Malware Analysis Report

2024-09-09 16:28

Sample ID 240610-yqscssyern
Target 9bc19024312d8d35669d9d882597350f_JaffaCakes118
SHA256 77bb0a47f08892e96d6497c8b08844f7322078b18b47c5f5b44ee84a69b855b8
Tags
discovery evasion persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

77bb0a47f08892e96d6497c8b08844f7322078b18b47c5f5b44ee84a69b855b8

Threat Level: Shows suspicious behavior

The file 9bc19024312d8d35669d9d882597350f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries account information for other applications stored on the device

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 19:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x86-arm-20240603-en

Max time kernel

124s

Max time network

131s

Command Line

com.tongtianxiongdiwan1.android

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tongtianxiongdiwan1.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.reyun.com udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 cdnjzbrmh5qd.51aiwan.com udp
CN 54.223.95.86:80 log.reyun.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 54.223.95.86:80 log.reyun.com tcp

Files

/storage/emulated/0/Android/data/com.tongtianxiongdiwan1.android/files/tbslog/tbslog.txt

MD5 5f28e5a7cf539a4d9e69af7394cbd95e
SHA1 b2790622f5be75a05b2ced5449b4fa38af8d9075
SHA256 48c2bbc9abdedac3cf9c0056cdc5c60f4f27da34fa14f97f4afefdb378335ed3
SHA512 dbba2250f8a449bb635c980e1c6bc3a3d23bf02e9b544c710f29adb9270538e6a24ee482a9dde59dc3acad1a54e356468d0b6aaa6c513222de500ec3958ec3d6

/data/data/com.tongtianxiongdiwan1.android/app_tbs/core_private/debug.conf

MD5 ae069774e70e5719fceb6cad361ce161
SHA1 6dea5fd3c38d1ee2a721fcd2f1155ae8774a91d3
SHA256 340ab50431aea8851b2bc1cd05823c48d65fc5103ca824a166e8c85416f3f942
SHA512 1736a0da7763e9d9a6e512a4ce20f6e7c13a916427e3c1e7c9c37b528d4967373e28338f6107609f1f1ba5328fb28c33f332fab008e0ca0b00d75f3019d770fa

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 f4e3b0cb0d8149052e98e78e213e4d92
SHA1 b79f9b2392fab9e8d52ead1b842016014519a48d
SHA256 6ddb03a73ab56f5be74bb12e9ae8bea46d93c7696d10c7f13515114f58296374
SHA512 792879d37fbdc41be070fa3ca61190287f68978c82d49e86b112c62e30c60ba42fb43897f165562dcafff380fac9fab270f9da99d3f1792100cfe63c19d48ac1

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 9ee796fb8071432cecb2e1cd708a32d7
SHA1 7e1101238d0ea8cdd731be671108973039c415c3
SHA256 6b463f2a0e20aef77993dfae8ff28b5f631f83a39513f2b14b6b16e5ee37b44c
SHA512 1656ac10b4ade7ecc3c0539961c22b146bec61b1fae5e3f27a4dc5beaefeba72063027d62fca91b82f77845fba2f6b16491eb852f3bf69f15edef81421eb6799

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-wal

MD5 fdd764c4fdcedc913c5591402b79941a
SHA1 bc44047aeced75d922299d9359e7809d721b5d8d
SHA256 84ffff6732712fb49962bd6ab16bdb18dced0b3ba33454a3d622e4eabea83d56
SHA512 85686c9e1c5a4feb8fe3fbb07de9c5a6c01e16411583e8babb1837fce2dcf742407bc4807f96fdeac20e7f0eb1b0b478af46a8c46619942b09401846643f6b9d

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-wal

MD5 f81b9e25f2f2a071e19da5e19148a9b6
SHA1 afc3c8991c5bab800ad2adfd5f6618dc9bb8e928
SHA256 c813f98fe8e12c02b5bbe13a44282c5153345a94eee8f70f4d0b40c5470dfc9e
SHA512 aa5392ee5479aaff2af502781c37a633350c8b852585c877a7721c39f5c1b538c65c3037752390b5e6b92553fe54ee4864cd05518dc0237b4d0af7f654f412d5

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 60030f297507fbabc6f764e23b96e18d
SHA1 02e9ab44c033f2c9938d351d94b3a69cc191273b
SHA256 fd47276a7e31cb9b1a6083f3a1d67be4e7d8d133c97a9813dd8349821acc96a0
SHA512 2161a9985f918583644a7e324e9f9c82a427f9586fbd03feba64815c557ad29c78515ec392c0cab6d5c0f24f2f0908447b3f47876f7f2e94bf3f70406abfe4bd

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-wal

MD5 9b7b4f24d419e28196247f20cc58745f
SHA1 8263ab8a5bd91be73e453d4bee4554b0bb8e8d20
SHA256 1b5b3a0cb46210c243de18b72df096f2efcd4e2053bbd6f70af876e1870d734c
SHA512 43245549aed501aa43b463806fe4f3055b6ae5095a16bacea4140bc68b8bb755249a799f1240af05e85f8abdd1f302e299bf0647d8028ba4d24072dd8d3657f9

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 8157305bc492b44f3eee120a3aebc23b
SHA1 0facc95ce283c26d197ccde64c75122b96787727
SHA256 d3dc52ba16114013d1fad4abda1b05ed9a46ff06feda1237ba3d0a62402c3a83
SHA512 df6af83af9c267ce5dfffd53a7963c11030b9a9c285b8030a370d88a35e7d9b0114bcd77e105a6be9fdb98731a25ee5ebc7c3e69b4d16572d369ad7c77e05f22

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db-wal

MD5 11bb71eae5ff4dfa594871221b09579a
SHA1 d8bbd871c6d9666bf0166aea26bc695f1820dbde
SHA256 5fd2db43e4a52eebea90888e829776297635070a4d21066ebe5120e2a7d07e31
SHA512 87a6819b273360d4dd8778f2b5c2a7152c389d13935c61619494230c6d598e18f461d5d2458ce07ae8bfec67abfae361f3266619d507cfbe48d08b782e2f6d01

/data/data/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 65f922dc73b1d845caf6121366c3f2ff
SHA1 9a9e14c7aa78abc3058e411b24d687027300c8af
SHA256 19104887e276608f2bf7ca1ae8bdb6050b93113c7f520dafaec9f27022f01af6
SHA512 1d3f490f307876d747b17523eff315d1518a46e8ab65e896597c4f69373ed1abf6a7b74e4b6175f28878532e9507156b332fd97a36c8193a5469259dffcd3836

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x64-20240603-en

Max time network

192s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.46:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x64-arm64-20240603-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x64-arm64-20240603-en

Max time kernel

159s

Max time network

146s

Command Line

com.tongtianxiongdiwan1.android

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tongtianxiongdiwan1.android

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 toblog.snssdk.com udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 163.181.154.234:80 toblog.snssdk.com tcp
US 163.181.154.234:80 toblog.snssdk.com tcp
US 1.1.1.1:53 log.reyun.com udp
US 1.1.1.1:53 ichannel.snssdk.com udp
US 130.44.212.65:80 ichannel.snssdk.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 cdnjzbrmh5qd.51aiwan.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/storage/emulated/0/Android/data/com.tongtianxiongdiwan1.android/files/tbslog/tbslog.txt (deleted)

MD5 df2799d1b0d1b14157fed69d06c6b5b5
SHA1 4467bf48369917f51b04614960aff393a746da6d
SHA256 a2f98f744671732e750fc0fad1eb6fd47d2c6c3fbb626544a4ce56c33f9698c0
SHA512 13cca4cb122b5a122cc9bd37d5f5d597aca4df5c09f4b9dfe649687847ba38d1961cc0c0dfd13a4612d1cfce569cb2665018c00ec39bbfbd797fefee8219f97b

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 608a44d3321fdbf3eff03589bb7f722c
SHA1 11acc42d1c22e143776c7ca335bfdc90e6364835
SHA256 61e4af51485d0ba591acf975d3a8a7daa93073c9c8b016d561016569633e2a78
SHA512 056f66991396c9a85033c936d64be76d2ca22378fb46a7a8f4c700ca6c0a27ccf2de5d1b4b7af520187733de398c15299069457f66215d05f1b7acfc6a12a7d0

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db

MD5 f58080aee62361bf3c04fa4ec31ce15e
SHA1 ecb9dc6e2320334cdb173ec33726d1b908508481
SHA256 da2228d6b3342740fa3ea6ee76b9e20cb6b833b18b75a92b3cebcae7302771cb
SHA512 6694eef3928bbcdc9cec28192c8e721cc51a80808d80bdf981435527bdda99ba9dad7e22b16eb7efa780609c97cc35fd510eedf8d35fd38f675af5fb2bf0dd83

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 d7dd88848ffc67eb436057ad1b9a88e6
SHA1 8ba68c48620aaab4d928efff77517148a8d76d88
SHA256 7f8e26ff720a170de795642506bbcdf5c736ebc07c2586801d62e6ae761b2bfb
SHA512 4ed8402b4d179bfe5ea056ae56f76e13b040e6fc63fb5b855283de6696ff09680dffdfd6ce985f2fa731b765dfef5aba19507612f05a4f56bf56bac60eab5e0a

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 cf40ed89c1cb893b1147d626363ed2ee
SHA1 a6b35847665a3ec428d30cf81c90383b43b939af
SHA256 f926d0a5e1a0ed606b99e7553e63f9982aee0509c2e0970b5ee0677aced77ccc
SHA512 0bd74029b8ba6224fc0748987f3fa2f4db3ad16a47cfd45d16e10412a291f94b19b8af1e30831b06232b0d04bf8b0a3e01936e332579451b8c511320120bbdaa

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 b311639a9bb64502c57d56d730925e1d
SHA1 4a398adec3049865f403b84bdbbadc26a107be77
SHA256 c00ce5e5794ff8259c1db31a49e19f10de1fd094c11114921916daca0f9d3c83
SHA512 7886cb85dc4e8d2080001c4203ffedd71d52eb76736c9206c1f8c9f4c0e85212c8d35edce7ac40a37284c41add185ac75098bd52465011fc07540829ce01d3af

/data/user/0/com.tongtianxiongdiwan1.android/app_tbs/core_private/debug.conf

MD5 9d17bf702f88b7d9d5fecbd49bcbb25d
SHA1 3bd7f49ac15192cb9a5533cce83572099eaf5d5d
SHA256 f682e74cfb59ddac538f8e9b02d65855d14ff738592e47c1902f907f95e47e3e
SHA512 c68f99d7c7be507f1ff47f3b4def714c8e4268223059e33e0a493eec283483319eb49abfc8def3897928e9d9605067cbfb4d6ba9fcbf18ffa16c233e6a497536

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 141f7b7bad72e2f3bf0021f843ebccb1
SHA1 c44113454a1c6af9d839a464eab4dea295c0d117
SHA256 3613e1bd0fe9462adf872bdeec930c9bd5e965686326e9fe2d150512e67ccc3b
SHA512 43354887a7317ba9b2c0ca8b50d3f31622c5ea8daed94a84d9868fa9502b5048ffae664aa39ea0ba6a6ae852887716741e6c8a27db331e507426606813b17f6c

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 c319d4ba8b64259795227605d6a76c52
SHA1 9aa10a1a06b1e57f3b65e4f9e29dcdd2ab8dbde5
SHA256 aa8243119bd5847005d45bcf9cd80a8b8c2962d5569b8f69e4bc39cdeb1f2e2c
SHA512 89a4ba07f70cddf7c8d4f5afa0abd7ddac31bfd6704877d3c8a2c0a6f2fc0ca1b5e835c1d720f238529d44f8b962ac63a0ab0f54e87b72fabd7281b0318f0849

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 f0d9618c692811263e43b5a7031daa83
SHA1 7f3f64f41120a88ab1765462287ed2819cbdfeb3
SHA256 51408aeb8522125da85026376201e5b1c443cc78d6758b9b7cd1fad8829ef0b1
SHA512 a89f7ae429fdefffa3d1980359da351a73c59fabd5db6807f9b13c828d7cd5acc101baccd91348efb4058d43d4cc9a65899991e322446fc764ceab22cc6fe786

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 c49fa5f0d0ec1c40ebad5de9b99eda9a
SHA1 c28ed4e43a0e294a5fcf03fb9414bc6edbed923f
SHA256 ce3dea4c8aa93d6c15995882355f5d0c41ca357d49af187173132cdc4fac6375
SHA512 05294ee4b5197900940e0f4cc5814bf1873ff4213343ee7b251a21d64753a3973eb651404fd60fa90744bd39b074ffecce7f7ca9b27a36a484bc44653489fec9

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 3792745916adb18d8c8a5d6502b8efc4
SHA1 33fbab0ad8a612a109a3b020086311efaa82981e
SHA256 e33ccc552814a3d696fa3ab23c1ffba275751d26ed8a4ddcc759e7a992c1a3ce
SHA512 10a40e1baca14c4883a9cffde32b9e2bcb7688507db5162092245d4e7a85f4e452045195dd0cbc68463043c2d7ca3e68e2a064356a3ad02eaffa7a3829773a8b

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 305af7c18359388f1541a42dea5371cc
SHA1 78caee39ce5206723fb36adcef3ad8fe52f85447
SHA256 ad8d1943cb4396ca9d469c4b616f480106116c04b48f6189114e67fe24a7be3a
SHA512 f43a408b8b89ca2d77892a6065aa8207e0156813c5501fb6cadd9f148b0326e8b3c0d8a5addaed48aa0f8ac2ed705f313007fb792ce592b3952e25e26010453b

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db-journal

MD5 4e1a35b2553eabebd3879af390172857
SHA1 13ec5c1a176dfa335da83b0321e0ac4465c651e5
SHA256 fbdf04b3c4157010ab4758f459a43eec524a364b3d8f7c1bd269f5052aefa2f2
SHA512 ac1e9f4d2c97863a7e9a200ed70d62986ec2b764b19f885309d1fa3b6214d1819a70fb2bdcab4877b9c6d7d4f25fb9a55888e46ae5df90baedbcac73e3e9e185

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 f1e838f91120d930eb968a8a1c4387a3
SHA1 9eae6ac32f63a06e3e33727a3a91e9b9fcba88eb
SHA256 959f23e39ce3c15895baaadf2ffefcdcdf2627e33543c36c5071127974817f4c
SHA512 d18aaeb00ad1fba48e02a690ed5c4cb32e42d350fca9219ceefc23fb251a4f1564bec0112ede7f3684cbe4f743453f086a866b7c8a125534858eb2b79aebdffd

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 ccd231695259f207f5e5d362e562efc8
SHA1 b55b80ddc7cccb813deac51ba6dad0e1bf891bd7
SHA256 7fb2631e468479ff6dd073d09ff255be969b883a0a8ebc6aaabf55b49ac600d8
SHA512 56485a5dc35353ae0f16f4e327db756600cd1225d1d458f269fd79bb58eb78079e383d1c9cf2620bd323616960197713f40beb3adc229bcfde02293caa20502d

/data/user/0/com.tongtianxiongdiwan1.android/databases/Reyun.db

MD5 b2d9d24a9db199348c94753271c890cb
SHA1 62a938f69359f80fe6ccff88a889b92029c68278
SHA256 f41f06e298eedfa83da269be9f502fa37ff63cdbd0ddad81f73afecd973b81c7
SHA512 1fdbaecce888f7b9179843c62a93861eb44d94619f957e9c96654d143d25f4d7f496d69854002d71895b7d83ae31848b5cd6d72171fce122f2e682b536e57ac6

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 b121dcdd6dbac69a41bac6f3ae380d36
SHA1 dff8318e34ba8dbcce61a34d6225e45c0a1320d3
SHA256 1f93ada9e0c727ef98f04dc00cd634d0cae90bb092e54ceb5e061079dabef258
SHA512 23e27cc61e3be7cb035d6fdbe75eece221f5c02b4308d44d24986dfce82a67e5e2a68562478071efa2924002fffec4568d8468c5872c8ca52ae2d670fbfb223d

/data/user/0/com.tongtianxiongdiwan1.android/databases/ss_app_log.db-journal

MD5 9febf61f581d64f383a3bdabeaa1f02a
SHA1 246f6b9382403da06cf036f975979861f5887bab
SHA256 366f43975918824c3162fd19cbacf4aec47837328de3d9414bfb91864d7eca60
SHA512 cf8e34852f621e29148ca28d62937ef691d2870618830b2e0b72be24651a60d0c54721a3c963ce45f06f69fe5c26aa6111eecc10d8244202b555956c060da931

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

159s

Command Line

com.jskj.abcsdk

Signatures

N/A

Processes

com.jskj.abcsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x64-20240603-en

Max time kernel

8s

Max time network

132s

Command Line

com.jskj.abcsdk

Signatures

N/A

Processes

com.jskj.abcsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x64-arm64-20240603-en

Max time kernel

7s

Max time network

133s

Command Line

com.jskj.abcsdk

Signatures

N/A

Processes

com.jskj.abcsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-10 19:59

Reported

2024-06-10 20:03

Platform

android-x86-arm-20240603-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A