Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-s27zqsba3x
Target 9884c6feb3637276da862bea26922ecb_JaffaCakes118
SHA256 6b8813d6a197908e07dbf43d696a4af8483ec8591ff08f27dddbaef64a75ddcc
Tags
banker discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6b8813d6a197908e07dbf43d696a4af8483ec8591ff08f27dddbaef64a75ddcc

Threat Level: Likely malicious

The file 9884c6feb3637276da862bea26922ecb_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion execution impact persistence

Checks if the Android device is rooted.

Checks known Qemu files.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks known Qemu pipes.

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 15:38

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:38

Platform

android-x86-arm-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:41

Platform

android-x86-arm-20240603-en

Max time kernel

134s

Max time network

180s

Command Line

com.tieniu.lezhuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tieniu.lezhuan

getprop ro.build.version.emui

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 1.1.1.1:53 superman.cmcm.com udp
US 1.1.1.1:53 is.snssdk.com udp
US 163.181.154.233:443 is.snssdk.com tcp
US 163.181.154.234:443 is.snssdk.com tcp
US 1.1.1.1:53 a.tn990.com udp
US 1.1.1.1:53 z.tn990.com udp
US 1.1.1.1:53 ip.taobao.com udp
US 1.1.1.1:53 ip.adipman.net udp
CN 59.82.122.127:80 ip.taobao.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
CN 114.55.146.25:443 ip.adipman.net tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 game.lushihudong.com udp
CN 119.23.61.87:80 game.lushihudong.com tcp
US 1.1.1.1:53 sdk.ipadview.com udp
US 1.1.1.1:53 speed.adipman.net udp
CN 59.82.122.127:80 ip.taobao.com tcp
CN 114.55.146.25:80 speed.adipman.net tcp
CN 114.55.146.25:80 speed.adipman.net tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 122.96.235.166:443 superman.cmcm.com tcp
CN 122.96.235.166:443 superman.cmcm.com tcp
CN 122.96.235.166:443 superman.cmcm.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 helpgamemoneysdk1.ksmobile.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.23.61.87:80 game.lushihudong.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal

MD5 5e9a3a3d42bae63adc7ecaf366fbc2b5
SHA1 231b89699787ae58f5da8c46e8d86aadc990de6f
SHA256 5946c62feb8b8df3261020163370140171b7bbe7778d3d71870ffe457154a7a8
SHA512 d8194d7d310a11def096d37b0467dde3c9abf83798b3a6c67debbb6d07062f508afd661d2f4927d7286b82da094c0b086654fbe0a6344fc5a39a6e68febb1a67

/data/data/com.tieniu.lezhuan/databases/ttopensdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-wal

MD5 9224fcfb90a00c130af1c2b7c77857ad
SHA1 c23ff1b54283390a6c3cd896e04ff0a9a2d22c67
SHA256 1de93b0532fee3fc767bb309827dcda7b6fd21ced6e8647e86346592067ba705
SHA512 c7b37c8f2eedfde1dab87e51dc174e1a66c24624248585c80013be67c8be8c2ab3eff1d24e60e17aba65feeebae34fa69e3ccc223591313d906a29c4889c0c6e

/data/data/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 3a7d801d2eadb86e921703a8c416c9de
SHA1 1dd64e5d20f0bad82f7b63d895e5d38932ba022e
SHA256 ecc6ed74760aefd860380aaa654d9f96695cb61747dc67001ba05ac561cd194f
SHA512 177d65030b93dc8262a8af2a2b4c3841636c3d93ef02474d190903c2434d0902d2523bd82339a7540efc6673840067de233b73d255573c460e8eee8a951d19d4

/data/data/com.tieniu.lezhuan/app_crashrecord/1004

MD5 f82a7698c08826c8db0e29ce279136bf
SHA1 91f60e2c1a2dcb6ca81ca2836147e7f87732c01a
SHA256 31c5e5e1118dcd58b20fbfd35410e4fdff7daa42fffea452f7397b38fe284b56
SHA512 1ce2e2ccbb5f59e7bc771d5dfb877cf6b48cefe109653046690fda678923067f6ab3efe30b4bb2c664d4182bf3d1c1f21bb077ec2f222c73ef3e036d9838d8dc

/data/data/com.tieniu.lezhuan/databases/bugly_db_-wal

MD5 c3e3b26c3d7a05a7e73da0897570b775
SHA1 e9a44bce66ea64b3738844f6e3e07a53495d9e3f
SHA256 067dbb160c34dea4dc2867b4ceb430b1720c945f4763a2b4acaa293e6f67579d
SHA512 3316be708b784f5197ce0916bdfa04059766b26ea09dfc91c49cf4a0d4fd78491937fbc5ea6c6b2a1cb1fc7629918f404f355d1b84a3f21211461d275fa071e3

/data/data/com.tieniu.lezhuan/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.tieniu.lezhuan/databases/downloader.db-journal

MD5 59c654f89a957af807b060ab277b9de0
SHA1 f0f1e9c66ebeae1670780ebfd8d9f896cc40907d
SHA256 a2a9d294fbfa9ad69382293f6417cf0d54f7ab7959e5bcd6834948e8eb5ded0d
SHA512 a4e28b2edc3bddb870fbafbb8947f7767024a2ca359c4f0fb0e15dc8837a94b42ff701b66b4162b89e73cccd3e413d266a01eeb97d7660d8c0d6b5d2281c8d17

/data/data/com.tieniu.lezhuan/databases/downloader.db-wal

MD5 92002578cefd622df26990a3db7152c3
SHA1 7bca175af7653c7f43a492cb4f6de08d10aaae7d
SHA256 bad3992ceefd7b28f5b7a99cb6aed7a8e417c9704839d4cc52f1df8c688cb807
SHA512 5bc426031d91ab8d915c186e74588625d0c9dfe009a46cd9c3f2fdc10c6513f9c3360f693ce0bb3afb669ea0159c600ee58f62387fae899f4c6aac9295460a01

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 8754014fa751741dc465de09bd0e3e9d
SHA1 a393d44fb89d0b65f72dceac1218c67be6d71603
SHA256 05a30b5212f340d9b99352ec68f3aa6e8ae8406593fd5cec016dbacdabb93f2f
SHA512 ccf69856fe08875c552acc806432acb15671a4052da764c55f7ee87627575067bf480a7692b9b3e11b1733a1d4f62a7c210c279a483b6592bbfc121907c922b7

/data/data/com.tieniu.lezhuan/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

MD5 47aacc6796c19176745619061b0eb39b
SHA1 1455bdc43e457917ab15d35def319ac334a05f70
SHA256 8ac1b21e45dc38064c783a52dbe530988711e5189a1b93635fa2e2f979e1ea88
SHA512 b1b6da5ca2c86c135f448839941e64f423b501fa201361b1d5d52f4bbccb0601714a11ee576b8ef2e30986ae0b454412f068811d4ad88d62c0d30f224902a6a4

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 37c12c7aecea7a6a3b7c252dc10e1750
SHA1 0039976f4909efb7709478722a42840ef3f76e57
SHA256 1ba62c0fa575d1be6b9bb118f6e9891694fe452913f3b8b0b786940e587aecf9
SHA512 a36dc98c4cda39d729904a65ca671026fc8f696005d642a6b6eb45c063d69cc8277667f0c0e6ffd68c497e2d7c443bc908e5ac1e25f1a1453489e4f87a345ce7

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 46f0b69d8c3245b1490b2092bf981f61
SHA1 d409150f0bab6797359bc2cb83373f37a4f8bc8c
SHA256 c3be0c96e95912e8913ce875f03783065b98c7e4ee242a24085b02527a3b6a00
SHA512 e7053de650e090e54546a199e0260b7e3f262120544878be6f66d4e9e3a30e616801d480e1d9f514e4d455f01f9e134a8de43ffee80f5eed533382ec962cb0ca

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

MD5 15fdafad1fa55b2a40cfd3a5c962a48b
SHA1 10fd7abbf4d172b54110b959b21146510c7aa452
SHA256 3e838c8b92ed58ca379c6ba5f6f85d56a9791f1d46b3dbbf9e9c8aae30fcd902
SHA512 930417ef0f029cf1bc4a0123313df74eff1f144faaee5a36651e322ec6f6c9158a406d373b0756d93954860339fdef4723bfad82328d839574d8abf73e43d6ea

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/0cc18b8098d970d2de9ad71216b476e3.tmp

MD5 9cb74bf197a709c7e4679727642177b5
SHA1 ae53b8ff8e467656aac37ce4d2faf5133a3516de
SHA256 d59260959faaef2cb45e012675cb393fc4dd1634ca8b7cba776eead06b462060
SHA512 01af76a7f0320afd812347be4b5cec4caa02ea9e423c7223123a476c2c3bfe8c13e7a57eba84699ab09ef66961156b7a0ddb05bdfab91ea4f23438d1c12d0e5a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1c438a43ddb78366455b34e7e519ea3c
SHA1 8de15b5d879a7edcbf1cf87861cbebf53f6b20eb
SHA256 9eea3b9a22644723fd78501de9b362e4fc99a063e226f0a6a7e26eab2a69a35e
SHA512 49cc59ca6b64b04d07ab95bd1058476185ee3f35e882bd676b2c08cada9573fcb2b9d2c4b7dff2b195aabc6f4270c08c4d0a8e86279088491329241601338d55

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7513bbaa9c7e4a7dbe7f5cf60edcc337
SHA1 5a649a5eedb0ff57c8cda21bc4db5f43243c4273
SHA256 ba57b641c9479e97844e8871254b1640a628828d530453a4eb375ceb1a705e2d
SHA512 227ef2c9dd0817e05fca611711d3b67bea3dfc2bf9ce27de7ea197d90dc3d5cf98c6f41980da787847647969bea40ec6feb54963eae77d97165b9835f12b5a2c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1fa260aa1a0a071e9aa5a0940c2a5697
SHA1 2e5c5e1d3fec765d76ba10e1319f2f389ae34f30
SHA256 830b9527e62824d87bc4f923b98a6992a7b3a6ecf1e85866c529498a4e703b12
SHA512 db6016fecc56fec9186b821bd423b30736253e1c28f765c4c6f95a7c6459b066b473048f7de91460f8065165b4db0312f5fcda68d0fec9cac2f95d6772bc8b4f

/data/data/com.tieniu.lezhuan/files/umeng_it.cache

MD5 7b051bec2c9b6267f637a98858933629
SHA1 3420c136a5aadf2d457b42281aa521776e79e06a
SHA256 83b7d5515757d60a4eb8b1bf6fd5f83e1fee6991f6db0543440bfd565d16139b
SHA512 266d040f76666a4af1099123d9fcbdb057056ad026e5947e250c4db0f1611bb86b67c4f5b307bc8a2b3fef0d7c3bb657a00e1dd9328a4af4cfe99b55e0434c48

/data/data/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json

MD5 ea5731bf34195c8e33f2417c7864f7a1
SHA1 ab35db37c1a1572af9bb44c1f3953038e51870a7
SHA256 f3283553d75bde874e898ca80208df3d4b4d21afaf38dbeefe3da376641038da
SHA512 7cbaf9e4052186a7ad3801c0bf44594fae39ce77964d80c0dc05b34e256a04f0c1a93e725f1e1c66b9dd93e2ae888b289b71f3f95ea1e01b7c1d467f07b18672

/data/data/com.tieniu.lezhuan/files/exid.dat

MD5 34e8f8b1b59f94ad27144f5789865347
SHA1 0491c38d75754ce14c20ee5a03dc6da17914fb0a
SHA256 dbeab81ce0c45a85bfa87a3efe0d1f94790c3da37eb5aad86afc24f73a56c2cb
SHA512 ca698c62c45275dbb52a235450725482a3547a9c58d6c45bf4e895fbce24029aadb9c1fec8a7411d20e56fbcc757f3ac8c6ed88194552fbc0465e20e3b2a5c2e

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

MD5 f609bef6a6ffdc10fc3bd81dc274f48c
SHA1 83ea40d2651b22898ce446616257ea2464c98fe3
SHA256 0f885e804e1bf621511284fd72ed7baf83683debea702b2f87acae22fcff53e1
SHA512 1b0c1cb614f45c338614044be77d465b68c589f85b16408b279b20dd7b70b7025474e92c26e1e4eeedcf20f1f5c1066a5a19b6a443ae56e5d79e976755ed99ed

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

MD5 00737609065850cd890eb6e3655a9217
SHA1 1f34ca9ec25e2c33e5281e91d21746b94987ba9f
SHA256 82e1ee4922772a4f80e870b33e9fa4c315ea823604f4e21adf710680560ec8a4
SHA512 aa7d85dd1ea35e1ef46be643514fc20384f32fd5c703e9cf9c186a1386f06fb6fe6f34206d7debeee6f315675d67f7fe50e74ecb55e1143eaa0318062a2d482a

/data/data/com.tieniu.lezhuan/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e83acb900275502e0eab20a7e89b0542.tmp

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e590283b7d720fa9fd13176d8d65f1c5.tmp

MD5 3cb18addbd563508da9d8b24af3e9bad
SHA1 9b6ce986414cf209e720bf0f7515688df1101062
SHA256 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3
SHA512 afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp

MD5 8be957db31f115449c38041a12010a70
SHA1 9f2d77462d722156cd5fc55530b22d7ea7cc0afd
SHA256 49ee01811ee4af17511058ccabd7eca6ac279d46af748801e96967cf46021bd8
SHA512 e93639bd3a0f5f9571ab9e34a6be98b0271214100b41a4fb9953a90331248ad243666fcbf437a71d94709ade63f427bcfac6df2ae917d3618f33bff3b02d81c9

/data/data/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_b8db720e-87d1-44cd-955c-0491527d130e_1717601951260_0.ich

MD5 9e0c6c610a1cdb36a1d350f3a069975f
SHA1 3151a8ed320a90450d78aa69e8597947d68ff16f
SHA256 2911287491149f75bf4872534f6735a6f8c694f539bd6b04e4e26d83fc90cec2
SHA512 75c189cbc56b0fac3d80b2523385aed6db10bbed07f4fac3d854a3d509d6056871da3ae02ed279768ecb42850dc447b4ffb07f1cb72c265be7e26143489878d8

/data/data/com.tieniu.lezhuan/files/infoc_sdk/batch/86_3ec4b328-6f1c-4a98-8ae1-a07f5864ab5f_1717601958865_0.ich

MD5 582a67d5983a1c36e87989a6ab8daba0
SHA1 13f90e0953f9e395025c6ef38d749c15772edf5b
SHA256 f5e3d058c068346c2d145441627acd121d294b2f3ecc6c7b03acebb2d15dd8b9
SHA512 2f1a45e3ed1dbd8c4deded39826898c7636c4659d501e722c29569e7efa998664d2d22e0aec328905a1d3d1997118c83ccc0fc4281d1c047dd4e344988b0fd26

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

MD5 40726dd0142641f2ae6951282027b303
SHA1 9fdad71f0a8ba0a935dbe7c59c0ffaaa32a23692
SHA256 f329dcf29e6058fd50fd0bfed4da08ff7993cbf936bf95a31b7e62346e2e32f4
SHA512 f3b2bf2e1cb43243cd61b04fbc612d94995a83bac13bacb5b2a353ad636e98dd47a01c0362e3739bddea326bc93dd4f4af9760f7f4e1d744f3dcec3ce09ac1f4

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 90891f2a5df3ab66643fda244480ec95
SHA1 0ddbd6e5e59a2190b0201bc9acfeae210408043d
SHA256 ebf3ef029bf5d483683a7dff351fafea7fea3c9edb7170634067dbfc51844ef9
SHA512 9bfcba908db1ff6a2651800a9d9ead28ced15c9dd2a28ba86cfe9c6dc0e3ec0b489a23aa8a76c52ef365a6ee6bb4a5a9fd39c7df94490f7028def2e95ad73206

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

MD5 29495c552f99251e9937814a9606ef96
SHA1 b2da4fc3a955ff84ed9d86c1ec09619dfc0dc212
SHA256 9fe0a092aca222cc966a148f1a23e08c29994e0dcd8277206ef29cbf10a2b0c3
SHA512 9600bc691c06270295aac05ca8608b48c6b0368875840e7580a5eee4b7c12cfbad01014ad8f265f61570833df3c8704c61bb1a4db278c675a420f5fe23aae53e

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 24e85d8337cf7c9ce57d6a1a0507da27
SHA1 53f1422be1cf8c7e69b10fc49c703475e39cac3d
SHA256 f3f7e419ac02439f2a48b7efc7707974f87023409bbc607c5f2e71c379e87b05
SHA512 23b1357f6ea1abf001219dc40102ef3f6df94ec6c33db1d1b4836715d237cbbd4598dc3a14c25785fbbce4454c60a16dffbdf96e924ac5f3dc3228a86e05a27e

/data/data/com.tieniu.lezhuan/files/.um/um_cache_1717602050679.env

MD5 c3d7c2f4c5723f735f7822da4099dfdb
SHA1 a48de75bf25593ab495f4a6e1960c428376e0857
SHA256 00d13798f4fc4ba436afa2036d0f481333e8514ee6a5c2ea80df2d48b1d4a11d
SHA512 06843643a15c98c7aeb5a0edffc82be281ef936cf8048e7b3c7875860b9188ecde5ba580dec0df3aab3779dce411ecaf92051527f3f09d8710442ed7729554a8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:41

Platform

android-33-x64-arm64-20240603-en

Max time kernel

48s

Max time network

173s

Command Line

com.tieniu.lezhuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.tieniu.lezhuan

Network

Country Destination Domain Proto
GB 216.58.212.196:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.196:443 udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 1.1.1.1:53 is.snssdk.com udp
US 1.1.1.1:53 superman.cmcm.com udp
US 163.181.154.235:443 sf3-ttcdn-tos.pstatp.com tcp
SG 103.136.221.67:443 is.snssdk.com tcp
US 1.1.1.1:53 a.tn990.com udp
US 1.1.1.1:53 z.tn990.com udp
CN 122.96.235.166:443 superman.cmcm.com tcp
CN 122.96.235.166:443 superman.cmcm.com tcp
CN 122.96.235.166:443 superman.cmcm.com tcp
US 1.1.1.1:53 ip.adipman.net udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.10:80 ip.taobao.com tcp
CN 114.55.146.25:443 ip.adipman.net tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 1.1.1.1:53 sdk.ipadview.com udp
US 1.1.1.1:53 speed.adipman.net udp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 114.55.146.25:80 speed.adipman.net tcp
CN 114.55.146.25:80 speed.adipman.net tcp
CN 59.82.122.10:80 ip.taobao.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
CN 27.185.201.167:443 superman.cmcm.com tcp
US 1.1.1.1:53 helpgamemoneysdk1.ksmobile.com udp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 216.58.201.99:443 tcp
US 162.159.61.3:443 udp
GB 216.58.201.99:443 udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 216.58.212.196:443 udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

MD5 24fd49e6c64d7e695a87f136b94b8a24
SHA1 955742541d9f3b9c09f8bfb80d6ad8f28bf96c89
SHA256 8f0323f80efcf0a216a141431388be7fc935c24bb0fb27e55d83aa5af5b5bef0
SHA512 ecc482b082e087c02b79b3e1f2b58295ffc840ed3a32acd57917d173f78eaefe3fc32da84b4a54c930095d0a1c3ec48e28415471c1adf1136f025bdff17e6378

/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db

MD5 0d382cc9713d63bf0992e5f68f85cfb8
SHA1 2decdcee572ed111d4e81bf60ada5f66285733a3
SHA256 51208ae052a85622e2af48a13dd304e6d96739398110b3b7ef58b87b93150cc4
SHA512 c7a4c42ea67302b7e3c2d9eed646bb8376d21b18f6b146dac3598df188b945e565bf230066cc3179fa58ab64bdf6cc5c6812df92ded7f3508312034e6a9ebb7f

/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

MD5 4a4beb8ee6933c65c3854745d03bdad1
SHA1 8c29afbb946de24379f3c73c4381ab5bc311f549
SHA256 07258557c690669ebcbc85775403227d2a676e5bc91e99b8262c38ff4cd2e4bc
SHA512 7790940dfeac81c626f93eeffabbb9d3d174cc740bdc71cf66726106aca7dc8a8b79a05a2f5edb2ec5b37da1eb8df0005260ca3113ce25fce4047c247a3acc4b

/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

MD5 d3ba34c3d961a4d18f4528f6ecf07abd
SHA1 8e24b45b438b32fc6721c711f39cd43b6edadf61
SHA256 58fcb80f4222c70fd8ca681fc06f89b4f38f318721809be372bc264122df4759
SHA512 7f7c3791eabcc7b0f35769ccbe8474cec8f9fe67bd90c251e6f8a7c7fdf9af96d0c6f0b1d47a1111f3b6c21ba27fb5ca92ac8516e1444cb34813ac9d5e250e88

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 efc269686df61d5eee3f1e67c87d3d55
SHA1 ef6113f441958fb288d6d917e8399b36f34a0ecf
SHA256 677870470d5ec6687990f4b20ff523d156e95899ee29bd0023f146a31e20d073
SHA512 1c63f2439d143550638ae265f1e68ae331bb3e8ec844bccfff46f73ce2555bc545f422f27f02df4938bbc3c412af5bf825be54365758025796dcab205fff0698

/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

MD5 1e4d18093b2efdcd66b7a5c31f30cce3
SHA1 ec84d058108611aa5255b48ae15b4724f33fc2f3
SHA256 4e6d28137f0bbf5a454cbd8c01531824e168c43da07993e58849517253aba163
SHA512 8e5fe51ad132a58e4e8e5683708ee373da2f90d91c96f04cb918d822735e9f4fa6692710147d99d101e7fe4df385036d0cedbf07189c7507c39f06eec1d899f6

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_

MD5 980b57538360dd38f5f617721e625f73
SHA1 d223d8934e1e4d6bb9c6e98d0bf9a93e71b2dc2a
SHA256 98504dc896678199e6b9181507db81b30d3fa7c0c1ebc164e0e6c3e4aeea202f
SHA512 341678d4da68672d54b0e44eafa8ea8172e28df14c77b099eba72736525a34f54022125b47e61b43bd541d78f6370f8e869ac02d209c08c7094a18ff83fb772e

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 bc96f06211d63071c62fd0e0e8a7fb38
SHA1 5abb275a10f391497b0b4e5ef2571b5c5ae7fbd5
SHA256 e05dc1de5ce726f7140b485d65cae85c58945d2264eda73e0b7c33e99dd666c1
SHA512 2dcdfd404f14d24f36f7811249cadf2ab7c65f59168ccad0e0ae6ed62837be9e41d4be3beaaaa762bd901829a8ad8a7f1cca97bdecbb42956bd2595ca8734182

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 5887869ee0c2c42cd412a0ff3fd05dee
SHA1 ce21eae8770e368da8c5d7c6a7d5f0d5d3fbe3dc
SHA256 9a97b3e14923ca5fb0967b99080dc47708e7c7af2d03f83135b4ac728bcb199b
SHA512 284de018ef615cf86af8b8017276259b5ed7204f5dc364e6cc622c8a1e965aff29ad6764e5575a65449b68bbfd8e00acb6dd0f3af5c66f51a497881a3705d3bf

/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 7c77ce68b73d58f2405e34ee15c30ea6
SHA1 e87bd770d008c60c8fd5f3d128b641376d5a8d6f
SHA256 6bdffad3705cb76cd1087af77fd1617c990154b2b11e50fa30f285a7dd349f87
SHA512 c4a0d181caeadff4136c7425e68ab9d72d7c807087eea911275d0f563e1a6efdeaefc4f44917cf756c0f4f36e3494b42ac3c557728d7363fc78691a1adb724bb

/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

MD5 9684ad2316a495f68438590fd624b5d7
SHA1 1dd1f3b02083b9ea3e06adf405fd438b9925d999
SHA256 5bbd5fb0bf603a16427e2af3e0c58eb018c56e4b2343863852b11aeca1ba670e
SHA512 aa812914e86e5a4d0079c0f9e80c1b4aa4b573c2c828a41fbbdb1b6b06396d1bcc5c4c790929831db3a9f1d847ae365c98d4680cb2d3929ce4b3a7f007a45c98

/data/user/0/com.tieniu.lezhuan/databases/downloader.db

MD5 164003cd2f2ca602e085b2c7758e692a
SHA1 35d839c7073e6f32e79679e45a820420f69d882b
SHA256 000ff263ff1343333e4303023f5df267ecd8c9dd4b87d188fc57765a9c54a7da
SHA512 5c439d2abb2363b052f66a7681cb9f9d8a097a60065c29681095bab7287554cbb191a8924853b65fb924734a9a31dfc13181faedc890a3d4bebe0e4a6c12e157

/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

MD5 8940d3918ae7ca54907ba5c3e380bab1
SHA1 d7bea11330e6dd5868159bd1d339abf841c9aa8d
SHA256 e122ecb7931ec8f98070dae39b40b4ebf84a00e8fa13d6cff156c75e4eef4105
SHA512 1a2ad7a9db2bff56711cc4fbf06a9f4b8d69bf8d021fdda810b99a1269ef5ea24a906f7ccf355776ebe6ce850d933898d42f928313b34bc94d73b0dce4df597f

/data/user/0/com.tieniu.lezhuan/databases/downloader.db-journal

MD5 469627900cddccd53f0294d03af89e22
SHA1 31121f2bacd320f06d4c9e20a00df742263d3a2b
SHA256 fd396ddcfe7970974ff69a2f2b837f51d85210a87a8182b962e1bdf296f4feda
SHA512 8c384170da3017c0790b67ddfb5c1190d22d2323ccfe9d92acffa81429cb8569458f54d6e5ef7d821af447477a3c26f2e7e4574466e54f01eefcdbefbeda336d

/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

MD5 5d7675ebac7f023e766103cabd07fc39
SHA1 290297d12f9ec1655426e38c597c1c50bd3fbdb2
SHA256 9c59866813ea28095e086136349202f51068a938a44c97a126c6af048c49a965
SHA512 9c37ac97739f4fd150a98ffbce1c212a4767e7230330574abc5a75a5dfb7354deef0e5500869eca1914a350f0f2882b917af361d643b1bde81df5ffb6026068b

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 8726ca8f2af5fe4e36e4b3c9c10a0f5f
SHA1 c5a982de634e0ad1412705270b042b16248d10e7
SHA256 bd9c22a69edb95aa839079067f06117f63c369ead8b05bbbd19a1f3dff638926
SHA512 130651723a5b7a2ca66a61d8b2ea04f054a1c1aa21c9c1f730ad5803bc99e2406c32d0f9edb0f07d1d7601498e0a774253a1ae23263fa280abb1834247baf165

/data/data/com.tieniu.lezhuan/databases/cc/cc.db

MD5 b986a138e325f9ed31653e246087baa6
SHA1 1cda06c101efbf7c89305f44b552e38282225064
SHA256 6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058
SHA512 5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 2e55fc8684e2e81c0a45f9fd97a0731b
SHA1 e5c496ec6c7f98748eb292ee3a6c54528d1d0579
SHA256 448c6cb62f1aeaed506bdb9112d8e9bf4eb7b9100ebf80ef0e0ce69111c073c5
SHA512 766f930a95b1ed5c5527f8d052320f6333b6a54cdef830e22e6d86a043a3c1455ba42f91c0fc2c8a9fabeda577e21790fcb43a3f2d926533928d1a291e788fc3

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 861810f6b86dfc077e509a744c4a7641
SHA1 f570bced453051e87ca073753b955ef85e21095f
SHA256 5758a340405e0c28a7a144e1c6deecc184896fd9d4b77c7fd21c6ca8946f61a3
SHA512 d456e50140a24cf0d4e414406e1e946624a6ec7ab36c4bbead157990c582e62e75d30a66e67ed6765e7af9cb2a69fc04ae9f110801d3797c8deffd9441a45dfa

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 0666bd0cbc72eeea93c1d53c9f102fa5
SHA1 47d8da85a8994105bd0c4506b0d463bc3f8823fb
SHA256 41d2596d545f9b1993e9c16112d6567e2678b7302b7611c1d123152c4b35bb3d
SHA512 d53f7b4f5d282c495b933ffa6c87165cc2a5f44cf80ede75b4949e258b54b69c900a460e901a1f020e09dd25602d31570c989db44533d07d90363e882501e461

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 cd68b2d15c487f1f61d7ac2f7046c87c
SHA1 a015b785fa7e971c759253689d0019be8376e224
SHA256 7821e23bc4a0a0f6b9a46232f7e246da7ac3968e1c47a7db120b013ff8bc707c
SHA512 0c913609427397eb0b22810425020f6e6307f4bc4ca2e9e5980a1f43190dfc1e01f218949b674f84610ff011bdea1ffc4c480b7b9b19747cce963ea93b912ab2

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 8b46924bf5aa8584c5e7a57cd899dcee
SHA1 6d71334628cf2403d56297f9bd682c2ca81a85e3
SHA256 b86bd761bd256a6013b539901e7171e0a38d60c75777e75b8af2970efab48c52
SHA512 86711249db59cee58d4d39572199c94f5ab8befc8b5371a32c8b750f09ab6d3eb307acb4aa8a9168a386b511b8d4dcb2e60080bf44bdb0225317af67ddb4e346

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 c762059edfce69184c6a7dc9f5f08d01
SHA1 0d8221ff867529711bf8a447f9bf7c177befe360
SHA256 80d32fd2bc8c2cdb04435a2b358895021f47f8207270e5f98f31828eb3501b1c
SHA512 528765dcbab4e91c10bb7f43f70ddb093866656b7a95c1a47abf30956cbd87527701f4b960a0678e4462555a8837342c61978af8d9f773819396ffb31b6cc38c

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 957d0f3b6241a9d02620deded95cc51c
SHA1 dcbbeb150dc824308760cf6cdc083f51a3b00c7a
SHA256 a1606445c00385ee5390a63370211e6a637af6ba7b06ac1acd20ce51359ff106
SHA512 82c3cf03173339ef68757dbea5eabb74c05d97189cbfaa9218ce026584438dd20b188da97ceeda8736fb8b6af51bd6732e1d3f1d874e820ad51dcf345d245572

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/0cc18b8098d970d2de9ad71216b476e3.tmp (deleted)

MD5 9cb74bf197a709c7e4679727642177b5
SHA1 ae53b8ff8e467656aac37ce4d2faf5133a3516de
SHA256 d59260959faaef2cb45e012675cb393fc4dd1634ca8b7cba776eead06b462060
SHA512 01af76a7f0320afd812347be4b5cec4caa02ea9e423c7223123a476c2c3bfe8c13e7a57eba84699ab09ef66961156b7a0ddb05bdfab91ea4f23438d1c12d0e5a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b9ae06e057d8a04c0e8947a8c7914370
SHA1 487402b1e73204bce6784b6343401c46be2eecec
SHA256 14ace989963cfc9c7778ee98f3154b835949dfd836e0fbb4d7c3414fe1b26943
SHA512 f888f1ca65ec382c3e063a29f522ec032c507067ca0ecb419fb811d19151291a8a1dc9d29d78f3cbe84376605559d40569f8b8de2d010fb01d913071975af1a7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 cba43310e043a81bae0c51a0b30d2125
SHA1 724a93c969b9b6cbe42a65d2b7390637b91d76be
SHA256 2532799a30da55326e7d1a6fce24a5d5cb8cebe869df9c78b48d9328399fa4ba
SHA512 0fa8a9fde82efdfa88d484705c2d13785820e2cb54604c18a64531aac70334193d56bb33aab5ccf59322b038fc30fe01518297e3b75d3296d4ce1988775bad5d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 82305faaa7ad04343c3142ab1ef809f6
SHA1 e324206b59cb5155ef50fd51cb06b95dc39f5dea
SHA256 e428e3143fae115ae541a07841d95a821bba535880197eaca60cc31c7a083232
SHA512 138296ad801006978a2d2218e6f8fa844936c7d2709ccf298a45949aa8f85d650c62953c31e05a3786bd3ddac56c43587073e8934c52784accfbbf622e4f4194

/data/user/0/com.tieniu.lezhuan/files/umeng_it.cache

MD5 a106f5e724f2141b57d3f2a15886f17d
SHA1 b47f708704942bba65f2975db9f153715280d171
SHA256 c5c018491035ba1a4dfc6413e9c5ca09477af8c1ae434d84a64f6a4cac438613
SHA512 a2cac083022ef02145b4baffc7e092535654c636ff44002f127f980af7a7db7de936b00a632ba6e4706509328588214897a49b60bd75b19a1c9fb064a5e5fd73

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 6c50c77d4b966320ebf138cb483e32f7
SHA1 57fcc26062bb1686b8aea31f6a3eab2ac98bf3dd
SHA256 4b9f2a7a35d7a4bd1b894b3c08bbe9f323d76fcc4cab4bfcfa72218dcf4906f6
SHA512 abb1f6401a90b5d0401ac3836ed47546b59e02bb11291d4740ca8a0d58b48fcba57091f4fd1cc99f7ca702dfaf17197c4a02ac97eca2f5ff50495a0e3a534d2c

/data/user/0/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json

MD5 ca18d3aac272ac02341913225bdf59ab
SHA1 a7cae002e1297649c061b6cf1fbe8cff36f4023a
SHA256 3df1315a05af215066b0d2afbe32bbe38538c5a478042b39c4b4b89b2df26ac2
SHA512 dd7162cf75662c63cbbecd25ce7beb466f7cca928d70470f705f87ade6e4ffc73be66d67ccb6b7ad597bc6d900143c22a365fcbbf143058a1ab2869df7a3be6a

/data/user/0/com.tieniu.lezhuan/files/exid.dat

MD5 34e8f8b1b59f94ad27144f5789865347
SHA1 0491c38d75754ce14c20ee5a03dc6da17914fb0a
SHA256 dbeab81ce0c45a85bfa87a3efe0d1f94790c3da37eb5aad86afc24f73a56c2cb
SHA512 ca698c62c45275dbb52a235450725482a3547a9c58d6c45bf4e895fbce24029aadb9c1fec8a7411d20e56fbcc757f3ac8c6ed88194552fbc0465e20e3b2a5c2e

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

MD5 a44eac4e8a4b9da4d6c510077844f2d1
SHA1 6005d0f4b0e171d6dbde4a9e45c9588395f01ffa
SHA256 10ea7e3551bf0bb6ddbfa3ecc71a7c48c4fe0ea7176fb3fb20afc3c3cdbd1947
SHA512 85aa4be356a383b1d1a4a9b6c29e07178c8c90fb368eff351070e15f095e7bb8714978ceea4662130dceac501cc8f11c8d8d1531478f52dca6745e76d5a7d39d

/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

MD5 f8f8741a7c0b24835fe4fe9410a812df
SHA1 ea01122cac46e33d76cfd9e40d15f11e009b52c0
SHA256 1f7058ea02dadd95392f6a2e76a25daa449590aa18597c0f614bf09512b063ea
SHA512 08c932692e0a291064d1f5bb79484664af896875c472a582eadef74c800ae30eec5513212f6df282e0af8bb5177f51bc3614309f0500788a125aea22a97546c4

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 aa5491427474c5f154c35ebaaa83e204
SHA1 0a85ca80f0522c98f6d9668fb3802ab5e0432de0
SHA256 67e35554296df85230487a1ea7a7c798f39032ea2291771a5133cbcd7e4816db
SHA512 28348085919fde5bd3efcbf7fedb2a0b2e4e58b95189df34f68b040af72fd968906ba5385c789deb3ee7a23221002d0d42631a3a2c2e5726aed38c46a45fee83

/data/data/com.tieniu.lezhuan/databases/cc/cc.db

MD5 1b77217d803a7c04af9466680b92d104
SHA1 0cb959f4773c6730e8aed5746706c0f3ecb35c1f
SHA256 66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3
SHA512 39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 386987c5b72e5b5b8d57d01d07c2e0f0
SHA1 cdc8b07be4705e991b008c9abdbfb9d9ef1f5b2b
SHA256 9b6013096301a24bc03023786a4bed6494d0ae544c69cd4ea9d430b2b309406a
SHA512 9aef743be1128abd7a508a2b7e86ca3dedcc3875eb236eaceb9f89159d8a72d65ffdff7de8cee98d20aa7d9dbec683fbc2b74fc70599d762706434dd2e7c91ad

/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

MD5 54d1a2e1a7414e514f4d11ef29e50a53
SHA1 aa034b76b14456166067ea3fd1684b8f1b944f20
SHA256 992306c0e53e4b1921504146b2fc28ea665ac15db86ff43434a8b5ed706512b3
SHA512 8d5c714ff7e1fe07baa8c6a0eb52c2ea841a53a9caa79b5d95a2b67d8560cf913fe1bca938e913733b2902bd3a41c703f7186299975f19208b225cc619e33965

/data/user/0/com.tieniu.lezhuan/files/infoc_sdk/batch/86_233687d7-944d-46fb-ab3c-f48c09cabeeb_1717601934737_0.ich

MD5 3205a39a6e652d3c88c9a6700061a760
SHA1 27326f197145ee5b5797d53f309f12aeec1cadab
SHA256 3d57991e034099f82b3d009d06c318fd61d3abb4370160f1893c5d53e3dd9f8f
SHA512 29329a1ae3efeea5dfcf4cf2096add9f717fd512e16d682af779f2f02aa3d918e42638d4816a982d305a34956c63d3d8499c94e9d9bdbc67c3cd20792129c8a6

/data/user/0/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_44c592ec-b3c0-4259-b706-16aadbe4e696_1717601935070_0.ich

MD5 15a639b9034080a048ccd399945598d4
SHA1 2de3eab0297051276063d1f8b99058b4d0ef57b7
SHA256 5fde9bd9372759c0c3635eb355a0bd2425221d4536de7594cb94a746de99462e
SHA512 5edb8683ca7d52543c30570ad953a75ce3757df1a0308502bc3f42ad7bc390c179b253843f76d4510c0cfe2d8b6f37ff0dbfa41b4d3fab66255da9a3d002099c

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e83acb900275502e0eab20a7e89b0542.tmp (deleted)

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/e590283b7d720fa9fd13176d8d65f1c5.tmp (deleted)

MD5 3cb18addbd563508da9d8b24af3e9bad
SHA1 9b6ce986414cf209e720bf0f7515688df1101062
SHA256 9614a250c3921ab426426cf2df2a3f5d5741449de032a053e40ff056bba9d8d3
SHA512 afad51a9747680a5160defd977ddd4c75c7a05f851688c56b6acad284cf06077ea99eefbec9770f5c111d8d544af9ab43572ace5ac7310c350f77b22c7cf5379

/storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp (deleted)

MD5 8be957db31f115449c38041a12010a70
SHA1 9f2d77462d722156cd5fc55530b22d7ea7cc0afd
SHA256 49ee01811ee4af17511058ccabd7eca6ac279d46af748801e96967cf46021bd8
SHA512 e93639bd3a0f5f9571ab9e34a6be98b0271214100b41a4fb9953a90331248ad243666fcbf437a71d94709ade63f427bcfac6df2ae917d3618f33bff3b02d81c9

/data/user/0/com.tieniu.lezhuan/files/.imprint

MD5 0ddcf2561c8e1040598c24ab4ae182c0
SHA1 e999a7c649426e031f7816df5a31f4b6f43d3cd0
SHA256 98688e9d317c5519067255b32cb3c2f5d2ead37f80d07cda8313fe6fc9ea860c
SHA512 cb43669af63b5ea6e82766c790b02377bfe4ab74e3938d745d6e14322a64f598d97a074071970f0f1fca55c02ed2faaa06e549150a50071308c1ff7c20c375fb

/data/user/0/com.tieniu.lezhuan/files/umeng_it.cache

MD5 bf2405f8c7b4f8d71e29a8615215b79c
SHA1 6fe443853f5fffbb3aa4e8eb87a447f758ad6781
SHA256 c64e2e92baa0d2240e8257460f9d0be1df42473b3f7c26dfe49eeb3fe4855c55
SHA512 b743669a92e472ec34786a0263dc04734d7daf5d05a2f5cf3e75830c71d91c7a33d991e31fe9faaf3c3f048db3877dafcd16836fb9bf93fbb856f560bcc59992

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:38

Platform

android-x86-arm-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:38

Platform

android-x64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-05 15:38

Reported

2024-06-05 15:38

Platform

android-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A