Malware Analysis Report

2025-01-19 05:04

Sample ID 240605-twftqscg47
Target 989eea78392a9865efb856125734720f_JaffaCakes118
SHA256 d5c174271df4e074f8816d60c9754de470b8f1f13c2439309d76932adeb62892
Tags
upx banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d5c174271df4e074f8816d60c9754de470b8f1f13c2439309d76932adeb62892

Threat Level: Likely malicious

The file 989eea78392a9865efb856125734720f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx banker collection discovery evasion impact persistence

Patched UPX-packed file

Checks if the Android device is rooted.

Checks known Qemu pipes.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Unexpected DNS network traffic destination

UPX packed file

Checks known Qemu files.

Queries information about running processes on the device

Requests cell location

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 16:26

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 16:24

Reported

2024-06-05 16:29

Platform

android-x86-arm-20240603-en

Max time kernel

11s

Max time network

130s

Command Line

com.ws.dd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 223.5.5.5 N/A N/A
Destination IP 114.114.114.114 N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ws.dd

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 i.tddmp.com udp
US 1.1.1.1:53 cloud.xdrig.com udp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 116.198.14.27:443 cloud.xdrig.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 116.198.14.27:443 cloud.xdrig.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 116.196.71.30:80 i.tddmp.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 101.37.132.16:80 tcp
CN 114.114.114.114:53 flex.ftnormal00ab.com udp
CN 223.5.5.5:53 flex.api.aliyunceng.com udp
N/A 10.127.0.1:65535 udp
N/A 10.127.0.3:65535 udp
N/A 10.127.0.6:65535 udp
N/A 10.127.0.10:65535 udp
N/A 10.127.0.30:65535 udp
N/A 10.127.0.55:65535 udp
N/A 10.127.0.15:65535 udp
N/A 10.127.0.34:65535 udp
N/A 10.127.0.4:65535 udp
N/A 10.127.0.14:65535 udp
N/A 10.127.0.59:65535 udp
N/A 10.127.0.16:65535 udp
N/A 10.127.0.129:65535 udp
N/A 10.127.0.12:65535 udp
N/A 10.127.0.25:65535 udp
N/A 10.127.0.60:65535 udp
N/A 10.127.0.2:65535 udp
N/A 10.127.0.27:65535 udp
N/A 10.127.0.38:65535 udp
N/A 10.127.0.8:65535 udp
N/A 10.127.0.19:65535 udp
N/A 10.127.0.22:65535 udp
N/A 10.127.0.62:65535 udp
N/A 10.127.0.52:65535 udp
N/A 10.127.0.21:65535 udp
N/A 10.127.0.41:65535 udp
N/A 10.127.0.51:65535 udp
N/A 10.127.0.28:65535 udp
N/A 10.127.0.32:65535 udp
N/A 10.127.0.65:65535 udp
N/A 10.127.0.45:65535 udp
N/A 10.127.0.49:65535 udp
N/A 10.127.0.133:65535 udp
N/A 10.127.0.11:65535 udp
N/A 10.127.0.33:65535 udp
N/A 10.127.0.37:65535 udp
N/A 10.127.0.63:65535 udp
N/A 10.127.0.9:65535 udp
N/A 10.127.0.18:65535 udp
N/A 10.127.0.35:65535 udp
N/A 10.127.0.50:65535 udp
N/A 10.127.0.57:65535 udp
N/A 10.127.0.13:65535 udp
N/A 10.127.0.48:65535 udp
N/A 10.127.0.54:65535 udp
N/A 10.127.0.61:65535 udp
N/A 10.127.0.43:65535 udp
N/A 10.127.0.44:65535 udp
N/A 10.127.0.67:65535 udp
N/A 10.127.0.58:65535 udp
N/A 10.127.0.66:65535 udp
N/A 10.127.0.42:65535 udp
N/A 10.127.0.46:65535 udp
N/A 10.127.0.53:65535 udp
N/A 10.127.0.64:65535 udp
N/A 10.127.0.131:65535 udp
N/A 10.127.0.20:65535 udp
N/A 10.127.0.7:65535 udp
N/A 10.127.0.17:65535 udp
N/A 10.127.0.29:65535 udp
N/A 10.127.0.130:65535 udp
N/A 10.127.0.40:65535 udp
N/A 10.127.0.23:65535 udp
N/A 10.127.0.47:65535 udp
N/A 10.127.0.26:65535 udp
N/A 10.127.0.132:65535 udp
N/A 10.127.0.5:65535 udp
N/A 10.127.0.36:65535 udp
N/A 10.127.0.24:65535 udp
N/A 10.127.0.31:65535 udp
N/A 10.127.0.56:65535 udp
N/A 10.127.0.108:65535 udp
N/A 10.127.0.114:65535 udp
N/A 10.127.0.254:65535 udp
N/A 10.127.0.117:65535 udp
N/A 10.127.0.100:65535 udp
N/A 10.127.0.83:65535 udp
N/A 10.127.0.71:65535 udp
N/A 10.127.0.116:65535 udp
N/A 10.127.0.76:65535 udp
N/A 10.127.0.124:65535 udp
N/A 10.127.0.88:65535 udp
N/A 10.127.0.109:65535 udp
N/A 10.127.0.95:65535 udp
N/A 10.127.0.74:65535 udp
N/A 10.127.0.72:65535 udp
N/A 10.127.0.69:65535 udp
N/A 10.127.0.90:65535 udp
N/A 10.127.0.80:65535 udp
N/A 10.127.0.78:65535 udp
N/A 10.127.0.112:65535 udp
N/A 10.127.0.75:65535 udp
N/A 10.127.0.113:65535 udp
N/A 10.127.0.111:65535 udp
N/A 10.127.0.102:65535 udp
N/A 10.127.0.101:65535 udp
N/A 10.127.0.122:65535 udp
N/A 10.127.0.134:65535 udp
N/A 10.127.0.99:65535 udp
N/A 10.127.0.82:65535 udp
N/A 10.127.0.121:65535 udp
N/A 10.127.0.128:65535 udp
N/A 10.127.0.118:65535 udp
N/A 10.127.0.96:65535 udp
N/A 10.127.0.87:65535 udp
N/A 10.127.0.81:65535 udp
N/A 10.127.0.123:65535 udp
N/A 10.127.0.103:65535 udp
N/A 10.127.0.89:65535 udp
N/A 10.127.0.94:65535 udp
N/A 10.127.0.252:65535 udp
N/A 10.127.0.105:65535 udp
N/A 10.127.0.93:65535 udp
N/A 10.127.0.77:65535 udp
N/A 10.127.0.253:65535 udp
N/A 10.127.0.106:65535 udp
N/A 10.127.0.127:65535 udp
N/A 10.127.0.97:65535 udp
N/A 10.127.0.68:65535 udp
N/A 10.127.0.91:65535 udp
N/A 10.127.0.107:65535 udp
US 1.1.1.1:53 adt.xdrig.com udp
N/A 10.127.0.119:65535 udp
N/A 10.127.0.70:65535 udp
N/A 10.127.0.98:65535 udp
N/A 10.127.0.85:65535 udp
N/A 10.127.0.115:65535 udp
N/A 10.127.0.92:65535 udp
N/A 10.127.0.86:65535 udp
N/A 10.127.0.120:65535 udp
N/A 10.127.0.84:65535 udp
N/A 10.127.0.135:65535 udp
N/A 10.127.0.125:65535 udp
N/A 10.127.0.110:65535 udp
N/A 10.127.0.73:65535 udp
N/A 10.127.0.104:65535 udp
N/A 10.127.0.79:65535 udp
N/A 10.127.0.126:65535 udp
US 1.1.1.1:53 av1.xdrig.com udp
CN 52.80.146.100:443 adt.xdrig.com tcp
N/A 10.127.0.160:65535 udp
N/A 10.127.0.156:65535 udp
N/A 10.127.0.191:65535 udp
N/A 10.127.0.164:65535 udp
N/A 10.127.0.171:65535 udp
N/A 10.127.0.192:65535 udp
N/A 10.127.0.189:65535 udp
N/A 10.127.0.170:65535 udp
N/A 10.127.0.139:65535 udp
N/A 10.127.0.196:65535 udp
N/A 10.127.0.176:65535 udp
N/A 10.127.0.145:65535 udp
N/A 10.127.0.190:65535 udp
N/A 10.127.0.143:65535 udp
N/A 10.127.0.162:65535 udp
N/A 10.127.0.146:65535 udp
N/A 10.127.0.147:65535 udp
N/A 10.127.0.193:65535 udp
N/A 10.127.0.194:65535 udp
N/A 10.127.0.154:65535 udp
N/A 10.127.0.174:65535 udp
N/A 10.127.0.183:65535 udp
N/A 10.127.0.149:65535 udp
N/A 10.127.0.186:65535 udp
N/A 10.127.0.172:65535 udp
N/A 10.127.0.140:65535 udp
N/A 10.127.0.168:65535 udp
N/A 10.127.0.179:65535 udp
N/A 10.127.0.184:65535 udp
N/A 10.127.0.158:65535 udp
N/A 10.127.0.195:65535 udp
N/A 10.127.0.199:65535 udp
GB 142.250.200.46:443 tcp
N/A 10.127.0.173:65535 udp
N/A 10.127.0.142:65535 udp
N/A 10.127.0.157:65535 udp
US 1.1.1.1:53 android.apis.google.com udp
N/A 10.127.0.137:65535 udp
GB 216.58.212.206:443 android.apis.google.com tcp
N/A 10.127.0.182:65535 udp
N/A 10.127.0.159:65535 udp
N/A 10.127.0.136:65535 udp
N/A 10.127.0.153:65535 udp
N/A 10.127.0.169:65535 udp
N/A 10.127.0.144:65535 udp
N/A 10.127.0.161:65535 udp
N/A 10.127.0.185:65535 udp
CN 116.198.14.5:443 av1.xdrig.com tcp
N/A 10.127.0.138:65535 udp
N/A 10.127.0.165:65535 udp
N/A 10.127.0.141:65535 udp
N/A 10.127.0.181:65535 udp
N/A 10.127.0.180:65535 udp
N/A 10.127.0.188:65535 udp
N/A 10.127.0.155:65535 udp
N/A 10.127.0.152:65535 udp
N/A 10.127.0.163:65535 udp
N/A 10.127.0.150:65535 udp
N/A 10.127.0.200:65535 udp
N/A 10.127.0.177:65535 udp
N/A 10.127.0.198:65535 udp
N/A 10.127.0.178:65535 udp
N/A 10.127.0.148:65535 udp
N/A 10.127.0.175:65535 udp
N/A 10.127.0.167:65535 udp
N/A 10.127.0.197:65535 udp
N/A 10.127.0.187:65535 udp
N/A 10.127.0.151:65535 udp
N/A 10.127.0.166:65535 udp

Files

/data/data/com.ws.dd/app_crashrecord/1004

MD5 3214cf593a239cb0ea1acbd42ec9faf3
SHA1 87681f1be31f941d871de58d567c765bc54eeae7
SHA256 f1152ac9a33c03abb1a410d8e7de7eaf23e6fe56a3d64d953b297a36282f32b1
SHA512 b32d8aa0ffea2613463cdad6db487e59f9121dc37987c2174e5e4fb8e455fcfa964134beac51ecaa46b985d49c2fc0e8f8a92ae808676e5cf8a0fdfb9af62d30

/data/data/com.ws.dd/databases/bugly_db_-journal

MD5 ce6bacd2d4a68de5a51d002ce1a7122b
SHA1 0e85727bcd0720c658804454171cf5300cbe410d
SHA256 3ccd1f1978261c4fcc22d9483f924d4c5d46263878899ba0b61264eefa24f9e9
SHA512 ecf4137497f95c6499a0c6695f2a51553f0d15ea7661e505da9bea2e3dc75d181616801dab1fd3b8a7b2fe7ee7648af721696390734ad3e36884e0be571fc2be

/data/data/com.ws.dd/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ws.dd/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.ws.dd/databases/bugly_db_-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.ws.dd/databases/bugly_db_-wal

MD5 d6fd6a9caa83a0f36473eb565825fcf3
SHA1 29d5a4c2493a0c5e69c8f7915ce3ede05657699c
SHA256 2e27bca6b7d4408d275e29930ae03b77751f8d7592ea8fef03aefcf2362da393
SHA512 a00e52cb9494cf397dea9b62bba54424757862e5875ab0ee0739dac422980618e62c2d70d3d5bc9928ffef2d8af8b6fbef31bf70cbb9dcb6dc630bc86bdc7aef

/data/data/com.ws.dd/app_crashrecord/1002

MD5 b1c0c0428c430338f54aa2f1bb363f4d
SHA1 be9473aa6dd56b9ff3a5e648888d699446296bf3
SHA256 746a8189b614b5107e7a9c2cc90b7030515c02ee0ba19e53369251175e95764c
SHA512 444bf2cf384da710324a1fadbe4d8ba56bcf2f3837e06db49f34d08dc1938ee6bac86234fa5a516246b47a02eb966707d9ffd06e3ba6e7707b0a90f20170f90f

/data/data/com.ws.dd/files/TDAntiCheating_Switch_Value

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 2c837c25224ffecfc636bf75f97e31a1
SHA1 f2a443f164ed24b9cc17fc49b4a0b87ddeeb2e32
SHA256 aad0a147eae67f857d6cc502353933bce182c7ddc31d4468f5e40ead91106838
SHA512 e45a103244a9ceb3fd0d1d794da3d1dfd08ccffa833f0b71b75acc02d59bf1b7046ffa2c176078cb9a831fea4b7f36017757ea0601222e3e8724fb031ceb7ac2

/data/data/com.ws.dd/files/_Ladder_Project/Archimedes_p1

MD5 559c27cd721b4a77e857a5053c17cfa4
SHA1 0105382f69231f96dc8d31e2486eda7e244442ae
SHA256 4eaa1e09c5d84c86e91783ad8432e3a4869976b2db1a34fe865747dc2c85749a
SHA512 27a49ac377881b46080db08fe9e3dcb47ee4a6e041796ba0dcbf6f69c7d6fd69e5c60d2a6adb4bd8b2ab7927eba3fd2ab75363931e0629b65bddff89ce806ff2

/data/data/com.ws.dd/files/_Ladder_Project/Archimedes_p2

MD5 51449e94cca94561bddc4a44fda76083
SHA1 83b3678abd2e899f87a8d0741692f2551f06d925
SHA256 b7b1b94b773abf405ae820bfa97254f63271d826d3029a96bc33cccc372a31c3
SHA512 58df58936f2dee8f866384b79724cc9fed4465af214df9f7fcebade7d82c1dbd24d916d6ea3f70711092629c303c1c32534aa50f98f91acb04be501a914a5a9c

/data/data/com.ws.dd/files/_Ladder_Project/Archimedes_p3

MD5 42c4b669e9c45310eca90ae1a502d75d
SHA1 c768170849dd6b21e824733bc888e31ffbd87df0
SHA256 5a460a24a21b891c527935d1bdcab47c28b46c0801bebcf660d7dd821f1ef25c
SHA512 5b3dd2ea9fa6ecffce9dd57fc6eddfc6bbbc8289d87d80b97a2af957fe8cdff8a982644fbe8c09b50821a12a07ca469388a72895d92f9e50ff4b3588f52eacdd

/data/data/com.ws.dd/files/Archimedes_p4

MD5 c2341a1d187b0ec2ee4d64182b9ba2ba
SHA1 f4e41b16c65a7c71049af3e15b4d0b1b51483261
SHA256 b1fe6aa09ecca60ba6562d22b0cc697e24cfa6017ca6b438dbe0959624ef9632
SHA512 e8e148f3c54bf5dd2c64754365b2f2a4a89da404c58c803edcb1887c4120217bb77f4e4cb445ba75ecdd99c2401d0024dfd678572c737a69262eda11f8f5ee66

/data/data/com.ws.dd/files/Archimedes_p5

MD5 83540a622f2c0a642e1828d2baa4675c
SHA1 09b6c3a98ac2aad614610b3eb1a1e43be7292714
SHA256 f7f9a914737caf34c925778f345fd2df521fb8e09be906348623e4c1430b8de4
SHA512 d6f905fcf8d4008a06a4969c1aeb8282352fd8e0a55e5b98f09fca2c9dd633b49424fb32df6802464868831bf629c176e197c6183d3f7da9ecbec4acf28aab9d

/data/data/com.ws.dd/files/mPBE/salt

MD5 95348f1168d8ab4bcdaecf8565540513
SHA1 8f178378c0eb2ce4fe9341791b13d82cced5ce32
SHA256 e0986c2532a5f5666a4cf54c21884508b7208ef6e09cf2dcb25c1179b44e2160
SHA512 5e924bc4b40ea842ea27bc3b05f54548d1eee95cb44c5c952d075b6bd299e9e0b10032df1f957e82d0f99ae6c66db356e1294fc1f79748c8d8d3f17cb10421c6

/data/data/com.ws.dd/files/mPBE/iv

MD5 d2836221e729405c3ce5dd3635fc46ea
SHA1 fb9f5a59a689326fe826a8e9eb40b3dab012d005
SHA256 23d887bdfbf96c599099602a1e8ec3a5d9349874348064518e1b2a0739c71b8b
SHA512 d484cbef84234748920c80cac3d52dcb1111fbee7a37655ebd24fb02cf875ed8fe193afabe37a5739af97d29bf408648070b4447bea8c52225935264fffe5937

/data/data/com.ws.dd/files/__database_reborn_January_one__/td_database2SaaS/1717604794944_4262

MD5 d4a3b6843132933d0d496292a0a05d01
SHA1 d8d5ab8ff9acb3963b41ab64d01d4d80ab856491
SHA256 63cf36553b9731674d5d3a32f18e08802c5bef85b7a1d0174694d7b8328dc114
SHA512 bc78ce83917308a62eedbfc4bc4f037624d576a1e9395b0b6593ea5f2519f527904e3878fffbb98691a5056f8d07753aa7d237e4480ad968416a83478038e870

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 16:24

Reported

2024-06-05 16:26

Platform

android-x86-arm-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 16:24

Reported

2024-06-05 16:26

Platform

android-x64-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 16:24

Reported

2024-06-05 16:26

Platform

android-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A