Malware Analysis Report

2025-01-19 08:10

Sample ID 240606-da345sfa9w
Target 965daea2d7a5baefb63ddef1b6941d9c.bin
SHA256 b407641a36673ac61f4f238707e57167c0478ab5c3f990be26ccb40a1de993be
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b407641a36673ac61f4f238707e57167c0478ab5c3f990be26ccb40a1de993be

Threat Level: Likely malicious

The file 965daea2d7a5baefb63ddef1b6941d9c.bin was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 02:49

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 02:49

Reported

2024-06-06 02:52

Platform

android-x86-arm-20240603-en

Max time kernel

156s

Max time network

182s

Command Line

com.tkvip.platform

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tkvip.platform

ls /sys/class/thermal

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 m.tkvip.com udp
CN 120.55.19.202:443 m.tkvip.com tcp
CN 120.55.19.202:443 m.tkvip.com tcp
US 1.1.1.1:53 esb-appserver.tkvip.com udp
CN 120.55.19.202:443 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 120.55.19.202:80 esb-appserver.tkvip.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp

Files

/data/data/com.tkvip.platform/databases/ua.db-journal

MD5 0b01c9b967f73b88781e9630e55c51fc
SHA1 e61d4d0e1bcd6cc95aa41d7d16fc5b5eb861c152
SHA256 eefd31807dab1281eb415a1ed93f82a0da8354ede6ee895358d239b819a8d5f2
SHA512 61ad7cdfb61195d23517cbddd01da8a505e536ed9a0f013b250b84b5e719b6d76f5a0aa6ac0e78e4a36a28e19491069029fb52b1b20e77d04b3b15565bdbb214

/data/data/com.tkvip.platform/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.tkvip.platform/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 64bc77eff11da15dd45d685492e511f4
SHA1 e2736ccda46de9448511b934b445fe0fe4dec77e
SHA256 f227cff4c2bc686ce6d1cd9875f6d5bed8576d9320b24d71307216192e516992
SHA512 0c2d9175aa3f3319a0ecd76469d66fa9aa77875972d217750b2fff01f29a95c276d9e0fbe96eca98fd22c0e3ad8bd2087666121eba7b461de83a747303d67d90

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 92c5bc04536059a3a0d7a01d0f572e79
SHA1 ab389fe7c783cb7e4e50ab9197c7c3c9942be7e8
SHA256 3d88e6f9cb6ab4cde1b61f89d234e5b085e492c36b2d728d33b2081dcb0f7ece
SHA512 ac8e4e5c89408746fb1c07f2200a537c47cbcb34e111950af5cf8b279d44461965b2d9cee1466adf64d62349f84303c0ac8254a45eb575265d14e0a68994ad88

/data/data/com.tkvip.platform/databases/ua.db

MD5 73ac505cd3065623ddf568b910497a47
SHA1 bfc73b3cc48af5632727588237e08c3063b21a84
SHA256 6f7afa6e084b8acdff058ac7e9705e0cc820d69ae60cdb6d353e81a8b4b4c612
SHA512 57c3ad0829e482c94939795647c9a4eb9730059d5ae2a869b46d5724c5ad4ee2eafcafdd30f52cccf86d764c423e9d9ad867b50041d66b62582b7e460975a064

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 63c20d57e040b8d813a939aa04fc643d
SHA1 86ce5a905127007b32eaaa3496e8ba5b83a2b6e3
SHA256 b3f6c6b7de040bda70359707487b20c19b85002ec935a2e1b40e8749fb7f635b
SHA512 431117a0355cd3635ba277919fcf11daacbf44f91dee0339bb79177042eef1a95d593d02c76d77be99a5bd9843567bd467ca8d71d82a0a982922ee5e6cd21469

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 501506a4d114af619d5301c4c2b311c8
SHA1 7e93ee9a4b34d4a0588e639e6f1772df47ed6eac
SHA256 875dcfa4580894b6c15dd497b870d2669f013feb214f261fc997c30a75643f60
SHA512 4124f28e4aef7c15f9dd1e24869da77b017b7ae0073f5e5490bc8e2470f619a499a0e79ff898837beaca1bbec89ca69f35d0f7100e3be67e1919ab7b36bbd815

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0560afeb87966678701dc0b1dd4af69b
SHA1 324e6bc1eb27bf0b06deb4754ee56080b55e3342
SHA256 4c38ae5d25d22ae5ccc0b91304dc330b2f33a55a706698425942bceb4b65efa2
SHA512 de9656bba9ea044c63e2921f38b8d38571c286bcb3c2d00bc986732b0a502afc1163d7689706a165a068191365145010c8a3fda183258564add3de7f3cd6861f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7552cf070459d33dfcd21922322c39cc
SHA1 9db485ca084847463f5ecf9ab67b873604b79b5e
SHA256 bf442396108cf9b37cdf91b730d85ab0e0f88445fe9e87a65253599a2b51226a
SHA512 f3cc055942534ae46c2348c09cf473f1dd813ded44d42d9c9b0cf0d17c94383e188b8ebd4eeef7276fc89da451e872505df0aa7cf1f64086a95949612370db3b

/data/data/com.tkvip.platform/files/umeng_it.cache

MD5 bbcea85e08428179073433dcee02add2
SHA1 b20a938a02867627b216d4469ee89201ca1f0ce5
SHA256 461252e9131a918762919fa71655fe9b0b57086e91b05cce65e6f8d7de5a7bd7
SHA512 c9c063739dbe05ba53d44a1421fbec1a3403bd8908c50db20a9e49ed9e43b96dbf33130056a53a5f85e6782f1ea3883bead701b434bf0cdea9447cb79a42b56e

/data/data/com.tkvip.platform/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjQyMTc0NzA0

MD5 72d004f88e82f9b9f3bd38fd498bd653
SHA1 9474852b0b8cff98b0a5e15863f49494e9c413c7
SHA256 77c498df5fb29adc322498aa64e7e4f4299357cecd8f8c4d84e7d855964cc440
SHA512 a7bb00dcd8cb7aacc34e4ed5c8f4bf0a799e57b58d84817b782c426c37d232b6bd467b77ba69b3cdc4045364cc163a87c25889f0c965ae1bc68d89cb4b078ae3

/data/data/com.tkvip.platform/files/.umeng/exchangeIdentity.json

MD5 e2acc83995f0f4236aee47e8ce1e67ae
SHA1 0bd63baae81e23458650c52533959674259fc0ca
SHA256 072f2c6675676d144ce62f3de5fec17965f279bdb4b86459b08c5f42437c0310
SHA512 35566f6fb5d77d8dfdeb4bde6e1dc8f1d89ebdd7eaa85cea6c50f2988d4de657556503f69f9a3a5b6539b808e4853ad6f9dad2e339ded496af24efb1c1492777

/data/data/com.tkvip.platform/files/exid.dat

MD5 1e3bc3fc080be9179cfcaa7c00718995
SHA1 2ee11f03a522cb064aaac1cfd64292bd8b48f859
SHA256 d010e0529b3c12f131443f6b14a5c639a6b6308d8e44e91c81629ac47e8160b5
SHA512 10f673d7c9f6b102176f7b73492e95a47a38dcf01185496152ec5cdd8ec2f9f06468865c1d09cf5cb6aa6633036e8c109c36b600801c0d294569e0befcb00d26

/data/data/com.tkvip.platform/files/.envelope/a==7.5.3&&1.3.9_1717642174781_envelope.log

MD5 76bf6661641e981c3f96e7dd94ad9ad2
SHA1 17907a70c3aef8799acb72bedf432e50a348afd4
SHA256 378e1b1382945bb84f78fd39c5e0cbd1552a18cc7b04a4627a684f5872fe3abd
SHA512 9d3a3deb57859fdcd502eb8fc5e451157d7303601ebcf3fcb345cf4eced59fa7fd91b60047c25e46071be07edac961f67986933948b0ca1d3c8d4117eacec8ec

/data/data/com.tkvip.platform/files/.envelope/i==1.2.0&&1.3.9_1717642175891_envelope.log

MD5 4e4adc76876f74d222323ed5c7bd5eb9
SHA1 d4a23a00bab44ad1379b7d6e894c9256ae26947b
SHA256 f793dfa6f8517f39d99d8913418048bce207bfbd2a50a59261cef24d50f96d8c
SHA512 6004b25caca94624d39ad8c8b2486158f056fed8cd4d281b041de7a7bdc62846c1358e3342188b572b346f4d0205ba0e72f86f12c18f123289edad3849d7147c

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 80a347d9e03d96d4e6198c24fa1f8131
SHA1 ded6532add2582983ae8f75224509e633a4ca74c
SHA256 085a70243e9d227e2bd32bb28516f384185686b793f119ffe0df05200a32225a
SHA512 40afe3071c2be57d9d6e2252f7b70f59068d8d1e12e3fa88029c0f880b5dd56722410b0272b7db0378819741912af46231e8a9abe0b4eb8f27b7635cff45d344

/data/data/com.tkvip.platform/databases/ua.db

MD5 fb4042c2327f8e12fa122bb0e5729f79
SHA1 e10c3f51eb443a105a442d1c21b2e193c6100a8a
SHA256 9c787fb60f0048edbf57635b25b7f57f4534d041e236d5f2ff0ccc6cdbd4291a
SHA512 52dc75d7ff163972f882cfc978fe9a95130ae14a4d5080de9eb99df347cf7bf3d94fc967daf4f8c9e950fab955d89ffa6047b60255d9528761f9fb6d649376f6

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 5792d22034963ab864645508d6811a97
SHA1 2c5903a07abf6e93022163a927f82ff6ece4c8fd
SHA256 905c2085fee16778160df234909ff7a3765e94b06ab44298f26d202e1d862db4
SHA512 3a254cf74564a0485aedb4cae4e8953ce29b480fd38afcd3cfc7c7174fa8aee6404f09b809e7020ea9992ec4a06366f6c3bc42805431e84baab207a360fe70c1

/data/data/com.tkvip.platform/databases/ua.db

MD5 55ae2273fa29feb8157399883cfae1ca
SHA1 d51b6c8a2970a07e1a699da5bcf74f6128354fbe
SHA256 30fb09001ae644764c670b74095cbf2ab5fd3a378b8975e8ae6b9d339c0ffc60
SHA512 f54c23cf813a72acaf0fbb138992d20b257daa55e6deb1e7bc132c5df48e1cd0829c26838c263a92ed13e0571e52f9923c9f2cf36a367d31f7ecb0da96780e80

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 613b3ac3b17f16071c15a2d587f6d91d
SHA1 ca4db34486e69df255a09be9dac6863dc6bc8cc2
SHA256 7fca1b2cfbe4b53bc4fa751c82b2dc1c721a7de035df5edcfaa174c69bbd2f3c
SHA512 f60b8e74b9f8233add80978b928d839287ffa39d5d8e14c86a51a622253f67dbd0d20fcd226150847d0cabd91e64488ee72e6f4e096a696c192baad4e97a02b3

/data/data/com.tkvip.platform/databases/ua.db

MD5 0028700658c1cb950c1c4d874260a923
SHA1 56ad6e2f49b311a1f8bb8fcdbddd92387e412054
SHA256 2e44ba518cfd6531ef340570ffed7e32e842a6b5dbc8eed4093890c186e584c6
SHA512 c0fe5f59a1650d39e5a83a9512e445eed762c2910d9e5212ea7a2e097a2408c5f2d0bcc9f7c0f2e2de974c097f78fafe6469040d6c537d709afe188976ab2bb4

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 1b6ffb390f1aa15c76fdfa9476a1e718
SHA1 64829cf3becc4e78e290fd0d09797676b129c5be
SHA256 94912cc31798195af3e4221edea17ecea5506d7b06efa9459055b5578c447aa4
SHA512 db1d9019db6e302c99eea0ba136aaaac758e2800c0dc8fd8c058b905ba8db050d9b8a85427efc902a37204e26b4ab935243d0656100adafc70186b3987c587b0

/data/data/com.tkvip.platform/databases/ua.db

MD5 6baddbc1d9578eaa0b02b203929408a9
SHA1 188b13415ee5c8b9e41a9e43335f30daf0138ebd
SHA256 ae8622bff63e1479806538771a56d2ae3bb891517bc070992f73afb440c527f7
SHA512 f458e6491731bdb60ddf8edae2a8816fcfca81f74efc1d69786938aabbb0b026abcb05bbed84b3e254b196f7c17cbd427e9f91a45b658eb1eb5a34a7d1f13b1c

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 c8b42c7efafc7bc49a055e034bfaaa38
SHA1 82fc1ac69ae79b45d0fa9c9d6932813e06735e2b
SHA256 4c3e8fb6f5d83e14903c1c8a2addea4ad31c768312032c92a16e526c8ca375ae
SHA512 6d21a05e902e21b1b4607c3ce69a0dcc39cc0021340b462eda6bd82936b557018b34469cd64fff0c707c39b6120ff888a5af69dc54486d650da01e00d216e59c

/data/data/com.tkvip.platform/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjQyMjA1MjU3

MD5 90a85931854981c784ca5c74d7c74649
SHA1 3c801f34abbf70fec0535772b666a7525d6d7202
SHA256 a2b81ed223457dc1fd4444cfe980662b09ce1962dd5aeb46975a869dddf341dc
SHA512 2049c4ff34f3912d3b0666062a4479d1cd377147e8b12ba5153b087efe67cfc9eb8f83ec8826d5ab8bad475079c9d7fed78aa4a038502a746f6440a9afb71f55

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 8123503cad8eba92022b28956737c9ae
SHA1 7ebbbea81f3a1504d49ef68a81c5fdbd42df4e85
SHA256 ab9a70e370fdc20e6950d461c935c7b56ba9a3b24022d0c3c43807246a1612a3
SHA512 be4b00eb512292cb0883380d0b7e74483aad2965292c6a15517afdedf936bb3642510e06f8194590ead15353178e4f0cdaf446f7a5534e9d20d0e662c21835ac

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 6234b259fb3622dddfdd244d88b22640
SHA1 1a47bb9423bd98075d690a552d9916a4bbf021ff
SHA256 986261fc9ad0fe250479a49ba511230cfd91064add78f0a1dbaad78831ce3069
SHA512 b55401f52c0cac6fcb35d0b5b296ec258a5c6d2ed29dbc60e039e3c8b82e12194a6c06fb20e3c429f6be9e97bffed1da1eaa46145616bed81c8096178bae4457

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 34b7378c9ff6f4e8e36775367dc37232
SHA1 7d7c8ab328ab0cc222475cfa147d74ccd2a40e07
SHA256 f42921e7e2c564a5af9a33e3533074c152c29fc4618b9c8cecf3ca4ce8cf0689
SHA512 d9d7c538adf166548879ff1c233ad987b6787a76f5f65468bb3cfdf22d492417c9cbab26d5612fbae0006e71127751acba28a873f90517e081595d3a02fd2339

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 60601a3522c050a6bab255e57ba3b737
SHA1 29619a43169359ccae317ffa46cd4f0aa6e48644
SHA256 9681f3c3e6df7ca554bdf95451f9e2fd4c43761a420d1e4a14e91dcba13f0a15
SHA512 3885ba5512a23fb31c4cda7dd8a1ff8fb2a4f56c02c21c6593c427aa5cdfeea86a3e2ae46cea8a6252697cfd209f9dd398ec9ec53ec689b61716d49ac3fb90de

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 03e36112e2a7407f076a4cce3ef22179
SHA1 6abea937230cc9a1437c82b756d357a89fe643f2
SHA256 1fb0b3f0d314f465d0355c6e927558ea73bc68ee04a183f44318fc5dc7528f63
SHA512 b914b54b82266191bbae6933d97bb09126b889b396ca40d79795c50853729ddb5cd99651cb5eb34b99f2d4aab14be4d8f5176be78bd7b678ecc944f1351065ff

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 b1ac3be2ee14bb80b9bb1863399572d6
SHA1 fb64e7211d24cd8de93a702b4b6e19ad98be8da3
SHA256 a55f0a7b336cdc8fe600686b8fc641854c53f11226e29ff467b7653aba4ce0fa
SHA512 07047de29052c4e0690fc781d27734421f2780639eff4d7ce65bdbb4d0cde154830797f59ca181dca5d833cd5ed8d5a63bda48fad6726f68c9441ecf78891312

/data/data/com.tkvip.platform/files/.imprint

MD5 278751e814a6cf1ed2f17c13a288d620
SHA1 005fa7c775b0cf140d24a0b706cf3f73acd44b14
SHA256 470e8303b96bde1a5864bc2efb53be993b6d265b512cd974529d13a3d615b87c
SHA512 2f5e59f99ab0a2e7d4c77ec12a52748874d2175e9f1f2d7d041461a2a86006163c2e9fb365fcc8594f846d43450f91daf53249bada83c2d28ddeb176b675fcb4

/data/data/com.tkvip.platform/files/umeng_it.cache

MD5 7901636deca8dc15a0cc20145e79bb4e
SHA1 8c03624d5ed73fbbcdfbcb0453406ae200443d33
SHA256 ca997013c7e1ef66fda2e4ebb04089c6713b1fdf5af363516b657c34575088a4
SHA512 1bc695f207a661cf513f8a95e986bc4b33d5668a49c8ce183e8f48aa971c2bc826505b375b37e0a40f8c42d0dbe93d1cc9b9a868395193f1a02894e8f2a3d332

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 25af77dc809c300ab0a40caca2231e3d
SHA1 112d80a59899515fc1b4a495eb20e57525afca51
SHA256 c33dc268346cd00a98424466167f8fbe96250666919b1ae0a8aecef86182a155
SHA512 d33d1c21d787afa36e2a79f8ea82b8a0fa2067cdc57ed61e04160c0a2ad3a148f95e8b4b0963e4fa2234fd0cdc39c5cee8acd2adcbccdac5251b4b7c40d004c5

/data/data/com.tkvip.platform/databases/ua.db-wal

MD5 52ac83b4b35b43930e4be97ea69c799a
SHA1 89ec22a0291233fd363eae51d459432fc1293928
SHA256 2dba4642252787f64ee9d7858e60bebf9e5f6e8161239e677f5b539b654389c7
SHA512 91309dc296b824598702f3102953e4991df1287f875b1135a2d4bebaab91198a29fee79d64c2446d40be2539eff9b651b527f95558e52c373b7438d68193d1af

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 02:49

Reported

2024-06-06 02:49

Platform

android-33-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 udp
GB 216.58.213.10:443 tcp

Files

N/A