Analysis Overview
SHA256
9d1e99e3e224563d7558ec1128e62c666373c91e99a6badb60024f26655b4564
Threat Level: Shows suspicious behavior
The file 9b0e34eecce3279259fe7676348f4b17_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 14:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:54
Platform
android-x86-arm-20240603-en
Max time kernel
176s
Max time network
134s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sostation.jelly.egame/files/egame_temp.jar | N/A | N/A |
| N/A | /data/user/0/com.sostation.jelly.egame/files/egame_temp.jar | N/A | N/A |
| N/A | /data/user/0/com.sostation.jelly.egame/egame_ds.jar | N/A | N/A |
| N/A | /data/user/0/com.sostation.jelly.egame/egame_ds.jar | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.sostation.jelly.egame
com.sostation.jelly.egame:dservice_v1
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar --output-vdex-fd=116 --oat-fd=117 --oat-location=/data/user/0/com.sostation.jelly.egame/files/oat/x86/egame_temp.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sostation.jelly.egame/egame_ds.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.sostation.jelly.egame/oat/x86/egame_ds.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ad.sostation.com | udp |
| US | 1.1.1.1:53 | report.woweiqu.com | udp |
| CN | 47.111.6.249:80 | report.woweiqu.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 47.111.6.249:80 | report.woweiqu.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | analyse.sostation.com | udp |
| CN | 47.111.6.249:80 | analyse.sostation.com | tcp |
| US | 1.1.1.1:53 | open.play.cn | udp |
| CN | 180.96.63.80:12370 | tcp | |
| CN | 180.96.63.72:12370 | tcp | |
| CN | 180.96.49.16:80 | open.play.cn | tcp |
| CN | 180.96.49.16:80 | open.play.cn | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 202.102.39.23:80 | open.play.cn | tcp |
| CN | 202.102.39.23:80 | open.play.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 180.96.49.15:80 | open.play.cn | tcp |
| CN | 180.96.49.15:80 | open.play.cn | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 180.96.49.16:80 | open.play.cn | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 202.102.39.23:80 | open.play.cn | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 216.58.213.2:443 | tcp | |
| CN | 180.96.49.15:80 | open.play.cn | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| CN | 180.96.49.16:80 | open.play.cn | tcp |
| CN | 180.96.63.72:12370 | tcp | |
| CN | 202.102.39.23:80 | open.play.cn | tcp |
| CN | 180.96.49.15:80 | open.play.cn | tcp |
| CN | 180.96.49.16:80 | open.play.cn | tcp |
| CN | 202.102.39.23:80 | open.play.cn | tcp |
| CN | 180.96.49.15:80 | open.play.cn | tcp |
Files
/data/data/com.sostation.jelly.egame/files/umeng_it.cache
| MD5 | cb07c8a889fe6847e8a4d5591abcce26 |
| SHA1 | 054af6781144f212011d563994f3d0f1c060f538 |
| SHA256 | 41cee9e6b272286ccb59d569e1253f31c36f6f66e1992efe03b10f379849d626 |
| SHA512 | 93f6a42fb2774a1849e73bab67281a01369b650f049a0b1c559a84c221c166ca699d6fdd5c674fd863c81cdf96315834367259a98bfdef397c281e33c5a574db |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/EGAME_SDK.dat
| MD5 | fbf4254f512fc9c023450aef5dcacc59 |
| SHA1 | d6aad6960d397f6879d614dc5a1be8026c559f2e |
| SHA256 | 8094193904903d3d2dd0b3f9ac6fa39ddcf11ec5f692bb4d517a0712ce8c6566 |
| SHA512 | 6ad69a78677c96edba124b81964654df295c64bb68e80a87d587cecd6ac1132298389bcf52029abe9651805b4c08a3de8bf8024fb752b21c17e2c3786dbe2e6e |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/EGAME_SDK.jar
| MD5 | 8ec298e06ce454a9e1c45f902d42a7c6 |
| SHA1 | 9a56e4b4c0c4a1432411be4ffd323495a2710903 |
| SHA256 | 973ee2ea592b761063cd1c89259224deba5ab06b9e525334378c0c28e64e0580 |
| SHA512 | 034747dff168dca55ba5d7d2dcf5748450b18b4aea76ecae11ad27badd3f64ec58ec2337b67ccb540900e103da3020545fd66f33b37565bfd9d2f43ccc7abf86 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi-v7a/libegame_unins.so
| MD5 | 4ac8b9299f851138d59287c5d2bd6c30 |
| SHA1 | 2822a089d1c823434c76b556ae77ddffd9407d0a |
| SHA256 | 250b37dcf03bec7d976595a1ab3a1604fc961ded716fc2ac223d9c6a67f41cf5 |
| SHA512 | 7bb01c81292f790bfa3d4900775051f95029582da3daf249b6f1a53ffc62acc2e51355c3989ffb1b0e275fdb4c4fb3a9c78652e4b3b210d61c3a06ae2f634b41 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi-v7a/libegamepay_private_dr2.so
| MD5 | ab9f6773a575c8de4a1f2f6199df245b |
| SHA1 | e9206da45fb6493580981e68cec66ba8479f5ebe |
| SHA256 | c1052286396277fb12c6e4a118af4eaff7cbca99c840e735cb6222abdaf66b33 |
| SHA512 | 33388772a2a344e692b41fd9874fee0797dc7d8779fec747c9f680282fc421b1a06f92ec689dbebeba579a68d57250bca8e84f8f86907b48bc4abf76a94bec44 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi/libegame_unins.so
| MD5 | bb1532b6c8a80fbea6c5458628948034 |
| SHA1 | 4da92103acbe46f19fbf4302646a2ac2a741975a |
| SHA256 | 3a2a0031cbe5fd845ef57a00f5e6bd1e5617377cef66fb14e85179dbce4f6dae |
| SHA512 | 8a3b35137286b8bcab0c3ace6ecfa286ea18bf4d3f3189e4465dd87065d8852737990186bf974b5c2814b466ddfa62cf499750a2391b81fde993540bfc7d3de9 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/armeabi/libegamepay_private_dr2.so
| MD5 | 83982b7cb5125dc3f2e2a5955d417ece |
| SHA1 | 74d9b8522189c308b676275a5088abed7f60629a |
| SHA256 | e7f2f2aa06b573b1cccd317196a5093fe682a566d4228c9eb08dadaf17987663 |
| SHA512 | 2cecd79ee850dbca22bb9fcdf483f4988259c55c91cb69a11b0cd008e9769968793d83fc0105a625ad12645d28d4912428e8fbdd80c32220ca84371ff0ead752 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/x86/libegame_unins.so
| MD5 | fd4d55cd8c896191225b2930285a1fff |
| SHA1 | 1ecbb9a9d07cb3a3c197916b44818b47bd7ea77c |
| SHA256 | 3caace0ed314c8633f8e2c3849b70a999c9fb45b86caf9a388c852e95e7a904b |
| SHA512 | f358c1672ddf2c7bf600ed0be279f5fa13ef907da670feac21f9152fbd79a00d1906fa1f8efba3a58b49b9326ca6c5075a64ce4c79851d3a480cf9f183e4ad27 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/libs/x86/libegamepay_private_dr2.so
| MD5 | 5e57434b7746ff976b020cd4f674daf0 |
| SHA1 | d0eef2af1ab8ab6bec69a322d784b605264539b6 |
| SHA256 | bfbb22b886a33416ba4b1b1297430edd7c7674f636cbc0928e9e435a97a8ef17 |
| SHA512 | 2b45b3539269bf71004626771f03cf5915c0c126fc18006d419221b00e0211858803247b8a65e11506c3b168f89b6de19ef674f76e0ef80d3343cff41a8ff5b7 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg.9.png
| MD5 | 85996169c0904a636e739760515c2ff4 |
| SHA1 | 82e721b2535d6e8fdf2b1c4bc0a466d3479388a1 |
| SHA256 | 95aa96df81ceb49cb8ec6f784a9d50fe06e1da534f9fcabbcc00b0d074a0c4ec |
| SHA512 | fd6d2ca8499754243c18ec147e5e2581c3e559f869df45036b5225e29c5f9533948dcc5bb46026acd7cbbe22da3d8e1222eb7ed1d076edf8f9e5cdb653a576a1 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_pay.9.png
| MD5 | 306910a9c26b4023dc828a828253df6f |
| SHA1 | a74eeceaa2446381e8864269aaee504d5d7f2355 |
| SHA256 | c56509f9417a1b71aeaf3eec1495f34ec5739323d59d969d97d6f4330e072d00 |
| SHA512 | d2f6a8655d2c7d32bdd88dcf5d8d80d71ec5a0610f1d11600fc93f550e189b9bd29d41ed783477a9c809a21be15445e2d9ad32b1e0d9ebc713708788ab4ec65c |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_ticket_left.9.png
| MD5 | 107104207c2e738468fa2cbb6641d38c |
| SHA1 | 823a0503e778fc7a965cae00f30fdc6123f08bfa |
| SHA256 | 3fec2c59a067c25860b18012ca81ba0469000111fd5fa007eac2a64fac0b4310 |
| SHA512 | 0c0a5cd9f0d795c9ca2ff6f02eed8d813e86f82cbc40e24e19581d404b5ec8aceaf537bc4a676d37d818fa649abff5b979a543104e5fac5b1bc2f9e53b7cf332 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_bg_ticket_right.9.png
| MD5 | 3e79f039402d36b3c9ee4680f4e0217d |
| SHA1 | 88874eebf64e5cf2ef92198b69e27f49f48aec72 |
| SHA256 | d61e6916c0d67e18942932aa60dcb4df36f59c3711761d6fdf7d9392712029de |
| SHA512 | df77780892a2a7d25b6415980a3688e1f70ea2af4ac13bcda69f33785417d35640e6f1d6f0995eb2fc50497c4b9ce91344f1551fed5714ad36413d5849d405bb |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_btn_green_normal.9.png
| MD5 | ebc9462970b289e7d10b2608cdb22e10 |
| SHA1 | ca00f7ab1ea5d4d76837b18e769ba9c63ed8f420 |
| SHA256 | d99cb760f6da9b522e2f2b5dbf279027aec7132a5c96fa1ed2b1af0989736f24 |
| SHA512 | 3c78cf5b1c9aeac02693c93ae8c873a1f837ec48702e104709ca80a3178cc92e2a78129e45b58ffe3379b105aa88dbaabd1d402dc5d25d1cd56a90cd84a14679 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_btn_green_pressed.9.png
| MD5 | 81460f507e1963c2ff2cb687d1d29578 |
| SHA1 | a04dd3092cec4978dbcc5fc5eebec21f14b80d5e |
| SHA256 | 66306007e8b05492b23717e57c42445031cb623604267dd8d965be0e72b189a2 |
| SHA512 | e17620909da66c617c1cce9f55a4bcf4521c9da39467f72d8f2594e6b6acb032066a6141705bfbd799f2a26596804e6c4c93ff8e6e75a30b0a97835ba6ca3723 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_back.png
| MD5 | a466825dea86cd34e2d2f58d78d3ae10 |
| SHA1 | bb9b58f6caefcd32d22efb59168600e582c2f3ac |
| SHA256 | 91c0857d3613b52f94d639bd4d272bae16f4e2ba60c80ef7ff41c610b4c25f67 |
| SHA512 | 8408f8f8840609d50648898fce99bd2daf9be8fa474eb677a9bfd55792d2bc6db4d47915b37d54ae9c7e1cebe0dc1da691cf48142d2cc81f5319a7594df192c7 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_close.png
| MD5 | 0c839da55657ecdca7191e1dedad016b |
| SHA1 | 842cbbd87750388080eb42e2fd26862d809bd788 |
| SHA256 | ca4f594db0729606c903df7a937cfb6a304b1f13d6b50dbb47da0db0b134cf93 |
| SHA512 | c1bbd0c3aa058346ac51e07a7e32aa0ad1f87e81f7f2314eca7b939fb7acd442fc050097f9c1743e50d8faab6698431ad6977e4ecebd81d60edae651636c0d64 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_loading.png
| MD5 | a123c792c60325730588e6069590446c |
| SHA1 | 75a9ec596ca66b2621804c80eb05d180f82dd4c6 |
| SHA256 | 19c3ab856b81ef0c8b2f5c57ebe8fc5930f1e780599690d6bd1288d8fce0e5f5 |
| SHA512 | 945550300bf4e47e89a682dcc14909142cb8ccc9205ec7217b4137d5ff3fe73188d9222125feeab0a56809cd6d236d1b1ee3bae572ea5003bafacdb8cb6893c4 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_pack_up.png
| MD5 | e58e0121d0e3b53f3d6bac2fbd5fe551 |
| SHA1 | b55693eae9208598a82461a562e711f1fa5d9f54 |
| SHA256 | 75a05abf39781d52ad9a8c867bbb85dae0e352e21c3d0715b1859672301354de |
| SHA512 | fc7c0bef9662a682b18be06306da9eeb309b5b658d28e68bac875c3acd6719d95f97b97bb4ab55d290aa84494aba3d7151d329f35f45e9e49e7dde1190ce53a2 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_password.png
| MD5 | e5a6df0bb2353af0bc472cf6bfa88b3f |
| SHA1 | e5f23f5c7576bb82fe1a9e33cf48e131ad7aec3a |
| SHA256 | a4124dadc3cec3912c877ac5ae4aa4450353cf9291ff5186b913a542ddb41502 |
| SHA512 | 024ddb20063074dc627d74b3cf83b606d6931933c3a93fee62f4852220f1c3a08862fa1f4a6acfd5a49e1580ca8bc8c64cf900aa0bb04450ffaa2a707199e44e |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_rmb.png
| MD5 | d66595713fc83b24304992251bc8894d |
| SHA1 | b43bd6cf37f0836410e2369e708ab56f0acdd7e7 |
| SHA256 | f6ef599c20f8a5fd17874471eecdd3b5c47feb3d76cfd4537f9f18c93dbcda5e |
| SHA512 | 3ae323d54f94c8c53bc3ef901e6349b1f6a531b46a255d4f8661b38d271b9903435d7465247ac1a593ab20b45c12a1de7c3f56b9489f8bc77a21b369732f2c6b |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_selected.png
| MD5 | eddf664c3b9acd07ead98b3374f67540 |
| SHA1 | f526117595a0a37358a6bdf07a21233578f40252 |
| SHA256 | 1316a6cdc736f6f5417b24692cdffbe10da28212bcbd577b4bf584506807ca5d |
| SHA512 | 049302b92ebf76c247b9e33f55d4403362ea8fe4c76e9da529a192d2dd40ff9dd4f7f87b1aa2af69382d3611ddb1ba420631a4b5a705f993e0897e87763f834f |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_spread_out.png
| MD5 | 81734938f3c867d68d283216bbc35079 |
| SHA1 | c29d2b03108405ab885eed2b82f699b0eb8f3b0e |
| SHA256 | ee837b4733de28e2aff1a2461ec51e17fc7c486193d7b1b052eef2723569ae6a |
| SHA512 | a9c0feac9960fadeb6eb73dcd3eda3a7069428f2b7b8be9182112f5b35323272ccd17b25355af9f3df8f038a668401fbcae8fb87878389f5ed4a687c0e107806 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_ticket_more.png
| MD5 | a3ff3505b0e2c317ab279f1dd2b55bf7 |
| SHA1 | 5a4d2ba5c0e072d73df9366eb962b99e71de710d |
| SHA256 | 7ab49226f6161038f2c32a66fe8cbce48cb23bc5bd297c51dcf3733f598ec7cf |
| SHA512 | f70e3915d4edf3c834cd38478d803b55f6fcfde6e6bd0054ca296d8a0739212a4056b8add5040143627aad6f84c29ebbb227e734a566b3059870eee1c0c06bc5 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_icon_unselected.png
| MD5 | 9d33a57565eb0368b42d3ca736c26d35 |
| SHA1 | 586b2a0fa3c26f515fedab6e646069f5c0994f13 |
| SHA256 | bf15beac9a696ff6fcd89911c31f4c500b501591f1e7ea5cd2aded937b739d4c |
| SHA512 | 812601f340beec8a515b965c5e4ecf0ff9e1adfcd0277816eb8c90ca4794b7a3223fd9043236009c9d451cc2d6e8f3d442e8bddfcdd182ccfb94bb40b2fd04a9 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_input_box.9.png
| MD5 | 67dc25252c015a5e79625e16d6327cea |
| SHA1 | 52db2b4676d9acbf29484741d4ed63188aba567c |
| SHA256 | 4ec2be8932dc13bfdb5062925db7069bbd1e380d51d1ee19f6b7e0e73eddb06b |
| SHA512 | 783180f84ab373ee0566b986101a2624b0c2a9c0b3e6df79ff3e2221cc23e5ab897e4c0a762ce1aafbc2fe1cdec69026a759f54c00842f4e355442863adfc012 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_aibei.png
| MD5 | 4a51839759cba0088d5a95c4dc3bf382 |
| SHA1 | b8c8ac75f00017ed45ba322afb0f2055e10584c8 |
| SHA256 | 4d2b94f542ccfd5e59fc522cb2eed2a91300b67e32dfacb87106f7c4b73cb40f |
| SHA512 | 15f05091bc84be0e8635f2082aed45661acf2f69fab1b9b3fe528731b8f562ff0f0f8f138951b87c8afdeff87144489a97cca74f297655e7c3292b0107118c90 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_huafei.png
| MD5 | 50e112e7a0114d321d21610be6436130 |
| SHA1 | 1bdf4e5795499572e791c866ebbe82f71cd9ed7c |
| SHA256 | e8695daf6ee2c38647209f0c747e9d0639174ff665ebf9022e1e07150d92e961 |
| SHA512 | 45164afd51d4e468f8aac42096c25a2cf45ff4b74b3485814a64b79a2b4c2d3726a141c1b2cb33672d3c202dd2462c8af62e00ca6e48e9d5fe0d67ea062e19ab |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_more.png
| MD5 | 9c58e73de495a078eeb2918d89595d49 |
| SHA1 | 89ebb0c68ad2c2b816f8bc3276a04b34b965ad2f |
| SHA256 | d794b021d8f16d5ab595cd382b2cfd22baa7666e0c46a1f02aec1635d6fe6e08 |
| SHA512 | 41a523393962e943b33df2d3841b0f4bb90143b8976884f300a4f7f7b2c1aad40af6136fe94ea234404272c771b7f45767a79cc596ddaf86475afcb27ab45ca0 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_yinlian.png
| MD5 | 1f4334a263bccefc2b02ada18881c17d |
| SHA1 | a5d2750cf0caab0ff2147cec94f801d1cef507e6 |
| SHA256 | 3d6814ef45fc95e2054ec20d110d4f5ab4fe4ff828404445c55e69a0a917b0c1 |
| SHA512 | 37af9c40340fd764e567f54a3356504b3aec7d9aea86bfd882ef77687bab5f17fb1196820a4e4626754b1fa7d85bc6a6405d558066282f1e3dd49de34ecae8c2 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_yizhifu.png
| MD5 | 2144cf73bf37aaba54a22f73b679f20e |
| SHA1 | 626df85df145f21ae98d1d05c741531f34dbbebb |
| SHA256 | 8ba8e23618d6d00a78fdebf34948b8cb756f9bd3c4e5ef20f775947ddc6b97fd |
| SHA512 | 33d394bbc95be8b7735e75967b1d432fc13f81e687612adebdd6ac2a608f7d8974335883f92ea8dc2aa6fd94ee0037b062360097ec22a791492ba9786238f7b7 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_logo_zhifubao.png
| MD5 | 08a5a9dfce6b863d35492162aadd6be9 |
| SHA1 | 02383f0a977f0c25624edd5538b008472031fc37 |
| SHA256 | 490c9faf65f2955bbaa3e06c41fd839bd1b49b397fe7508fd8188e14597ffbe5 |
| SHA512 | bcacd6159f4ab47d127ec10a29624ec63c33506e79a0936769d38c35437e8140dfce1c3dd5b4f14a2292a05c162ff9dc75ac78534b80bc4fa8371d78416cbad4 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_left.9.png
| MD5 | 3677e4cac84d0c8b7f16a1bc87ce71d8 |
| SHA1 | 8f2d6020a38ab8df48bd1d09acbdea9d3ca66fa7 |
| SHA256 | bed6d5db950aba7596bc2cf2910504e5ed95cf69b80b37cd84969cb1e500d7e0 |
| SHA512 | 9e80d8145bb4afdc98eeed6e1e97a2fe2c1fd490ffca4020ec76ac9ffdb60734764eba77e0752d951fa97ecb4e9d75ca8fb117ab2dc7797c7b3e8c06488bbfcc |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_mid.9.png
| MD5 | 4613229fabf04cdcc9e1ec118f524f12 |
| SHA1 | 835207bc8c2bc0ddef9080a90ba0dab32fa14bb7 |
| SHA256 | 003b6ce5fd57fcbb33cbcf0ef08a8cfbb3c84f2b9a3dbb3d974a68ba3afbf890 |
| SHA512 | 7d9d7a73941c1d9ba52e34301385c601da5f7726ea7597ebe8c3d201f7ffa1911fc72916c94428f17863ac045a72c89ec202c04d577048d6e0a4e46c32656a18 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_password_input_box_right.9.png
| MD5 | 0ed0b9eb964d4ceb2a7d3ef7e3ae38d2 |
| SHA1 | 60f5cba570ae369f3b10a176ce892b10cf368562 |
| SHA256 | 1bb399f4595b4bc68138ca091a6f1b30200d88aedeb6cb9b57f9a74e545ad4f0 |
| SHA512 | b232c14bf3fb56bfe065d62fe1adab1a8a0a28906d04757e09dec6c5ce7d24a5be0396fba1ea5538f01b4c7fe39dc36c74c2119454457c30cd1a274e863b909c |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_pressed.9.png
| MD5 | 3610fe19ea433e195be9b31ce3b6fbd2 |
| SHA1 | a5214ba22b4cf4b6f5cebc997ea3b6f11ce9ab2c |
| SHA256 | 517ea5132a902800e99fbe1af03bcdebdcb13f18d38a64e0ca55eab87b530f73 |
| SHA512 | 7eadbb024d970a7a243705653e65778d89c4fcfe8028c51056b7fa173e5175acaae7ec434a9585da6b3f5ba3dc4d275f667fd44b95196d155556b0342ae47e9a |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_tag_selected.9.png
| MD5 | 2b6f10a9af4ac3be44ea147f97811d71 |
| SHA1 | 25817667ec580a1dadb6be9bad210963b58107ab |
| SHA256 | cbcecafc939a68445d187c96c23506c8fe708f92250b40fcf7fb0880086b432e |
| SHA512 | a9f55afc77198ad64f467c9df6fe164fe50350de48dbaeacc81d1b21e87afc17cdb7ee5d9eca180de51fc564320aa317bfd3b737b8a95b1f64cee8dc1bdb78a9 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/images/egame_sdk_tag_unselected.9.png
| MD5 | 120e7504db94c91e51caace46836559e |
| SHA1 | ea53130f03b22d48205e83a7a9a591d0c12c1a54 |
| SHA256 | 1d64818362b62daa01bb9bbc193d51b8d62694b40b6dcb1687efd9d5aaa519c6 |
| SHA512 | ca766995d31e1ec57dd50e2abf9ba34b76b0956394c4f4fa100104e5ec965893172380b34bc95ed38d45ba8cbe46dc181b9da4d916870d3ed8a5dd869b517644 |
/data/data/com.sostation.jelly.egame/egame/EGAME_111/Signature
| MD5 | c7e781957e7f1c5b4b1848dec0629571 |
| SHA1 | ec7fd481c9d01a02255a752e8f6f2826625c1922 |
| SHA256 | e42bfe4c5eb8e78d76d41c1d974d7abf5693397c52769174181e0c1ecb1f968b |
| SHA512 | 40c5d34957bacabdc134f427a9f304eaf6a97f69610cdf0269f10caab4c5b45a6c7affd6b1ffda06a35c745f1a809672513b0e26f7a95fa8daa0493c391ecc4f |
/data/data/com.sostation.jelly.egame/cache/egame_s7559334599333299863.tmp
| MD5 | 29fb485c35121af5305fcc1995dd7daa |
| SHA1 | 0c76a1869ffdc8c6eb14a96023c22dbd07705433 |
| SHA256 | aca0691f1b10c8d5cb242ea5eb64bc9efb8117c5cb3b83bfe959162ccb9d5dbf |
| SHA512 | f32110ecba2bc1056125b1082d4484cb442e203903a6133c6bc4fb59e02470503123a2c6bfa429d4eb85cd42e01381446964e0a1a982afef3135b2a3310cf32a |
/data/data/com.sostation.jelly.egame/files/egame_temp.jar
| MD5 | f250432700252c1cb6ebbaf3c39cb3bf |
| SHA1 | 2738aea79b252ae73a2d400dc58818180f0ed740 |
| SHA256 | d60258e4bd0082add36203020e7d10d7e583a21f78026de903a26e180f8253fe |
| SHA512 | f66afa5f9f963f3392c881ee3f04864d92f8a888a83312ca2752411ba09af88a3c90cdecc906cab4056ce9f4a18673b50466cb1b3cea9c4d4df550dff1acf668 |
/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar
| MD5 | c1b2345956f1d5c060e1ab163bf2916c |
| SHA1 | 274e9431471ff897790694fbd406cc3c1fd91d1c |
| SHA256 | d7d2234eccc87171254d25d8cc94e4b6c5babe702eb471304bb52aaf290469b5 |
| SHA512 | 149c7b63e6b577d64ac4afd88d8c58646aba635ba224b1aea0cfe256970af3f7a483941b113ecb37adc73e9563921c7d661ba53c67a5fa0b999d56216005d35a |
/data/user/0/com.sostation.jelly.egame/files/egame_temp.jar
| MD5 | e2c11366bace2f76b267d6d1c6784a74 |
| SHA1 | acd93f498d4418439bb5a37a10d62ca5cb88b222 |
| SHA256 | a0cfbf59bbbfcdca64cce0b9f67e58818e55de7a021fad9e2ae8f5f201ec532b |
| SHA512 | 7c5f5123f0a01a372abdd548da3456d9bae5b259d1ae055559bcf6b7f5b71dbcc5ad8397ffc4962bdc76d34394dd683744356e411688593023322b6e8be9f239 |
/data/user/0/com.sostation.jelly.egame/egame_ds.jar
| MD5 | 3baf6f9943abf2018e3f06e80f413c30 |
| SHA1 | f6d775f72b6f23660d9658254f93411378db20f8 |
| SHA256 | 4d3d2e46fe3eac4391a4f37557f4fa205800f24c06d25c6e253c9f5a03ffd6f1 |
| SHA512 | 37bc6b931d910982126a97db22c1746bb1b8b4a8bb85f898be209d5d625190fe7f57c06b7fb0512cbdb9d5201fd8a6cafa54b7e2a499c07445cd394c050a3d2f |
/data/data/com.sostation.jelly.egame/files/mobclick_agent_sealed_com.sostation.jelly.egame
| MD5 | ad81ffaabd31f7697e6503ec351ba3a7 |
| SHA1 | 522fe1848f5940595a04e6a581924b8e871a1997 |
| SHA256 | e30ecee19d5976e6a71dd15feea2915665250fcaa296a82d9c04bfefbdf07fac |
| SHA512 | 69690a317bf69f17b9ff0cbd0c554eeebb0ab4c72c540de0754a84e3f031cc31caed6237b09caef79a2d7980252cc053fb9dc20a08bd161d69360593fa9c9d01 |
/data/data/com.sostation.jelly.egame/files/egame_log_cached_file.log
| MD5 | ab0778474ec5d808d6ae6a689fc970b4 |
| SHA1 | c569d448ccf052fe8a14ff4037e0d56e97960f2d |
| SHA256 | 088ed54ca745688dfd6323486c66381b64eae9ac51635b64445ff7df7f6241c2 |
| SHA512 | 523c1995f5064ccad0606edfd3863bc1eeb805962e63a2938047ad99a8715a9f3db850ebc3e1eeabd2fcd776c162cf60d5a169a3e78d955f8bb30ed12fa68ed1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:53
Platform
android-x86-arm-20240603-en
Max time kernel
12s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.mumayi.market.ui
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | eggserver.mumayi.com | udp |
| US | 1.1.1.1:53 | xmlso.mumayi.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 42.62.3.197:80 | xmlso.mumayi.com | tcp |
| CN | 42.62.3.197:80 | xmlso.mumayi.com | tcp |
| US | 1.1.1.1:53 | xml.mumayi.com | udp |
| CN | 42.62.3.197:80 | xml.mumayi.com | tcp |
| CN | 42.62.3.197:80 | xml.mumayi.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 3ddf493364781dd08fc75dd9777ac764 |
| SHA1 | 493e8a798d9e0de4a6e4268a305480f64430e246 |
| SHA256 | 64c84e084b48ff861aa86aed831f62e50845f187df8e0402f4a602ce0bb363ca |
| SHA512 | 78f476e069e1e994b9cd0b2de573795f712b6d319ab7e8f1dcf3fe21b0cb4e9aa7306f82f1bdde43b92db9ea912061a9b8893692cc04ee8587a1c39dba127430 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 53b6b2ff2f96cd425bc90457942b2996 |
| SHA1 | 28e9f5e5e578e571e775b2674b06eff00af909a1 |
| SHA256 | 2ee0a12e26258bb54ce670173151e9395564dd96f4f7dfc599629a37242a0e1e |
| SHA512 | d7c1ce798c837f7d89165138f008c65cc92ba2127827be99e2027cf09ec69d643da9191912c7db188edce574e54d2b9c0b41d1d296ffd16520eed76f94e2f017 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 894d1fdfead11975fbfb36542dd3a99c |
| SHA1 | 423d15e6ca2b1ce14fa5a6ab6713c0eb06fb711c |
| SHA256 | 2faefa20d63c48877dce9f293ab7558ff061dfe03a8f51cf75cbb93f4253eff6 |
| SHA512 | 4094eae8a61b3a3180e5040a94f54d0bd7066f5986076a5c1da718cc48c9a85cce2be9c0d0b637185a37c8fc4310c93250000678deadff3d2181ceed43b27f1b |
/storage/emulated/0/mumayi/alreadyIntstall/intstall.db
| MD5 | a4e4d2d16cc0901cacbf1734e54fc486 |
| SHA1 | b688d79ce2659a373b1e530c4444f1a72979b4e7 |
| SHA256 | d356a4ce00b1a82ef93085df99f0641a94501bc17aadc82a043b4ea24fd1e953 |
| SHA512 | 335c93af3517f868f0b1c025e4834c66debb80f15124023aa4500a9212e07c455a85409d2ad5bbe308c6d763de7d6bb757f3625c4ad3f0cbd3784f67829c0bbe |
/data/data/com.mumayi.market.ui/files/umeng_it.cache
| MD5 | 3ae7885a3cee2a1e36ce30b8bf4f162c |
| SHA1 | 3b9e5903d5cfed6b47c15558400214c239125ddb |
| SHA256 | 2784fe355c27a157ed13ac474ff8a5a89a9c2c3d449a64ac308aa728256d5927 |
| SHA512 | a7385f6ca9db7718979d4f060f679fb5464fc91c2eac5008db7065511bced77d7261869f9696f748b2c588f3c6bfc494b4d3ae0bfb9e9d3dca3bd8a8c7e01901 |
/storage/emulated/0/system/android/mt/my.dat
| MD5 | b35b0cb70712626cd5eba5433ab312fd |
| SHA1 | 2c9c1c56e999f0983259a2ca110caddb63a20ae4 |
| SHA256 | 6e07237854ae3ada9e905f3d57523b1450f98d67255c79276836f994c990c132 |
| SHA512 | 86cf406beccd2bb9bf86e92d7c63f478115c9eb8361f4b13b366846c0d9f39e480858fd46d51ea501b18e8f320ed0b139a76d6f9f10660a63ed66d5129b2fd97 |
/data/data/com.mumayi.market.ui/databases/mumayi-journal
| MD5 | 3b1b68553bc52379f4861c7f45604c5c |
| SHA1 | 786e93c6106ac9647080d6206ccbd04f2679acd8 |
| SHA256 | 087eaff03412a4ea91f957b4a70d58d00e6f5cff9dc15890e0cb7f7bca4377a4 |
| SHA512 | ee58e2ea7b95e88bf56e6732035c24272b10f9e1330924081b3330e9c1de01ffce0ad14616eba80fcbb30dd631806a4dc4070266a55fc7866122aea1e10ae4c1 |
/data/data/com.mumayi.market.ui/databases/mumayi
| MD5 | 2682fd1b37f7bdecb7e59ec3c150802f |
| SHA1 | 432456a7930584aa85d70e8de5e306b02a645c40 |
| SHA256 | f12f144668cbade91dc24cd39653541cb621868e2735ea2cb6603834ebc491d7 |
| SHA512 | c419d9f9943f6ed78bbfdb98f1eb96dc0b09e15f63e10dea367fdd4baaff9db761fa60a9c3c6bf0b4260592404258b960aeef46b8d239f4b9fc7a8a129adf66b |
/data/data/com.mumayi.market.ui/databases/mumayi-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mumayi.market.ui/databases/mumayi-wal
| MD5 | 65cd6ff3cd3363705bc58fff0a7cca5d |
| SHA1 | cddb0fc1372866b7f08a3f56ed83284fa03c5b36 |
| SHA256 | a54dd55553fe5a530fe0f80d266d83daff1bef2516c715f09661820e43e7a12f |
| SHA512 | 1f6c8c632704f63bd800b6476e5e29285fa9231e6ac95074880889c3145891fc0ef864e48ab5d067f420a8650e85969995d1cb1a8ac6a6860b00436323c64b58 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:50
Platform
android-33-x64-arm64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:53
Platform
android-x86-arm-20240603-en
Max time network
131s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:53
Platform
android-x64-20240603-en
Max time network
178s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 142.250.179.234:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-10 14:50
Reported
2024-06-10 14:53
Platform
android-x64-arm64-20240603-en
Max time network
132s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |