Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-xecmjawdre
Target 9ba1123874c05f41691233c4598a3324_JaffaCakes118
SHA256 e57abf603d989b510c00eaebdc510be0e826b7e9324e79b00b66224756708417
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e57abf603d989b510c00eaebdc510be0e826b7e9324e79b00b66224756708417

Threat Level: Shows suspicious behavior

The file 9ba1123874c05f41691233c4598a3324_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 18:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 18:45

Reported

2024-06-10 18:49

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

190s

Command Line

tv.acfundanmaku.video

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/tv.acfundanmaku.video/app_plugin/PlayerUIApk.apk N/A N/A
N/A /data/user/0/tv.acfundanmaku.video/app_plugin/PlayerUIApk.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

tv.acfundanmaku.video

tv.acfundanmaku.video:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.app.acfun.cn udp
US 1.1.1.1:53 apipc.app.acfun.cn udp
CN 39.107.146.21:443 apipc.app.acfun.cn tcp
CN 39.105.227.129:80 apipc.app.acfun.cn tcp
US 1.1.1.1:53 k.youku.com udp
US 1.1.1.1:53 k.youku.com udp
US 1.1.1.1:53 l.youku.com udp
US 1.1.1.1:53 l.youku.com udp
US 1.1.1.1:53 m.irs01.com udp
CN 39.106.233.111:443 apipc.app.acfun.cn tcp
US 1.1.1.1:53 api.aixifan.com udp
CN 39.105.227.129:80 api.aixifan.com tcp
US 1.1.1.1:53 sdk.m.youku.com udp
HK 47.246.99.254:80 sdk.m.youku.com tcp
CN 39.105.227.129:443 api.aixifan.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.53.90:19000 s.jpush.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 39.107.146.21:443 api.aixifan.com tcp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 39.107.146.21:443 api.aixifan.com tcp
CN 39.105.227.129:80 api.aixifan.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 39.106.233.111:443 api.aixifan.com tcp
HK 47.246.99.254:80 sdk.m.youku.com tcp
CN 39.106.233.111:443 api.aixifan.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 39.105.227.129:443 api.aixifan.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 39.105.227.129:443 api.aixifan.com tcp
CN 39.107.146.21:443 api.aixifan.com tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 39.107.146.21:80 api.aixifan.com tcp
US 1.1.1.1:53 appreport.app.acfun.cn udp
CN 113.31.17.108:19000 udp
CN 39.106.233.111:443 api.aixifan.com tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 39.105.227.129:443 api.aixifan.com tcp
CN 113.31.17.106:7000 tcp
CN 39.107.146.21:80 api.aixifan.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:3000 im64.jpush.cn tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 113.31.17.106:7000 tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 124.70.211.119:3000 im64.jpush.cn tcp
CN 39.105.227.129:80 api.aixifan.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 39.105.227.129:80 api.aixifan.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 124.70.211.119:3000 im64.jpush.cn tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 tongji.aixifan.com udp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 39.107.146.21:80 api.aixifan.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 124.70.211.119:3000 im64.jpush.cn tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 39.106.233.111:80 api.aixifan.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/tv.acfundanmaku.video/databases/acfun_db-journal

MD5 43d30f479d7daf8b11b7a660954f1127
SHA1 4cf4311532dcb92cfac0557a2c091dad617ea05a
SHA256 fe95537248d46a5bc59dd82c6a4b921de108bf2597803adcf1b2234ad4065ed7
SHA512 b4ecff25876c2f358bd6f6e057349481a89cebc2a7d3fe886f03bc4477b9e0bd8ea5205090e135546ee4ccfc25239149f8aa6cb26eceb9ad9e1ff546ca453306

/data/data/tv.acfundanmaku.video/databases/acfun_db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/tv.acfundanmaku.video/databases/acfun_db-shm

MD5 bdcae66e6e713580a8fdb2f1321b7e1c
SHA1 dc4d0ade0cbd14c9cb45a52a6bd657a5d1a29594
SHA256 2a92cadd4a77e903c7f0bf50d039d59492ef0223863b6ef6cdee07494a12cc19
SHA512 d238f509e185b68277da7eac5fd52744a0b45877496cc0c38c0824b88ac1627eaf7b9b35bb37e5ad8c3a6f367e1d579966ad3d2daebd55b34df15acfecbc4804

/data/data/tv.acfundanmaku.video/databases/acfun_db-wal

MD5 478ce58b7f923078f27b0bbc6b45d31b
SHA1 7c6d037ea6e1972866b44f1554a148b85bf3edb7
SHA256 b267417cc0f9b4eaa5edf46b4e03be378f29aa65e3e5a7bcb7fb31f2fd57bdaa
SHA512 c2c994bb4b4c76c4d25fe25f89dfea8774258e6148f207254074f374b32617e5b92a633fb2647b3427958940a6a008381a444795a1667b94151a4859293e1e9b

/data/data/tv.acfundanmaku.video/databases/acfun_db-wal

MD5 c5d7fa23804fad22e0e25379956dc445
SHA1 414eda3f60c3f04e81f5c6afbd953c4c6d18c3b9
SHA256 fbea143e6ddc84534eecf34cfcea6ec9807e43a435ef755882c1cca76b142509
SHA512 dbc41ebff2e72a4c727b4b5b5937c07091fbc0aecd935b2f9dfe0ad970729d466480903e3d555183a40bbd55f40c67f9a044c7aa6213e84d12b4d35fd7e7795c

/data/user/0/tv.acfundanmaku.video/app_plugin/PlayerUIApk.apk

MD5 d1d47fa4a170b9d475d65bfeaf8407df
SHA1 77dbb78b8e2b4eb98632be7f04f1f5fd2b29cf16
SHA256 d9cf83e69a7c2a60dc651bb8d165b9b4138e9ea908af0782e827939e13ad985a
SHA512 67d76e55f842223c57e39c3a0ceb9a1ffa58e8d20a8e2ab6c2b52db838eeaab59276a5f2a966df2b4f28f6765a0deedb7bf72cc9a589eda3f2bb64c20ab87b08

/storage/emulated/0/Android/data/tv.acfundanmaku.video/cache/youku_video_cache/NA/8VCnU3

MD5 f30a8b2f91273240fea6523a5d8981cb
SHA1 4ebe6b79f401c6c388e188ff19e8d9434e9ea75d
SHA256 4b848581607967d9566a83fa1492d69b21897ecb53de164db76d240cc0cdbe07
SHA512 8545703cc58c22081481431cca26e81d132148a9d31ecd0e5298576e1506f00a6d81342b72e200abb8b81abc9c1a5024af51d75661aefbd87db8b321be506dd3

/data/data/tv.acfundanmaku.video/databases/_ire-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/Android/data/tv.acfundanmaku.video/cache/youku_video_cache/NA/Dssge1

MD5 0dd080d074afc6e0f226f3acfe2d2d27
SHA1 fbea7c46d88b46c1802c5e9d4ea87fc08e572960
SHA256 e748e4f29ac548294b8551121930fc4b365a5847921369a7f6c3bd8b7c939ee4
SHA512 9286a3d4e5c94846a73e6d22ff80fd28584db618c04696e43aca078ce4c9e19170dea32efe6df3f00bda75219e233a5f30e960cfdb053b8bfed42dbb122f90d6

/storage/emulated/0/.stats/stats.file

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/tv.acfundanmaku.video/databases/download_file.db-journal

MD5 d84c884f0ddb7cbd8c0871ea74e21533
SHA1 76298d01dab8c34e22a07a870d96b63983992893
SHA256 07216ba2ff561776c7533f6070bbb524333f5d45a92968ad7f19a62bea4c11fa
SHA512 bb0a9bef8aeb06cfd08a7e3e7d2508f15e49edb562cdebef2ee2fd475d4afbd857ef08139a648aac40e50ed8e917822001b4cf6690effb1c66d216c6874a23ec

/data/data/tv.acfundanmaku.video/databases/download_file.db

MD5 efffea6925b0aa66af7a83ce6f07b299
SHA1 a71eacb7ac258b2b51f2bc8ea2097bfca15f751c
SHA256 19c2a161602f3367ec4de8d1a18a6a117e0565b71280d58aae2c66349e8732bc
SHA512 a9487cf103e455b9ec0e940a603869debdc4a1e4099c4c9d3c23f7909097493fc42dc6019ecff6d56559e05722e2ae05432314a14bec60a8c4aa5e9c2e9c3ceb

/data/data/tv.acfundanmaku.video/databases/download_file.db-shm

MD5 52528c42df62a4e85319b24c2cf6d165
SHA1 a4a2ec148f6a203532f7d912a2cb78825e7c466c
SHA256 c277d9b221c17a78cb5aa8e7c1747c8135362d255bf46faa3f251ec83445aab4
SHA512 1723d61bf9eed6d04d6733d3c5e412e308f38e432e9c7188200a49483ab72cc6c7dea0349266a51cf2136eab10cc14fe88e3cc505774cfcf5deecb745c332b08

/data/data/tv.acfundanmaku.video/databases/download_file.db-wal

MD5 9deb9a0c38979db9fecb7d20c9425b05
SHA1 978b6fa43bd42a5be58106c0dfd54201b2db91be
SHA256 c9cf2f41fad794f02d6501f5da1da3f4a48ffe845a8afd34cbf85d6a9fae7779
SHA512 88140e2b1854f32c13304eefdeaf70b4d34bacb0d311ba7ee29fe64286b935cda58344186756ef08a896767b26472928b69cf19fa038c26d7416e191b5297195

/data/data/tv.acfundanmaku.video/databases/tv.acfundanmaku.video-journal

MD5 c46e7c1267b9d22530d0301add853c13
SHA1 b868eabc1e7c7b8ce9736def5febe1687aa7b3b9
SHA256 6e89f6962d7de28754c57415820280505cba3a0e6397f81bf3e843b4d91454d0
SHA512 9e88889b52fad9466d9be55d775b564a226d52cfd94a210995a9121cc039586fc061a679b6fac25afc45c3a202191b7f258010dabd8c9410967cdc74ac220682

/data/data/tv.acfundanmaku.video/databases/tv.acfundanmaku.video-wal

MD5 97040c556b76619fe1637d8130709f03
SHA1 be2aee8645c463dd73479c458b5d4d4dbcc43be1
SHA256 8e3c13d606909abe3ef934014fad176992140779d39e09ef0ebab96432bfe383
SHA512 6e7ff82d4effb32d9976a0a1e21c9ff43cd2165412081b9d91051272848bb5f4538bc396035b3203a47e3baf1d8ead476328f915a8e7a7aeedbf8f9010947d38

/data/data/tv.acfundanmaku.video/databases/cc/cc.db-journal

MD5 c28afa472bcde4e233edf91f2058c0ff
SHA1 cc41038d2b8c5e9fc204c657de50089477f125ef
SHA256 9ab03e813662d2b0097ade0ca22f1dd8ea6cb6b825f2387db2fba979c4980793
SHA512 e6eb22086de13605acef09c67d6ddcda57dbf624005823f435f122c558bc30690454853af0b5af3f885e3f2733d42c107fc2b6eb09507fda3882183592ffcc38

/data/data/tv.acfundanmaku.video/databases/cc/cc.db

MD5 0c953ec7f07d0dae8765f39b307f952a
SHA1 0cbe7504afccb533cdd91dc345eaa76c12020914
SHA256 9d684b7830b613527a3f5a9475091b2efce5a12d2742c415f45ea3c6074c7682
SHA512 08cb7e1c3a2cbac69611e346186ec1196b780a44192376d109696281a38af47b12cb281b35f1d20c9fb685ebe4c3c931383ed2dafee6097aa846873848405549

/data/data/tv.acfundanmaku.video/databases/cc/cc.db-wal

MD5 4b80233f12f17422f30af953a7465401
SHA1 3732a7110895eb6492e900f3334eb78e71b67dcb
SHA256 afff8477d9fd2660fd68c1de4ae4ff6a5e98e34f925d76903e2da1153952aaa6
SHA512 2b6e69e3e7e15e816d1763cf249e75fb9664a52bc2b38b46b76d738aaf1bf359e6e2fb5040ee67bad45c12c37296f96457e8b20dce2efcf73c2488949ad3490e

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db-journal

MD5 906274a64e4c1ba3bf27a4cbd12f51a6
SHA1 8de9766f0159e04d06d04318e6f344e764527e9d
SHA256 4f0c31dd8bcbdf2d44cf0e0f63f3dc2b8fefe3f01750db2d3501dfee705ee91b
SHA512 34526ba930b526aee5ab01146d9643cbcb202fe7f8c83967baca1b4070bbb7766233fa0379b6c68d7667d3a12ffd8f7abbaaca6a8df7cbfbd77812408fc2c140

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db

MD5 41738d1392d8cee08f388726a022b248
SHA1 e4b343edc1a941cf77696ee63e84873e4e973999
SHA256 d045d0b1432c95706e4c3d9c1c1a07b7292ddd86a9a9c9ee632a26fb584d689e
SHA512 d0ab32c4376b6a86fb8bc21d696eb7fcf3eb3799cab253da1b96bacfb15d5eec439b2284cca818361d503868cab70325d302a15d774fab6ee7c8c5a81709d832

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db-wal

MD5 7ef4ef9ae075444acc95993f7a582ec8
SHA1 ff6f59bdef48d5381b5ffd2ba2dda6ef29f05ec2
SHA256 fb4f828d2f381dea69eac91be259917c7637a4728e5e4e3d1be6e546d7610452
SHA512 401c76450dc298ee36b34eb12ab204a55ae43f5a88d358bbd92b908e2834f27db5b63d93c92a1ee081a410552ef48656a5c96d9f0e3a327692e1bae40024d2b1

/data/data/tv.acfundanmaku.video/files/counter_tv.acfundanmaku.video

MD5 c80fb7d96b7badc3a3c59120fa69bcad
SHA1 508d4633d1076d3c60ebef90746caa4de06303b9
SHA256 ea2622a70334e49b0ad0faa1dff0fe905fa20aeec735218f64dcbd57d6da84d3
SHA512 72e9e7ce40fcb0c6ad2d8b2a795c9f41355595be6e26aacaac27879ffa67a7a9d944aa52678dd3d0ee2635a2b426d440f9d4361b198ae34fa0c2fbee3a5fa724

/storage/emulated/0/YoukuAnalytics_Log/tv.acfundanmaku.video/YoukuAnalytics_Event_Cache.txt

MD5 78fe8e44d6cdc1137d608b63d6ac511a
SHA1 9cf999b666fb4d196c91cacfc36914ba635cf8cb
SHA256 38bfcc35928b0e60e045254935b50d41faa1cbf1f32c7b3407495fea9230f3c6
SHA512 6a8eba8fe9b507b2c4b13541b52c756cb3f139bde70d20ad41419afba80ba2760e7e84a133e3388b114123580f42a015f179a6dff5b65550aaaa96b795204455

/data/data/tv.acfundanmaku.video/files/umeng_it.cache

MD5 89e4764b5f2b3c80db8e1f1e03dee5ad
SHA1 734aa01bba32fbb829481476c60811072ae1298c
SHA256 d85b02f8e11edd3f23a77d2fc074b3a9ac1eb058bf0071f9ce82c95ea33dc74a
SHA512 b2634923f7d03ebf228a86e022cdcc3c4728efffeeb9243f7824ab673932600588366c70adaf03bdd3d062920733922159087d11004fef8fc4d59b993941b140

/data/data/tv.acfundanmaku.video/files/.umeng/exchangeIdentity.json

MD5 a34ff4bc9e6c1f190f24a7e875cc584e
SHA1 406ddfd3a5c752a26d19241b861e8a27adc1d45c
SHA256 6b4d015d8fb8a7fbbbcbe3da1124d5fd13bde5f1e1d627a3d113800a24857427
SHA512 3b9ea1f123147ee342dcce1105ac2af62a6ba07eed3a383e93d2eb02265d104b374bff7a67dd97ec25c86844574743667b5580741ff6301273d5dd8c7c7d1e1a

/data/data/tv.acfundanmaku.video/files/exid.dat

MD5 4e5abb292c2f3f6b359dd2c9f1c41cd3
SHA1 fca9b5eb4b43c2ef03244ca3fcd2faf35a46ed9b
SHA256 7f05ad153df960e2fb584abbbc480c733b10f5b91b0d5acd6e2217f8bfe2aa5c
SHA512 d2d5803a1f4be192566f670d3b18016271fa5dc8636a9d98df31b8a395a68f833c21d40e975d0ddca10a13927fc6f4cc1fcb557b7de8e4a8af8491af55592df9

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db-wal

MD5 561f21e18a48b9bad9f2ca5f178fb737
SHA1 965803fea6c246128671231472e8c478f7a8f00a
SHA256 5ac614d8b955b9b5b9aa9967c7abb1460a76fd00b96fd93f1c66fe83c049035e
SHA512 009f21d25f420fe25564e8841b86df3ae6f8dda407801bcaf977f5f25563b47e89ac8b915b4ee2da7b9b82de9708c3fa5ee6cc7d3e3475d355b09e2bcbb3d8b3

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/tv.acfundanmaku.video/databases/cc/cc.db-wal

MD5 ff59f9cff064d883d4e3c92378a6d0d7
SHA1 417766f44719d968dfdf33dc16733acbed82b3e4
SHA256 07dcf322acbbcddf35bc7949ca8371c61924ca88593a1e89b921bc2c7466ae3d
SHA512 2344ff1d79254de10a2acea8e8868ebc2205fe85d319ad48e29782541c8fb99744721a095230ecf7159692cbf4e5aad94c2a8bf8a05f2c4b3c15460bdaf8f1d3

/data/data/tv.acfundanmaku.video/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db-wal

MD5 f99f5a6e75e259a1c1a6b9dd6de5aa51
SHA1 9cb007bace7fa6ccc6655d957a6b0a17a5e50269
SHA256 0be47e72bd5bdad2aae8a9a468dbcb819efbefe9f103a1c0f925ff5989d7e5ba
SHA512 e4515000ecfbdfb5a71090a7e3eaf98e9201288cf6da0702a902d1aa16c868169a813a9190d009bd51de8521af21984f8cacb7e1ae4ca01d8bba170fcd56a1d9

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db

MD5 537903ec1982a4dd76275e211f8ca1b0
SHA1 aa4747c8bf2ebc32a1697fae0e90fd45a406c594
SHA256 16927f5c8cb8633922409131fb0675b878d9a79b43f9db8ba05771dcba2c038c
SHA512 5271f9677d00ee7635c6d07b098dcb6b8c3318c58f1181dfd49ef1d8d671033ddfe542d0ae75d98a8cdb6c42bbff4b727f582d654cfa29153ec7e14352d6efa1

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db-wal

MD5 632444c69bc7200b918b38021bdebb78
SHA1 299d4c3c6c22dd35a6691bdcecc0df4b27625728
SHA256 00bdd7d88b3f13384292b44ab1154ca4fdafe554388a724584adc39afc9e1b6e
SHA512 a272c97b5a59ae97d27903f894a7f083d78e884fa5212cad17c0b129914d6bf4d49ac524154974513b84742cd3656da368029665e105e425439171b3013cedeb

/data/data/tv.acfundanmaku.video/databases/.ua/ua.db

MD5 29248cf85c3689ec3eef7890fd06651b
SHA1 56de0a107448b41734dc93169dd50a0de93ecd4c
SHA256 a92085c932c819d39a740b145a02462c5c96a4e37908700fab739ae801bb2c47
SHA512 f527e87b5fcef60b3259dcd7e40de0ef6a0b33b7ecdc2cc6b87461f598a950943f93bc1e86dbc694ef0ff140b525d77fb1bb4126463a644abd5129baf40cce35

/data/data/tv.acfundanmaku.video/app_plugin/oat/PlayerUIApk.apk.cur.prof

MD5 ca4500917eda3c8cfb70ef46d33f8f04
SHA1 58e4a4787f3490b62ae66bd8bae6b358edebb0fc
SHA256 bbed86a115bafca849d7a1913ac1cbe7b6ebaba61f21913362f5bd86cffdfb7d
SHA512 871de604e7eb2c1e6160d4daee7db853a6de13f0881f1ee6222b29a52d4daf34fe2774d4d7d5588c6482121472dee5e3f81d5b48e494da39a0a74380bbd3fc8a

/data/data/tv.acfundanmaku.video/files/.imprint

MD5 b2186127b87592e35793ea389d9ea7ae
SHA1 6642f6d0077bf8f03e4cf6294864eebc3003c5fa
SHA256 f093a8ad3e881869990de2bbbf8773bf24d5e096d203b0306b7845da75e46371
SHA512 a384a5ee8f22ae08a87c88106662571409cc3a81713d935f7bda08d05a0ac8d9b766a4819c91b52cd9f4666fcaafffabc47cf7c8deb93179b9f74634343c6769

/data/data/tv.acfundanmaku.video/files/umeng_it.cache

MD5 e5d95c5ebe53773a75accde8f3a647ae
SHA1 91bc066dad91d839370273ff23bfbc62af951f4a
SHA256 919b239fe3d6f1b379f6988387028877504a542d6cd55aec8017ade539c04a53
SHA512 2ffc43a07cfd54ee19b63667b6633a7e6b01fb23f51df272f0f11b493ecb79259da374a5f549b1490c368e27084a7d4053f3183408f396aa8f3b35e7030f3512

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 18:45

Reported

2024-06-10 18:49

Platform

android-x86-arm-20240603-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 216.58.213.2:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 18:45

Reported

2024-06-10 18:49

Platform

android-x64-20240603-en

Max time network

145s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 18:45

Reported

2024-06-10 18:49

Platform

android-x64-arm64-20240603-en

Max time network

167s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
BE 64.233.184.188:5228 tcp
GB 172.217.169.1:443 tcp
GB 216.58.201.97:443 tcp
GB 142.250.180.2:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.200.42:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp

Files

N/A