Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-xtpkmsxdpj
Target 9bb2af44fc01c94890428400f9140293_JaffaCakes118
SHA256 86d7de15463da0f39c3cda233f36ba7a033605ddd397353ea3e4b700f74bc74d
Tags
banker discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

86d7de15463da0f39c3cda233f36ba7a033605ddd397353ea3e4b700f74bc74d

Threat Level: Shows suspicious behavior

The file 9bb2af44fc01c94890428400f9140293_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact persistence

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Reads information about phone network operator.

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 19:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 19:08

Reported

2024-06-10 19:12

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

186s

Command Line

io.dcloud.fish

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

io.dcloud.fish

/data/app/io.dcloud.fish-UvSZM6HLiM5IDjefN6XgHA==/lib/x86//libweexjsb.so 49 50 1 /data/user/0/io.dcloud.fish/app_crash/crash_dump.log

io.dcloud.fish:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 www.vvtask.com udp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 47.110.66.121:443 www.vvtask.com tcp
CN 47.110.66.121:443 www.vvtask.com tcp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp

Files

/data/data/io.dcloud.fish/lib-main/dso_state

MD5 a4f81e1189ce27e3a8df4c03b4f49fb2
SHA1 326d056431133b3fd0f93ae8d3610a2b50a91493
SHA256 665a6c3c1cfbbeb69c1b2eefb2fa7922d170a684bfa01f72197c0a9cb1ff045e
SHA512 4e721177a9a428b5686b133ff640b64b2351886cd2d3185b098c26fd462b72642e9433787004e6e4c1702b2d83c782663e1d3333effe181cb6e96239e25aa687

/data/data/io.dcloud.fish/lib-main/dso_deps

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/io.dcloud.fish/lib-main/dso_manifest

MD5 7d5ecae9004759366c94f831f020e1fe
SHA1 d99dd2203cbc865bba0841f451f2141a54fbb069
SHA256 f32324a41ce96e65985fdb51e14dcaedc8206567b39b6a01db3883319d9ae786
SHA512 8fe0d7b25617663a6017b2b4a9cfa10d440fe28272e7cd34c7d96072179eb8ac36252bd1aa226c0131049740c801aaac9e68e3ada36d8b4421f1a315531b5d93

/data/data/io.dcloud.fish/lib-main/dso_state

MD5 d64a569f7b02a3fc008065e96a6cca12
SHA1 bb4a32f0dc85104b525f6261b8d76fc8f48be24a
SHA256 748bd3a082c9c4b9895ce06bc643ba356bfed7044d4ac34ebf215f0144d8a4c3
SHA512 8b1d929749bb106578c3a87cca1d22485057c6c1a053c609359e252af12a4e87598ed16272305c56194667e3ec7cecaf65d3f431d0850e9db3370d4e534c26f5

/data/data/io.dcloud.fish/cache/libweexjsb.so

MD5 48547386f7ad27fa37d2a972f009e22a
SHA1 655752e0350504cfd73495a16019c54e3b097854
SHA256 d1f8197d3768600438fd40c85a35b584d62d14297ec1e9819bb1a98a3479a771
SHA512 3d785a9d03907164e504d7b059200831cff4ed756ee43f800e57d1ef33d7798b0068d3d4337e98a7e929ac21abc09a052e90a084158b7254026d1972a364accf

/storage/emulated/0/.imei.txt

MD5 761db7cfdc4c8cc7d8184dc6d321af28
SHA1 f85c5eea39e6a818d563a618e5e8c52d953385dd
SHA256 8882772a08daaf84687e5cc33f0277551cc2d0347d6f20f141194f3b289066dc
SHA512 d8cf237b431662071034627978176b2f1adf406c7915ae419d10b775579705ffeb077dac9621b0baa2780816d999605df54f46b30d63fdbdb1dbb0ff2e327ec6

/data/data/io.dcloud.fish/files/.imei.txt

MD5 32afb5793934c68db20797f9015a7588
SHA1 afd94b51651539c545efae7d2e28a487662157a4
SHA256 02c9e97a09c4a1ce629ae46ee0ecc4cd072930bd7161550b6c9ac092290e61f4
SHA512 8b85051c8d171f0c9317355e66bb87cbe276894949cb6b82cbd1fc51bb055891621fa2e5c8f83360b5ae90fbeca6e6d1ac207fbd079624218e5f93788c1c12e3

/data/data/io.dcloud.fish/shared_prefs_ext/test_app

MD5 b191465b5e574a0013af68066adb0957
SHA1 1530455c9c8dca1598680cc75c2636ea07a94a8a
SHA256 f6ef6cc6be511775ddabfcac3b7578576e30e3c731b2e3301d73ff8239325205
SHA512 fbefb511993634e57b35ca834bce9b005daa562be4f1c564f210e3b36cbdfa065ba2944d5675047b9146ee6b93481a1e31028b1a082d81ff976168c3f9200bac

/data/data/io.dcloud.fish/files/cnc3ejE6/eje3cnc

MD5 7769d4507985f59116153463f09235a2
SHA1 b081e84d14300ac7a7947aade9c025fa83bc17fb
SHA256 5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf
SHA512 ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

/data/data/io.dcloud.fish/databases/cc/cc.db-journal

MD5 be47c6269bed25a5f022ecd9b251ca40
SHA1 6ef77f5c9a31eb54a7e09c66bff8e8fa3b608a18
SHA256 4b71cc4d20d99ae9f6e561cdb90a113217c254697026ae1383e2abeac61ca297
SHA512 7c88aa65ee5ac4d14e94b0c890df0322af040a597049bfe0ba41fcfee2487a9d8212fcc5ead0579afce0c8240c129ba5e817eee433ff890f639e4b87f2d86a86

/data/data/io.dcloud.fish/databases/cc/cc.db

MD5 916b3e3c18aba263e1246fd585cd3953
SHA1 54ad409775faba284dff4459bfaa06d0c1b9a38a
SHA256 8c1057477eb578207cbb6fcd72af5cdab040364beea5052a532c8e77ac3990e8
SHA512 a56aa090d16887d79091ba90865521edee57d0f3301f3094afc79378c33203bfac2f420b78b3f2d181a08466bb6d272047f842d151580c37d322ffaf27bc45b6

/data/data/io.dcloud.fish/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/io.dcloud.fish/databases/cc/cc.db-wal

MD5 8d2572c4d6fbc00a463e76d50355c4ef
SHA1 e8887f3214f3653cde9ed19940a20492f55c8fe4
SHA256 cd4ffe0b67eb9025f26699e07c8bdeea89408d201474d9aa3ebfbb265480cfb1
SHA512 8ec693a8e6490bffd30ae428e4f5dedce71533406a94120907ff34818f3b649fe2b20b2851a9647d46e74a276fce176f6c2772ce5c04b98325505367f0b20400

/storage/emulated/0/Android/data/io.dcloud.fish/apps/__UNI__43DC0D2/temp/1718046562668

MD5 6026501ccb6d0081a78e1ad4cf8f579c
SHA1 bf7cf30461cefbb13789dc382632449b2c9e5987
SHA256 ed8e80f3272ac463372955098ce3b27ec7b8a81b947635d8db2122966ca82370
SHA512 bb3302d7ec216e6515974022902dc118d034a874cefb90e4015da6b625a768f5ced43cd75efdeaba5b759fe23970e5feb7f7b35fcb2aeff734e41fef5efb2d97

/storage/emulated/0/Android/data/io.dcloud.fish/icons/-1337481791

MD5 1b9ef2b2de34ed93daa48022f862bc35
SHA1 4d97ae9a4fec0997ff7bfeebee3b7a76025de45d
SHA256 5e6356618eef0afecf59b91b1acd8282499b6d6996fba5b73f5fb056bf722df3
SHA512 d6f9aaf86575b9111c961b40d4633ada2fff69007cda6413bb55f0537cebb9f4f39b2d5340a4d4b6ef66637b20b245209cdb5090c5187f9f084715469e720dc0

/storage/emulated/0/Android/data/io.dcloud.fish/icons/1764655931

MD5 7d1121e04035a00eb3300f3645ee5895
SHA1 13a57efdfe3f7a3fab692a3e4d76fb7fa53287f5
SHA256 9cc939935537be36cde78755aab8094876fe5014c40fad9e421c1931d0478e1a
SHA512 29e6265fb6186a991dd181a148cd72fb8922a7a364eabb73e39b90a07ae7e9fb33cf1c87b1e4613179f41c91ed72ea9f5e0b75b1f7ff573e48024a72111de85e

/storage/emulated/0/Android/data/io.dcloud.fish/icons/1658223613

MD5 5f39cee258375a9985dc32a4f2e14e75
SHA1 01087887a364208d497231910f8dd521241ee4ee
SHA256 af195dc9c6cfc61d94c5aa11dd7832bfef60e89a5e93983293ad44db38910640
SHA512 f051f0c2ce04089f19da666c81af9b4962aa5527e503aed8155e8540fc094f5dc21b5d5d945cc92410ff3db469e44f9f1df27b7b84546dc2a6bff1398ca54822

/storage/emulated/0/Android/data/io.dcloud.fish/icons/2059676329

MD5 e4a9f68c72812ce603d433634e7ca984
SHA1 bd617d047f7a2c40373258acd976039d59c28193
SHA256 d391d3aba306ae5bacb810abeae42957f2dbc9d562489cc63abfaf79974efd7b
SHA512 d17e12ecbabdb786b36d351d5d53f3a3b2f9925c1f62d4ac116313e9cd2b16cae0b10bb3f4601c4b245bc1f061659843d974a3b1f68709a056bf8e4df1731ec8

/storage/emulated/0/Android/data/io.dcloud.fish/icons/297816234

MD5 9d7666f9bbeab0c9e36e9767bfea846f
SHA1 8cec592c00e2c8662397d729238237e7ae873c45
SHA256 db040603311cf4034c0b3260d5d9e2614d993850ace7aca94fba5ba0667cd21c
SHA512 9ef4c08fba8e7a1482de3c522e9c7698ac56c3368d12370efbe589dee4c32fd2d39fd9cb79ae9179d4f41afb9055a90366c2d7d01cfdf81ba8ed88acb4b6b8f0

/data/data/io.dcloud.fish/files/init_c1.pid

MD5 be5e3fe4d8c6de298ede5257a20204b0
SHA1 c6f7233b7e6ec658cf82e195e1dbd78a858d661c
SHA256 3ede17ce69f3be94d28800bc9b51d2285ab9f1cb0b8ea8bc2099d5f33adae7f1
SHA512 5e8f33bf41c17ee021404881675cca90e5a19920befa61ec27d5b5c9650c1384e9b0295c48683c8a6343d1228ac41cb4940b05e6834a642d0faace45f7a54ad2

/data/data/io.dcloud.fish/databases/pushsdk.db-journal

MD5 8db8d165b36911e087bceab1ba8458ba
SHA1 797644194c779774b38c5f2da352a693ee013483
SHA256 16ffaabb9f73008d0fea425af252556c5c5672b3714c3bd2092aa321e7333e0e
SHA512 072f01baeb20f900f90a2e2ab374f9249fd62b30e0fb642f3a023a87d7eb59861e1a48874b71d3ee0e3bd109487596272fa1ea4ff9aadde1795895f1155a4a57

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a2ae140f96976cf6d75e100547bdde29
SHA1 894b2592699b428f2ece14e5cc1c98605002bc19
SHA256 da93a10d842997b012037cc6ba0750b2dec0bed68b4b424005e1c39ce0b22209
SHA512 28360c6f41bad6d1b1ce5087b252d79985ef8e9713a5eb6a00d4e6db0d037fdbb1f6bfb5f29a38ab917f358f973eeef5aab2a46be912b0e1a620d14237fe9202

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b7bd88151007c7d3202ca3aacc966271
SHA1 ddc71c6ef6eaf2d76b1b86c864031f9466c10f2f
SHA256 e3fde490f74ee0c1bbfe4f4566730257ca95228a4c3733691c7951493a526f9b
SHA512 a20de79d72a1848ac221d1d463ab6b3cb19b8865b67ef58c33b35b3aae6aa23be8051079932681ddaf043b7b878249b8936e5d05b0abb630351332d219fa67e8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e1208ad03e2bccac8f77db139011cd91
SHA1 c577022add224239766a27fae00fc0e3f31084f7
SHA256 942f8967d9e653caaa4bf1246cbc92d8c11a5a3383fd7a4dcbfd6bf26a5003e5
SHA512 e01c811a83aced666c9f8b5d7cb4605072965816abc3407b58c6c36afcdd031edf871850af8b7aaa150d4a54d87500d662d1116570d57f5d89cf0882922d638a

/data/data/io.dcloud.fish/files/umeng_it.cache

MD5 f943376015add8a2f9fca3f4413876ad
SHA1 eeb5b6a1dd95e2840074061b5e0dce97a3b03d58
SHA256 e0eeb21458bd0e2c00c7a931a8af1d02ceff9a5400c99f0988bc5d559967262c
SHA512 fb6123f7736db7827e274459f9208744e98e871c4a78b6b58908f073cd8fc424f1fa18529a6aead0afc6de063f675c38972c28afa5260aab8c2f05dd050fe507

/data/data/io.dcloud.fish/files/.umeng/exchangeIdentity.json

MD5 e419d3e2989b70755f1d618ce6a51bd2
SHA1 97d14ee0de200076e46ddd8ecfeb577aa2d9728f
SHA256 cbbf8f4bf6cff8509ff79bca31d7a87258ece1ae3baaa999e8fcadcc81d086e6
SHA512 126aee7737e1fc906b647f97a07e4f45b1501d163d47dc9a157a83c93f7b17d7fc91b064b381149a456ce34c72fc9360eaffc7535db9736a24c8af4f0fe7b53b

/data/data/io.dcloud.fish/databases/cc/cc.db-wal

MD5 70f63e7d27a1468102877f292a8c661e
SHA1 4a5c21e3307a62314454184c6673e3d4f2c5777f
SHA256 c1c9f276e3329639af8267a4b87615b71385a650c63b48bfe05ebd04bbe76f97
SHA512 18b79740616d1e86c227826fc14b5bc8d726ce42689c32a9625c73b7eec439f247d235b4eacbb4cb63e53b0f27dbd1865a9196b3ba2059f49686f47fb2eb2541

/data/data/io.dcloud.fish/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/io.dcloud.fish/databases/pushg.db-journal

MD5 2794cbbb434f4b7250b45e44c5c21d0d
SHA1 d2144a1bd1f0d266e255da0fda96a2869e0c8f85
SHA256 d90f9c338d18edaf854055716ee7b679be1ef3b5158a44091efb9cd5a7405c90
SHA512 33d1beceb174856a9d95761814dcbeb3c56300d66e422e252f0e7c2397377dc6e1f2dc3c808f9ff586e7946dbc1302622abec00c6eb87a21d171219e1d97883c

/data/data/io.dcloud.fish/files/.um/um_cache_1718046624996.env

MD5 941902cb80d498f62a4d695421406b99
SHA1 9f2e78f2731a5fec43bdd30ff98ecfd363fd0e93
SHA256 e4f6af61a6adba172148ef54e01ca1e5900b041947f56780bd9185ae392f01ed
SHA512 a5c053c713186b58bbbe66066d9d4b579bd615493683870fd4f4efccb1e51249b5343cfc8e1bf7ec6a6a74ba27b353e520c5af4e0a9edbd94a188505fe517dbc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 19:08

Reported

2024-06-10 19:09

Platform

android-33-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.74:443 udp
GB 216.58.204.74:443 tcp
GB 216.58.212.196:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A