Malware Analysis Report

2025-01-19 08:05

Sample ID 240610-r7wm8a1apm
Target 9b0e34eecce3279259fe7676348f4b17_JaffaCakes118
SHA256 9d1e99e3e224563d7558ec1128e62c666373c91e99a6badb60024f26655b4564
Tags
discovery evasion impact banker persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9d1e99e3e224563d7558ec1128e62c666373c91e99a6badb60024f26655b4564

Threat Level: Shows suspicious behavior

The file 9b0e34eecce3279259fe7676348f4b17_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact banker persistence

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 14:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:54

Platform

android-x86-arm-20240603-en

Max time kernel

176s

Max time network

134s

Command Line

com.sostation.jelly.egame

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.sostation.jelly.egame/files/egame_temp.jar N/A N/A
N/A /data/user/0/com.sostation.jelly.egame/files/egame_temp.jar N/A N/A
N/A /data/user/0/com.sostation.jelly.egame/egame_ds.jar N/A N/A
N/A /data/user/0/com.sostation.jelly.egame/egame_ds.jar N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.sostation.jelly.egame

com.sostation.jelly.egame:dservice_v1

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar --output-vdex-fd=116 --oat-fd=117 --oat-location=/data/user/0/com.sostation.jelly.egame/files/oat/x86/egame_temp.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sostation.jelly.egame/egame_ds.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sostation.jelly.egame/oat/x86/egame_ds.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ad.sostation.com udp
US 1.1.1.1:53 report.woweiqu.com udp
CN 47.111.6.249:80 report.woweiqu.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 47.111.6.249:80 report.woweiqu.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 analyse.sostation.com udp
CN 47.111.6.249:80 analyse.sostation.com tcp
US 1.1.1.1:53 open.play.cn udp
CN 180.96.63.80:12370 tcp
CN 180.96.63.72:12370 tcp
CN 180.96.49.16:80 open.play.cn tcp
CN 180.96.49.16:80 open.play.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 202.102.39.23:80 open.play.cn tcp
CN 202.102.39.23:80 open.play.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 180.96.49.15:80 open.play.cn tcp
CN 180.96.49.15:80 open.play.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 180.96.49.16:80 open.play.cn tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 202.102.39.23:80 open.play.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
GB 216.58.213.2:443 tcp
CN 180.96.49.15:80 open.play.cn tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 180.96.49.16:80 open.play.cn tcp
CN 180.96.63.72:12370 tcp
CN 202.102.39.23:80 open.play.cn tcp
CN 180.96.49.15:80 open.play.cn tcp
CN 180.96.49.16:80 open.play.cn tcp
CN 202.102.39.23:80 open.play.cn tcp
CN 180.96.49.15:80 open.play.cn tcp

Files

/data/data/com.sostation.jelly.egame/files/umeng_it.cache

MD5 cb07c8a889fe6847e8a4d5591abcce26
SHA1 054af6781144f212011d563994f3d0f1c060f538
SHA256 41cee9e6b272286ccb59d569e1253f31c36f6f66e1992efe03b10f379849d626
SHA512 93f6a42fb2774a1849e73bab67281a01369b650f049a0b1c559a84c221c166ca699d6fdd5c674fd863c81cdf96315834367259a98bfdef397c281e33c5a574db

/data/data/com.sostation.jelly.egame/egame/EGAME_111/EGAME_SDK.dat

MD5 fbf4254f512fc9c023450aef5dcacc59
SHA1 d6aad6960d397f6879d614dc5a1be8026c559f2e
SHA256 8094193904903d3d2dd0b3f9ac6fa39ddcf11ec5f692bb4d517a0712ce8c6566
SHA512 6ad69a78677c96edba124b81964654df295c64bb68e80a87d587cecd6ac1132298389bcf52029abe9651805b4c08a3de8bf8024fb752b21c17e2c3786dbe2e6e

/data/data/com.sostation.jelly.egame/egame/EGAME_111/EGAME_SDK.jar

MD5 8ec298e06ce454a9e1c45f902d42a7c6
SHA1 9a56e4b4c0c4a1432411be4ffd323495a2710903
SHA256 973ee2ea592b761063cd1c89259224deba5ab06b9e525334378c0c28e64e0580
SHA512 034747dff168dca55ba5d7d2dcf5748450b18b4aea76ecae11ad27badd3f64ec58ec2337b67ccb540900e103da3020545fd66f33b37565bfd9d2f43ccc7abf86

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi-v7a/libegame_unins.so

MD5 4ac8b9299f851138d59287c5d2bd6c30
SHA1 2822a089d1c823434c76b556ae77ddffd9407d0a
SHA256 250b37dcf03bec7d976595a1ab3a1604fc961ded716fc2ac223d9c6a67f41cf5
SHA512 7bb01c81292f790bfa3d4900775051f95029582da3daf249b6f1a53ffc62acc2e51355c3989ffb1b0e275fdb4c4fb3a9c78652e4b3b210d61c3a06ae2f634b41

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi-v7a/libegamepay_private_dr2.so

MD5 ab9f6773a575c8de4a1f2f6199df245b
SHA1 e9206da45fb6493580981e68cec66ba8479f5ebe
SHA256 c1052286396277fb12c6e4a118af4eaff7cbca99c840e735cb6222abdaf66b33
SHA512 33388772a2a344e692b41fd9874fee0797dc7d8779fec747c9f680282fc421b1a06f92ec689dbebeba579a68d57250bca8e84f8f86907b48bc4abf76a94bec44

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi/libegame_unins.so

MD5 bb1532b6c8a80fbea6c5458628948034
SHA1 4da92103acbe46f19fbf4302646a2ac2a741975a
SHA256 3a2a0031cbe5fd845ef57a00f5e6bd1e5617377cef66fb14e85179dbce4f6dae
SHA512 8a3b35137286b8bcab0c3ace6ecfa286ea18bf4d3f3189e4465dd87065d8852737990186bf974b5c2814b466ddfa62cf499750a2391b81fde993540bfc7d3de9

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi/libegamepay_private_dr2.so

MD5 83982b7cb5125dc3f2e2a5955d417ece
SHA1 74d9b8522189c308b676275a5088abed7f60629a
SHA256 e7f2f2aa06b573b1cccd317196a5093fe682a566d4228c9eb08dadaf17987663
SHA512 2cecd79ee850dbca22bb9fcdf483f4988259c55c91cb69a11b0cd008e9769968793d83fc0105a625ad12645d28d4912428e8fbdd80c32220ca84371ff0ead752

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/x86/libegame_unins.so

MD5 fd4d55cd8c896191225b2930285a1fff
SHA1 1ecbb9a9d07cb3a3c197916b44818b47bd7ea77c
SHA256 3caace0ed314c8633f8e2c3849b70a999c9fb45b86caf9a388c852e95e7a904b
SHA512 f358c1672ddf2c7bf600ed0be279f5fa13ef907da670feac21f9152fbd79a00d1906fa1f8efba3a58b49b9326ca6c5075a64ce4c79851d3a480cf9f183e4ad27

/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/x86/libegamepay_private_dr2.so

MD5 5e57434b7746ff976b020cd4f674daf0
SHA1 d0eef2af1ab8ab6bec69a322d784b605264539b6
SHA256 bfbb22b886a33416ba4b1b1297430edd7c7674f636cbc0928e9e435a97a8ef17
SHA512 2b45b3539269bf71004626771f03cf5915c0c126fc18006d419221b00e0211858803247b8a65e11506c3b168f89b6de19ef674f76e0ef80d3343cff41a8ff5b7

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg.9.png

MD5 85996169c0904a636e739760515c2ff4
SHA1 82e721b2535d6e8fdf2b1c4bc0a466d3479388a1
SHA256 95aa96df81ceb49cb8ec6f784a9d50fe06e1da534f9fcabbcc00b0d074a0c4ec
SHA512 fd6d2ca8499754243c18ec147e5e2581c3e559f869df45036b5225e29c5f9533948dcc5bb46026acd7cbbe22da3d8e1222eb7ed1d076edf8f9e5cdb653a576a1

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_pay.9.png

MD5 306910a9c26b4023dc828a828253df6f
SHA1 a74eeceaa2446381e8864269aaee504d5d7f2355
SHA256 c56509f9417a1b71aeaf3eec1495f34ec5739323d59d969d97d6f4330e072d00
SHA512 d2f6a8655d2c7d32bdd88dcf5d8d80d71ec5a0610f1d11600fc93f550e189b9bd29d41ed783477a9c809a21be15445e2d9ad32b1e0d9ebc713708788ab4ec65c

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_ticket_left.9.png

MD5 107104207c2e738468fa2cbb6641d38c
SHA1 823a0503e778fc7a965cae00f30fdc6123f08bfa
SHA256 3fec2c59a067c25860b18012ca81ba0469000111fd5fa007eac2a64fac0b4310
SHA512 0c0a5cd9f0d795c9ca2ff6f02eed8d813e86f82cbc40e24e19581d404b5ec8aceaf537bc4a676d37d818fa649abff5b979a543104e5fac5b1bc2f9e53b7cf332

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_ticket_right.9.png

MD5 3e79f039402d36b3c9ee4680f4e0217d
SHA1 88874eebf64e5cf2ef92198b69e27f49f48aec72
SHA256 d61e6916c0d67e18942932aa60dcb4df36f59c3711761d6fdf7d9392712029de
SHA512 df77780892a2a7d25b6415980a3688e1f70ea2af4ac13bcda69f33785417d35640e6f1d6f0995eb2fc50497c4b9ce91344f1551fed5714ad36413d5849d405bb

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_btn_green_normal.9.png

MD5 ebc9462970b289e7d10b2608cdb22e10
SHA1 ca00f7ab1ea5d4d76837b18e769ba9c63ed8f420
SHA256 d99cb760f6da9b522e2f2b5dbf279027aec7132a5c96fa1ed2b1af0989736f24
SHA512 3c78cf5b1c9aeac02693c93ae8c873a1f837ec48702e104709ca80a3178cc92e2a78129e45b58ffe3379b105aa88dbaabd1d402dc5d25d1cd56a90cd84a14679

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_btn_green_pressed.9.png

MD5 81460f507e1963c2ff2cb687d1d29578
SHA1 a04dd3092cec4978dbcc5fc5eebec21f14b80d5e
SHA256 66306007e8b05492b23717e57c42445031cb623604267dd8d965be0e72b189a2
SHA512 e17620909da66c617c1cce9f55a4bcf4521c9da39467f72d8f2594e6b6acb032066a6141705bfbd799f2a26596804e6c4c93ff8e6e75a30b0a97835ba6ca3723

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_back.png

MD5 a466825dea86cd34e2d2f58d78d3ae10
SHA1 bb9b58f6caefcd32d22efb59168600e582c2f3ac
SHA256 91c0857d3613b52f94d639bd4d272bae16f4e2ba60c80ef7ff41c610b4c25f67
SHA512 8408f8f8840609d50648898fce99bd2daf9be8fa474eb677a9bfd55792d2bc6db4d47915b37d54ae9c7e1cebe0dc1da691cf48142d2cc81f5319a7594df192c7

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_close.png

MD5 0c839da55657ecdca7191e1dedad016b
SHA1 842cbbd87750388080eb42e2fd26862d809bd788
SHA256 ca4f594db0729606c903df7a937cfb6a304b1f13d6b50dbb47da0db0b134cf93
SHA512 c1bbd0c3aa058346ac51e07a7e32aa0ad1f87e81f7f2314eca7b939fb7acd442fc050097f9c1743e50d8faab6698431ad6977e4ecebd81d60edae651636c0d64

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_loading.png

MD5 a123c792c60325730588e6069590446c
SHA1 75a9ec596ca66b2621804c80eb05d180f82dd4c6
SHA256 19c3ab856b81ef0c8b2f5c57ebe8fc5930f1e780599690d6bd1288d8fce0e5f5
SHA512 945550300bf4e47e89a682dcc14909142cb8ccc9205ec7217b4137d5ff3fe73188d9222125feeab0a56809cd6d236d1b1ee3bae572ea5003bafacdb8cb6893c4

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_pack_up.png

MD5 e58e0121d0e3b53f3d6bac2fbd5fe551
SHA1 b55693eae9208598a82461a562e711f1fa5d9f54
SHA256 75a05abf39781d52ad9a8c867bbb85dae0e352e21c3d0715b1859672301354de
SHA512 fc7c0bef9662a682b18be06306da9eeb309b5b658d28e68bac875c3acd6719d95f97b97bb4ab55d290aa84494aba3d7151d329f35f45e9e49e7dde1190ce53a2

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_password.png

MD5 e5a6df0bb2353af0bc472cf6bfa88b3f
SHA1 e5f23f5c7576bb82fe1a9e33cf48e131ad7aec3a
SHA256 a4124dadc3cec3912c877ac5ae4aa4450353cf9291ff5186b913a542ddb41502
SHA512 024ddb20063074dc627d74b3cf83b606d6931933c3a93fee62f4852220f1c3a08862fa1f4a6acfd5a49e1580ca8bc8c64cf900aa0bb04450ffaa2a707199e44e

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_rmb.png

MD5 d66595713fc83b24304992251bc8894d
SHA1 b43bd6cf37f0836410e2369e708ab56f0acdd7e7
SHA256 f6ef599c20f8a5fd17874471eecdd3b5c47feb3d76cfd4537f9f18c93dbcda5e
SHA512 3ae323d54f94c8c53bc3ef901e6349b1f6a531b46a255d4f8661b38d271b9903435d7465247ac1a593ab20b45c12a1de7c3f56b9489f8bc77a21b369732f2c6b

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_selected.png

MD5 eddf664c3b9acd07ead98b3374f67540
SHA1 f526117595a0a37358a6bdf07a21233578f40252
SHA256 1316a6cdc736f6f5417b24692cdffbe10da28212bcbd577b4bf584506807ca5d
SHA512 049302b92ebf76c247b9e33f55d4403362ea8fe4c76e9da529a192d2dd40ff9dd4f7f87b1aa2af69382d3611ddb1ba420631a4b5a705f993e0897e87763f834f

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_spread_out.png

MD5 81734938f3c867d68d283216bbc35079
SHA1 c29d2b03108405ab885eed2b82f699b0eb8f3b0e
SHA256 ee837b4733de28e2aff1a2461ec51e17fc7c486193d7b1b052eef2723569ae6a
SHA512 a9c0feac9960fadeb6eb73dcd3eda3a7069428f2b7b8be9182112f5b35323272ccd17b25355af9f3df8f038a668401fbcae8fb87878389f5ed4a687c0e107806

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_ticket_more.png

MD5 a3ff3505b0e2c317ab279f1dd2b55bf7
SHA1 5a4d2ba5c0e072d73df9366eb962b99e71de710d
SHA256 7ab49226f6161038f2c32a66fe8cbce48cb23bc5bd297c51dcf3733f598ec7cf
SHA512 f70e3915d4edf3c834cd38478d803b55f6fcfde6e6bd0054ca296d8a0739212a4056b8add5040143627aad6f84c29ebbb227e734a566b3059870eee1c0c06bc5

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_unselected.png

MD5 9d33a57565eb0368b42d3ca736c26d35
SHA1 586b2a0fa3c26f515fedab6e646069f5c0994f13
SHA256 bf15beac9a696ff6fcd89911c31f4c500b501591f1e7ea5cd2aded937b739d4c
SHA512 812601f340beec8a515b965c5e4ecf0ff9e1adfcd0277816eb8c90ca4794b7a3223fd9043236009c9d451cc2d6e8f3d442e8bddfcdd182ccfb94bb40b2fd04a9

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_input_box.9.png

MD5 67dc25252c015a5e79625e16d6327cea
SHA1 52db2b4676d9acbf29484741d4ed63188aba567c
SHA256 4ec2be8932dc13bfdb5062925db7069bbd1e380d51d1ee19f6b7e0e73eddb06b
SHA512 783180f84ab373ee0566b986101a2624b0c2a9c0b3e6df79ff3e2221cc23e5ab897e4c0a762ce1aafbc2fe1cdec69026a759f54c00842f4e355442863adfc012

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_aibei.png

MD5 4a51839759cba0088d5a95c4dc3bf382
SHA1 b8c8ac75f00017ed45ba322afb0f2055e10584c8
SHA256 4d2b94f542ccfd5e59fc522cb2eed2a91300b67e32dfacb87106f7c4b73cb40f
SHA512 15f05091bc84be0e8635f2082aed45661acf2f69fab1b9b3fe528731b8f562ff0f0f8f138951b87c8afdeff87144489a97cca74f297655e7c3292b0107118c90

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_huafei.png

MD5 50e112e7a0114d321d21610be6436130
SHA1 1bdf4e5795499572e791c866ebbe82f71cd9ed7c
SHA256 e8695daf6ee2c38647209f0c747e9d0639174ff665ebf9022e1e07150d92e961
SHA512 45164afd51d4e468f8aac42096c25a2cf45ff4b74b3485814a64b79a2b4c2d3726a141c1b2cb33672d3c202dd2462c8af62e00ca6e48e9d5fe0d67ea062e19ab

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_more.png

MD5 9c58e73de495a078eeb2918d89595d49
SHA1 89ebb0c68ad2c2b816f8bc3276a04b34b965ad2f
SHA256 d794b021d8f16d5ab595cd382b2cfd22baa7666e0c46a1f02aec1635d6fe6e08
SHA512 41a523393962e943b33df2d3841b0f4bb90143b8976884f300a4f7f7b2c1aad40af6136fe94ea234404272c771b7f45767a79cc596ddaf86475afcb27ab45ca0

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_yinlian.png

MD5 1f4334a263bccefc2b02ada18881c17d
SHA1 a5d2750cf0caab0ff2147cec94f801d1cef507e6
SHA256 3d6814ef45fc95e2054ec20d110d4f5ab4fe4ff828404445c55e69a0a917b0c1
SHA512 37af9c40340fd764e567f54a3356504b3aec7d9aea86bfd882ef77687bab5f17fb1196820a4e4626754b1fa7d85bc6a6405d558066282f1e3dd49de34ecae8c2

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_yizhifu.png

MD5 2144cf73bf37aaba54a22f73b679f20e
SHA1 626df85df145f21ae98d1d05c741531f34dbbebb
SHA256 8ba8e23618d6d00a78fdebf34948b8cb756f9bd3c4e5ef20f775947ddc6b97fd
SHA512 33d394bbc95be8b7735e75967b1d432fc13f81e687612adebdd6ac2a608f7d8974335883f92ea8dc2aa6fd94ee0037b062360097ec22a791492ba9786238f7b7

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_zhifubao.png

MD5 08a5a9dfce6b863d35492162aadd6be9
SHA1 02383f0a977f0c25624edd5538b008472031fc37
SHA256 490c9faf65f2955bbaa3e06c41fd839bd1b49b397fe7508fd8188e14597ffbe5
SHA512 bcacd6159f4ab47d127ec10a29624ec63c33506e79a0936769d38c35437e8140dfce1c3dd5b4f14a2292a05c162ff9dc75ac78534b80bc4fa8371d78416cbad4

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_left.9.png

MD5 3677e4cac84d0c8b7f16a1bc87ce71d8
SHA1 8f2d6020a38ab8df48bd1d09acbdea9d3ca66fa7
SHA256 bed6d5db950aba7596bc2cf2910504e5ed95cf69b80b37cd84969cb1e500d7e0
SHA512 9e80d8145bb4afdc98eeed6e1e97a2fe2c1fd490ffca4020ec76ac9ffdb60734764eba77e0752d951fa97ecb4e9d75ca8fb117ab2dc7797c7b3e8c06488bbfcc

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_mid.9.png

MD5 4613229fabf04cdcc9e1ec118f524f12
SHA1 835207bc8c2bc0ddef9080a90ba0dab32fa14bb7
SHA256 003b6ce5fd57fcbb33cbcf0ef08a8cfbb3c84f2b9a3dbb3d974a68ba3afbf890
SHA512 7d9d7a73941c1d9ba52e34301385c601da5f7726ea7597ebe8c3d201f7ffa1911fc72916c94428f17863ac045a72c89ec202c04d577048d6e0a4e46c32656a18

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_right.9.png

MD5 0ed0b9eb964d4ceb2a7d3ef7e3ae38d2
SHA1 60f5cba570ae369f3b10a176ce892b10cf368562
SHA256 1bb399f4595b4bc68138ca091a6f1b30200d88aedeb6cb9b57f9a74e545ad4f0
SHA512 b232c14bf3fb56bfe065d62fe1adab1a8a0a28906d04757e09dec6c5ce7d24a5be0396fba1ea5538f01b4c7fe39dc36c74c2119454457c30cd1a274e863b909c

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_pressed.9.png

MD5 3610fe19ea433e195be9b31ce3b6fbd2
SHA1 a5214ba22b4cf4b6f5cebc997ea3b6f11ce9ab2c
SHA256 517ea5132a902800e99fbe1af03bcdebdcb13f18d38a64e0ca55eab87b530f73
SHA512 7eadbb024d970a7a243705653e65778d89c4fcfe8028c51056b7fa173e5175acaae7ec434a9585da6b3f5ba3dc4d275f667fd44b95196d155556b0342ae47e9a

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_tag_selected.9.png

MD5 2b6f10a9af4ac3be44ea147f97811d71
SHA1 25817667ec580a1dadb6be9bad210963b58107ab
SHA256 cbcecafc939a68445d187c96c23506c8fe708f92250b40fcf7fb0880086b432e
SHA512 a9f55afc77198ad64f467c9df6fe164fe50350de48dbaeacc81d1b21e87afc17cdb7ee5d9eca180de51fc564320aa317bfd3b737b8a95b1f64cee8dc1bdb78a9

/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_tag_unselected.9.png

MD5 120e7504db94c91e51caace46836559e
SHA1 ea53130f03b22d48205e83a7a9a591d0c12c1a54
SHA256 1d64818362b62daa01bb9bbc193d51b8d62694b40b6dcb1687efd9d5aaa519c6
SHA512 ca766995d31e1ec57dd50e2abf9ba34b76b0956394c4f4fa100104e5ec965893172380b34bc95ed38d45ba8cbe46dc181b9da4d916870d3ed8a5dd869b517644

/data/data/com.sostation.jelly.egame/egame/EGAME_111/Signature

MD5 c7e781957e7f1c5b4b1848dec0629571
SHA1 ec7fd481c9d01a02255a752e8f6f2826625c1922
SHA256 e42bfe4c5eb8e78d76d41c1d974d7abf5693397c52769174181e0c1ecb1f968b
SHA512 40c5d34957bacabdc134f427a9f304eaf6a97f69610cdf0269f10caab4c5b45a6c7affd6b1ffda06a35c745f1a809672513b0e26f7a95fa8daa0493c391ecc4f

/data/data/com.sostation.jelly.egame/cache/egame_s7559334599333299863.tmp

MD5 29fb485c35121af5305fcc1995dd7daa
SHA1 0c76a1869ffdc8c6eb14a96023c22dbd07705433
SHA256 aca0691f1b10c8d5cb242ea5eb64bc9efb8117c5cb3b83bfe959162ccb9d5dbf
SHA512 f32110ecba2bc1056125b1082d4484cb442e203903a6133c6bc4fb59e02470503123a2c6bfa429d4eb85cd42e01381446964e0a1a982afef3135b2a3310cf32a

/data/data/com.sostation.jelly.egame/files/egame_temp.jar

MD5 f250432700252c1cb6ebbaf3c39cb3bf
SHA1 2738aea79b252ae73a2d400dc58818180f0ed740
SHA256 d60258e4bd0082add36203020e7d10d7e583a21f78026de903a26e180f8253fe
SHA512 f66afa5f9f963f3392c881ee3f04864d92f8a888a83312ca2752411ba09af88a3c90cdecc906cab4056ce9f4a18673b50466cb1b3cea9c4d4df550dff1acf668

/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar

MD5 c1b2345956f1d5c060e1ab163bf2916c
SHA1 274e9431471ff897790694fbd406cc3c1fd91d1c
SHA256 d7d2234eccc87171254d25d8cc94e4b6c5babe702eb471304bb52aaf290469b5
SHA512 149c7b63e6b577d64ac4afd88d8c58646aba635ba224b1aea0cfe256970af3f7a483941b113ecb37adc73e9563921c7d661ba53c67a5fa0b999d56216005d35a

/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar

MD5 e2c11366bace2f76b267d6d1c6784a74
SHA1 acd93f498d4418439bb5a37a10d62ca5cb88b222
SHA256 a0cfbf59bbbfcdca64cce0b9f67e58818e55de7a021fad9e2ae8f5f201ec532b
SHA512 7c5f5123f0a01a372abdd548da3456d9bae5b259d1ae055559bcf6b7f5b71dbcc5ad8397ffc4962bdc76d34394dd683744356e411688593023322b6e8be9f239

/data/user/0/com.sostation.jelly.egame/egame_ds.jar

MD5 3baf6f9943abf2018e3f06e80f413c30
SHA1 f6d775f72b6f23660d9658254f93411378db20f8
SHA256 4d3d2e46fe3eac4391a4f37557f4fa205800f24c06d25c6e253c9f5a03ffd6f1
SHA512 37bc6b931d910982126a97db22c1746bb1b8b4a8bb85f898be209d5d625190fe7f57c06b7fb0512cbdb9d5201fd8a6cafa54b7e2a499c07445cd394c050a3d2f

/data/data/com.sostation.jelly.egame/files/mobclick_agent_sealed_com.sostation.jelly.egame

MD5 ad81ffaabd31f7697e6503ec351ba3a7
SHA1 522fe1848f5940595a04e6a581924b8e871a1997
SHA256 e30ecee19d5976e6a71dd15feea2915665250fcaa296a82d9c04bfefbdf07fac
SHA512 69690a317bf69f17b9ff0cbd0c554eeebb0ab4c72c540de0754a84e3f031cc31caed6237b09caef79a2d7980252cc053fb9dc20a08bd161d69360593fa9c9d01

/data/data/com.sostation.jelly.egame/files/egame_log_cached_file.log

MD5 ab0778474ec5d808d6ae6a689fc970b4
SHA1 c569d448ccf052fe8a14ff4037e0d56e97960f2d
SHA256 088ed54ca745688dfd6323486c66381b64eae9ac51635b64445ff7df7f6241c2
SHA512 523c1995f5064ccad0606edfd3863bc1eeb805962e63a2938047ad99a8715a9f3db850ebc3e1eeabd2fcd776c162cf60d5a169a3e78d955f8bb30ed12fa68ed1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:53

Platform

android-x86-arm-20240603-en

Max time kernel

12s

Max time network

131s

Command Line

com.mumayi.market.ui

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.mumayi.market.ui

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 eggserver.mumayi.com udp
US 1.1.1.1:53 xmlso.mumayi.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 42.62.3.197:80 xmlso.mumayi.com tcp
CN 42.62.3.197:80 xmlso.mumayi.com tcp
US 1.1.1.1:53 xml.mumayi.com udp
CN 42.62.3.197:80 xml.mumayi.com tcp
CN 42.62.3.197:80 xml.mumayi.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3ddf493364781dd08fc75dd9777ac764
SHA1 493e8a798d9e0de4a6e4268a305480f64430e246
SHA256 64c84e084b48ff861aa86aed831f62e50845f187df8e0402f4a602ce0bb363ca
SHA512 78f476e069e1e994b9cd0b2de573795f712b6d319ab7e8f1dcf3fe21b0cb4e9aa7306f82f1bdde43b92db9ea912061a9b8893692cc04ee8587a1c39dba127430

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 53b6b2ff2f96cd425bc90457942b2996
SHA1 28e9f5e5e578e571e775b2674b06eff00af909a1
SHA256 2ee0a12e26258bb54ce670173151e9395564dd96f4f7dfc599629a37242a0e1e
SHA512 d7c1ce798c837f7d89165138f008c65cc92ba2127827be99e2027cf09ec69d643da9191912c7db188edce574e54d2b9c0b41d1d296ffd16520eed76f94e2f017

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 894d1fdfead11975fbfb36542dd3a99c
SHA1 423d15e6ca2b1ce14fa5a6ab6713c0eb06fb711c
SHA256 2faefa20d63c48877dce9f293ab7558ff061dfe03a8f51cf75cbb93f4253eff6
SHA512 4094eae8a61b3a3180e5040a94f54d0bd7066f5986076a5c1da718cc48c9a85cce2be9c0d0b637185a37c8fc4310c93250000678deadff3d2181ceed43b27f1b

/storage/emulated/0/mumayi/alreadyIntstall/intstall.db

MD5 a4e4d2d16cc0901cacbf1734e54fc486
SHA1 b688d79ce2659a373b1e530c4444f1a72979b4e7
SHA256 d356a4ce00b1a82ef93085df99f0641a94501bc17aadc82a043b4ea24fd1e953
SHA512 335c93af3517f868f0b1c025e4834c66debb80f15124023aa4500a9212e07c455a85409d2ad5bbe308c6d763de7d6bb757f3625c4ad3f0cbd3784f67829c0bbe

/data/data/com.mumayi.market.ui/files/umeng_it.cache

MD5 3ae7885a3cee2a1e36ce30b8bf4f162c
SHA1 3b9e5903d5cfed6b47c15558400214c239125ddb
SHA256 2784fe355c27a157ed13ac474ff8a5a89a9c2c3d449a64ac308aa728256d5927
SHA512 a7385f6ca9db7718979d4f060f679fb5464fc91c2eac5008db7065511bced77d7261869f9696f748b2c588f3c6bfc494b4d3ae0bfb9e9d3dca3bd8a8c7e01901

/storage/emulated/0/system/android/mt/my.dat

MD5 b35b0cb70712626cd5eba5433ab312fd
SHA1 2c9c1c56e999f0983259a2ca110caddb63a20ae4
SHA256 6e07237854ae3ada9e905f3d57523b1450f98d67255c79276836f994c990c132
SHA512 86cf406beccd2bb9bf86e92d7c63f478115c9eb8361f4b13b366846c0d9f39e480858fd46d51ea501b18e8f320ed0b139a76d6f9f10660a63ed66d5129b2fd97

/data/data/com.mumayi.market.ui/databases/mumayi-journal

MD5 3b1b68553bc52379f4861c7f45604c5c
SHA1 786e93c6106ac9647080d6206ccbd04f2679acd8
SHA256 087eaff03412a4ea91f957b4a70d58d00e6f5cff9dc15890e0cb7f7bca4377a4
SHA512 ee58e2ea7b95e88bf56e6732035c24272b10f9e1330924081b3330e9c1de01ffce0ad14616eba80fcbb30dd631806a4dc4070266a55fc7866122aea1e10ae4c1

/data/data/com.mumayi.market.ui/databases/mumayi

MD5 2682fd1b37f7bdecb7e59ec3c150802f
SHA1 432456a7930584aa85d70e8de5e306b02a645c40
SHA256 f12f144668cbade91dc24cd39653541cb621868e2735ea2cb6603834ebc491d7
SHA512 c419d9f9943f6ed78bbfdb98f1eb96dc0b09e15f63e10dea367fdd4baaff9db761fa60a9c3c6bf0b4260592404258b960aeef46b8d239f4b9fc7a8a129adf66b

/data/data/com.mumayi.market.ui/databases/mumayi-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mumayi.market.ui/databases/mumayi-wal

MD5 65cd6ff3cd3363705bc58fff0a7cca5d
SHA1 cddb0fc1372866b7f08a3f56ed83284fa03c5b36
SHA256 a54dd55553fe5a530fe0f80d266d83daff1bef2516c715f09661820e43e7a12f
SHA512 1f6c8c632704f63bd800b6476e5e29285fa9231e6ac95074880889c3145891fc0ef864e48ab5d067f420a8650e85969995d1cb1a8ac6a6860b00436323c64b58

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:50

Platform

android-33-x64-arm64-20240603-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:53

Platform

android-x86-arm-20240603-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:53

Platform

android-x64-20240603-en

Max time network

178s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.195:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.14:443 tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.179.234:443 g.tenor.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-10 14:50

Reported

2024-06-10 14:53

Platform

android-x64-arm64-20240603-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A