Malware Analysis Report

2025-01-19 05:01

Sample ID 240605-ybyahage43
Target 990a93f86d67dc64df44d57d7c306bfa_JaffaCakes118
SHA256 da49693d3e8c92cad7af7673412cd8942fdd03df9ff9bd630ab39a235446865a
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

da49693d3e8c92cad7af7673412cd8942fdd03df9ff9bd630ab39a235446865a

Threat Level: Likely malicious

The file 990a93f86d67dc64df44d57d7c306bfa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests cell location

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 19:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 19:37

Reported

2024-06-05 19:44

Platform

android-x86-arm-20240603-en

Max time kernel

31s

Max time network

186s

Command Line

com.honey.jiaoyou

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.honey.jiaoyou/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.honey.jiaoyou

chmod 755 /data/data/com.honey.jiaoyou/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.honey.jiaoyou/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.honey.jiaoyou/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.honey.jiaoyou:core

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 wannos.127.net udp
HK 103.129.255.21:443 wannos.127.net tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
US 1.1.1.1:53 wfd.netease.im udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp

Files

/data/data/com.honey.jiaoyou/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.honey.jiaoyou/.jiagu/classes.dex

MD5 a6265e387c5cb4b20f47db5f8adf53de
SHA1 00725e59beab1b0522dbacb7849f5ec04e17c9ea
SHA256 1101c039686a5e0688a1b47ed01e06bc302930f6e1d1d0a955e452269b14c5d7
SHA512 f91938618b5b152261d8898ac490abb039127a23e00452fe8edb336e8135272be99c23cda5cecf305fb5496275939e641a7b99793d189f0e93690ba6ab3f1158

/data/data/com.honey.jiaoyou/.jiagu/classes.dex

MD5 0f074be4c0c0b9d1fd66754d2cb48f91
SHA1 f4e04d400496f5362439723f73b83d334056c8d8
SHA256 aac574d030d299b5907e3980d7599ec81a81494e184c3cab62f7049bec7304c4
SHA512 08125f396cbfc103cff9bac96ac0f91e89c765a4ade8a6ccb0436ba529084fabb29dcdec9d90e35c98840d7a8b4f6056f85d927eb0a9dab24abe6af88a46c923

/data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes2.dex

MD5 6ace863e4f288299e1799b6e00c08025
SHA1 8f2d0855d99871e069c314d93f193c5e4e8617f3
SHA256 0f35af9b45f69624a7f371aff24f2eba5975419cb0fabe9ca323bd3d0a6a6358
SHA512 5418efae982b3b5cdc060ce26b24e70daf71123a4cded546e8854280f6ab590b3547fc63ed5c17f3881fdaec2cfb1a4895810be92e8191970ec7510af38305bd

/data/data/com.honey.jiaoyou/.jiagu/classes.dex!classes3.dex

MD5 2070b86ead8a646490fb471db9ce5afa
SHA1 2c9b2925ba6da8811310438fddf465da51a143b5
SHA256 52a67d1f6b7e6dd3642ebfaf6e791c81f988a6033784669e870839aa3947fff3
SHA512 5752886adc6d4d534cf90e77771ba0150f89daf9b858153b952a3d6dd5f3a1d5d86b624d0770154c314a790fb8a2cd603f099826443c5406bd3bbd288b094018

/data/data/com.honey.jiaoyou/.jiagu/tmp.dex

MD5 c9105818db8dc09b96d73f3de749f9ae
SHA1 b820104ca99ac26022da512cf4428e49119868a3
SHA256 cab4279a1d713548064dd8fe8377b6be0e3bb0bd1798faa0cbc7244631833a81
SHA512 606696d6cc92e3d0f4f0a7591b856beb076cff13fdf5ba56c9de0169d68fb91c28d678b1af4ca350d7c212f06ed8c5d9458bb1f81cc6a8f13424d3378fee2d76

/data/data/com.honey.jiaoyou/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ri

MD5 ef85902fc2ce985754a5996bb5960f5e
SHA1 d2925033ea56cc9ba6bc7426fbf3aefe2858fc33
SHA256 19295bbeebdc20741871295f81dfdbec5a7d505058d665a7d154da543fcabc8d
SHA512 88202fb34e8a8bcc95cf8d095f9270c612bab45c63657750565df08b4ce717cbf23529739dd7779e5a187125940ca840c05140761dadc7d0c964302baced51e9

/data/data/com.honey.jiaoyou/files/.jiagu.lock

MD5 c6990096564eee2f94f8fc7009cfc00f
SHA1 12d522501ad53b9e7ba53901e0471c0354b6d47c
SHA256 733c8b443460d9c66e6c0dc8e25aeace96e20a9af5efae8cf2848ca6dbb34eaa
SHA512 a71fd85790ddff54f762dbb0d483e4294a77ae8fd0573afe0ddecc907bc96029ecdfa93d6f1fd95b8291b954e0c6eeb9acad2b4516c5c3de8b8fcbdd27b6deee

/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ac

MD5 36d0336f4f821c4609f415720292b79d
SHA1 8c55a954abba07047b60b5c12c4ecd82382b7b6f
SHA256 e4d0fab8b91058854eb0cdedde93e8cd47cced5ecb4727696608188112a0dce6
SHA512 d784ff9afd8a7db6f6b0e6702638f994fc35dc7bd12b0168afd327a824746b46c52766a10c63f086e0b7fc95305e1831141b0177941eb7dfd458d61f1463b18b

/data/data/com.honey.jiaoyou/files/.jglogs/.jg.ic

MD5 d93871e448ec949b00ccc947d5483dec
SHA1 ab2d75f32ff1575bb872df71f5f0afc7eda1b1ba
SHA256 60de3ed7c6d68f47c0b87e6a52d71ddfe9fe3d1d31389c276e2d93895bcea4cc
SHA512 8103e7f294da80c9512c64edf8736ab159e7313dea1503e5659c1784d1887461e8de448c67be000b4eb6c0c258a0df905d2595fbd02507209534561d9481f7b4

/data/data/com.honey.jiaoyou/files/.jglogs/.jg.di

MD5 45f4ce171d28cc27b502e38591cf3f7d
SHA1 a6fb6dcb264bfbd02e816ee0d586dc0abaa71d2c
SHA256 c56da6f77f1434d706aaf410ff9f5ac74b3975cb959863333012ae60815e902a
SHA512 701607fa08957ef920299eb5d0d52de7c7c78f5d65489b250b3151cb109dcd45879d191dc16bb0ce57043c522c9c23e1a01e4bb6d3f96fa998f8a78ed7de5d2e

/storage/emulated/0/360/.iddata

MD5 22b1125120ce78f6a4d44274c9e7baed
SHA1 5a4b5ad97353d5df4b1d30264770ccb472ba68b2
SHA256 94aaebdf2f900a6f7a98b194cac4403babca3945aa2113dc6ab17328df2308d3
SHA512 e9155c462fe76bc26744c1ae48434ce96b11ecb5b145acbfb65a0edb7458201e545360a196aa27b34f62290fcd7b680e578d6839ce2637b93229cc4b20facc25

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 e445849a145cdf1f62485a1520348437
SHA1 5317abf55379dc8cada69420ecffc10cf98531d1
SHA256 c392281c7dc794a1913713813b952791c96c1753cf459d5d190abd4403d6581c
SHA512 a7b91e4748b1f594f6bdf4464ef344718eb21ec76d41faad08f63f066e06a30d66d0c06abf000eccdf2743f8df863b403b73c99e16dece0f91cf863c79896d57

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 3797fde543699b755093f3ed3ae67b69
SHA1 6ba812b9700be9ed809eff56312f72974f48fe16
SHA256 ab51c692ec192410d69df3823dc1ddc346749c5806ac638f23536c776d0afb0f
SHA512 b8cb87b75f52523d895f6a5386cfe9b1e990d1d9301e3937b6401dcce32913cb84372d86578ce1f964862560cdda4961b3062ae8199575a5cbca0f906efbe6b4

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 a018eca54c282d12895296b6b039a6bd
SHA1 37b6a9a758a43530b152826c886eebd24738185d
SHA256 0a3008f66b0e03a75813a0aad4a40085839186bc1b8da192f2bf315fc15bd3b7
SHA512 35c1c7bf1349c83009fbc42a297473fb197a88ad63b08eeefb7875915e3c992e22b9796065edbd1e6a86af064d1214291c5ccf34c562fbb0946068496293662a

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 f7df3cd715c788d547ce20c6ad914fa7
SHA1 08f02386d711846ddddbcb52b943ca2b6adb5a09
SHA256 f114e2f08b5dacf627185fa794d5a92b343c5f186633226bbfdedb0370dbca93
SHA512 5fd8f4654a609327c3620051680cb62b1fc838318a045e465526c182c10059521020e3740389eac285b0d7cac5f951b048651c240691e1165562c57fc7e587ed

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 95cb591bb47a1edcd06833c1d7bfa02a
SHA1 1755ad3ff862ecf0840feb9a1bc7a11d64dea77d
SHA256 102c7674a864d5579db5e71053b359121cb7db909183df504cb54e7620574e0a
SHA512 f64de9785fbb86034bc95560421fc9067e31ac1430bb60d567be65cc41696a592073be84cc05d4707725d8638e0384a0cd5f2e6397bfeea017b20f529328523c

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 2eae90f383bff96d1b79c504855fc572
SHA1 a6abafc21a1a4a24acc8e0d89fbe271e6f68eaf8
SHA256 05c760579b2ef1eeb7e3e0d6e84230212d663c6af83e22128b059d720f370669
SHA512 da2d718b9b4b4dfbb376ac48db708c8f7745004b2cd060127c0765c769f725aa2ebb88c2e00376e4bb48c3fba4a208bd60ed15a803e9a3e4203a4186eb7d0959

/storage/emulated/0/com.honey.jiaoyou/log/demo_20240605.log

MD5 aae970872d2f9eaa6ac3946edda0de33
SHA1 60e50fa75a8bab16acfa831c4049ef6e4b5d832c
SHA256 7e87aefb91f97ec2a4ae4faffc322a3a31ac705df1599f5cb500264a29217d1e
SHA512 9cb87fa2f505b01a6ff823dbb1397bb97e71f1ede3c3c8e12b8b8db2ca322cf4dc8b68f36e336a00e488b40718db85afe3e48d0c978431943d5d1dd650854b5b

/storage/emulated/0/com.honey.jiaoyou/log/demo_20240605.log

MD5 9129cfda69658a32f3bdd1759b1a0353
SHA1 c0391871b5fc1bfb3e5b21890fa89cb907526973
SHA256 1a1eb3075316b26ecb29235115dba520e2751642d69661e1d51e7686a34d2d3a
SHA512 4f011e02069906028ae3ade0063f8f1c4bcbbccf06e3ccbc1c1f262186668daa80d03f8a4d87cb90e6c214bcbfac436eee5ffc894ea39c79b8b667cb5174884e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c7b2e8ff4c36de27085219446f3aabc8
SHA1 835e2a65410b3032a060e96629e2290a651e2b6c
SHA256 b6ac450a70264b7233e8752dc650729fbb8c54c1557a163b003d0b2c3d234792
SHA512 377aed25bf5ee53ed891e347b71d387edbec78ca7d644bff8dd6d39e925c4953cf458e00d25fbd4ce1c003bc8d124c78a22acd8f2eee60a694e321d1cc58a139

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9fb30bb544ef91e49b97937ce7994875
SHA1 610e55e922f08eda66e73dda06d7528170882c82
SHA256 401be0b210152a2cdda766595ca740af8692aac90ba1cde9cc2ab7e1178eb1ba
SHA512 5280df36b05c84c9a77fe7cab9627edd6bb25e32d973d91e402d9a2b04ba9d98c8630cc5cbd94fe7a02bb6dd2bb37609bb05781861114ef40e2d1a8a001e0200

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2a2364a557e0195d814ff25f6fce8d28
SHA1 dd63ddc04ace71f6ad90feac7a7225f34393e99b
SHA256 d24f59fabd5269f591083271061ed5a2efffc0bc9d402adb4d2bda854fa4ec55
SHA512 86c9a524ff88207013feacb2706a8aa2faff95b8db86d71b3af39db47e3468eff07a50273a9638bb55cb792fb3116ebbc56e96b8fb6edde867fca694f0582173

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3fbd9095985ce69bdd3b047b8f34f80a
SHA1 5e57040ff44232a46958d8292a106369186d591c
SHA256 34c6bdd0d344700176979dd4814ba7c6ed0c1764b71dea9bd6bc5f74416dedf8
SHA512 8a3820660c74d693a8d953fbe02d51580eb1d2aae3e704d61dd50a63d300bc3c8e0bf31a46a4e38719a2f3f5a672095d3f9f1afcc2de6d9f50262591fb57be92

/data/data/com.honey.jiaoyou/files/umeng_it.cache

MD5 1ce377487d60ca89e2f3f6ff370c305c
SHA1 dc2258d4f888a3d630e5953ae9325cbcf46ad14a
SHA256 096b23975cb06c8a3a43348624a2ee487c5e51f064e4fb8cb1af929b55e583d1
SHA512 240fa70ebc9a4d1d35305f893ab43d26008ab01e58856d0bdc58dc638df7226e86372ce4ea1aaecaac037e25510b9d7964c673e00ea534fddf9cfdf938c610c9

/data/data/com.honey.jiaoyou/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjE2NTAwMTYy

MD5 40969303a5e22a030cb03e76a7e1a65d
SHA1 2cc35f3e1fb9886a167fb4c2fd859e93bc1f9b8b
SHA256 a5cd1aa191f81f45c8eb5b97e5e051838ce9ad0a84bf7f7e0d7afbf18a42a990
SHA512 dbfc08cdf9b3291093d012c647f487604bad7463f1c42e129791c07a3864ee53b848681949bf16bea8c9a48e2905152bfe9058a66e73314cc938791ce9695705

/data/data/com.honey.jiaoyou/files/.umeng/exchangeIdentity.json

MD5 bff1199e08f0513cfed88c9939edf17e
SHA1 ca4139be6daf2168ffa779562a3d0e0ab01097f5
SHA256 60c06ef6385c1812b4846905c9ca4866ea1f9d930822391351a4964fb64a9dfc
SHA512 53ee94be8df2bd7b2a0bcf0dd39f9c4d2e1d46b45bd5f19946c3749cb172566844f78b9f938a6b1b03b580d07734c3bda6ab7533b730b941ffa64fa786e9931b

/data/data/com.honey.jiaoyou/files/exid.dat

MD5 227064f14283bb352786ab6ee4c21445
SHA1 113c90d1f3a317c26e2eb8f62c4a26acc0b232e7
SHA256 2f8f221fa32fe3e6e77844dc1ca1dbae6e6d49d39ff38b1d7cf9086accf4e66c
SHA512 0ebf419e3474626f82b2ffcb30d027e26f816808c9f5fd5be71f7880b72c4a93b0f92901cdae6b7b8ad5052b105112f514f29f5e8f6425056fe956f66f7d7dca

/data/data/com.honey.jiaoyou/files/.envelope/i==1.2.0&&1.0.2_1717616501199_envelope.log

MD5 59c2161625157f9d5b79bf0c96aa5374
SHA1 3ff501776b0cf25040fbf898d354655e57c48999
SHA256 120307b0fc818c836a1c80814cade1cdbac65334cf736743ffd8023e86267b76
SHA512 83dc7989de80776e0ded2eaee81718d8d8f2a91e1011a18fd100afc6df48e9bb2248631d182f45ea966b58ae9db3d72f4e8a265f12b847624b8f96741b35d5ab

/data/data/com.honey.jiaoyou/databases/ua.db-journal

MD5 d6f79121bb3988e2b85439da187a67df
SHA1 b08e06d231ddddfa1061e22fa1a776e1d8a6bcb3
SHA256 2fd0dab68b8f081eb72cb4b9e548dc8a38b2a4e1613b2ad035c2c3d072a6b8f8
SHA512 f6f6c4b8fc7cec4b1d433d14546036f5ae22e7dc8cac8c2d94c0e2280a3d45e11fa230e626d5cb279621ccfbdff97bfab739e72e7b11ddcd8c7af48505fda7ba

/data/data/com.honey.jiaoyou/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.honey.jiaoyou/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.honey.jiaoyou/databases/ua.db-wal

MD5 953e894e67b904e351575c0cf77de734
SHA1 9f9dc700b4e5609bd89b54808f41bf9f21325675
SHA256 fac39f34faf827c7e74ba2711a91c940d1cde80b2473edbd82f1ad40bac0d899
SHA512 990f39694e1594bf3381b70b1d3c96c39079e86c58fe46f4d9ba652f1258e4d3692e3351d76f2872facaf9b62be1b5afab0b099d229aa24bc27544cac6e2b7d2

/data/data/com.honey.jiaoyou/databases/ua.db-wal

MD5 e5d27a9f7854501216a42c4e667b327c
SHA1 c614f41c35ff7cc9589e8ce4c31ba3272058a3a4
SHA256 559a7cf0b4c3d0b23086a5bd6c72fd40ac6fe734e1121fcb011a38bb59769d4b
SHA512 a61868c3f9c109abbfdffce90f67eac63f904f5a93c527e8936b8059166e313b94b27374d3a01e6bc71bf5654f727badcde1ef550476784c4c141b0c1ff1a5a2

/data/data/com.honey.jiaoyou/databases/ua.db

MD5 b4dd1258d6a1ad351347080e7fdd6c7d
SHA1 c8c973b229960f1ed551dc370fb6cf3adfd7c045
SHA256 0dbdcf5a0b1a18139ae00dfb3a72058fc5cd21639a8392d221bd92b25b442002
SHA512 901a1a89847f25382f93c78c73a0206fe3f2a7c3629cd61afd8755d84a0fef22dd5dfefebf763234f80a8839265b972f6cbb28c411eea578d39837b057a8f989

/data/data/com.honey.jiaoyou/files/.envelope/a==7.5.3&&1.0.2_1717616504500_envelope.log

MD5 a9dddbb31602b3aad0866761140865e4
SHA1 606e6f9b744d5394d2486157bcabb15a231c43e7
SHA256 b8adcb36e1e62ed4f435a4edaf7d3b3da991f4c377cdc080eadd0d2b8f303705
SHA512 028bf7f6c7f8507b08c3ea801e56c2884607062e500ef34fb3c3e26834550362100fddc3f625efdcd20af39edab11c57bc5c80d99e5e701406f7a667ab5d78e3

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 b7605694dabc3e8e1722f1863fcc446b
SHA1 7d2e6b516dfd9e985a9a98684541461d603bae8e
SHA256 c0e6c54a9051e0c97f2c1ce85d9a2280bf12588ac969b01a6956da133d4f15f7
SHA512 7938c634f130c047f01d12ec9d13489f444ebcbf5fb4ad2e64f164e17ee6a2e7d9925f8f5bea4acb982f0bc1e8d97694663db81e2ca3372ee9c0e61bad06fec4

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 3b30f5f24b7bac0b4019064dfde3135a
SHA1 f29b476437b6c41aee720ba01dda92dff1f0c6ff
SHA256 83840946583dffb38dbae78add357e1a723f56b19be99558b082e38ce16af948
SHA512 eddb7d464a25ae6daf2c23db897dc5e65761cfa2d8ca7755e58b36507b9cf69b87c99b212e80ac3fa369df646cefcfdf8a74d01481561907fffdd8205ee88801

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 ee90b7dccfe975b0ee44098769bb03be
SHA1 b94f147885f0ba86f1a823d3fcd5f874e4923c2e
SHA256 0ae1131b5cc0536b4bcb2fd99ee703773ffd437883c87c08f53d7f2e2b20379f
SHA512 81413ebad92c6266214d8737644b8d460065cd37b07cb409f0601dde4bb325df5a6274cc83abd498fe9bc4989b96492ef09ee84ababfbe23f767e53f310fc1f1

/storage/emulated/0/Android/data/com.honey.jiaoyou/cache/nim/log/nim_sdk.log

MD5 a93195b5cbb9b23cac9f15b834d5c928
SHA1 17fae604cf89c48ca33fd8cfcf0d1ccb8cce6d27
SHA256 3369704da0d5517da6e95f0258668e281db5a6095d801b8ccbcc7517d66daa58
SHA512 cae71666e742bb5ca5afe63e854673306d3849f64d0dbc3e4c0cdeac6413b1631b5b9f77891c9cd29f19682ef64a38144f7d7e89c5544600a8ecb06cfeb334aa

/data/data/com.honey.jiaoyou/databases/ua.db-wal

MD5 20aa59303069b04a231b0249b9b9921b
SHA1 f857737d32483dfa3935f2fbfa584c988141875a
SHA256 cb59b6bee450656c3a33fad15e426b0c781cf1b064e94d62e381a7f8da23a125
SHA512 0288db5befaeb22f47bd1425feb4ca97572d7a9c9f082f92b4810bb80371d723de897abca0613b5399dd11218f545c9874337bf9a2181b014dbd8b3b6dd27b68

/data/data/com.honey.jiaoyou/databases/ua.db

MD5 3b8f2d4a6f1b3d90d6f844c1e463e375
SHA1 676b49aaa0470a5de35e1fcde531b71434f44166
SHA256 f1a06b46117a57ffd009ad29ce131d81cdd78d3574e47cf94d9c38309f25d8a5
SHA512 17f0f3fa056cc8a225b2ad67b0f3b24f75c30e0dc8a9de5c0b45afce0e4b55d7517d66872f31b2f6e66fb5cbdc9a142cce3697376d76fd990a4ab8ec8065b01d

/data/data/com.honey.jiaoyou/databases/ua.db-wal

MD5 14f563f71d3a93a4df66b84ecf54e78a
SHA1 a0f8776b0ba7fa78c95130011fe83f57d0d2de5d
SHA256 539d3d95eb8f16b378f17f38cdff4161f346619781df701ef49490308757bb96
SHA512 df1e744abab507dad4edf82c571d1be3d4f31cc85cf53a5e1f422c805f6156d54e1b4689f5120403893108304ab239768ca455db05710fde41d6155822344d94

/data/data/com.honey.jiaoyou/databases/ua.db

MD5 085fb47481dea6f46b62ff0e2651325a
SHA1 aa56b7481c1ca25965cdc2ac8880d4f48f6ea7d8
SHA256 d2550d4527dbd8928ac620ed8a7d9bfbeed734d3e3983db22c9f9e8959678b05
SHA512 408c2db9f7f16963eaae9de198a11f647e342f34a6a3be4920524af3a71d579ce58aaa26ace65caa449ae2b94ac9517c48f18beab5fbe0661c850a9595a9a370

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 19:37

Reported

2024-06-05 19:44

Platform

android-x64-arm64-20240603-en

Max time kernel

3s

Max time network

133s

Command Line

com.honey.jiaoyou

Signatures

N/A

Processes

com.honey.jiaoyou

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/user/0/com.honey.jiaoyou/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/user/0/com.honey.jiaoyou/.jiagu/libjiagu_64.so

MD5 05a8c3ca16893f4e6cc997a82d987fb3
SHA1 76d6c6d19e0bfa83c847e5d330bd144f58994bff
SHA256 82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10
SHA512 2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96