Malware Analysis Report

2025-01-19 08:10

Sample ID 240606-hknvesag7z
Target 9a2e865f75b1b932d6194f7358478483_JaffaCakes118
SHA256 4919b53ee4affc43e448ca942f40e966bb57035bb279598967eeebf387d5200d
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4919b53ee4affc43e448ca942f40e966bb57035bb279598967eeebf387d5200d

Threat Level: Likely malicious

The file 9a2e865f75b1b932d6194f7358478483_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 06:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 06:47

Reported

2024-06-06 06:51

Platform

android-x86-arm-20240603-en

Max time kernel

152s

Max time network

175s

Command Line

com.baitu.fangyuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.baitu.fangyuan

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 47.105.61.82:80 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp

Files

/storage/emulated/0/hello.txt

MD5 8bc5e7cc4966fc6440e1ef05718b0438
SHA1 6e9363f3392e439b270e4e63d86596859b7f41ce
SHA256 a2428299ca20eb46389bbee8989e790f9a2a150808a1f473339fa89c2ac1fe22
SHA512 f5668179d46194ce2e7ed764b0f13518dc791fc71a4b16e3d5be5043a1ba2880d11b421fb1f405423bf539950e2c5a510098fb008437dbbb204e65556cf40c1b

/data/data/com.baitu.fangyuan/files/umeng_it.cache

MD5 3b543979b846eca4ccba4721e44fcb22
SHA1 13c79590f47ef83e77faf1adc8538bfaf513154a
SHA256 72c39658f6d37d71db86e30dce1e3e615eab94882ace0e7573421006f1109e72
SHA512 547614c47b1dde8a65ffffda22695c08305609dc35f26ecf3430b0ad51325f2c2a58349cff488c748290ec2968b10e813801eae07a36aff61333caeb44ab14ce

/data/data/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NDg0MjM3

MD5 51c1f4bca8923dcd8849abc294f34934
SHA1 8df8ef183be8ec2f67f373a83174ab7ace31b194
SHA256 19f21f5ee360f5dc0550761cb39e843f8784e4a5706210d1323fc0c5b80a2d33
SHA512 1a9951dcbc3316dc20e0c528dea49e2c37df7e55968e20d968aeb3d871561666f56b5caa9636117c02aeb7ef893cc8f4c7a867ba5969086925be9ee391fec734

/data/data/com.baitu.fangyuan/files/.umeng/exchangeIdentity.json

MD5 d48727d478eca1bc35b5d78e1f188ade
SHA1 11de3edfa73d2ef2ac4c5a615c1f272306060d59
SHA256 624facd5b850d527b206ebdef5a734a9d24d4c54c37296cb084d229b916aa1b3
SHA512 98e0678723b333e54b2eb4468f10093b221e2e002acbc9cf33cc24eb3c48077b4a6ee3f7e85d3f0d042c985f1f8e4f664399d766cd892d0573dafbe8b26641e2

/data/data/com.baitu.fangyuan/files/exid.dat

MD5 960da6bdbec590060c141c832a161bc1
SHA1 00b5b5b10f8ddb0e2a6d639e37a4b97ad2feaf74
SHA256 0817782477dae152ec078a13be2d8aa1faf46fcc88b249d66673b08eb1fac836
SHA512 786c0bceb64c52d4475d3e6e09f6fd5c5883dc194a88cfa32c9180eea87b14e3da2ec170844f8751fa6384da00992c3944db6fb9ac037b821b024a648e9f1e49

/data/data/com.baitu.fangyuan/files/.envelope/i==1.2.0&&1.0.0_1717656484797_envelope.log

MD5 03beb57202a9a4b5be3c78643f040741
SHA1 de0d4fdc8dc1948618708d46f51f34455f1ad303
SHA256 5c4c9cc44e53f042ed2e9b34012e3c74280023c28cefa14ee18cbaef22c6d59f
SHA512 493907ba50b5c2aebe17f4e0747122889e70de6270dc6c63a342d8bb7b8b890c027afd4bec72c0e742633d788c643983a934202463b4b1cbfa9337eb7702c0c5

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 04adc430d2fe6e4d6b6c8d61eb2f2327
SHA1 e77942033a78e791bc9b8839ba555f5f1db65745
SHA256 1e4676ffe7c029a11ded5e33c109e0e68f177f5cea2dcd594a6d91d3c4739fac
SHA512 de4b92567fdf73babb0bc35677678ca54f0f150d74fcbb69e796e5cbbf7c734143cb9a7cdb886c0133b9a25e0e172be336533c1406df343a8a26df91134feed9

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.baitu.fangyuan/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.baitu.fangyuan/databases/ua.db-wal

MD5 204bbeb9b6acf4fdc841f19884b7971c
SHA1 55d8302458eb4681a5ef1981bc9a5fe166a899b3
SHA256 ba73efacbb6606c4106449f32bedf46700c62d0ddff25a743816e8e4aa9b31fa
SHA512 da5a53234cb825cef87e3e830ec88f021205a30c1bdaf51f286d284317c843e911d31820874cae997f3b1362ebaa7cb308be014c69cdca860393df28c6262252

/data/data/com.baitu.fangyuan/databases/ua.db-wal

MD5 2f6fb3551c8e6697ba4dc1f298c09efd
SHA1 60a69519ea84d15438065651c8fff8b62cc79806
SHA256 9a7dd9a269afb82606120c21bda5a8f1e6b5177327cf41a5c577dd3c3cfd158b
SHA512 15564f50169e7136fe6a5a628125eed00b6c301f605bf2657629b845a5e0ae59a59fa54defb71b440a39af582f4f1d53cbb75479f57013075f27f0bfd8dfd543

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 73399057c0b40d5a60f53063f4a4178e
SHA1 ea9e8251af8e19ec1d98ffbe9271826d0cc74e47
SHA256 f14825a50e7e29e70db920abf3175f60804d342c7694f4ebe79a44100723e803
SHA512 de35f21547c9d23fbb21f308c83e9410dcbc6dbdcd984a271213ed652e9dce5f320e22681561a7f6c4ba80a5bbb81017f2f3948a12a30a3e7c458fc30c6f276e

/data/data/com.baitu.fangyuan/files/.envelope/a==7.5.3&&1.0.0_1717656486148_envelope.log

MD5 2b16c7892a135db8441fc040f5ea9839
SHA1 3b68c4f46c8de5f117fc61aa158c57f43ecb5421
SHA256 fde3d06bcfe9a67a960984d3b6da56c1e601f5b5ec1c19fe7207b701587a60ab
SHA512 bd4d2d122b66b580e67530ff7715cc0583ceba1bca544b1aa599fd2c1aa4e89a47f532ead34d0626dddf9e5ae87c45cea030996d654a28fb633b93fc8cb10c10

/data/data/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NTE0NDE1

MD5 bd194977371b6727ab14c2129ae1794a
SHA1 694cfeb36fdce2187607c659049936fda665e27d
SHA256 c6670d7c46c605a002e2b7e146f00d93755412f36ef4d15c8918c5d2170af4a2
SHA512 44e6688cdfcf2671d13d4aae7737a233ac04868e976cb97833d8909e32ec06c4794adcea453b7faeeee46dd9f3700256fe1a34502ffc8899ae86f2fc304028ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 06:47

Reported

2024-06-06 06:51

Platform

android-x64-20240603-en

Max time kernel

152s

Max time network

179s

Command Line

com.baitu.fangyuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.baitu.fangyuan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 47.105.61.82:80 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.130:443 ulogs.umeng.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.206:443 tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp

Files

/storage/emulated/0/hello.txt

MD5 8bc5e7cc4966fc6440e1ef05718b0438
SHA1 6e9363f3392e439b270e4e63d86596859b7f41ce
SHA256 a2428299ca20eb46389bbee8989e790f9a2a150808a1f473339fa89c2ac1fe22
SHA512 f5668179d46194ce2e7ed764b0f13518dc791fc71a4b16e3d5be5043a1ba2880d11b421fb1f405423bf539950e2c5a510098fb008437dbbb204e65556cf40c1b

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 8d30773ece4a61deeed692efc8f7af7b
SHA1 1b68caee29887d7728798791be93deb8c8373cd4
SHA256 adff3ab2e241a8115fd9fa9e5c3705fe52f61c1beb6cb3c83b0a749eb69ee97d
SHA512 979de5171b6a496271c36a3aa1123c1ae43e9d2af5e0b470fc92f24b61cce765ee3d7c442d375ad068f09046b16267a4e75027da878ebf06b215aecb60723bd6

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 b7036131b84bdf2b66c67fde18d62308
SHA1 18b1e5a358d68c846495cab5cfef7c6679659093
SHA256 c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512 256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 b1df94f888aa752ef5fad4095534ae63
SHA1 93a8b0f76f5ae0bbc277264ec4cefa428dcf7a20
SHA256 26aabfe4cd29319330c55c37d822d2b21f94d82abe8620f22df2a0afc5c5129c
SHA512 18cf9df25a577ae5998cdf92bb5ca6191fde2f409a1062600aa39ae22185c76dd7252b71014e6e9810e7da2a96ca7f61c66194035816fa451114f41c167de9ed

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 bf20f8110918df287f0d902169640539
SHA1 3d2fa0edd8d190f2a9b3ecb99a842e6d2382199b
SHA256 53967a560bb2582ebdc2eb3e33f4ca61a9064cb5e1fb9baec499f6105f3f22d8
SHA512 6285d52a33d4eee455f803e5001177da23038c0d55e86b0c9e5d94b5c4b9211ef3dfbd4e09bc9531ad003cf9fc9b6efe5c5c71439491632e1e62ba8bb353369e

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 415284ae66b8906be567f731e4ff4f1c
SHA1 febd1c9bb2aa314910513e560feed394aba8794f
SHA256 dbb19db83a430fed4bac79db018d782d16df8ef22b060a20a377c017db9a7ef2
SHA512 d5e2c13f9879e4f57cdbba9129b8cdb4faa13e39f7b40fe3d11e1107c78859de2b7e0bc1cb7c0686c6b7e015fee75544c13cb5bb34488dd00c354f9b8be6f08c

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 0024bbdec3a501ef8c97a52ae7041195
SHA1 c0b0085386751ba7f7badadd4da583655868bff4
SHA256 61389891cac154020c2d1be53838171adca8e8aeacf04af0050d13f496405b8c
SHA512 2530bad840ad9c3ceb623ee4ae112557933321d0628de5529f6bafdb4d7290f3b67c51dfd6ceb0525e348ba434009ea9e6f76a19549613492ab5cd6573891976

/data/data/com.baitu.fangyuan/files/umeng_it.cache

MD5 04ed39406125159e0011a37370900027
SHA1 0dad48639c66d4c2bb714ba9a2df3e7ba106ab7b
SHA256 ac2d26bed50440c5046391f3b912818c670500ee0ab58621b44d14f8d6044428
SHA512 8776e111d05d59ff95aae77cbe6f7977d062dc90734ea993cb34233239a4956f3796a16a90e726acb8397fb68939985b637a7ffeabbcb61f45526bd9c28a4895

/data/data/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NDg2MDAw

MD5 40cde4dcbd84a6143cb1f074171854d9
SHA1 f2e3942f212ce4b8138226da49ca7819aec3ef4b
SHA256 f399df1b26588334f92c332cc6e5434bee2711ebfe2be69e7e9be86bcfb0dc00
SHA512 67b39baa50e09c57bae584830836aa4761a8cfd4b71a69e8cfe1d22e83536722b94089b7648c27c08b562f2e6660d9f4d57e9ce989757876e686e0ea7cd2a727

/data/data/com.baitu.fangyuan/files/.umeng/exchangeIdentity.json

MD5 45cc53d4aeb14211e867aaceea3b3186
SHA1 e501dbe113aebc531bbd0b03e28366c7bc32175e
SHA256 bfc7cbb549dc87ff2161dda8bb6ce03874250a93a37c3e8b142e54f30d1ddd0b
SHA512 1083628316344c7106a6c84df1d092d257841fe67ecfc515ab51db5663b661addecb17e4af48273272b049e6a150c335894a5429776c71b66fa6a3b92140e211

/data/data/com.baitu.fangyuan/files/exid.dat

MD5 960da6bdbec590060c141c832a161bc1
SHA1 00b5b5b10f8ddb0e2a6d639e37a4b97ad2feaf74
SHA256 0817782477dae152ec078a13be2d8aa1faf46fcc88b249d66673b08eb1fac836
SHA512 786c0bceb64c52d4475d3e6e09f6fd5c5883dc194a88cfa32c9180eea87b14e3da2ec170844f8751fa6384da00992c3944db6fb9ac037b821b024a648e9f1e49

/data/data/com.baitu.fangyuan/files/.envelope/a==7.5.3&&1.0.0_1717656486432_envelope.log

MD5 619ef589e53a86ec72650073db49ccb3
SHA1 d94274d2a6bfb9a8c7a7ae03c605207b605a5051
SHA256 e427b65e4d6323d9e4132e99818814feedf1b867dce4dcd16658210792547fe0
SHA512 8760fb3941fad0407d78808bffc36f5dc2251b5f2b9a5b5df2987bef1f3ade8159f4f7d3e4f18d1f3bcf58624b2b96b5a4668f220c616e1043774d68e66d1a93

/data/data/com.baitu.fangyuan/files/.envelope/i==1.2.0&&1.0.0_1717656487003_envelope.log

MD5 27735a176e5060c09fc4060697708a64
SHA1 1423f86713bdd70e87f4fd8701106d9e918f0d94
SHA256 f7833c47ac3724244c26d5c0f9fd7b0f3b437b6e1bd123ea3b5df49f4d8656d6
SHA512 18cd45d1e906e016898d0e0bd4cfebb28bd183a8afbcc4a4a1a5166b40985a747eb04e3045017964a88c580f12d6f2cf3ce9c641f9de0942e3965dfcee454bd5

/data/data/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NTE2MjAy

MD5 e62efc5b1c90a2d6f22dff836d422588
SHA1 12292e58519429bacebb7bbafe71a4d0ead8b85c
SHA256 f9e74ed87ac7f6c71ebc635de275b559721b5d49b3e4d322e747a420250184aa
SHA512 0957170908170f30dcde4b52c6ffcacee68759f96934aad453f02f440ac73c92e20bce2b063c6f75eb0c1a93d4ab9aa59f42d0a75a66be302f78c6371137a356

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-06 06:47

Reported

2024-06-06 06:51

Platform

android-x64-arm64-20240603-en

Max time kernel

152s

Max time network

178s

Command Line

com.baitu.fangyuan

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.baitu.fangyuan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
CN 47.105.61.82:80 tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp

Files

/storage/emulated/0/hello.txt

MD5 8bc5e7cc4966fc6440e1ef05718b0438
SHA1 6e9363f3392e439b270e4e63d86596859b7f41ce
SHA256 a2428299ca20eb46389bbee8989e790f9a2a150808a1f473339fa89c2ac1fe22
SHA512 f5668179d46194ce2e7ed764b0f13518dc791fc71a4b16e3d5be5043a1ba2880d11b421fb1f405423bf539950e2c5a510098fb008437dbbb204e65556cf40c1b

/data/user/0/com.baitu.fangyuan/files/umeng_it.cache

MD5 b761b0ee446b98f55e06214cbc050bf4
SHA1 9b174810bebc234cbf6313213e1c78a3519b098e
SHA256 6137ec4aac5dbc1949300d7384ab6f8e79aa3ec8e4c7b44adeae78e8db8580d7
SHA512 9459824f6310d62f8a116547e51ca44fa07fa839d9bbe7fd100c56521b95381572420c439d493ba54c2c850cf6aff5a4eeed6c8fc9b350de11c0054108e5ef21

/data/user/0/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NDg1NTEy

MD5 8da694ecfa9f63c5c3643d5602f7f3e9
SHA1 5186b880b8ac36c6835be7af0994913aa2da43ff
SHA256 b4ddcb8f5f8919088613f3524cef74f11f8f0a23e1b46e1561bc8b8fdd828cfd
SHA512 022ff219bcb0abbc23a9bc4fec0accabf0fdb843246ab0ca83506680a73b5abce9a61ee74f8208863e76c190a880ebc54170fc63ae549d0fcd9f65f179e84635

/data/user/0/com.baitu.fangyuan/files/.umeng/exchangeIdentity.json

MD5 b57eb8702d3228874747115eb58ebbb0
SHA1 746b04ffba0231b671ac1696c9041d5c4aba94a8
SHA256 d5ccfccbae18ee31c03fda80e52b46009f9744e60275a555fc9b2408c5544246
SHA512 bab2799318f787469fb862ad2b2d5852ee26a21d566f42d69605cbdff8ff35639e0c5c1b57fb55ecd74b40397b17de5304556d784924babc197a3004beb50503

/data/user/0/com.baitu.fangyuan/files/exid.dat

MD5 960da6bdbec590060c141c832a161bc1
SHA1 00b5b5b10f8ddb0e2a6d639e37a4b97ad2feaf74
SHA256 0817782477dae152ec078a13be2d8aa1faf46fcc88b249d66673b08eb1fac836
SHA512 786c0bceb64c52d4475d3e6e09f6fd5c5883dc194a88cfa32c9180eea87b14e3da2ec170844f8751fa6384da00992c3944db6fb9ac037b821b024a648e9f1e49

/data/user/0/com.baitu.fangyuan/files/.envelope/i==1.2.0&&1.0.0_1717656486050_envelope.log

MD5 6a176473c8d22fa5300d18177bf8d5e8
SHA1 c21e343fbc86bcdeeee6a235d9eb1fa7827bed5c
SHA256 c23119381ad7bf5556fd73f10ea5887706cd761040a959eaee60996ca74e7218
SHA512 6dca71ca179c00b0aa66792cba6ffef26c99018daf614bb43e7dea523203f8d3a17752f77534e11aac32d9df737841ec98859aea68c0354a826e5f22150d673d

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 867d2dcc2db41d39002b37197948e064
SHA1 ff5c13443d218f53cd8fc51aa56886e433ad84d9
SHA256 91f1328e5345dd9e2c38bfa486ca9c820b225de1bda91f4173278ef23d82ea34
SHA512 08e1c0cf089fa3de87d785214cdf0bf42cfbfff24caf0dce0044b1183e7fad132792a32f029f61d899e234eb307f10fc001d59bb017e71aca62c1a8fbe06ae3b

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 4a8120c91e3143b2db43971dbc77cf8d
SHA1 37c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA256 1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512 465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 2c0503da3fa8842b122b477432199850
SHA1 6d55d7ca66fae871d177d24cb8c8c1ad26fa03c1
SHA256 4b3cc0a1f16328c028ed1b9ca4fb27aa4927d9cca03049d55cdf7ddeb4216a40
SHA512 b7bc8d4d9ed20f4cb2bad913760b4598cc712fb8422e925f6e19750150583297d54f5cd0148608d59da56a0c3b0394d49dd3f93e76826ff559e84026cd52ba40

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 c60ce5dc9082dabe7f8f6065d13a834c
SHA1 c7afec37632b202afccb53ed12d2ae9f6ff5d74f
SHA256 cbfc2ce7a6098a931e6bcb0105731765700cbd1f1acc4815a2b46787b6c2f0ad
SHA512 3bb8ff6f93fd315c72ef07e76acfd6895085877f03bc8865a5e60fef5d0affe8bfec334e46211b25558451523f91ed3f9a56c0168e7b0d4e3a83e9428ca6cb82

/data/data/com.baitu.fangyuan/databases/ua.db-journal

MD5 46c9129b3c375f0b7476a99e93265922
SHA1 6bc5ab5f8fa3dfa3143cc35f357b99cef01efd29
SHA256 e99a3b5f56d96227d2f76a587a62c7de6faa0d3b8cc4bfeb2b5984b303f04024
SHA512 10e5a0a608ae48143dd6319116b9bda7fb4266a1fe7a79fce8ef147f0cab6dccdc2fd8e388709198923cd9a8c63e508b56d2ce28a83329e72ebb84e722268194

/data/data/com.baitu.fangyuan/databases/ua.db

MD5 5b59e71df4ea09d50e02d6a900575911
SHA1 1616e582e3f23c5a61349e93234b0beae77b1224
SHA256 bf2875361c9e6486ed4e8e8058f178160b1c534631043dcda5ed0cc3bb943ab4
SHA512 69d1d083d86fed78da7f6d0d299158222a5984c57ab59fb9718e47309272f7978ea657765ed01ce4360739d57cfd4cf9ae6f34de382ca7b75ec628ed6d082bf8

/data/user/0/com.baitu.fangyuan/files/.envelope/a==7.5.3&&1.0.0_1717656487099_envelope.log

MD5 e19d667ad6852c557cd6d03ed0be2d91
SHA1 5258792ff3659f7bff8ce8c9efb30f473d9e2d39
SHA256 d71cf350e534d83acd92985241272231b376f5d7f4cb6659232bec9503b36867
SHA512 343a803a76506bbfb3180c8ee27395da176f613ba9f679236c8da7a20125a19e0516bbd1b5db05c2b483486d72b3f05f49687f214cdcd0c345167d607da42bab

/data/user/0/com.baitu.fangyuan/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjU2NTE1NzQ2

MD5 2b176938624f81dad19d1681e3bf80e7
SHA1 83295c4354fa83481612babafaf3a6131128c463
SHA256 5e7a9536d8f1734e759c289b0eb0f9a9d139ecf336431231b413b9c2d69702f6
SHA512 cf8f61c5a0417fd37d01e385a1534a62775c92b5764bc59a2472a3b648ee3d701b308ccdf4c0b1a5d45683c22dfe48a4de07c343f1f2a63a9ae4cadafa23a3b5