Malware Analysis Report

2025-01-19 07:54

Sample ID 240610-nl3b4ahb2w
Target 9a8287f3928648116068d3cdc48c6ecb_JaffaCakes118
SHA256 65eef6de786d5ca13189bd605eeac0fef9c7d69a2b69ae20c2628db36724db93
Tags
discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

65eef6de786d5ca13189bd605eeac0fef9c7d69a2b69ae20c2628db36724db93

Threat Level: Likely malicious

The file 9a8287f3928648116068d3cdc48c6ecb_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 11:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 11:29

Reported

2024-06-10 11:33

Platform

android-x86-arm-20240603-en

Max time kernel

94s

Max time network

170s

Command Line

com.ipart.android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ipart.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.i-part.com.tw udp
GB 18.244.140.89:80 api.i-part.com.tw tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.66:443 data.flurry.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp

Files

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F10304-0001-1097-E695C627198BBeginSession.cls_temp

MD5 d48bbf981c36608c8146d96b70035474
SHA1 860514fc5bde980b7c9c94a6a4ef599b364f27a8
SHA256 622e6d2fc1c9b4b0807c0648fd4dab31e389bf50f2285bbd3b1d5dcf859f8842
SHA512 765c66e0ecfb8dc460479d0a5dc92fee152d37d9b9f025fcda0773ed8e0c0d8a13c8d6b8c1922ddf3daa1fa9a3d10a601b9de694f0792c245357d94ebbc07b2e

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F10304-0001-1097-E695C627198BSessionApp.cls_temp

MD5 362c5d6277e8ffd6ad22af149591d959
SHA1 c9de6698855ce4de35e792a8fad036bb626813d2
SHA256 1bc807d43f0d9b2d7cce294bce5586a45d674d851943d1be1326e0b94b582431
SHA512 0525773811bb0a63ff444486aaac4d601a6015036d2ec7ebe8fa2a423ad579257ba8b1c9d9e5217273a70449d126cd51ce65f952a30cd32dbc6cb3b4c720a95d

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F10304-0001-1097-E695C627198BSessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 be874d5ec6476758fa642b495ed97f89
SHA1 83a10c392ffd52ff6ba9a2e8e7841a296f5ad70d
SHA256 8597e8a0e744ffb0487ca1599eacccb4b2d5030522195fd1c6246d590205d183
SHA512 aa4caecfb2304caaddff34def7c3b5430c222051ace8c5cc6fe2d51ee5b0674519a739b06152338be0108d4e6136b2b7414cb0e42fbc4f6624551be88e1012c4

/data/data/com.ipart.android/databases/google_analytics_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ipart.android/databases/google_analytics_v4.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ipart.android/databases/google_analytics_v4.db-wal

MD5 b7a1d8a2928ddde305f18d183e93e696
SHA1 4d09994b9905d566654c5a76af5ce0df156a9870
SHA256 f83f8c2e8ce8305f4fb0195cb97425228a3437b13298f0e0a34065ecc031485b
SHA512 1be849b57401c6ec5067248f21aeb0acbd48ddd4a82cb50d71c8d7b5b423bf1be86dd93287c6e786fd71ed51ee576ebcc884ba9ba87d56d13983c177f6822ad8

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F10304-0001-1097-E695C627198BSessionDevice.cls_temp

MD5 15953a5df042e464bfcec1d20ba9c0ad
SHA1 07f0ddd239c195791ec5468f5456e32fa8b87268
SHA256 4e2a5a838a4e58c87fb8c228d50e1fd42be9f17822db9468a1f397e348974436
SHA512 5be939793c73443055f4822244f82086fdd2bdccd66285dad1b8f184b062c664b64c2f7ae68d82de2c1189053c0c003e84ac1a2334b6fcb067ea91573c0a1fca

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 677eaf3baa038ef889da64d1b3b52af4
SHA1 870d6959eb74c602654d5ef34f7d5fe25071fb21
SHA256 d779cdb5f5aaf0a6b18d70ebc298c03b900b00e9ec47860f6e99de4928cb623a
SHA512 1f387cd41813c3f025822265338674a9b9b71076d871728b04c7186afd152f2011c17b9557ad00d224bd5c8f62a20d9a9f0ab74915083dc640b8eaccf7a3924f

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_aebfc151-ff9f-40a2-b89e-ce8bafa6c72e_1718019059257.tap

MD5 e6ad56c76e8c5e75e1faf765b37c5db3
SHA1 c622c7684e009cb44bca79847927d1aa54ff1df0
SHA256 b814fd23353a5bf2f5dc75d829ff540854aa36adaaab4090a64e297b86f78701
SHA512 c3b36a8aa4b1f9aad2663b89b6973e36e2152bbe85ff3d1e5900e0d58a34c096a0258d6dd8bb86d7bf9516a85338552949c86331b2702e8a3b81b284c0f3ee8c

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 183a1d754769506914d2a2244a611c6f
SHA1 65acb144ea87efb27f5e10875d973e433d2aab2f
SHA256 c6be2c8989c9add8a5933ef47d06a6347c4cbb8b88d271979eb0d1dbd0646ffd
SHA512 dab9a91dfb80a7bfc0dd3cb3aab5792b2d6951a8202618b377837503fe0a1771dcb1109abdcef8ea6bb41e280f9bae5929c634c30f92f6cbc8bbeac81fe77044

/data/data/com.ipart.android/files/.yflurrydatasenderblock.8b10e6d2-f747-47c6-8d37-ede2450d61f4

MD5 dff998919c1097efe2ad54fdf2a8c71a
SHA1 69d92451a37747c7a2ee03d560c50054f4d41924
SHA256 6ad729c9808d712725a16b45effe0afd5ee409d4025a0e0af8c35603d50304b8
SHA512 40bfaec0d3fa72a7ba51a08b3ab64bbe0ab8223c7cc0cb9d694880ea21a4667b3695dd4b039a1ad5f4b00dacc95c7c634654d32cd302aadebe164ce884eb7c61

/data/data/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsData_6B3FCNM28MBB3NJD7X9V_216

MD5 2b2cef6ce00e14778f242d9d4a6ab676
SHA1 8387acf7ad7c371909ec2dabaf2de04fedbf5d66
SHA256 5e4c8f2531741b18093e8c6d311734a8280f4270782d8e3fc90fcd9ecba60131
SHA512 d252c25c3d0636ee3f3ad3d654c438673a2ba7d85220a870b1ab9b888b03425e7ee9fbebc362dfa5d0545795396663100e414e5c4071e55d0b86d2b7851166af

/data/data/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 cd9253a126e2c8cca8fd6ba572b5777c
SHA1 15f0a7c658c29918237bd491f552111ac556ebd2
SHA256 a296172213f24f803ae9771bd10d92668ea0ff98f56d086cfc17fbb876855c4d
SHA512 06605de03516af813212279cfee69ab8a349c9071e077ab01dce441d17d9cb6382ffd9e2ca0b36ad7cc154bc8e3713bd0d4c4e9cbb598f10e55e205da40545a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 11:29

Reported

2024-06-10 11:34

Platform

android-x64-20240603-en

Max time kernel

94s

Max time network

149s

Command Line

com.ipart.android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ipart.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.i-part.com.tw udp
GB 18.244.140.34:80 api.i-part.com.tw tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:443 data.flurry.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.66:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F80053-0001-13B2-2E8C29079C05BeginSession.cls_temp

MD5 5d2dfb1208b8dbd0513f25dc27171641
SHA1 0d6fc0277deb101af3e10a890cb28e1a5b0b9f99
SHA256 05e742fda34f4d5b107ccf38d6cf5f24829b797333e11150f0adca75621b2bf1
SHA512 4025972f330a1d2fd6d01ac00c1aee7fd5db5424dcdc54b0b507f4ef070830146d04df5641cb920b44d0832a3a09801d34230c2cb99bc697db94254cb600a87e

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F80053-0001-13B2-2E8C29079C05SessionApp.cls_temp

MD5 3d2d8f5ab06de61d7006edcaf7d75ce1
SHA1 020517bd2f38ba06766fa6a01fb57c09b72411c1
SHA256 2844d3e3a235f17720948f64104edc5031108d38ce50c950277575e5c6790c57
SHA512 a21cc336c9d1a87322ea3a506cfcbf7803524f2667d9bebe3157cc3b8c17840e81dd8e0bad6bbed5c1a2fd1f6fb2b720eaf258a7593ebe0cd440abe98112d5c4

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F80053-0001-13B2-2E8C29079C05SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 3de14b889cb8717794df36152c9d7a9b
SHA1 91135d5ce6602f9dd561fd2e539a3f2dfb9c5d4b
SHA256 4b7f6e8939c57f9b45c34e9700815ee29618d69f14fac23160ede0a968f7910c
SHA512 fc1a4ab99904eb2f8f1d33888463296b78ecc7c25acbfaeb0e7403470a525a4383aac11bb44c2396100f1a80725f2df4af6cdd7b3958523d68f98c0c99d604e3

/data/data/com.ipart.android/databases/google_analytics_v4.db

MD5 b32b4b84aaaf8922a012f14cd9f5dca8
SHA1 da079b37cef7ada0e3602392298a54d561d79e3b
SHA256 ac5b08a33a7199d6bc8f6c8a497f4d6a7856babcf833f9c89479ec711a2b8f65
SHA512 d8ef96321ccc0e98d7b0e716b540d895fa089eb9bb945d49f7fdd612d3f30fb318c98ac6cc0ad94d4e2ecb177e01fb687549e2d5cc27335700b17cae53364bfe

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 da75853600919070816744f8036296a3
SHA1 5197d954b74421e0797b2e9950eb553111ea6dba
SHA256 692c494599b4d75b4aa90cc846d3b6f15b9a4eaac6db712d80e3a9b9df7b1abf
SHA512 e85c628cc454ed3c0bf1e4fd6f92eceff2d46dfac7214ce74c655fa38c3b40d245b8bba7aa2ff01031581745e2b61f358d469bd700dac281dd95141046bae11c

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 5f1aab9a519cd23526f91855d8b5d5ef
SHA1 3985e83c954dba5f961a83dad46b080cf3cfa882
SHA256 10a02531d5ce9765557afc925539e09746fa24a2aefa5e1538f59c1c0926eb58
SHA512 7dc585b2c6a7165458a6fff5a4b0301965d5be4aff510d6b330bfeffe7bcdcfe551e15e51f9feed28b5fcbc4c306f2f7c57da3b74199d289594a409efaf087de

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 cb68185b1f52a128407826d8cc53d4a4
SHA1 48d4736b74223c579ee56bf6f46603312a056b61
SHA256 b5db57b81632c9adba4469a6fe279c2ce8273994051134d2ce4cd9b0d42f828a
SHA512 c9e1c9db483441b46385373fe5308874c22d10637534ccc213065b23d04a378ebe49e1992c6017e56b0800bce608e7a55e92406f10f36c3a1d7b16ec44247ad5

/data/data/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 0a2471059ff76be800db0506fef5c433
SHA1 952627a34b265686e73cf3fe9f19cc45485c10cc
SHA256 e693c9a6fa66b0ce7a094d954afda879016363cfdb9cd3f446a22c86a4fbe5e1
SHA512 5c5639027208c336d7b8d0453b1442232a2247e821a0f6326db1796f4711b9c17c3d063620bd9adede2a5cbcec8c8179563cf6a9040d1e8fbf7ec18866d28b97

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 f4d0e287107db98043d4546d7ff72017
SHA1 54c5eedefb82d161bf5114daeea91b0bbf9335d7
SHA256 9755a824040458553cb2399f224b6580e9e62f7328d5309b2a5b620c049cef5b
SHA512 8aee56c09261009ba9f817dd0345ff96ab16aaa06a574ed22ffb7e7faa342efd9862b48dcf53e0d35a9b887aeb1699705be075ba9c7b3624665e79a4fea3c11a

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e1f619fd-7b84-4efa-af3a-026c9b6364be_1718019065541.tap

MD5 614bceef489e791e8d8bddb0beeddb0c
SHA1 6b53788ea18e6f21d654b413c86a0c27be8ba9b9
SHA256 116f7ca49bb19690fc29c033bbdcc232073e1bb6ab7ed41e5fc4d1fbf276cef5
SHA512 61ca0a518e281fc24edfbaf351225173f3d0c473905adfe6530cfbe1c8dd6287adbda0520290a9008a2d43b140a6600f089ee5d1c41bca02cd1370d2fe2edf65

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E3F80053-0001-13B2-2E8C29079C05SessionDevice.cls_temp

MD5 85e931780fed8e58e03ae9ed433da2f3
SHA1 d9c6d68a09dd84a9a27b7360fdfa458a4ed8e124
SHA256 f9857c087414b9b0929575171f3599d9f5743600bd9f9747f718854c96bf88e0
SHA512 b87c76a729085826823b2cb249f478d2703d3813df617b5a8595d6ab10235ef17afd3b6cc9660c8b7e85e1092af8eaef91624ed0f8ba4e22c5b3b5c07b04e5fb

/data/data/com.ipart.android/files/.yflurrydatasenderblock.2deb21b7-a3bd-48d6-9bc8-f72a3d10fcb2

MD5 93c80de28fe0369c5d9ee64940a7852a
SHA1 25516cf840039f202b2ecb35edaba22b33f4ab7a
SHA256 eac253d92d39319ec188864f39d5c7ac16495a7fd32bbf166494e4a82899e6a5
SHA512 477a43bc00766cef2800fc24f663fef973e933d24fd8ae7de06eb0fb7e19b9e8517f4ff7fa60d3a0872e1d4961ac1e2f1836a12e774e5faec51b01e13a895b74

/data/data/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsData_6B3FCNM28MBB3NJD7X9V_216

MD5 0c68defbde4f706b5df42b398df9729d
SHA1 3d03d27c39840ddb58e9cbe71df75a3f2e4d2578
SHA256 a3467899564c8cd908a601da0e91b956151af661d5c45c06bde95b9a27940812
SHA512 7c8c5fea7c01b0470cb05e684fb58e1dd5a90c8cc9661368957c53d554b05a7f2564079bea50123cdae0f2682dc0c30ef2e29b7cd16d4439e9e75ad1a38013eb

/data/data/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 cd9253a126e2c8cca8fd6ba572b5777c
SHA1 15f0a7c658c29918237bd491f552111ac556ebd2
SHA256 a296172213f24f803ae9771bd10d92668ea0ff98f56d086cfc17fbb876855c4d
SHA512 06605de03516af813212279cfee69ab8a349c9071e077ab01dce441d17d9cb6382ffd9e2ca0b36ad7cc154bc8e3713bd0d4c4e9cbb598f10e55e205da40545a0

/data/data/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 5da95f9a6d4850252ab3bb487b12f279
SHA1 1f8fd9ae11db8f782d40d7f874eb9ec77bc4a556
SHA256 f1bf7581d585ab1009bcffde95b194b51f12135e170c1c3776520686aed3b0b1
SHA512 c25205a0c8b33c4463062ea6a07ab8f56078909570da1fad6e0506992ca340b1dc284ded1d6d2b2d70bf7654c3c224b3d7ee61f37ab0f9294fab813c2e218fe2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 11:29

Reported

2024-06-10 11:34

Platform

android-x64-arm64-20240603-en

Max time kernel

93s

Max time network

132s

Command Line

com.ipart.android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ipart.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 api.i-part.com.tw udp
GB 18.244.140.34:80 api.i-part.com.tw tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:443 data.flurry.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E41E0005-0001-116F-C019B528DB69BeginSession.cls_temp

MD5 0a65e88453dc7e4e05b19e5211ecaab4
SHA1 f1b025f4547477f163994cf684b855022e45f48f
SHA256 b7c24de20496b06c6bfb4b5a8a1eef9dd83eafde37365a7e39d1c0d62ef0478e
SHA512 1c803800f4a9ffc9fb5e244c7d88ee292eced715be02653c309103ee62b69b77ff8344678db2788fac302e56dd5bbd50cf2b778484fdbaab7f70890f7527e96d

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E41E0005-0001-116F-C019B528DB69SessionApp.cls_temp

MD5 ae158a5f18ab40628a7cdc6e64b43b50
SHA1 76fa11b1693db7d43d217cb8dd08ff0683d51b27
SHA256 2fb500e99e1e4d1828db8842e81a814066e9ec7ef25b28ea462e5dbaf39051d2
SHA512 7bffce09a12899e0a9a7c71fd8b5f0c8ed8dd04585201cf55f191b3466da5f7a8608ae97747c24fb353a2506edff67e8a99246008d36a73e7ad905512080d22f

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E41E0005-0001-116F-C019B528DB69SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 64dc51a4c016faf66206ce2830f1e35a
SHA1 93c7f61e2db0bcc29a37bee671b10243604363c8
SHA256 932d33edd9a4b2be7d7c2f5ef27963efdb8d7ae90ad2a96786eb02035856d11c
SHA512 40f4546ccf35b3ed5c5746e8d8dba5a43760c3f9c6e3d8a678014d935f53df865a07821054d7bc07ae1bcf2d6574b05e1483f8d79bc2146fca4e537c5c29be56

/data/user/0/com.ipart.android/databases/google_analytics_v4.db

MD5 60ae3555b60853ad5a921e6f0e489e7f
SHA1 707ea120f60037bddac28635b5f3c0d74a69dfc1
SHA256 68be1e675b68f8a894c80caa952c1205e292c427657bb79a58b9b366934d1d8a
SHA512 550cfd40a3a3bc7be604a81c9c9c879078033d12282cf32ca6464851479823febd12ed2162ca6241b01a03ad52cd80cf3fe3c0252591e68cb11a8ceb682f2f39

/data/user/0/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 07061ac349dc1306d34f8c2c1d2f112b
SHA1 7b9c13ab6314a9f905c24b9d1ec221435e8351fe
SHA256 a0fe62783510518452b60b89a5f686834a0c66cfd94174fc03e14f00cf53292c
SHA512 c2bcf35662bd46d9c893e74b221b7d6be6850d79063a3124046310bf3019b2fdf0108e533d42cbbca5b541d7db3ac762a95f9fb07cd31ea7e5262303292ec0fb

/data/user/0/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 b4eb929aa45de22c6dc8680f3f109cea
SHA1 45b26283f093b96753c8a36be6f4eaf1ea01d3b0
SHA256 bbf98b6f40008cde862828e9adf9bda9cd1fc00ea1afd455bfe783e09f528be2
SHA512 c26210b9de86bc60cad0565dde571f496ad208c27d241436bd996182a1b7d4b51d4314a9cdefabebf7af9b78be7738bedcaaf9d9bb30140ab17debff159feb0e

/data/user/0/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 b66466ec3680481e35ec5e7f6d2367e7
SHA1 0c485e7d9085173f04f79a64f585776b051cb855
SHA256 63a519a7401f256cd28813e423ad42a288d6ba083b5f1c01b9d6943e2f134696
SHA512 e01ab59a52a389b76d1f6ca6a8e371c70562708195d9f8bdb3c6b545d28c8fa287e57a4243e548f965cdc77014dff155d79c7e067327766df1e9775f0d4294b8

/data/user/0/com.ipart.android/databases/google_analytics_v4.db-journal

MD5 23576699e45d554307f5a3811c4a5188
SHA1 564ca862427d8e03fc74666e60723e913bf95c6c
SHA256 7e38da5c3886c83c545699b0dfab5609603821b1aced0207713b06b2498d6cb5
SHA512 62804f9e225e861ee5cf123216e21419d8f3540790141410e7b0f55344363b22eda05d8f4aa561ed5f650ed459cf2414dcb72d889079de32e44b1547cd5d1207

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6666E41E0005-0001-116F-C019B528DB69SessionDevice.cls_temp

MD5 0983fddf9108e163826f96a25bd01a5d
SHA1 eff67cf6f907f1300d90337cb09ad5893ebc2b15
SHA256 4ca62adb3a61a4b8b5cf945b938617cf3d93db7fe0a328761578995c6014d0b8
SHA512 d2470182e696827ca8fd1bf5a2440ac379840706e6e2c3e607b6cdc083ef017ff5d7869b383d35f871d05edab1141bb995d69489c40a340f7d0cb3c784fef2a4

/data/user/0/com.ipart.android/files/.yflurrydatasenderblock.e3b47f3a-023f-4857-b7a0-76373f1dd4ba

MD5 ac2f41c8cc303225f0ac98e28167cc8c
SHA1 172e36520bdd44b57c32535668a83347395e4483
SHA256 ef5e8578906b536d9a42f0728a9dac4e5fb4de47bacb23e5ff0339c991f55cf2
SHA512 bc1e12983add12853bf8aabf75f5f45cfd672ee6e89f08998658a409e2112ab15a91081e2988c1d7a68b272d93bb807d6e0553ab70c2fe95923b3bb77ffd0f83

/data/user/0/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsData_6B3FCNM28MBB3NJD7X9V_216

MD5 03f9f1b3e4d9315c2ee1ff0391d14ee8
SHA1 978fc75cc06c9ead9d136e6e0b778631408d43a4
SHA256 52592b524fbf00e1dcf1fe3157e4602944656639fccd33124d7c578333531d84
SHA512 1cf3a4409be468b8037e7ce65cffcf91d306dff53258f4c0014929e08cdd6c9035478ce204260c4a6467194543cb6505da9a537176e22f71beaac325812bf2e4

/data/user/0/com.ipart.android/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 cd9253a126e2c8cca8fd6ba572b5777c
SHA1 15f0a7c658c29918237bd491f552111ac556ebd2
SHA256 a296172213f24f803ae9771bd10d92668ea0ff98f56d086cfc17fbb876855c4d
SHA512 06605de03516af813212279cfee69ab8a349c9071e077ab01dce441d17d9cb6382ffd9e2ca0b36ad7cc154bc8e3713bd0d4c4e9cbb598f10e55e205da40545a0

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 a641cf7774132c0df1d7cafa8f5f6230
SHA1 480f8ba7735fd4b7d5389f902bd6db6e22a7ab8e
SHA256 f1469175ad6ce38ac3cf8b1309bcb4a2ea8579d8977b2a5b4d3a062018857acf
SHA512 4c38c6461f23d46eea1f4e3b45b16d8006f7d32d7bb543b22fd42630678dd80db0ab39152c7d06548e1f035a8f013164198cd96287fb3eb50dc246a7583c2f06

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_2a06eb6c-96cf-433b-9e2f-eb9d6460e294_1718019103133.tap

MD5 48ddffa120bc9c8280067ea0610cf728
SHA1 fb326bafaba633c5247db9352d75551a08020d9e
SHA256 b9fff9f32cb48fb2388855017e9f3ac6be02543de084f9db3c9823cf81153856
SHA512 5527de0841beff9ac101833d542645fcd37be847c6229cc8819b1509040bd77fb551b72b3f700d6f25d8d489270f364c1fc6e219ffd311c1087275d3f775718c

/data/user/0/com.ipart.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 e376c2aa3ee5f047de5c9c80087ceada
SHA1 073cc3e4b63b6f6e208eae7cf72b03f240c57910
SHA256 c09ee4f1a3dcfb9a0c83add381ce06b30942ad117223833739de1832f26fb2c5
SHA512 128a1f7931d66abc70fbc46d0fb62a439110f8aac30688e8db6228530c3f25b22aebd77fa0a457b97774929969273f8aa9204f0a04797f36e98dfbd256c65d98