Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-yz5dqahc49
Target 99212adafcca3a29bda827559cda3a0a_JaffaCakes118
SHA256 f644218a3650ce9b8319fd45f9431881d3658f197b690c9d05512a2b91bbe90b
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f644218a3650ce9b8319fd45f9431881d3658f197b690c9d05512a2b91bbe90b

Threat Level: Shows suspicious behavior

The file 99212adafcca3a29bda827559cda3a0a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 20:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:19

Platform

android-x86-arm-20240603-en

Max time kernel

177s

Max time network

184s

Command Line

com.jingzhaokeji.subway

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jingzhaokeji.subway

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.jingzhaokeji.subway/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hanguoing.com udp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp

Files

/data/data/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar

MD5 246caad65896a309293ba0701162c5ac
SHA1 0457995dfba2a599ed45a8794f842a1ac2454675
SHA256 46c254da98b8c732a28eb596660b8ae883781acf446708e9d5b49a3617462845
SHA512 0786f52185557a3bb6e6cacf70b98dac9ca45011117994d9bf450de29e58076bd734107564ff1fd3ec1ddd18c077e2297881459897ed6f6b5c39dbcf4012e38a

/data/data/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.key

MD5 dad1f2f2135f4652add4278a920b25ec
SHA1 687d42702e4c45bd9a9be1a04cbc6ce06104810b
SHA256 4489459bcdd93ad3655d63571d6ee98ee83f334bb02fc3d8c4516229d680f66f
SHA512 c7903b569426b98e4b8af916122a9e8842512013c80b4fab52cbe225a70266e89013e15e8539443ae031de11f4dea1da20a56031ddb5ab6db56426637488c6a5

/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar

MD5 8e77268a9906f53b82d594b0880cca8a
SHA1 3e7cb9567dd54527a9fa455954d51926f794d4f7
SHA256 653f2757edb0e8c28a40c224cac0629fb02c6928f67e9c8b90c17c6d4aa7784b
SHA512 fc38d7d92c4497656707c63cb4535e2f523390f34cd65d1fa0e809012a57fc4379ee55d329cec52bfb8d7cf3803fdffc673696b79e24c649052598ad2b2ccae7

/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar

MD5 dcc9258084766e69a77ad15847f65d39
SHA1 fba7427d5d6a0576e019d20a09fd1d6ce0f100f6
SHA256 8264c2abdcc85d4313eba543e2d1256b5222af09e9260a88bd50883c86f30b5e
SHA512 5dd690348ed8e2922ad1b123689f6fb30b6ec1506d662588edaf0ae79f2cb5bca102ad13d47f07f9a9b3798203455c280adfd7f193d60d541a4f418492043e77

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 818d48a1c84171a910baefc999f35ffb
SHA1 d95c53fa6a0e66cf572a5a13566d98a163db4930
SHA256 0fa96aad15ef3330d038076549fbadb3ef52a4101589fce2f1a85a098b682705
SHA512 9afb1dea4b854a33eb5e2ac1a43bb4c1dbc54be29e165eba949a5526cdde19148643f75f656f728e5d4f33e529c8a1eb360136133992d6b9054f11d76817dfa6

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db

MD5 8a12bba4fef68a653a20f1529f0967cc
SHA1 2451f8e07631ef0a0a867d0be61fe06769cfefd6
SHA256 a4c0e9aa627e135de0a4f22c9b041c66288c8042997e7b3d6aecf38f2b6bab32
SHA512 5e0446e52c909e50aa099ccf57eaf2ef6475ce550a8fba3841766ad39957905163368a41809624171942226e7063d9588171aae6269ed57764255655d572e7aa

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-wal

MD5 279078e185e0eb678226c678a64b4510
SHA1 bb671d09f4fcccdf0bb92ae5b075a9dc4dd1f02a
SHA256 96a0219f394eab9f9d301a595187dd4e689b12b07530baecc3039993e177a5be
SHA512 eaf57bdcee59d019c30ffc9889be835d0ccfeddfbdc641d5ff894c49c43f80e5ba4ce9432e4bc7b350657bd65ef333a1a5a3e39f8833cd6c6c0fae24bafa4305

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-journal

MD5 83bb8e96188655e790d3904c114ec815
SHA1 6b8a2efe4b77c312ad3b61a2d13d00e8be861290
SHA256 38e64ebaff28b3d28ac00528c62c66ad6c8f56ade6997084fa6be5017de94ac6
SHA512 8fa021e5bf626cd80355959fb2d7d96cc2a55a59dc5626ac75a6bb7231862b246363ed346eb4d0a66a67653f0a606fe7cc30f6ad9816302d38aa660caa62d80a

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 a1bcf3882c032af90b28d051fb333d90
SHA1 ad67db0f5d8a206803db0dafd3fa9035d8d023e5
SHA256 8bccdba4c516d45ae07f129907be45725776afc2d6ba55b3399ec6c011732b83
SHA512 5760c996fc73dbbb53b64b7cfd34aa443996293c3aa281a3e94e2b3cd0c95f2be145ce1690786499160c736c48dcd9adfd040c587fa77e945a32c0ddb07dbc68

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal

MD5 b16c2228580d6dd3dda8378174549d98
SHA1 9c0de1f76e9b12349e81067059096daee6133eed
SHA256 bd76d18b0d1c5c345a065c28db6362ef58b1e8d71be71a50b05d06cb8f257356
SHA512 fa1e540d0483df716acc8fff540b1bf3c23d821ea03cc90767c7a62fad036ead9a90b308df9072eeefcbf19859b0b541f01dde1e89e0b90f842ecfd7ffafbfd9

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 9191a2dcb8ae5b3aa6c5eee21d22d040
SHA1 609fb96a5cb4b956a26a7b136eff1702329af0f5
SHA256 df85fc6c112cfe612ec0973e9d839cfb89db6b1455b6798ca9aa4463a39c4f0e
SHA512 afff2a22379e02aa9c9022bcda735be8dd7b534625150a5db9e90bb477f4c82ef49a16c1552959ddc2590ce1faa120066494e622e31f4464a598b06d0d21b8b4

/storage/emulated/0/koring/coupon_list.xml

MD5 691210a77dceb4844be7e02e5c76c00c
SHA1 c270452727bdd4eb37457b34e4ba1546d18059c2
SHA256 7ca1f745ecc58f2f5ef9b243e14dd93c21a14efafa6df01decd8e1ce6c906a40
SHA512 c6e6ca6025bce2204e55a79a85a241812f3d6a1bbfd9eba3f0412ffde3056b3dd5286bdf22288675a31fc426f53175f07c76645b87cea2b1b8c0d07be286d2f4

/storage/emulated/0/koring/coupon_detail_COUPN0000007773.xml

MD5 ccdb1c5780ccde0ad8d95abce0b225ab
SHA1 46b6d934f15a6440de5a8da8703b540d9f514d13
SHA256 6cb0a3828247caca4c195a2d091e0a08495060be5d6988b5844a514047013166
SHA512 2cdd3bd84a71ff5d46930293ebf733cc8e43626b9de7639d4551c544414b2aedbc689930dcaa41e1c059a9d7dc4a9823ee000b769842e9e1e475dc55108d5ad2

/storage/emulated/0/koring/coupon_shilla_182x230_140718.jpg

MD5 0f6e375d836e20218c23c751e66e1e29
SHA1 4556131f7f71e679ae0c6e0c42401b093092d678
SHA256 aaef088cc40afa531e952838b418caa45e7d689e2a26d9e6490d51fc84972551
SHA512 fb23b7c4d0e8f7e0a5d4d05c3942c7b255fbfc1e681fd389e8db94cc3ec127d801a3716d47730443b116298af176793a5381754810fbb66b251ac67b95fffdc6

/storage/emulated/0/koring/coupon_shilla_140723_simp.jpg

MD5 0dc41e030bec856aaa9fe27d0c3093a4
SHA1 1458337a6c4cd68fd0d613e536404e0487c7655a
SHA256 5b5fd5ecb0a0a90cf375f109a8b8082e00ed45f736d656221899a5029d043985
SHA512 444ba8b48589f1704058132bd9f3e1e4139ead4f8dd4423ba9dab1591a5ab207b6f960c91758f86974432983f430977e593fbf7d98917045b45f8a58d02bd628

/storage/emulated/0/koring/coupon_shilla_140723_orig.jpg

MD5 88c4aed575372bd33526032bc7d60524
SHA1 1c70e07aa8bb30178ed7621841ab66220cde4357
SHA256 b8c4c04bc79e82cb4613cff4281d543689cda12d50dec29996b1e3b04751bef8
SHA512 8243307afc1165362d88ac14897f8d16d1488446b63e7061f30f03999720121e0249b1b1b95f9234e7a9db316088bda77ecefa2425e255d4b68f6d6002eb1c87

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-journal

MD5 9df9793ed5ceeb7e2d0d09dd8e19c4f0
SHA1 a9509d26a6b2adedc6faaaae3d3834e254f0662c
SHA256 bcd4b0b6a2cd3272f370eec2a05c3dfd61f11f2c49378441f6bae04f65b83077
SHA512 4ffcd749e18e54eb8052332a665b93aafb4b235451383d8c8225e92e441389a8649c955334ad5cfaf1cf069721b8ca8cf30a618a39a62010ce6005f0ef74f6e5

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 983a9c3dfd629618b308df9d4f61d949
SHA1 80b9aaea786d85710aa6ad0242f4532d89c4549f
SHA256 afe33e3dd6114e246118ea956b377e8a7e9cb130edbcc790a6318d3efac51666
SHA512 065e185f4d3f26ecf96abfbf2890488d6f23588b78cc0a18de350417bcc8acd73de58b37b28a9cd69f4f846c7a0cb3c30f569a6fd175ade7ed6003fabd400b10

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal

MD5 d23e593192e61c061acad37c05c45d82
SHA1 ad31ecc9f17ad96a3a6b78829bcf715c9d2991b3
SHA256 7ec9360c37adb1a4b5b2e9ca9a362475399775166b50e38465e9fd290fff945b
SHA512 3682ec02a7cf3fcf1f85ab867ec60a9a0c1103f950f222e0eee46eaada5697bc5269dae451b40594f4078f0a16228368e8af6a682ef37871c7b24e05255df459

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal

MD5 2ea23f6043f6bd7af99e6a9018992a2a
SHA1 4b2235f5d7d947fbc06aea93910bc0852d3694a5
SHA256 d840307b0cd17ae9fb877c0a3208d241cbe12615631a1c3b5db3c68205c3e105
SHA512 974a9c8dbfe141612206b608371875977a264f04a0c1394064c2deba336f3760291d0fff0f0fb05b241381956f24cd51b653e94b1c1573fb69fc084161345bc5

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 3ffe4e7bf7321ea6959bb999e9e01776
SHA1 88584fb3aa234c93e48fdf88b1e76161f7151fe5
SHA256 82f2ea89b1d9fdca0c8de1d4bf58b6e471bd4e39ee53b24dda073d3a48d63bb8
SHA512 27ecad72c7b4f49f25c65f71336dd40d3ec6926e7a47147677e3faf13ec227e9ee4cfc0b89383b218c7679e68cf731f6035e1433bae3ea2b47645af80cc77b15

/data/data/com.jingzhaokeji.subway/app_push_lib/oat/plugin-deploy.jar.cur.prof

MD5 ec24a38e10a2be188ca862d366fd7727
SHA1 e695df4b933ddaf94faba7901b994828f10ef3a8
SHA256 fd40221943d1cde63a132aec655a9209c76722735c07febfd7d45e4b44a026e7
SHA512 1ccf33d983e4bb1b2196854febf1ff810c340bcc68875820771f9189ef2361e0633c40cf48d3328f4105e6b8c91bf2149be44e365063ddee78a7e8f6f25b7fdc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:19

Platform

android-x64-20240603-en

Max time network

173s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 tcp
BE 108.177.15.188:5228 tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 172.217.16.225:443 lh3-dz.googleusercontent.com tcp
GB 142.250.187.194:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 172.217.169.74:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:19

Platform

android-x64-arm64-20240603-en

Max time kernel

179s

Max time network

189s

Command Line

com.jingzhaokeji.subway

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jingzhaokeji.subway

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

com.jingzhaokeji.subway:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 hanguoing.com udp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp
HK 168.76.33.48:80 hanguoing.com tcp

Files

/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar

MD5 eb356fe265146cbde53553afe1a05474
SHA1 43b5ec859d2f90c4948006fd0ec7a3b9c5e3e651
SHA256 cfaf9a2e8c29d61ded5653faffdfca1fdbf34584cba72f0c57f0cb75753d94ee
SHA512 df80fb7d885671cb38aa1eb0fbf33b3c2f7c0faac3cbc092a25468e6d2ffea92f03a241abcb2ddff7d82870aaaf96f67f359d82f735564066e9d570b7cc75eb7

/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.key

MD5 122a62ec0a3b372ca8ce70461afa4592
SHA1 4963863093ccb67c917eb0683fbfa06b2ceaecbd
SHA256 09c6ddb31db47b32f16d4fe14c4a4673d846421a1928c6edf82f1e5706939b76
SHA512 71589f59a1875ded5f571f79e46eae9f46fd3b1c2aaa0f817529bdb7a1b51a16f86642d78b25123848197d39cfd0711bb897e8d8ef5862615cbbb00e94713516

/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar

MD5 8e77268a9906f53b82d594b0880cca8a
SHA1 3e7cb9567dd54527a9fa455954d51926f794d4f7
SHA256 653f2757edb0e8c28a40c224cac0629fb02c6928f67e9c8b90c17c6d4aa7784b
SHA512 fc38d7d92c4497656707c63cb4535e2f523390f34cd65d1fa0e809012a57fc4379ee55d329cec52bfb8d7cf3803fdffc673696b79e24c649052598ad2b2ccae7

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 5a39b4714aff02459a1df51bf3c9d41a
SHA1 605f13ece332c2c12fb4990ea274c8dd2a5404a5
SHA256 2c1732a86b78e30a20675a1d950bb7ba8b7f4a4ce472a9101ebaed00e4fda319
SHA512 27d53f489c1d6ed66223d1b0c4aeda1079005573a19f1cdfd920fd164b293d8e3b872bab77d70c64a867af5d4d0109cf7e06e4db471b6124c0ba2034035972da

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 3b39eb1e02f3717c0d07e9d313518f57
SHA1 b24d62ae69d09d1ceeaad8ad1f89acf5efddad23
SHA256 fc381eef8417afcbb15189f966acfaa0f2447ad8415f458062a5547b8d0645d1
SHA512 4a04d7db19926b0ce43adefec7a402e67bb408553f3dd7edbf494535ba561994fe459504c8f5071b86dbc7459a92026020e064c433e2c6952acf04b2428bb710

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 18c6fa91ac450e1ea3a3220958e4a2ee
SHA1 97a790c8e37a5627c872789dc35e2ae1534c6225
SHA256 43f17c0f8446d60690029352b73ce5d77f50097bdc46d2992ec5b1b11a19c939
SHA512 47fb79d45952f391c1abb64f18deb84fa74626244aebb3df6aecf149de7b515a1c63c7fb6731ca33c9687bd1fd4c6ba75214c46dcf4b3c6b95da7039291dc1f0

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 c69ad6541a898190ded11c6e41a02ca2
SHA1 f6a0d6adae66355b151288f3a72c588a90ba0b6d
SHA256 5e9e4350ec1e7d57651a01c28b29c7c82499a6af339d19b9b860eb097585382f
SHA512 0294ef4de97101a0a2816d755d9ebaadb0f59f4e12e2ec0ed61306e1ef1a63ec22c730dae2fe1032e2cf9d64541558c860bf089d4fa9fe31d87bdee46ee6defd

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db

MD5 d276598b3c20af85f35ca91d95162538
SHA1 135f90e057e5f3c2cf23168e9b54b2bb93b72ccd
SHA256 2ebc5ffa53804a2d2462cf269ac9e9bff64bedca83c8e0564ab0517e2a5bf503
SHA512 a41382bab161598e41a2d199e36fbccc924a5cfd79905a2cced6de890cfbab047e583a62dab944cac5a01a003bc3d6da16b54f1d9621a1f90e6a2bff68a84006

/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 9191a2dcb8ae5b3aa6c5eee21d22d040
SHA1 609fb96a5cb4b956a26a7b136eff1702329af0f5
SHA256 df85fc6c112cfe612ec0973e9d839cfb89db6b1455b6798ca9aa4463a39c4f0e
SHA512 afff2a22379e02aa9c9022bcda735be8dd7b534625150a5db9e90bb477f4c82ef49a16c1552959ddc2590ce1faa120066494e622e31f4464a598b06d0d21b8b4

/storage/emulated/0/koring/coupon_list.xml

MD5 691210a77dceb4844be7e02e5c76c00c
SHA1 c270452727bdd4eb37457b34e4ba1546d18059c2
SHA256 7ca1f745ecc58f2f5ef9b243e14dd93c21a14efafa6df01decd8e1ce6c906a40
SHA512 c6e6ca6025bce2204e55a79a85a241812f3d6a1bbfd9eba3f0412ffde3056b3dd5286bdf22288675a31fc426f53175f07c76645b87cea2b1b8c0d07be286d2f4

/storage/emulated/0/koring/coupon_detail_COUPN0000007773.xml

MD5 ccdb1c5780ccde0ad8d95abce0b225ab
SHA1 46b6d934f15a6440de5a8da8703b540d9f514d13
SHA256 6cb0a3828247caca4c195a2d091e0a08495060be5d6988b5844a514047013166
SHA512 2cdd3bd84a71ff5d46930293ebf733cc8e43626b9de7639d4551c544414b2aedbc689930dcaa41e1c059a9d7dc4a9823ee000b769842e9e1e475dc55108d5ad2

/storage/emulated/0/koring/coupon_shilla_182x230_140718.jpg

MD5 0f6e375d836e20218c23c751e66e1e29
SHA1 4556131f7f71e679ae0c6e0c42401b093092d678
SHA256 aaef088cc40afa531e952838b418caa45e7d689e2a26d9e6490d51fc84972551
SHA512 fb23b7c4d0e8f7e0a5d4d05c3942c7b255fbfc1e681fd389e8db94cc3ec127d801a3716d47730443b116298af176793a5381754810fbb66b251ac67b95fffdc6

/storage/emulated/0/koring/coupon_shilla_140723_simp.jpg

MD5 0dc41e030bec856aaa9fe27d0c3093a4
SHA1 1458337a6c4cd68fd0d613e536404e0487c7655a
SHA256 5b5fd5ecb0a0a90cf375f109a8b8082e00ed45f736d656221899a5029d043985
SHA512 444ba8b48589f1704058132bd9f3e1e4139ead4f8dd4423ba9dab1591a5ab207b6f960c91758f86974432983f430977e593fbf7d98917045b45f8a58d02bd628

/storage/emulated/0/koring/coupon_shilla_140723_orig.jpg

MD5 88c4aed575372bd33526032bc7d60524
SHA1 1c70e07aa8bb30178ed7621841ab66220cde4357
SHA256 b8c4c04bc79e82cb4613cff4281d543689cda12d50dec29996b1e3b04751bef8
SHA512 8243307afc1165362d88ac14897f8d16d1488446b63e7061f30f03999720121e0249b1b1b95f9234e7a9db316088bda77ecefa2425e255d4b68f6d6002eb1c87

/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal

MD5 71283728b0048958e6b2513ba4757f3d
SHA1 ff9426044ece68b926645735989964ba941492e0
SHA256 1c2ab9ce96b7cbe4d0547e9c0a3babb11fa78201a70f4154996a699ee4c9ad13
SHA512 b110b3540977a9605fd169cb7822dddb5aaf7d2b972029788e0f0a3b9ab761775e11e0dcc353420360a5962df5aed7138c7400fdff2300e0476cfd038e712932

/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 3373b7deb200ea548919884506800560
SHA1 7172f8ac9bb6e668a033377d1bbf016ec1e70046
SHA256 c3e37246eddb46e07ae86742cbabf053ff35afe3864c01219f1013284622d731
SHA512 3afa65d1807d257f8af9688b0f328dcc0edc75bee45fde6718ad9ee3f6b2d58b2a030969843d6cdfa6a46d9647019be9880edef11e672b2c5324564eebcce4ab

/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal

MD5 54775d453ccbb5b9cc2af7697c04c886
SHA1 a77b8e0307c8c4b4fea2b3a72566bf5c2c120ee3
SHA256 c440fc511a95204daa5f567c7d5a89b69123cd48eb0b16861bb5c33c4aad9da3
SHA512 0be0a6695d6f4b1e12a20c207b25e608d373494424d6a6a632a23548a6e232d3ad9fd506c9bd476684b0a9e27a94bcfe5cff994863b458b58ca3d01a2076e4d7

/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal

MD5 c9acd22e05161f0061df76f52f5d0923
SHA1 71ff398183be7645507010d5e50a9d1a11e7f942
SHA256 ea7b63466ff42ec4e252e2d2eb83e82cf685d4faf97c1390b669308dfb16141c
SHA512 4e43a8058876ef8f2e08308e5e2e678942d0f4c12e0250834e71863befbbca2c3e30cd5cf2e815971b41d46fe7f63bebe74eb400f7144cb3295d1891aefa7a5e

/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db

MD5 0a35e0626a4db60cae8bef2dc6e9b551
SHA1 f9b1f4e325f20fa2fcef89d2df981b6bcc2ccabf
SHA256 3d655a15d48f846d287f67c66282e783815cb18eb0f80f0818daeeadf6642a29
SHA512 0bf83dae1a95aacb7abb9467275bb005ccda9811a3b531e575d22cf793d79b326926f171d03fbce8c256f8b998372c7f4d83768f871dcc91b404255ff1159b37

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:16

Platform

android-x86-arm-20240603-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:16

Platform

android-x64-20240603-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-05 20:14

Reported

2024-06-05 20:16

Platform

android-x64-arm64-20240603-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A