7a33d991e31fe9faaf3c3f048db3877dafcd16836fb9bf93fbb856f560bcc59992 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:38
Platform
android-x86-arm-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:38
Platform
android-x64-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-05 15:38
Reported
2024-06-05 15:38
Platform
android-x64-arm64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |