Analysis Overview
SHA256
da49693d3e8c92cad7af7673412cd8942fdd03df9ff9bd630ab39a235446865a
Threat Level: Likely malicious
The file 990a93f86d67dc64df44d57d7c306bfa_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Requests cell location
Queries information about the current nearby Wi-Fi networks
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 19:37
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 19:37
Reported
2024-06-05 19:44
Platform
android-x86-arm-20240603-en
Max time kernel
31s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.honey.jiaoyou/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.honey.jiaoyou
chmod 755 /data/data/com.honey.jiaoyou/.jiagu/libjiagu.so
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.honey.jiaoyou/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.honey.jiaoyou/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
com.honey.jiaoyou:core
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | wannos.127.net | udp |
| HK | 103.129.255.21:443 | wannos.127.net | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 36.156.202.75:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| US | 1.1.1.1:53 | wfd.netease.im | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | lbs.netease.im | udp |
| IE | 54.73.57.121:443 | lbs.netease.im | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
Files
/data/data/com.honey.jiaoyou/.jiagu/libjiagu.so
| MD5 | e5a53000766ebc433b27d6a66ec4f555 |
| SHA1 | 2c8f53f1c03aec2005bcad67d731f07261dabde0 |
| SHA256 | 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e |
| SHA512 | 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d |
/data/data/com.honey.jiaoyou/.jiagu/classes.dex
| MD5 | a6265e387c5cb4b20f47db5f8adf53de |
| SHA1 | 00725e59beab1b0522dbacb7849f5ec04e17c9ea |
| SHA256 | 1101c039686a5e0688a1b47ed01e06bc302930f6e1d1d0a955e452269b14c5d7 |
| SHA512 | f91938618b5b152261d8898ac490abb039127a23e00452fe8edb336e8135272be99c23cda5cecf305fb5496275939e641a7b99793d189f0e93690ba6ab3f1158 |
/data/data/com.honey.jiaoyou/.jiagu/classes.dex
| MD5 | 0f074be4c0c0b9d1fd66754d2cb48f91 |
| SHA1 | f4e04d400496f5362439723f73b83d334056c8d8 |
| SHA256 | aac574d030d299b5907e3980d7599ec81a81494e184c3cab62f7049bec7304c4 |
| SHA512 | 08125f396cbfc103cff9bac96ac0f91e89c765a4ade8a6ccb0436ba529084fabb29dcdec9d90e35c98840d7a8b4f6056f85d927eb0a9dab24abe6af88a46c923 |
/data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex
| MD5 | 6ace863e4f288299e1799b6e00c08025 |
| SHA1 | 8f2d0855d99871e069c314d93f193c5e4e8617f3 |
| SHA256 | 0f35af9b45f69624a7f371aff24f2eba5975419cb0fabe9ca323bd3d0a6a6358 |
| SHA512 | 5418efae982b3b5cdc060ce26b24e70daf71123a4cded546e8854280f6ab590b3547fc63ed5c17f3881fdaec2cfb1a4895810be92e8191970ec7510af38305bd |
/data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex
| MD5 | 2070b86ead8a646490fb471db9ce5afa |
| SHA1 | 2c9b2925ba6da8811310438fddf465da51a143b5 |
| SHA256 | 52a67d1f6b7e6dd3642ebfaf6e791c81f988a6033784669e870839aa3947fff3 |
| SHA512 | 5752886adc6d4d534cf90e77771ba0150f89daf9b858153b952a3d6dd5f3a1d5d86b624d0770154c314a790fb8a2cd603f099826443c5406bd3bbd288b094018 |
/data/data/com.honey.jiaoyou/.jiagu/tmp.dex
| MD5 | c9105818db8dc09b96d73f3de749f9ae |
| SHA1 | b820104ca99ac26022da512cf4428e49119868a3 |
| SHA256 | cab4279a1d713548064dd8fe8377b6be0e3bb0bd1798faa0cbc7244631833a81 |
| SHA512 | 606696d6cc92e3d0f4f0a7591b856beb076cff13fdf5ba56c9de0169d68fb91c28d678b1af4ca350d7c212f06ed8c5d9458bb1f81cc6a8f13424d3378fee2d76 |
/data/data/com.honey.jiaoyou/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ri
| MD5 | ef85902fc2ce985754a5996bb5960f5e |
| SHA1 | d2925033ea56cc9ba6bc7426fbf3aefe2858fc33 |
| SHA256 | 19295bbeebdc20741871295f81dfdbec5a7d505058d665a7d154da543fcabc8d |
| SHA512 | 88202fb34e8a8bcc95cf8d095f9270c612bab45c63657750565df08b4ce717cbf23529739dd7779e5a187125940ca840c05140761dadc7d0c964302baced51e9 |
/data/data/com.honey.jiaoyou/files/.jiagu.lock
| MD5 | c6990096564eee2f94f8fc7009cfc00f |
| SHA1 | 12d522501ad53b9e7ba53901e0471c0354b6d47c |
| SHA256 | 733c8b443460d9c66e6c0dc8e25aeace96e20a9af5efae8cf2848ca6dbb34eaa |
| SHA512 | a71fd85790ddff54f762dbb0d483e4294a77ae8fd0573afe0ddecc907bc96029ecdfa93d6f1fd95b8291b954e0c6eeb9acad2b4516c5c3de8b8fcbdd27b6deee |
/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ac
| MD5 | 36d0336f4f821c4609f415720292b79d |
| SHA1 | 8c55a954abba07047b60b5c12c4ecd82382b7b6f |
| SHA256 | e4d0fab8b91058854eb0cdedde93e8cd47cced5ecb4727696608188112a0dce6 |
| SHA512 | d784ff9afd8a7db6f6b0e6702638f994fc35dc7bd12b0168afd327a824746b46c52766a10c63f086e0b7fc95305e1831141b0177941eb7dfd458d61f1463b18b |
/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ic
| MD5 | d93871e448ec949b00ccc947d5483dec |
| SHA1 | ab2d75f32ff1575bb872df71f5f0afc7eda1b1ba |
| SHA256 | 60de3ed7c6d68f47c0b87e6a52d71ddfe9fe3d1d31389c276e2d93895bcea4cc |
| SHA512 | 8103e7f294da80c9512c64edf8736ab159e7313dea1503e5659c1784d1887461e8de448c67be000b4eb6c0c258a0df905d2595fbd02507209534561d9481f7b4 |
/data/data/com.honey.jiaoyou/files/.jglogs/.jg.di
| MD5 | 45f4ce171d28cc27b502e38591cf3f7d |
| SHA1 | a6fb6dcb264bfbd02e816ee0d586dc0abaa71d2c |
| SHA256 | c56da6f77f1434d706aaf410ff9f5ac74b3975cb959863333012ae60815e902a |
| SHA512 | 701607fa08957ef920299eb5d0d52de7c7c78f5d65489b250b3151cb109dcd45879d191dc16bb0ce57043c522c9c23e1a01e4bb6d3f96fa998f8a78ed7de5d2e |
/storage/emulated/0/360/.iddata
| MD5 | 22b1125120ce78f6a4d44274c9e7baed |
| SHA1 | 5a4b5ad97353d5df4b1d30264770ccb472ba68b2 |
| SHA256 | 94aaebdf2f900a6f7a98b194cac4403babca3945aa2113dc6ab17328df2308d3 |
| SHA512 | e9155c462fe76bc26744c1ae48434ce96b11ecb5b145acbfb65a0edb7458201e545360a196aa27b34f62290fcd7b680e578d6839ce2637b93229cc4b20facc25 |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | e445849a145cdf1f62485a1520348437 |
| SHA1 | 5317abf55379dc8cada69420ecffc10cf98531d1 |
| SHA256 | c392281c7dc794a1913713813b952791c96c1753cf459d5d190abd4403d6581c |
| SHA512 | a7b91e4748b1f594f6bdf4464ef344718eb21ec76d41faad08f63f066e06a30d66d0c06abf000eccdf2743f8df863b403b73c99e16dece0f91cf863c79896d57 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | 3797fde543699b755093f3ed3ae67b69 |
| SHA1 | 6ba812b9700be9ed809eff56312f72974f48fe16 |
| SHA256 | ab51c692ec192410d69df3823dc1ddc346749c5806ac638f23536c776d0afb0f |
| SHA512 | b8cb87b75f52523d895f6a5386cfe9b1e990d1d9301e3937b6401dcce32913cb84372d86578ce1f964862560cdda4961b3062ae8199575a5cbca0f906efbe6b4 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | a018eca54c282d12895296b6b039a6bd |
| SHA1 | 37b6a9a758a43530b152826c886eebd24738185d |
| SHA256 | 0a3008f66b0e03a75813a0aad4a40085839186bc1b8da192f2bf315fc15bd3b7 |
| SHA512 | 35c1c7bf1349c83009fbc42a297473fb197a88ad63b08eeefb7875915e3c992e22b9796065edbd1e6a86af064d1214291c5ccf34c562fbb0946068496293662a |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | f7df3cd715c788d547ce20c6ad914fa7 |
| SHA1 | 08f02386d711846ddddbcb52b943ca2b6adb5a09 |
| SHA256 | f114e2f08b5dacf627185fa794d5a92b343c5f186633226bbfdedb0370dbca93 |
| SHA512 | 5fd8f4654a609327c3620051680cb62b1fc838318a045e465526c182c10059521020e3740389eac285b0d7cac5f951b048651c240691e1165562c57fc7e587ed |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | 95cb591bb47a1edcd06833c1d7bfa02a |
| SHA1 | 1755ad3ff862ecf0840feb9a1bc7a11d64dea77d |
| SHA256 | 102c7674a864d5579db5e71053b359121cb7db909183df504cb54e7620574e0a |
| SHA512 | f64de9785fbb86034bc95560421fc9067e31ac1430bb60d567be65cc41696a592073be84cc05d4707725d8638e0384a0cd5f2e6397bfeea017b20f529328523c |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | 2eae90f383bff96d1b79c504855fc572 |
| SHA1 | a6abafc21a1a4a24acc8e0d89fbe271e6f68eaf8 |
| SHA256 | 05c760579b2ef1eeb7e3e0d6e84230212d663c6af83e22128b059d720f370669 |
| SHA512 | da2d718b9b4b4dfbb376ac48db708c8f7745004b2cd060127c0765c769f725aa2ebb88c2e00376e4bb48c3fba4a208bd60ed15a803e9a3e4203a4186eb7d0959 |
/storage/emulated/0/com.honey.jiaoyou/log/demo_20240605.log
| MD5 | aae970872d2f9eaa6ac3946edda0de33 |
| SHA1 | 60e50fa75a8bab16acfa831c4049ef6e4b5d832c |
| SHA256 | 7e87aefb91f97ec2a4ae4faffc322a3a31ac705df1599f5cb500264a29217d1e |
| SHA512 | 9cb87fa2f505b01a6ff823dbb1397bb97e71f1ede3c3c8e12b8b8db2ca322cf4dc8b68f36e336a00e488b40718db85afe3e48d0c978431943d5d1dd650854b5b |
/storage/emulated/0/com.honey.jiaoyou/log/demo_20240605.log
| MD5 | 9129cfda69658a32f3bdd1759b1a0353 |
| SHA1 | c0391871b5fc1bfb3e5b21890fa89cb907526973 |
| SHA256 | 1a1eb3075316b26ecb29235115dba520e2751642d69661e1d51e7686a34d2d3a |
| SHA512 | 4f011e02069906028ae3ade0063f8f1c4bcbbccf06e3ccbc1c1f262186668daa80d03f8a4d87cb90e6c214bcbfac436eee5ffc894ea39c79b8b667cb5174884e |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | c7b2e8ff4c36de27085219446f3aabc8 |
| SHA1 | 835e2a65410b3032a060e96629e2290a651e2b6c |
| SHA256 | b6ac450a70264b7233e8752dc650729fbb8c54c1557a163b003d0b2c3d234792 |
| SHA512 | 377aed25bf5ee53ed891e347b71d387edbec78ca7d644bff8dd6d39e925c4953cf458e00d25fbd4ce1c003bc8d124c78a22acd8f2eee60a694e321d1cc58a139 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 9fb30bb544ef91e49b97937ce7994875 |
| SHA1 | 610e55e922f08eda66e73dda06d7528170882c82 |
| SHA256 | 401be0b210152a2cdda766595ca740af8692aac90ba1cde9cc2ab7e1178eb1ba |
| SHA512 | 5280df36b05c84c9a77fe7cab9627edd6bb25e32d973d91e402d9a2b04ba9d98c8630cc5cbd94fe7a02bb6dd2bb37609bb05781861114ef40e2d1a8a001e0200 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 2a2364a557e0195d814ff25f6fce8d28 |
| SHA1 | dd63ddc04ace71f6ad90feac7a7225f34393e99b |
| SHA256 | d24f59fabd5269f591083271061ed5a2efffc0bc9d402adb4d2bda854fa4ec55 |
| SHA512 | 86c9a524ff88207013feacb2706a8aa2faff95b8db86d71b3af39db47e3468eff07a50273a9638bb55cb792fb3116ebbc56e96b8fb6edde867fca694f0582173 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 3fbd9095985ce69bdd3b047b8f34f80a |
| SHA1 | 5e57040ff44232a46958d8292a106369186d591c |
| SHA256 | 34c6bdd0d344700176979dd4814ba7c6ed0c1764b71dea9bd6bc5f74416dedf8 |
| SHA512 | 8a3820660c74d693a8d953fbe02d51580eb1d2aae3e704d61dd50a63d300bc3c8e0bf31a46a4e38719a2f3f5a672095d3f9f1afcc2de6d9f50262591fb57be92 |
/data/data/com.honey.jiaoyou/files/umeng_it.cache
| MD5 | 1ce377487d60ca89e2f3f6ff370c305c |
| SHA1 | dc2258d4f888a3d630e5953ae9325cbcf46ad14a |
| SHA256 | 096b23975cb06c8a3a43348624a2ee487c5e51f064e4fb8cb1af929b55e583d1 |
| SHA512 | 240fa70ebc9a4d1d35305f893ab43d26008ab01e58856d0bdc58dc638df7226e86372ce4ea1aaecaac037e25510b9d7964c673e00ea534fddf9cfdf938c610c9 |
/data/data/com.honey.jiaoyou/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjE2NTAwMTYy
| MD5 | 40969303a5e22a030cb03e76a7e1a65d |
| SHA1 | 2cc35f3e1fb9886a167fb4c2fd859e93bc1f9b8b |
| SHA256 | a5cd1aa191f81f45c8eb5b97e5e051838ce9ad0a84bf7f7e0d7afbf18a42a990 |
| SHA512 | dbfc08cdf9b3291093d012c647f487604bad7463f1c42e129791c07a3864ee53b848681949bf16bea8c9a48e2905152bfe9058a66e73314cc938791ce9695705 |
/data/data/com.honey.jiaoyou/files/.umeng/exchangeIdentity.json
| MD5 | bff1199e08f0513cfed88c9939edf17e |
| SHA1 | ca4139be6daf2168ffa779562a3d0e0ab01097f5 |
| SHA256 | 60c06ef6385c1812b4846905c9ca4866ea1f9d930822391351a4964fb64a9dfc |
| SHA512 | 53ee94be8df2bd7b2a0bcf0dd39f9c4d2e1d46b45bd5f19946c3749cb172566844f78b9f938a6b1b03b580d07734c3bda6ab7533b730b941ffa64fa786e9931b |
/data/data/com.honey.jiaoyou/files/exid.dat
| MD5 | 227064f14283bb352786ab6ee4c21445 |
| SHA1 | 113c90d1f3a317c26e2eb8f62c4a26acc0b232e7 |
| SHA256 | 2f8f221fa32fe3e6e77844dc1ca1dbae6e6d49d39ff38b1d7cf9086accf4e66c |
| SHA512 | 0ebf419e3474626f82b2ffcb30d027e26f816808c9f5fd5be71f7880b72c4a93b0f92901cdae6b7b8ad5052b105112f514f29f5e8f6425056fe956f66f7d7dca |
/data/data/com.honey.jiaoyou/files/.envelope/i==1.2.0&&1.0.2_1717616501199_envelope.log
| MD5 | 59c2161625157f9d5b79bf0c96aa5374 |
| SHA1 | 3ff501776b0cf25040fbf898d354655e57c48999 |
| SHA256 | 120307b0fc818c836a1c80814cade1cdbac65334cf736743ffd8023e86267b76 |
| SHA512 | 83dc7989de80776e0ded2eaee81718d8d8f2a91e1011a18fd100afc6df48e9bb2248631d182f45ea966b58ae9db3d72f4e8a265f12b847624b8f96741b35d5ab |
/data/data/com.honey.jiaoyou/databases/ua.db-journal
| MD5 | d6f79121bb3988e2b85439da187a67df |
| SHA1 | b08e06d231ddddfa1061e22fa1a776e1d8a6bcb3 |
| SHA256 | 2fd0dab68b8f081eb72cb4b9e548dc8a38b2a4e1613b2ad035c2c3d072a6b8f8 |
| SHA512 | f6f6c4b8fc7cec4b1d433d14546036f5ae22e7dc8cac8c2d94c0e2280a3d45e11fa230e626d5cb279621ccfbdff97bfab739e72e7b11ddcd8c7af48505fda7ba |
/data/data/com.honey.jiaoyou/databases/ua.db
| MD5 | 0adda9c85a5e4808f5b1b74c0a8591a5 |
| SHA1 | 5048107883ab1e345af9cf2e6849ce46e0e612bf |
| SHA256 | 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1 |
| SHA512 | 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1 |
/data/data/com.honey.jiaoyou/databases/ua.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.honey.jiaoyou/databases/ua.db-wal
| MD5 | 953e894e67b904e351575c0cf77de734 |
| SHA1 | 9f9dc700b4e5609bd89b54808f41bf9f21325675 |
| SHA256 | fac39f34faf827c7e74ba2711a91c940d1cde80b2473edbd82f1ad40bac0d899 |
| SHA512 | 990f39694e1594bf3381b70b1d3c96c39079e86c58fe46f4d9ba652f1258e4d3692e3351d76f2872facaf9b62be1b5afab0b099d229aa24bc27544cac6e2b7d2 |
/data/data/com.honey.jiaoyou/databases/ua.db-wal
| MD5 | e5d27a9f7854501216a42c4e667b327c |
| SHA1 | c614f41c35ff7cc9589e8ce4c31ba3272058a3a4 |
| SHA256 | 559a7cf0b4c3d0b23086a5bd6c72fd40ac6fe734e1121fcb011a38bb59769d4b |
| SHA512 | a61868c3f9c109abbfdffce90f67eac63f904f5a93c527e8936b8059166e313b94b27374d3a01e6bc71bf5654f727badcde1ef550476784c4c141b0c1ff1a5a2 |
/data/data/com.honey.jiaoyou/databases/ua.db
| MD5 | b4dd1258d6a1ad351347080e7fdd6c7d |
| SHA1 | c8c973b229960f1ed551dc370fb6cf3adfd7c045 |
| SHA256 | 0dbdcf5a0b1a18139ae00dfb3a72058fc5cd21639a8392d221bd92b25b442002 |
| SHA512 | 901a1a89847f25382f93c78c73a0206fe3f2a7c3629cd61afd8755d84a0fef22dd5dfefebf763234f80a8839265b972f6cbb28c411eea578d39837b057a8f989 |
/data/data/com.honey.jiaoyou/files/.envelope/a==7.5.3&&1.0.2_1717616504500_envelope.log
| MD5 | a9dddbb31602b3aad0866761140865e4 |
| SHA1 | 606e6f9b744d5394d2486157bcabb15a231c43e7 |
| SHA256 | b8adcb36e1e62ed4f435a4edaf7d3b3da991f4c377cdc080eadd0d2b8f303705 |
| SHA512 | 028bf7f6c7f8507b08c3ea801e56c2884607062e500ef34fb3c3e26834550362100fddc3f625efdcd20af39edab11c57bc5c80d99e5e701406f7a667ab5d78e3 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | b7605694dabc3e8e1722f1863fcc446b |
| SHA1 | 7d2e6b516dfd9e985a9a98684541461d603bae8e |
| SHA256 | c0e6c54a9051e0c97f2c1ce85d9a2280bf12588ac969b01a6956da133d4f15f7 |
| SHA512 | 7938c634f130c047f01d12ec9d13489f444ebcbf5fb4ad2e64f164e17ee6a2e7d9925f8f5bea4acb982f0bc1e8d97694663db81e2ca3372ee9c0e61bad06fec4 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | 3b30f5f24b7bac0b4019064dfde3135a |
| SHA1 | f29b476437b6c41aee720ba01dda92dff1f0c6ff |
| SHA256 | 83840946583dffb38dbae78add357e1a723f56b19be99558b082e38ce16af948 |
| SHA512 | eddb7d464a25ae6daf2c23db897dc5e65761cfa2d8ca7755e58b36507b9cf69b87c99b212e80ac3fa369df646cefcfdf8a74d01481561907fffdd8205ee88801 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | ee90b7dccfe975b0ee44098769bb03be |
| SHA1 | b94f147885f0ba86f1a823d3fcd5f874e4923c2e |
| SHA256 | 0ae1131b5cc0536b4bcb2fd99ee703773ffd437883c87c08f53d7f2e2b20379f |
| SHA512 | 81413ebad92c6266214d8737644b8d460065cd37b07cb409f0601dde4bb325df5a6274cc83abd498fe9bc4989b96492ef09ee84ababfbe23f767e53f310fc1f1 |
/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log
| MD5 | a93195b5cbb9b23cac9f15b834d5c928 |
| SHA1 | 17fae604cf89c48ca33fd8cfcf0d1ccb8cce6d27 |
| SHA256 | 3369704da0d5517da6e95f0258668e281db5a6095d801b8ccbcc7517d66daa58 |
| SHA512 | cae71666e742bb5ca5afe63e854673306d3849f64d0dbc3e4c0cdeac6413b1631b5b9f77891c9cd29f19682ef64a38144f7d7e89c5544600a8ecb06cfeb334aa |
/data/data/com.honey.jiaoyou/databases/ua.db-wal
| MD5 | 20aa59303069b04a231b0249b9b9921b |
| SHA1 | f857737d32483dfa3935f2fbfa584c988141875a |
| SHA256 | cb59b6bee450656c3a33fad15e426b0c781cf1b064e94d62e381a7f8da23a125 |
| SHA512 | 0288db5befaeb22f47bd1425feb4ca97572d7a9c9f082f92b4810bb80371d723de897abca0613b5399dd11218f545c9874337bf9a2181b014dbd8b3b6dd27b68 |
/data/data/com.honey.jiaoyou/databases/ua.db
| MD5 | 3b8f2d4a6f1b3d90d6f844c1e463e375 |
| SHA1 | 676b49aaa0470a5de35e1fcde531b71434f44166 |
| SHA256 | f1a06b46117a57ffd009ad29ce131d81cdd78d3574e47cf94d9c38309f25d8a5 |
| SHA512 | 17f0f3fa056cc8a225b2ad67b0f3b24f75c30e0dc8a9de5c0b45afce0e4b55d7517d66872f31b2f6e66fb5cbdc9a142cce3697376d76fd990a4ab8ec8065b01d |
/data/data/com.honey.jiaoyou/databases/ua.db-wal
| MD5 | 14f563f71d3a93a4df66b84ecf54e78a |
| SHA1 | a0f8776b0ba7fa78c95130011fe83f57d0d2de5d |
| SHA256 | 539d3d95eb8f16b378f17f38cdff4161f346619781df701ef49490308757bb96 |
| SHA512 | df1e744abab507dad4edf82c571d1be3d4f31cc85cf53a5e1f422c805f6156d54e1b4689f5120403893108304ab239768ca455db05710fde41d6155822344d94 |
/data/data/com.honey.jiaoyou/databases/ua.db
| MD5 | 085fb47481dea6f46b62ff0e2651325a |
| SHA1 | aa56b7481c1ca25965cdc2ac8880d4f48f6ea7d8 |
| SHA256 | d2550d4527dbd8928ac620ed8a7d9bfbeed734d3e3983db22c9f9e8959678b05 |
| SHA512 | 408c2db9f7f16963eaae9de198a11f647e342f34a6a3be4920524af3a71d579ce58aaa26ace65caa449ae2b94ac9517c48f18beab5fbe0661c850a9595a9a370 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 19:37
Reported
2024-06-05 19:44
Platform
android-x64-arm64-20240603-en
Max time kernel
3s
Max time network
133s
Command Line
Signatures
Processes
com.honey.jiaoyou
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/data/user/0/com.honey.jiaoyou/.jiagu/libjiagu.so
| MD5 | e5a53000766ebc433b27d6a66ec4f555 |
| SHA1 | 2c8f53f1c03aec2005bcad67d731f07261dabde0 |
| SHA256 | 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e |
| SHA512 | 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d |
/data/user/0/com.honey.jiaoyou/.jiagu/libjiagu_64.so
| MD5 | 05a8c3ca16893f4e6cc997a82d987fb3 |
| SHA1 | 76d6c6d19e0bfa83c847e5d330bd144f58994bff |
| SHA256 | 82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10 |
| SHA512 | 2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96 |