Analysis Overview
SHA256
407c990ca67690cd5751c27687ff1d10a23e954e1b3ac9f82a07de61c303acad
Threat Level: Shows suspicious behavior
The file 98d4edc8c4f13bc13689ba11c721c66d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 17:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 17:51
Reported
2024-06-05 17:55
Platform
android-x64-20240603-en
Max time kernel
128s
Max time network
148s
Command Line
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.yxxinglin.xzid510028
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.wfcaipiao666.com | udp |
| US | 1.1.1.1:53 | checkupdate.zeuspushwf.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao555.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao333.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao888.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao777.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao999.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
Files
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid510028
| MD5 | 4fa7e26102afc285def55883c283d885 |
| SHA1 | ce1709a188ef1213291453f4751e3c5c5d048301 |
| SHA256 | ec600619d127b4524746c2668a7e5bf700042643d25951f1e6feb99bac4a4423 |
| SHA512 | c0191d0e19a0ececfb137fc102a7ce92b1f3b9d65c6e8e21f45cb9e9527b17b6a6e0bf68ef0216b69c3e0795556de29ffd7944d3dacf847b2b5f0e2813a5d3a2 |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_state
| MD5 | 93b885adfe0da089cdf634904fd59f71 |
| SHA1 | 5ba93c9db0cff93f52b521d7420e43f6eda2784f |
| SHA256 | 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d |
| SHA512 | b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_deps
| MD5 | 38891086d77c253b1361a5f999a1cb20 |
| SHA1 | 9b38a7d5a47071e2678523b13a34ecc075477307 |
| SHA256 | 0c9c6e473b8aa6cfb8c222b8faac0c66372e260c5965ab8e241972f2dfd1de35 |
| SHA512 | c3df408b31a807e82c77b50b3a06f2cd3ffa112d6b5438a69408741b856cf18014c81d8f613347f6c9e3f56cf814eca655b05aad7ab559b02f40135ab97989ab |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_manifest
| MD5 | c06857e9ea338f3f3a24bb78f8fbdf6f |
| SHA1 | c5a0a2529d2deb60fec041b4fbd722a2ebe31702 |
| SHA256 | 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027 |
| SHA512 | 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1 |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_state
| MD5 | 55a54008ad1ba589aa210d2629c1df41 |
| SHA1 | bf8b4530d8d246dd74ac53a13471bba17941dff7 |
| SHA256 | 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a |
| SHA512 | 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | cdb03e9cd664f5d26013e1ce05fc69e3 |
| SHA1 | a6132eb67d45f7129509fdb04e089b8e3571a9a7 |
| SHA256 | d35aa1600cd511b333e4bef1f656d52a391a51407d722ac514191182f30e35c7 |
| SHA512 | 7e013ce7af2aa4744f3adc3b432a72e51e163beb627e06a4e2a2bd1edda823263df511ae3c35a822424c22a979fe0def808b516a7e2f2f01e87df5a6aa3fe483 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 127193a89423ec70ea01a8d6e25caad7 |
| SHA1 | 9fbc32f604e3e43ff6c611dbe80de30c83c87272 |
| SHA256 | 4ec6db20e3f879d38906f8d1384c63c77e1f8936b0eb61cff420cff89c065810 |
| SHA512 | daeec771a1cb48fff7345cac77b1683f14a79e66c1aba3b993854c9eb4f16d0e8ad5bebf0dd09b70ac6d72fc917c182be824087b06438f10edd55c75f8cf82c1 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 56db8861f60b32d1dfc97d8145b92e0f |
| SHA1 | 3b4f46edf749af188bf32a3606fdc7d571ae25d9 |
| SHA256 | fe098a8dd89f4a39ca336f70cdac64a7ea38385aff215fb87365a6249e644814 |
| SHA512 | 5270390f0181d87b653fe151d8a058490ecf775639a20cb0f7745adb7b68876b2e1955163f8739ba726f5684611d6d350f8bc0ce611adc76e346696120371bd4 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | e215ed8f0b6690bc7650512d369df435 |
| SHA1 | f9e923561438ff974a1469fa0503e5f6d0948e8d |
| SHA256 | 5130674639dd7412acffc0c0461d0069439c8cbf5e42bb9b6ee7269f859c4255 |
| SHA512 | ff6b3cb1a946f14fcdbc34c9e1abae4c55198243f351f5b7d48f41d4a86d8583242444d02133b3a814b0e9e4e23cef71472cbb4b40132cfd8fe244b3bf32fbda |
/data/data/com.yxxinglin.xzid510028/databases/ua.db
| MD5 | 74f34674d7f020b020facdd61e2e247a |
| SHA1 | e77e9d48e3c7dde5570177a364e9460a837d5d8b |
| SHA256 | 9715e09018130d6b97c002ef6fdbdac61f9e1ec6f7dd8733b601a0b6ec1409ba |
| SHA512 | 04510d8e8c00695a270557fe46cae7941887c409ece436f12e9d8b5295a0c1f27c381ee912b958a883a5a1abfd51733e575d2e16537fcfec0cd8af73f655509f |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | 2c513855b40bb7df12462eb53b5a72a3 |
| SHA1 | 7ef9603c82153d7ab13ee6107a5eebc331c5f3ac |
| SHA256 | b46242d0f0c55036184207287e8fcaebaca6a6dd3103eda44fe9626a9f4fab11 |
| SHA512 | dc8a70301d3900a3b220a4a55d568d8ce6ca279c8c4120ef406bdac845cc32bc88803f8c19a7e173ec315465c7c6d088b8c23f60c085510ca10f881478226b4b |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | 32594df1c3d978b527c8fc0b57125608 |
| SHA1 | 190cc0d47bc03b53730f4022547e95d30707cfb3 |
| SHA256 | 15b399e64ea956894edc6e43dee77867124521f90f1331f26c4fc3dc2322d232 |
| SHA512 | a2fc831b779c9e6fd99d2b33cdcf5647a648780723ab4d5253d34fcb6183cf3b5ad1684833df1c4482c85c1b1e6c1946fba508856e345d350ace9dd963128612 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | 569e80f4c620ed4ed19e9a9d67e48f37 |
| SHA1 | c8ff682651378b7e2447bfb9eb467738f64a53e2 |
| SHA256 | acb00871e334374f51ea4d901a5e765593f71ba6d8d598b8b69c9632ddc0668c |
| SHA512 | d4fbef4e0ca1f5441c9aeda1d452c002d92de58d3fc65badab20b121a0832ada904f30fe004a0005a6394b36c7d38e8848de7b0721de03cd8f67873e1518b281 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage
| MD5 | 54f008d498ad6d5b380f1d40c5c1e264 |
| SHA1 | 50d65b2057d0bc26243426f219876b19c688ea25 |
| SHA256 | 06246f3875b8aed8af0eaa4147bdab93afe3a31666c06e94000011ed5c47c97d |
| SHA512 | 0f5e65fd15a00d7a544de27138359d6559780cdbf547f4f6cf85ad81be8e0c9d81b4c51449c77186113780adbfcbf44c0104189dcc11f8b92b317e81235c54b8 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | 1e2d6f871916620301863dda7581204b |
| SHA1 | 838d740496e1d87d7d033cac2d6888ab240784a4 |
| SHA256 | ae20ef9eb92633ce3bf7db615f9ab4ea4e466a5708aaee4a6bd221723c9b45b7 |
| SHA512 | 531892e315af5345817751ecf2dd65fd83e46a7eace853122bfd83a61ac0d0ad7a5b0ef6870ff86a725d31db19b98778e6ba06a30353e54682ccc1853bcc6ed2 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | 030cbbccc40c008ab92021f6f08e29cd |
| SHA1 | 2c8b3d4704de45c05932c2cd0cdf2eac3cf73de1 |
| SHA256 | a50db9b7bef67be8eb9f8a72536062a8349deb05bf0bb5358ac73cced30cfd73 |
| SHA512 | b42558b81136c02a5ca827b0d80289c87f01f6d591ae15d721a1ed020486d00525502eeea1131c1b6cacacb93da24abe034ef1bb86c4d3c58c0b526d3fb3ee17 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | adfc75c7ce8e8962da626db1a0ed6dfc |
| SHA1 | 591c9ef9226e02636f836cad31dc9b4165d785d6 |
| SHA256 | f1c505ed7cfa22514508c7457fc48d5a9612db5ad330427b5588556a76de2e65 |
| SHA512 | 46fc32fdc44aef9c1f9b97a3b752ee0824152ee17867f8407bc542dbb41f8e9dc45fdf4b72967879515d686ddc608bc35f5f5b376a807c0a3ff37c4813491eef |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | 9382eb07261e82da9a38abb58c2faf03 |
| SHA1 | e0bc8ec0b9fe2a24472f042543eaf9d696a3b6c7 |
| SHA256 | 950bbd5c0b9b7c18e8cb96a917f68ad9d2e95886b14c82e59944e4303e9c7055 |
| SHA512 | 9964f19666b16195cb503008f59e7d524ea245686d9ff77cb12bd85f50e57d023cf598da0686dd789bfe063632b7994a215b5a0dfa71a1b070d3d3da01ca1627 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | 1a7cd788c6a7f82e1ad629e4631f07fa |
| SHA1 | 77afcaf455fa17028669a9e6988555ce0717d210 |
| SHA256 | e0b4c3df6fbb8c2c29a40f0ec4622b423d0d67acba5b24a19d0c4d05ca95e324 |
| SHA512 | e4bb44e93b606ee33d6588ba9b27010a25666ea3cb790a56422e745566afafbb8f3f4ea1cd354d49c87e5079c4167912ac948a48766622de4126a9e2056553a1 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 63ba721e2b80d31c13e986159719eaf4 |
| SHA1 | 841975c9f65ccdf90711dba9e36932bbc2f4c37a |
| SHA256 | 08fc881a8cd2ab1b8d47f0b70257903c061629bc7da2866d5b85c32c960a6f3e |
| SHA512 | 7ae5c74419daad1166a546a9c012371f498ca4ab2ec1ea096ecf27f274889d17922077028ac1092b7f268278a312692779cfd7187560ca35cdfc39e3d88f4223 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | 95c69c8503cc6e7b626f00bdeeca1cbc |
| SHA1 | f5eb23e3dd6af8c61cff394c69ae9d2b14e1738c |
| SHA256 | bd5385621f2dbbddfa640e2f91db761da532a5f81773a2b1b6138324add17a49 |
| SHA512 | 5c88a462588d5928d52a7cbff7456843f08d79fb4dd899050d2780ffb9dda8ea2f0a1ade50ae64e5a349c72c49b883444c85ddf90ee54947601e9ab5d7ba78c7 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 6aa4dd1ae9db7fc44c2da364fff727a0 |
| SHA1 | 3a0ee43d45a048ddefe8df2c5fc836b1ef9ed41f |
| SHA256 | 5a20acb3f259860b0376650dd980932975003dca8f1c8e96ec94adf8a768fef4 |
| SHA512 | 4111a7bfeea0d5c4846bdf272cdeb3318d725bf53d5439d8e6372c70479b97b9998a4f42077e8c95c887045dfe8dae61aa9eebbffe7defad846383c4074d37c8 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 05cdc61446ccecd1d42ebea0f02e5383 |
| SHA1 | 13d2138e441001c3fcbbc29a4cab6ca7d7e59ba0 |
| SHA256 | 02cabe9fa233b6e02ed7b69632c96c28d9758153a1ab88f98c0f7ed6b23a9611 |
| SHA512 | ea392bfe23bb2bd91199fc89fd377078c9d866b06519204659ecd78e78d67c48ed07de47e25c1db40892a6377f3ba0c0518ca9d32be1ed5dff2e9a0543161b9a |
/data/data/com.yxxinglin.xzid510028/files/umeng_it.cache
| MD5 | 52555f0f0dae310082bd538c034d1183 |
| SHA1 | 556eb656dd543fd913371f19c1d763ffd0a036c3 |
| SHA256 | 1a7d772801fad8031677481efa3adcc7be36108fd3510d6669fd7dbca4ec1ade |
| SHA512 | 228e692660a81e32fd0411b0483d4ca53ecfc4d850fd1f2303d69e0d53b65f18992106e39f97ef6d03accba417f3666ac293a402769b180683f50540176e3d0c |
/data/data/com.yxxinglin.xzid510028/files/.umeng/exchangeIdentity.json
| MD5 | 02bd016c9f24e6c96c606637cb6b29ff |
| SHA1 | 911dd95869399b884a14ef02b8a4bcace21a5e54 |
| SHA256 | 56f51e960fe07fe932745f46fa5ecba0600f2566111a336c6c123b6e72b026a0 |
| SHA512 | 0e7bfce01fd24c60bf4706d5905f8e2b491b12772ec9813f45a3fe84f485b413cba6ccf6f028561b8a22114844f3617930a8ace818482898d7d6fd9166c32ec4 |
/data/data/com.yxxinglin.xzid510028/files/exid.dat
| MD5 | 8eca6f1cafc0b3b293d3d25476339bf8 |
| SHA1 | f0175a2a6c166ca6be7bfaf3a01e0073a28e765a |
| SHA256 | cf0563c7683abbf91edcb5b3f5ed516c6c544d2f4e05534757730a157e802095 |
| SHA512 | 76d0158b3d5861de62dd477f6421f0f60ae102752e43a45cbc26223d3d24a405db768562ed8c8c1fa661ef6634ab36763a961aec534c297dcfb8aa33f691c098 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | 90dac57a7d9a36f5eb7e6d7dcbe06ae1 |
| SHA1 | 6ae90d0f3da0c10967874aefcc9b33a1c81d35b3 |
| SHA256 | 11b458b1e027b2b00fd67d8e8ad0d7f67d1ec0422863c898997a6c2acc13bdb0 |
| SHA512 | a67135ac1a374f6fac9ec27e8f878a9435bc90eefef16191999d9d3f3bb40d4f10245ffa40dc94f2c29a02ac144fff828c0bdb6edd3b8726fd4f69ad572b760d |
/data/data/com.yxxinglin.xzid510028/databases/ua.db
| MD5 | 38564ad4c73e5619bc2264b0c44997a5 |
| SHA1 | e55f6fe1b20347ad4cd58d77af0b0feb149f63d0 |
| SHA256 | 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8 |
| SHA512 | 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 53a0756e60d7f36191cc568237ae95c8 |
| SHA1 | fb64245daa4d1b00924a20be39407afe535770b7 |
| SHA256 | fc68b204e1d827e2443422b8706f68f5aae675c1fae434b43d66ea304096c471 |
| SHA512 | bbcde7ab010aab82923a726cfbbcf0d3ea5b9b60b308d0f61bc2fcff292bcff42b55102efe75f4eb040c1a41c0007855f48535717bb0e3a1dbe83b6a9251f297 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 44ec7bb98e940c4205dcb67929c3bc96 |
| SHA1 | 14062c6acbe3ea5526c9e776768c45932ee40afa |
| SHA256 | 8e83d18c8b3e3fed0455902816cc0ee80d453291ecb4434cb9ede666beb324a0 |
| SHA512 | 4914252adbe1198bc04ff312e852900311ec5f2ec04601aa83a7d63d50a3177bf769a0ea0b8b17e719e2ef5cec6f833a5e052c7386f178f0112c04c6dda22c4e |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 3dc33684286789b7f80381240f3b9298 |
| SHA1 | 26b7332e6d29e3ec7870e47d2ef9041539138e6f |
| SHA256 | 5ad394ad4c4312e02af3cf83e5834bdba2b46c3de8e082cafb3fdfe28d99f4a4 |
| SHA512 | d84817b6a3b0fe2cf6fcb61cc8ba49aa7e6c7aa33924d499153673c843193936269a841784cb608293160688b4a87d90d6281624366548c011c5d8e428e04280 |
/data/data/com.yxxinglin.xzid510028/files/.um/um_cache_1717610057176.env
| MD5 | eb3dcbc1e36668645a506fde4bd5af33 |
| SHA1 | 45284ca397ccded625a9adf6bdc45700473fa1a2 |
| SHA256 | 66a342c219a79e8afe51f168285cdf7c3351d2867b82e6b6e0b51815bc0aa453 |
| SHA512 | 8c53f27fe0566c5aefabb5a57eca6d9cf113d3838175a5be715acc5531af225c43e7c42c4a8a33eea5b43bf960394647d9d260d30922741c4f348505e85637b4 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 17:51
Reported
2024-06-05 17:55
Platform
android-x86-arm-20240603-en
Max time kernel
126s
Max time network
156s
Command Line
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.yxxinglin.xzid510028
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.wfcaipiao666.com | udp |
| US | 1.1.1.1:53 | checkupdate.zeuspushwf.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao333.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao555.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao999.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao888.com | udp |
| US | 1.1.1.1:53 | www.wfcaipiao777.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
Files
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid510028
| MD5 | 4fa7e26102afc285def55883c283d885 |
| SHA1 | ce1709a188ef1213291453f4751e3c5c5d048301 |
| SHA256 | ec600619d127b4524746c2668a7e5bf700042643d25951f1e6feb99bac4a4423 |
| SHA512 | c0191d0e19a0ececfb137fc102a7ce92b1f3b9d65c6e8e21f45cb9e9527b17b6a6e0bf68ef0216b69c3e0795556de29ffd7944d3dacf847b2b5f0e2813a5d3a2 |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_state
| MD5 | 93b885adfe0da089cdf634904fd59f71 |
| SHA1 | 5ba93c9db0cff93f52b521d7420e43f6eda2784f |
| SHA256 | 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d |
| SHA512 | b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_deps
| MD5 | acea292af58d77a1fcde2295c78315a9 |
| SHA1 | e9ef18b330317e41e69008da546ac6c5f0810729 |
| SHA256 | 2d9bbcb32ebfe53b6e8ca91253cffa982d0708067f8fe7842645323a40a0ac2d |
| SHA512 | cc3a677a72e719662774b8fcaae55aa9b12f21ea5fe01b227e288893a4a9a9e0cb7940df8eeec7a11ff6030361bc39ae019510484388acc2731635877c05d002 |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_manifest
| MD5 | c06857e9ea338f3f3a24bb78f8fbdf6f |
| SHA1 | c5a0a2529d2deb60fec041b4fbd722a2ebe31702 |
| SHA256 | 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027 |
| SHA512 | 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1 |
/data/data/com.yxxinglin.xzid510028/lib-main/dso_state
| MD5 | 55a54008ad1ba589aa210d2629c1df41 |
| SHA1 | bf8b4530d8d246dd74ac53a13471bba17941dff7 |
| SHA256 | 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a |
| SHA512 | 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal
| MD5 | 06a863e3b0ac937a2f0b2dc6b305a2dd |
| SHA1 | 62038e08851ed2675e653bcc4336e0ced5471e8a |
| SHA256 | 59cf51ba9cee800cb4ee359ec56fdb18e8e9c068ac6986beb52adf5d095ebe0e |
| SHA512 | 8fa0afd92e48395cb45ed003e9ca661e3064f5d6c5e44b54b558af2e8238a5a474be25c298b4633c2d797574fbc201c2a608af8c6bb766b9a4db2c37c0ed981e |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-wal
| MD5 | 04f9142e8b5b3b623055b90fbcceb88c |
| SHA1 | 11aafcbd56fc0f6342c032a77d0ebb313d65c2f2 |
| SHA256 | fe8b5b1e1977f7fb0d71df712e74053c1ef540ee1dbad0aa41855dc8fa9de4c8 |
| SHA512 | b107ebffabd8c1ce7f27a9093a64e03f5db6f13aec592d89f04706614b3a5ae95c050ef842bd7e5849b3b48df481e6e56bb08c10925e43acf0ac54ceb42df5f8 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-journal
| MD5 | 3474071ddb988c1ae3225708bc604689 |
| SHA1 | 0b51652e20e524dd9ab02866ce7925d78fe7a6b9 |
| SHA256 | 91c536fe2f8567c352ee43ea2f690d5ffe8043ffa8b6b797b9655d1324966d5f |
| SHA512 | 7cae5ca79fbf2fd9efd33f2d6106514c614e180e8aed947606f7ff7b88639f3b52ec99f040509608a640ab7ebc959912b65b1b6aedff0cb46ae79e4936496735 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db
| MD5 | c1e838a49e9f4fa5c1fe4a2299750bc6 |
| SHA1 | bfa4037ab463fe665c84026eccf3cfed8a9ba6c1 |
| SHA256 | 4aa59098657f7d9f2764e7f8a2da1f2a828307c9061f5b95aad52e762bce7d87 |
| SHA512 | d77829cbc465631761d06c0acd2e3fb0b8d21387915e6ffed403fa2e40f6e7072fec39319c5b0da3ed64fcc042d444ffc05c70d778c375943214cf4ef4bf818c |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-wal
| MD5 | 1449507bd72470a08055849152ea2e7f |
| SHA1 | 70741211dd484183c56ce0066e143aea517b77f5 |
| SHA256 | b1df789781a7dadf1b93d16b48d867319efaad4092c691123063d1b3d77d62d4 |
| SHA512 | b64be47ce33154a6e016d0d0bfa2273af47581e0e2acdba21d3b7577b99d5ca5e14dad26464229028c6257575a5cdf2a3229d57c81d96a6188692224e133dfe6 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal
| MD5 | a4e40d65a62898158523d0e0baf9230d |
| SHA1 | f3d2a2e9543b1fa267daaaafafea4e4cb1658a4d |
| SHA256 | 46627628482dbf332441d8d51e62db60cb327e4851d176f232c6130dc6c6fc8e |
| SHA512 | 90e1ef19c5a00decd2efb098994a9933f7bc8c7303b3d482a2c8631a87cf146b1df0a6ae31dc4749e75327c02474042ed8f0adccebd39b0d77a3ad383d496ff9 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yxxinglin.xzid510028/databases/RKStorage-wal
| MD5 | c4cff65963d42b843216b0a19b29a2f4 |
| SHA1 | 636cdf9c697f98f04a7a323f176375acd77be9df |
| SHA256 | 98426dedf17f2f9fabe8258d1c501d207756ca07af1e69ef91a0ed396e2d95e3 |
| SHA512 | 499b1093d2ea55d7c815ed38d939ea62de32eb9058e15057bb112db7d93bb80c63bca2e55b1b17724a7559bbbcd751fe86dcdf6b3fcbfb6a2f2c7890493aeaa8 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 841b2eea73f54ed87e854fc1534d1eec |
| SHA1 | 29cd0c6069b064d748cfef8d3e73089476c9b7fc |
| SHA256 | 29e23adfec8e79c211fbcad9100b2aca2687901c27b3ace997ae649925884b33 |
| SHA512 | a22476371a702d816804f8836f6db2ea0f8a546429a30474462e55377a1563723985ab78e740f07bfefcf134469be2ea05a3734b6191639d05ee5e6fda3adfcb |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | acf925d2fd34b2928c9cef67ecede63a |
| SHA1 | c5894b4ce1b9a37cbb89059e9c27d786386b3340 |
| SHA256 | f31c1349ae50a1a512b2a30c6eb71b1cc89e4e343993a33ef8612811be980878 |
| SHA512 | 2402a603448b65057eeaf8ec3f750459a6dd3385b811e750348629d6320fb96c80549cc51549616e3dc45e7b4d2f683ca6264d1b9354ff20180aa5f852fdc67f |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 578dda41370a7c58e2075487912863d0 |
| SHA1 | f0557b98459565a8634f1273b5c4c9f3f50dc1a8 |
| SHA256 | 2038358690a384a0c270506725d59b99085c76f60f52567d6cde31b0e98b2aa6 |
| SHA512 | 76b33127235cba32c3910eeedacc0a8fddb79e6c6ec6bba4a129217ff7a94510a19f3cc47d038e75f13a40c3f6b24ba1b827eaa836eac1e856489a214eef4e2e |
/data/data/com.yxxinglin.xzid510028/files/umeng_it.cache
| MD5 | 91846ffb79fc1bc68214069e2697359a |
| SHA1 | 87ed98d8e83fc4183a4a294c5d37a6146dbe2bd2 |
| SHA256 | 94071e04e082ca741355d127e3d12ad4794cb375fb0ccca24a842f1e9a04d540 |
| SHA512 | e04e566702bdf0d62c431ca139561d58f40b33d8ecef0a5e401400e9289e62f0c04f684f43dc569d7f1052fd384683fbb789e0fceab641a0f05c8a0eb11b3179 |
/data/data/com.yxxinglin.xzid510028/files/.umeng/exchangeIdentity.json
| MD5 | 4f77858063db47e51f95372730167492 |
| SHA1 | fe7f63fb53bd40a593d463214882510732e9f089 |
| SHA256 | 5219091277d52a7a2c06b642e6d772b3ed82667cd8f5825b931b308a1f11b08e |
| SHA512 | 3fb39608d95390ee41a8ab5a83f2b539a852ab808ec7bbcb9948059de9a831b166e577d178f199a22bc1e443755b487cac0f911210664dd9b9459d4768465fa1 |
/data/data/com.yxxinglin.xzid510028/files/exid.dat
| MD5 | 8eca6f1cafc0b3b293d3d25476339bf8 |
| SHA1 | f0175a2a6c166ca6be7bfaf3a01e0073a28e765a |
| SHA256 | cf0563c7683abbf91edcb5b3f5ed516c6c544d2f4e05534757730a157e802095 |
| SHA512 | 76d0158b3d5861de62dd477f6421f0f60ae102752e43a45cbc26223d3d24a405db768562ed8c8c1fa661ef6634ab36763a961aec534c297dcfb8aa33f691c098 |
/data/data/com.yxxinglin.xzid510028/databases/ua.db-wal
| MD5 | 646191cebe2c0c06534dbbe5d1b5ef0d |
| SHA1 | 303dc1fc809eb94de5c1d7b647c2d8927006859b |
| SHA256 | 0f07b077299e27ab2b066a4dea77590c0181163af6df33d827b1ce7ce95260a5 |
| SHA512 | 989c61f672bf658c528f0e289715e592dda14bf71cd4c9fc551094cae0d6d96e2d6bbc50aac0e50a21480bee3c0291af2cfe85425e2c1adc5a8ac2c99b44810e |
/data/data/com.yxxinglin.xzid510028/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-wal
| MD5 | 3fc0f3200c328117450844874f6450ae |
| SHA1 | 2d1f12270206c63b118afc9ccc02a403a79503f4 |
| SHA256 | de3d39dfddfdc195449a16b89b0795e2552e658ef8938e9cc8b4ed0a56c33f1b |
| SHA512 | aa2b32e941c5bc5ad4b07839d74f92f423dcb7d9138bcf5870681f8e6e4073c6556a68de6070e78f4276a4a4b0f0287cc4c5e136cc6ec728ed0a1a9bb4db94b5 |
/data/data/com.yxxinglin.xzid510028/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.yxxinglin.xzid510028/files/.um/um_cache_1717610054366.env
| MD5 | 67b5a8d33bc2455f4e26897c7c35767c |
| SHA1 | 4f4450577bc3dc5187e86cbf94403f3b340b7ec5 |
| SHA256 | 5b94766c805ef6616f1affa0e2f451f28e50652b7299659e154f8698a7b19a20 |
| SHA512 | a32e7e9bd28d096f0871f05d01e4eacf8dc51af496f452c204d221f4e0f7197f569bfacbf7165ef8a81b5c61c22ee268c6b939c8ec6b3a7c3df104faa1549e23 |