Analysis Overview
SHA256
f644218a3650ce9b8319fd45f9431881d3658f197b690c9d05512a2b91bbe90b
Threat Level: Shows suspicious behavior
The file 99212adafcca3a29bda827559cda3a0a_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Loads dropped Dex/Jar
Queries information about active data network
Reads information about phone network operator.
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-05 20:14
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:19
Platform
android-x86-arm-20240603-en
Max time kernel
177s
Max time network
184s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.jingzhaokeji.subway
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.jingzhaokeji.subway/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | hanguoing.com | udp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
Files
/data/data/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar
| MD5 | 246caad65896a309293ba0701162c5ac |
| SHA1 | 0457995dfba2a599ed45a8794f842a1ac2454675 |
| SHA256 | 46c254da98b8c732a28eb596660b8ae883781acf446708e9d5b49a3617462845 |
| SHA512 | 0786f52185557a3bb6e6cacf70b98dac9ca45011117994d9bf450de29e58076bd734107564ff1fd3ec1ddd18c077e2297881459897ed6f6b5c39dbcf4012e38a |
/data/data/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.key
| MD5 | dad1f2f2135f4652add4278a920b25ec |
| SHA1 | 687d42702e4c45bd9a9be1a04cbc6ce06104810b |
| SHA256 | 4489459bcdd93ad3655d63571d6ee98ee83f334bb02fc3d8c4516229d680f66f |
| SHA512 | c7903b569426b98e4b8af916122a9e8842512013c80b4fab52cbe225a70266e89013e15e8539443ae031de11f4dea1da20a56031ddb5ab6db56426637488c6a5 |
/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar
| MD5 | 8e77268a9906f53b82d594b0880cca8a |
| SHA1 | 3e7cb9567dd54527a9fa455954d51926f794d4f7 |
| SHA256 | 653f2757edb0e8c28a40c224cac0629fb02c6928f67e9c8b90c17c6d4aa7784b |
| SHA512 | fc38d7d92c4497656707c63cb4535e2f523390f34cd65d1fa0e809012a57fc4379ee55d329cec52bfb8d7cf3803fdffc673696b79e24c649052598ad2b2ccae7 |
/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar
| MD5 | dcc9258084766e69a77ad15847f65d39 |
| SHA1 | fba7427d5d6a0576e019d20a09fd1d6ce0f100f6 |
| SHA256 | 8264c2abdcc85d4313eba543e2d1256b5222af09e9260a88bd50883c86f30b5e |
| SHA512 | 5dd690348ed8e2922ad1b123689f6fb30b6ec1506d662588edaf0ae79f2cb5bca102ad13d47f07f9a9b3798203455c280adfd7f193d60d541a4f418492043e77 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal
| MD5 | 818d48a1c84171a910baefc999f35ffb |
| SHA1 | d95c53fa6a0e66cf572a5a13566d98a163db4930 |
| SHA256 | 0fa96aad15ef3330d038076549fbadb3ef52a4101589fce2f1a85a098b682705 |
| SHA512 | 9afb1dea4b854a33eb5e2ac1a43bb4c1dbc54be29e165eba949a5526cdde19148643f75f656f728e5d4f33e529c8a1eb360136133992d6b9054f11d76817dfa6 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db
| MD5 | 8a12bba4fef68a653a20f1529f0967cc |
| SHA1 | 2451f8e07631ef0a0a867d0be61fe06769cfefd6 |
| SHA256 | a4c0e9aa627e135de0a4f22c9b041c66288c8042997e7b3d6aecf38f2b6bab32 |
| SHA512 | 5e0446e52c909e50aa099ccf57eaf2ef6475ce550a8fba3841766ad39957905163368a41809624171942226e7063d9588171aae6269ed57764255655d572e7aa |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-wal
| MD5 | 279078e185e0eb678226c678a64b4510 |
| SHA1 | bb671d09f4fcccdf0bb92ae5b075a9dc4dd1f02a |
| SHA256 | 96a0219f394eab9f9d301a595187dd4e689b12b07530baecc3039993e177a5be |
| SHA512 | eaf57bdcee59d019c30ffc9889be835d0ccfeddfbdc641d5ff894c49c43f80e5ba4ce9432e4bc7b350657bd65ef333a1a5a3e39f8833cd6c6c0fae24bafa4305 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-journal
| MD5 | 83bb8e96188655e790d3904c114ec815 |
| SHA1 | 6b8a2efe4b77c312ad3b61a2d13d00e8be861290 |
| SHA256 | 38e64ebaff28b3d28ac00528c62c66ad6c8f56ade6997084fa6be5017de94ac6 |
| SHA512 | 8fa021e5bf626cd80355959fb2d7d96cc2a55a59dc5626ac75a6bb7231862b246363ed346eb4d0a66a67653f0a606fe7cc30f6ad9816302d38aa660caa62d80a |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | a1bcf3882c032af90b28d051fb333d90 |
| SHA1 | ad67db0f5d8a206803db0dafd3fa9035d8d023e5 |
| SHA256 | 8bccdba4c516d45ae07f129907be45725776afc2d6ba55b3399ec6c011732b83 |
| SHA512 | 5760c996fc73dbbb53b64b7cfd34aa443996293c3aa281a3e94e2b3cd0c95f2be145ce1690786499160c736c48dcd9adfd040c587fa77e945a32c0ddb07dbc68 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal
| MD5 | b16c2228580d6dd3dda8378174549d98 |
| SHA1 | 9c0de1f76e9b12349e81067059096daee6133eed |
| SHA256 | bd76d18b0d1c5c345a065c28db6362ef58b1e8d71be71a50b05d06cb8f257356 |
| SHA512 | fa1e540d0483df716acc8fff540b1bf3c23d821ea03cc90767c7a62fad036ead9a90b308df9072eeefcbf19859b0b541f01dde1e89e0b90f842ecfd7ffafbfd9 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 9191a2dcb8ae5b3aa6c5eee21d22d040 |
| SHA1 | 609fb96a5cb4b956a26a7b136eff1702329af0f5 |
| SHA256 | df85fc6c112cfe612ec0973e9d839cfb89db6b1455b6798ca9aa4463a39c4f0e |
| SHA512 | afff2a22379e02aa9c9022bcda735be8dd7b534625150a5db9e90bb477f4c82ef49a16c1552959ddc2590ce1faa120066494e622e31f4464a598b06d0d21b8b4 |
/storage/emulated/0/koring/coupon_list.xml
| MD5 | 691210a77dceb4844be7e02e5c76c00c |
| SHA1 | c270452727bdd4eb37457b34e4ba1546d18059c2 |
| SHA256 | 7ca1f745ecc58f2f5ef9b243e14dd93c21a14efafa6df01decd8e1ce6c906a40 |
| SHA512 | c6e6ca6025bce2204e55a79a85a241812f3d6a1bbfd9eba3f0412ffde3056b3dd5286bdf22288675a31fc426f53175f07c76645b87cea2b1b8c0d07be286d2f4 |
/storage/emulated/0/koring/coupon_detail_COUPN0000007773.xml
| MD5 | ccdb1c5780ccde0ad8d95abce0b225ab |
| SHA1 | 46b6d934f15a6440de5a8da8703b540d9f514d13 |
| SHA256 | 6cb0a3828247caca4c195a2d091e0a08495060be5d6988b5844a514047013166 |
| SHA512 | 2cdd3bd84a71ff5d46930293ebf733cc8e43626b9de7639d4551c544414b2aedbc689930dcaa41e1c059a9d7dc4a9823ee000b769842e9e1e475dc55108d5ad2 |
/storage/emulated/0/koring/coupon_shilla_182x230_140718.jpg
| MD5 | 0f6e375d836e20218c23c751e66e1e29 |
| SHA1 | 4556131f7f71e679ae0c6e0c42401b093092d678 |
| SHA256 | aaef088cc40afa531e952838b418caa45e7d689e2a26d9e6490d51fc84972551 |
| SHA512 | fb23b7c4d0e8f7e0a5d4d05c3942c7b255fbfc1e681fd389e8db94cc3ec127d801a3716d47730443b116298af176793a5381754810fbb66b251ac67b95fffdc6 |
/storage/emulated/0/koring/coupon_shilla_140723_simp.jpg
| MD5 | 0dc41e030bec856aaa9fe27d0c3093a4 |
| SHA1 | 1458337a6c4cd68fd0d613e536404e0487c7655a |
| SHA256 | 5b5fd5ecb0a0a90cf375f109a8b8082e00ed45f736d656221899a5029d043985 |
| SHA512 | 444ba8b48589f1704058132bd9f3e1e4139ead4f8dd4423ba9dab1591a5ab207b6f960c91758f86974432983f430977e593fbf7d98917045b45f8a58d02bd628 |
/storage/emulated/0/koring/coupon_shilla_140723_orig.jpg
| MD5 | 88c4aed575372bd33526032bc7d60524 |
| SHA1 | 1c70e07aa8bb30178ed7621841ab66220cde4357 |
| SHA256 | b8c4c04bc79e82cb4613cff4281d543689cda12d50dec29996b1e3b04751bef8 |
| SHA512 | 8243307afc1165362d88ac14897f8d16d1488446b63e7061f30f03999720121e0249b1b1b95f9234e7a9db316088bda77ecefa2425e255d4b68f6d6002eb1c87 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-journal
| MD5 | 9df9793ed5ceeb7e2d0d09dd8e19c4f0 |
| SHA1 | a9509d26a6b2adedc6faaaae3d3834e254f0662c |
| SHA256 | bcd4b0b6a2cd3272f370eec2a05c3dfd61f11f2c49378441f6bae04f65b83077 |
| SHA512 | 4ffcd749e18e54eb8052332a665b93aafb4b235451383d8c8225e92e441389a8649c955334ad5cfaf1cf069721b8ca8cf30a618a39a62010ce6005f0ef74f6e5 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 983a9c3dfd629618b308df9d4f61d949 |
| SHA1 | 80b9aaea786d85710aa6ad0242f4532d89c4549f |
| SHA256 | afe33e3dd6114e246118ea956b377e8a7e9cb130edbcc790a6318d3efac51666 |
| SHA512 | 065e185f4d3f26ecf96abfbf2890488d6f23588b78cc0a18de350417bcc8acd73de58b37b28a9cd69f4f846c7a0cb3c30f569a6fd175ade7ed6003fabd400b10 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal
| MD5 | d23e593192e61c061acad37c05c45d82 |
| SHA1 | ad31ecc9f17ad96a3a6b78829bcf715c9d2991b3 |
| SHA256 | 7ec9360c37adb1a4b5b2e9ca9a362475399775166b50e38465e9fd290fff945b |
| SHA512 | 3682ec02a7cf3fcf1f85ab867ec60a9a0c1103f950f222e0eee46eaada5697bc5269dae451b40594f4078f0a16228368e8af6a682ef37871c7b24e05255df459 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db-wal
| MD5 | 2ea23f6043f6bd7af99e6a9018992a2a |
| SHA1 | 4b2235f5d7d947fbc06aea93910bc0852d3694a5 |
| SHA256 | d840307b0cd17ae9fb877c0a3208d241cbe12615631a1c3b5db3c68205c3e105 |
| SHA512 | 974a9c8dbfe141612206b608371875977a264f04a0c1394064c2deba336f3760291d0fff0f0fb05b241381956f24cd51b653e94b1c1573fb69fc084161345bc5 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 3ffe4e7bf7321ea6959bb999e9e01776 |
| SHA1 | 88584fb3aa234c93e48fdf88b1e76161f7151fe5 |
| SHA256 | 82f2ea89b1d9fdca0c8de1d4bf58b6e471bd4e39ee53b24dda073d3a48d63bb8 |
| SHA512 | 27ecad72c7b4f49f25c65f71336dd40d3ec6926e7a47147677e3faf13ec227e9ee4cfc0b89383b218c7679e68cf731f6035e1433bae3ea2b47645af80cc77b15 |
/data/data/com.jingzhaokeji.subway/app_push_lib/oat/plugin-deploy.jar.cur.prof
| MD5 | ec24a38e10a2be188ca862d366fd7727 |
| SHA1 | e695df4b933ddaf94faba7901b994828f10ef3a8 |
| SHA256 | fd40221943d1cde63a132aec655a9209c76722735c07febfd7d45e4b44a026e7 |
| SHA512 | 1ccf33d983e4bb1b2196854febf1ff810c340bcc68875820771f9189ef2361e0633c40cf48d3328f4105e6b8c91bf2149be44e365063ddee78a7e8f6f25b7fdc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:19
Platform
android-x64-20240603-en
Max time network
173s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:443 | tcp | |
| BE | 108.177.15.188:5228 | tcp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3-dz.googleusercontent.com | tcp |
| GB | 142.250.187.194:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 172.217.169.74:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | i.ytimg.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:19
Platform
android-x64-arm64-20240603-en
Max time kernel
179s
Max time network
189s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.jingzhaokeji.subway
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
com.jingzhaokeji.subway:bdservice_v1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | hanguoing.com | udp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
| HK | 168.76.33.48:80 | hanguoing.com | tcp |
Files
/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar
| MD5 | eb356fe265146cbde53553afe1a05474 |
| SHA1 | 43b5ec859d2f90c4948006fd0ec7a3b9c5e3e651 |
| SHA256 | cfaf9a2e8c29d61ded5653faffdfca1fdbf34584cba72f0c57f0cb75753d94ee |
| SHA512 | df80fb7d885671cb38aa1eb0fbf33b3c2f7c0faac3cbc092a25468e6d2ffea92f03a241abcb2ddff7d82870aaaf96f67f359d82f735564066e9d570b7cc75eb7 |
/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.key
| MD5 | 122a62ec0a3b372ca8ce70461afa4592 |
| SHA1 | 4963863093ccb67c917eb0683fbfa06b2ceaecbd |
| SHA256 | 09c6ddb31db47b32f16d4fe14c4a4673d846421a1928c6edf82f1e5706939b76 |
| SHA512 | 71589f59a1875ded5f571f79e46eae9f46fd3b1c2aaa0f817529bdb7a1b51a16f86642d78b25123848197d39cfd0711bb897e8d8ef5862615cbbb00e94713516 |
/data/user/0/com.jingzhaokeji.subway/app_push_lib/plugin-deploy.jar
| MD5 | 8e77268a9906f53b82d594b0880cca8a |
| SHA1 | 3e7cb9567dd54527a9fa455954d51926f794d4f7 |
| SHA256 | 653f2757edb0e8c28a40c224cac0629fb02c6928f67e9c8b90c17c6d4aa7784b |
| SHA512 | fc38d7d92c4497656707c63cb4535e2f523390f34cd65d1fa0e809012a57fc4379ee55d329cec52bfb8d7cf3803fdffc673696b79e24c649052598ad2b2ccae7 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal
| MD5 | 5a39b4714aff02459a1df51bf3c9d41a |
| SHA1 | 605f13ece332c2c12fb4990ea274c8dd2a5404a5 |
| SHA256 | 2c1732a86b78e30a20675a1d950bb7ba8b7f4a4ce472a9101ebaed00e4fda319 |
| SHA512 | 27d53f489c1d6ed66223d1b0c4aeda1079005573a19f1cdfd920fd164b293d8e3b872bab77d70c64a867af5d4d0109cf7e06e4db471b6124c0ba2034035972da |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal
| MD5 | 3b39eb1e02f3717c0d07e9d313518f57 |
| SHA1 | b24d62ae69d09d1ceeaad8ad1f89acf5efddad23 |
| SHA256 | fc381eef8417afcbb15189f966acfaa0f2447ad8415f458062a5547b8d0645d1 |
| SHA512 | 4a04d7db19926b0ce43adefec7a402e67bb408553f3dd7edbf494535ba561994fe459504c8f5071b86dbc7459a92026020e064c433e2c6952acf04b2428bb710 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal
| MD5 | 18c6fa91ac450e1ea3a3220958e4a2ee |
| SHA1 | 97a790c8e37a5627c872789dc35e2ae1534c6225 |
| SHA256 | 43f17c0f8446d60690029352b73ce5d77f50097bdc46d2992ec5b1b11a19c939 |
| SHA512 | 47fb79d45952f391c1abb64f18deb84fa74626244aebb3df6aecf149de7b515a1c63c7fb6731ca33c9687bd1fd4c6ba75214c46dcf4b3c6b95da7039291dc1f0 |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal
| MD5 | c69ad6541a898190ded11c6e41a02ca2 |
| SHA1 | f6a0d6adae66355b151288f3a72c588a90ba0b6d |
| SHA256 | 5e9e4350ec1e7d57651a01c28b29c7c82499a6af339d19b9b860eb097585382f |
| SHA512 | 0294ef4de97101a0a2816d755d9ebaadb0f59f4e12e2ec0ed61306e1ef1a63ec22c730dae2fe1032e2cf9d64541558c860bf089d4fa9fe31d87bdee46ee6defd |
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db
| MD5 | d276598b3c20af85f35ca91d95162538 |
| SHA1 | 135f90e057e5f3c2cf23168e9b54b2bb93b72ccd |
| SHA256 | 2ebc5ffa53804a2d2462cf269ac9e9bff64bedca83c8e0564ab0517e2a5bf503 |
| SHA512 | a41382bab161598e41a2d199e36fbccc924a5cfd79905a2cced6de890cfbab047e583a62dab944cac5a01a003bc3d6da16b54f1d9621a1f90e6a2bff68a84006 |
/data/data/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 9191a2dcb8ae5b3aa6c5eee21d22d040 |
| SHA1 | 609fb96a5cb4b956a26a7b136eff1702329af0f5 |
| SHA256 | df85fc6c112cfe612ec0973e9d839cfb89db6b1455b6798ca9aa4463a39c4f0e |
| SHA512 | afff2a22379e02aa9c9022bcda735be8dd7b534625150a5db9e90bb477f4c82ef49a16c1552959ddc2590ce1faa120066494e622e31f4464a598b06d0d21b8b4 |
/storage/emulated/0/koring/coupon_list.xml
| MD5 | 691210a77dceb4844be7e02e5c76c00c |
| SHA1 | c270452727bdd4eb37457b34e4ba1546d18059c2 |
| SHA256 | 7ca1f745ecc58f2f5ef9b243e14dd93c21a14efafa6df01decd8e1ce6c906a40 |
| SHA512 | c6e6ca6025bce2204e55a79a85a241812f3d6a1bbfd9eba3f0412ffde3056b3dd5286bdf22288675a31fc426f53175f07c76645b87cea2b1b8c0d07be286d2f4 |
/storage/emulated/0/koring/coupon_detail_COUPN0000007773.xml
| MD5 | ccdb1c5780ccde0ad8d95abce0b225ab |
| SHA1 | 46b6d934f15a6440de5a8da8703b540d9f514d13 |
| SHA256 | 6cb0a3828247caca4c195a2d091e0a08495060be5d6988b5844a514047013166 |
| SHA512 | 2cdd3bd84a71ff5d46930293ebf733cc8e43626b9de7639d4551c544414b2aedbc689930dcaa41e1c059a9d7dc4a9823ee000b769842e9e1e475dc55108d5ad2 |
/storage/emulated/0/koring/coupon_shilla_182x230_140718.jpg
| MD5 | 0f6e375d836e20218c23c751e66e1e29 |
| SHA1 | 4556131f7f71e679ae0c6e0c42401b093092d678 |
| SHA256 | aaef088cc40afa531e952838b418caa45e7d689e2a26d9e6490d51fc84972551 |
| SHA512 | fb23b7c4d0e8f7e0a5d4d05c3942c7b255fbfc1e681fd389e8db94cc3ec127d801a3716d47730443b116298af176793a5381754810fbb66b251ac67b95fffdc6 |
/storage/emulated/0/koring/coupon_shilla_140723_simp.jpg
| MD5 | 0dc41e030bec856aaa9fe27d0c3093a4 |
| SHA1 | 1458337a6c4cd68fd0d613e536404e0487c7655a |
| SHA256 | 5b5fd5ecb0a0a90cf375f109a8b8082e00ed45f736d656221899a5029d043985 |
| SHA512 | 444ba8b48589f1704058132bd9f3e1e4139ead4f8dd4423ba9dab1591a5ab207b6f960c91758f86974432983f430977e593fbf7d98917045b45f8a58d02bd628 |
/storage/emulated/0/koring/coupon_shilla_140723_orig.jpg
| MD5 | 88c4aed575372bd33526032bc7d60524 |
| SHA1 | 1c70e07aa8bb30178ed7621841ab66220cde4357 |
| SHA256 | b8c4c04bc79e82cb4613cff4281d543689cda12d50dec29996b1e3b04751bef8 |
| SHA512 | 8243307afc1165362d88ac14897f8d16d1488446b63e7061f30f03999720121e0249b1b1b95f9234e7a9db316088bda77ecefa2425e255d4b68f6d6002eb1c87 |
/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal
| MD5 | 71283728b0048958e6b2513ba4757f3d |
| SHA1 | ff9426044ece68b926645735989964ba941492e0 |
| SHA256 | 1c2ab9ce96b7cbe4d0547e9c0a3babb11fa78201a70f4154996a699ee4c9ad13 |
| SHA512 | b110b3540977a9605fd169cb7822dddb5aaf7d2b972029788e0f0a3b9ab761775e11e0dcc353420360a5962df5aed7138c7400fdff2300e0476cfd038e712932 |
/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 3373b7deb200ea548919884506800560 |
| SHA1 | 7172f8ac9bb6e668a033377d1bbf016ec1e70046 |
| SHA256 | c3e37246eddb46e07ae86742cbabf053ff35afe3864c01219f1013284622d731 |
| SHA512 | 3afa65d1807d257f8af9688b0f328dcc0edc75bee45fde6718ad9ee3f6b2d58b2a030969843d6cdfa6a46d9647019be9880edef11e672b2c5324564eebcce4ab |
/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal
| MD5 | 54775d453ccbb5b9cc2af7697c04c886 |
| SHA1 | a77b8e0307c8c4b4fea2b3a72566bf5c2c120ee3 |
| SHA256 | c440fc511a95204daa5f567c7d5a89b69123cd48eb0b16861bb5c33c4aad9da3 |
| SHA512 | 0be0a6695d6f4b1e12a20c207b25e608d373494424d6a6a632a23548a6e232d3ad9fd506c9bd476684b0a9e27a94bcfe5cff994863b458b58ca3d01a2076e4d7 |
/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db-journal
| MD5 | c9acd22e05161f0061df76f52f5d0923 |
| SHA1 | 71ff398183be7645507010d5e50a9d1a11e7f942 |
| SHA256 | ea7b63466ff42ec4e252e2d2eb83e82cf685d4faf97c1390b669308dfb16141c |
| SHA512 | 4e43a8058876ef8f2e08308e5e2e678942d0f4c12e0250834e71863befbbca2c3e30cd5cf2e815971b41d46fe7f63bebe74eb400f7144cb3295d1891aefa7a5e |
/data/user/0/com.jingzhaokeji.subway/databases/seoulsubway.db
| MD5 | 0a35e0626a4db60cae8bef2dc6e9b551 |
| SHA1 | f9b1f4e325f20fa2fcef89d2df981b6bcc2ccabf |
| SHA256 | 3d655a15d48f846d287f67c66282e783815cb18eb0f80f0818daeeadf6642a29 |
| SHA512 | 0bf83dae1a95aacb7abb9467275bb005ccda9811a3b531e575d22cf793d79b326926f171d03fbce8c256f8b998372c7f4d83768f871dcc91b404255ff1159b37 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:16
Platform
android-x86-arm-20240603-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:16
Platform
android-x64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-05 20:14
Reported
2024-06-05 20:16
Platform
android-x64-arm64-20240603-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |