Malware Analysis Report

2024-09-09 16:27

Sample ID 240611-hq2cpsybja
Target 9d58e7d6423c262adad634f56357faef_JaffaCakes118
SHA256 6437b3d17d3ec74e56fd8be10a3903803f4a579db9f7ff465bba59c45999e882
Tags
banker discovery impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6437b3d17d3ec74e56fd8be10a3903803f4a579db9f7ff465bba59c45999e882

Threat Level: Shows suspicious behavior

The file 9d58e7d6423c262adad634f56357faef_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact persistence collection credential_access

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Queries information about the current nearby Wi-Fi networks

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Queries information about active data network

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 06:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 06:57

Reported

2024-06-11 07:00

Platform

android-x86-arm-20240603-en

Max time kernel

86s

Max time network

132s

Command Line

com.ypnet.exceledu

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ypnet.exceledu

getprop ro.miui.ui.version.name

getprop ro.build.version.opporom

getprop ro.build.version.emui

getprop ro.vivo.os.version

getprop ro.smartisan.version

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.1pwang.com udp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp

Files

/data/data/com.ypnet.exceledu/files/Mob/domain_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 f321656a466363e5192773d92000e401
SHA1 3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA256 53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512 fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

/data/data/com.ypnet.exceledu/cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.ypnet.exceledu/files/libcuid.so

MD5 911d65ddf48edffad1bf72cd3b1ec4eb
SHA1 658e0aeb50a615f4fddf59afdc9dc089a9b49425
SHA256 f3e4efcd00fe8e893f4e50e4e026c7174555d281dd41a368b40aae2c0b848361
SHA512 ee69378a42eb39b95f3acf9c7a8ee9baaca45f8fdb6103f5fd9032e135af59d1ed404bad52c3559d235ce2a122a118aa28644898c1dd4783c63c3a5879ce3eec

/storage/emulated/0/backups/system/.confd-journal

MD5 e49716e0e1a4ad933bd1d45dd8b42be9
SHA1 6df08a5814450abc076b5d16e8c0650e3a9dbc15
SHA256 7a1a70079a65b2e450b6dade6cafb4a400e7e1475bf26056cd2ab25ab2b225c3
SHA512 e87c72b622ee5111dc59ba332f96dcedcf59a9484e60fcc8e29b5bde85ea42fbc7e5098f278085cf57a542c577f96200b6ee9991b0f405d2e6841758bb8ac6c1

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/backups/system/.confd-wal

MD5 62966d563b2022457c847f07f2d74338
SHA1 04f2368be879475be3d1dae26afa295b09883059
SHA256 78907ffcacff5dcbe43e9132f466cc384929899353cddc2cf081b463e91e43a3
SHA512 bac8dacd2a34830ff8581acd160c009eaa56be23bd8f9844d89ae278cc18f32875b8c9dac51d6785f9638298ca484d5064b4dce1dce5ec0b77bc77b4da5e5442

/storage/emulated/0/backups/system/.timestamp

MD5 7051c37ae5bdd81f4ae483ed00623b13
SHA1 e6da159dc6eaf7c3b5ae53253d5d2b29ba4781f9
SHA256 15170d4afd538de1a1fefb66586ceb1921762ffcb4f8a07a238ed1ee5607a82b
SHA512 799029abfd344424385af2d33e801136ef87326bd4947cae704f2f1cda600ba390b31e330db1ae9cfbb593c258bcc33215d091335aa695760113eb5317f1d18f

/storage/emulated/0/backups/system/.confd-wal

MD5 f82a4c7e982336f4730b46d4f5044a32
SHA1 4f8eec797417cebeb938a6fe99bb3486a08c4946
SHA256 58ce954a60448cc2aadb4836c06c728336a620debdee9e49fb9994c73ee9abe3
SHA512 e206d56eb2066a627d2052976d1a6880b0d7d69161a545bb4ca19e09969b5dc2f363f0d6f350598b76b3674d45529e3cfe171ef3942a87d35e7b79d8379f5077

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/storage/emulated/0/backups/system/.confd-wal

MD5 ae8aefb68f674249066b726057849678
SHA1 b57c71467c66fb18f79fa9fa42b2920d535fd988
SHA256 c1da6f8304517b66387108215d657a636a4eb152d126f6c11fb3ceda1a77bb8a
SHA512 61e080166668404ed696770fab2d41333edbaed4eb4fe3801ffa0f2e068a015b2a61c6ac8af013a9a44633ff5736266c0264de01d64b9cf48ef12fe2144ebbe8

/storage/emulated/0/backups/system/.confd

MD5 76b858b581abe2b6171666e31913f4ae
SHA1 a3d2bdcf6d5b959817545f5228dd632427efb11e
SHA256 2fdd6ccf7a80c6a92664ba6bb9c8624ce61f7e2ff3735ecf45cc5bc8c6e236d2
SHA512 652b2941af54a38f8c9a53bfc468b891897b578e0173ae6242167ea3d8ac4179ad86b797ab6f632f5c2b9c068995ea8d76ef9b9da28bbac125ae763c6235ebe2

/storage/emulated/0/backups/system/.timestamp

MD5 a0c798deebec03c6825851e782d5ed1a
SHA1 626fb0f5b68ab14e92f02d5eae37f53695a78517
SHA256 9c315823f6f17b502d48632091fe10b92af84eda9b75e11e339ea7626780ef39
SHA512 794aa447d38eb7c977895e928ec76fcdce290d1f2bb8fe929158890222226eb0e9816b31310806571c7491d72ba11f1bda429b725947cb6c77838f3be30a2d71

/storage/emulated/0/backups/system/.confd-wal

MD5 d6a57d15743911fe4b70526b95323a21
SHA1 c1dc2b0949b47eb60646cb0f4725f9fa456b12cc
SHA256 4455b9e4dded6a85af4ab5a22419c14c9a53b3594ece461b3c08330ddc571037
SHA512 29f65470c67b36cd9544a8fcc3da78e3bcf87612ee348ec58ce02f7f845f84c5c1a245fd8e006b0b9e2ad8b9f9c596ca7cd4272c9e6059252c897582ac9f36dd

/storage/emulated/0/backups/system/.confd

MD5 9b5a4e1f1575588f9bb322638e2ab721
SHA1 f68ea8a9b10c37ffd68129c32d36e4cce11fbf90
SHA256 9235823f6ef49380008b4ffdd066bf495d054da8272cf3c68464b1ae1d9653c3
SHA512 9d4e273f99e4cc789ced851dd46361b04a84b2e36471a319366f68d530d99440b580dac6834524bd7c380e2d0e4c502d307dffc7d8bfe3365e16d45bef39a4e3

/storage/emulated/0/backups/system/.timestamp

MD5 044ea45b9a9ae7674dc7fde6ac51b6aa
SHA1 71dc7f0aff611245849185f59547a79ddad4a9ca
SHA256 e7599a0c6d60b6c533b726f9e7a4af1f9b06ee9887346e3867de4692978ffada
SHA512 37df3ee20b35f014607b14db2f011e40e7ce46423f7010a71a8ed713afb1008cf6b9074205b4e416cf2b862a34c931bf21cafbaff372cc1c29ba1ede22ab5c97

/storage/emulated/0/backups/system/.confd-wal

MD5 583cf2b128ce9be1112fc19e95cac933
SHA1 8fd5bfb7313c09bd906dbe085700d2f33a0e30c9
SHA256 34d56b2c424c8dddaa874ac7626a2afe8f4822476276fcb04f5900b4842bb4c4
SHA512 00b4439704dfe96887d64e3ffa82aeee2aa608c0a12d76931a32accb567d671f436cb671ef214f31c79213cdac8500db3e766c6538923f32a615ba231289e46b

/storage/emulated/0/backups/system/.confd

MD5 0c87bd7a75ab7acea4253e54f71b0e63
SHA1 8a82b55674904a73701fac6a7775672f7da5b920
SHA256 6c260f3527d52287aaa2c319f79e774b233a2e6d46b00582535d17a08474aab4
SHA512 97eb4c47356a6d99bbbe3ef86585fe7f6da4fcd9b14aa9218823001a1ae622dc640c9ab80149530489ec924136e5ddb3b5e14e9dbadd75215928873f7f4efd80

/storage/emulated/0/backups/system/.confd-wal

MD5 915e4ed41264bae7c33c3544d33c022e
SHA1 f60a13d901b7c4ae5af820d2ec3ca91fb25e143f
SHA256 e605bc2c3c5edc3acce439ffb367ee884e303b03bee24a68bd79cd531fa15e70
SHA512 576d3fc5674680f8e2d3999ae5a2363352344462389730e4ee4cbe95f135132c97d1184b0257026b1f606dfe4661718d46e8b2b54125c52f34529b7f9849c9d1

/storage/emulated/0/backups/system/.timestamp

MD5 79662fed9526b5e44f5b46f69f80d1f4
SHA1 8b84379551954eb68cea1823d9313f51674ee30f
SHA256 2f6466c3d84b47566d72c6c30112a3bca1247a68807ce1dfead2c692451a73b2
SHA512 35e7f1fc70e2a31f9e570aeecb6bfd8998bcd5cb3ae5d18ffea6447486840238c29ad90062acf0975c6a697b86563978a5e0b4b7338211a523114b6f4db013e3

/storage/emulated/0/backups/system/.confd-wal

MD5 f4f19169ef19dcaecfb58309de78173a
SHA1 bd06b42d78fcb2b80533b357ca34ec7bb8fc49ec
SHA256 e5a37055afac09d0d525ffdde2f5fe0addfa716a33f1578600e29ce47fa12de5
SHA512 77637606ddfb9fa3d6db762ff6de00b5c06714c3736404f97660bcb9d62d2a45ea211852b619005d7d0b604a3a51b622add84327304163cd1b056ce105ca7322

/storage/emulated/0/backups/system/.confd-wal

MD5 f6758aeb73362e857164352e2cee40a7
SHA1 4cd1843cb8280e1919c6cbc9b5f014590d9c572b
SHA256 47c9f19d4b5687ee5918904a883a2bc48171ed091cc3a93f1e73fa35711c9eaa
SHA512 3c01cf1d541113ed965bfecb018fd45cb6912fc9f50c17059965a2143c641118df3fa62fa8c3d9eeb980284c7bf296b850d3178019350c04468663190a0690d6

/storage/emulated/0/backups/system/.timestamp

MD5 d79d8eca0637e2953f4f12d90f3f5162
SHA1 eed29ca50feeaa3e50c9bc8e3bb53fd65f997385
SHA256 5bbfcd9520b252f595a2f3d38278a410289855270047cfe147cee2d678965cdd
SHA512 18e1f5a522aee7c6c68335ff50d2469cd3a84fa2008ce8a9b35282c81517c95f825674cee1091fda96a3eba34671a0c3c6112654437253c2a26ed7ed7f9b912f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 06:57

Reported

2024-06-11 07:00

Platform

android-33-x64-arm64-20240603-en

Max time kernel

174s

Max time network

133s

Command Line

com.ypnet.exceledu

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ypnet.exceledu

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 www.1pwang.com udp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.178.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.178.3:443 udp
GB 142.250.200.36:443 udp
CN 39.108.118.209:80 www.1pwang.com tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.196:443 udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp
CN 39.108.118.209:80 www.1pwang.com tcp

Files

/data/user/0/com.ypnet.exceledu/files/Mob/domain_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/com.ypnet.exceledu/cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/user/0/com.ypnet.exceledu/files/libcuid.so

MD5 f2b6ed9c8f1ffbce5912861243614d17
SHA1 80bfc2dfbe7a9e3cd5aa47e833da1f0e1ebf02ff
SHA256 141acf606501704c904f8fa7038e3950d15cab5a0906034963cbbf847dc385b1
SHA512 44a404c38748ffb8d62168adf4e4241b958ecdcff59571cea8b7e6206bd8de200d602fe5ab6dc6deff21d5d560833fe2cea9d776c6ccb7c42d38fa66d1a5b887

/storage/emulated/0/backups/system/.confd-journal

MD5 2d64843b228b151bebafeedba4533152
SHA1 c2f13dacd8de7cc66fec2397bad6e22b47181eb6
SHA256 7770d5da9224477e0700cbf868d0925804657dad3dead27118f7108868889c18
SHA512 aa5282033dd258156d03a8e03ea3cae1fcb2e7b29d5075cf4049fe2d022b006b59d6a95515ba67f9e8fe5a20590ac6afbe093724667fbb692f8c1489b2841f31

/storage/emulated/0/backups/system/.confd

MD5 0ddc066dd1b65ec4fb584cbb35408dd1
SHA1 4c3d4dec74adbf2143b4295f9d647f18aa4e1aaf
SHA256 452b98f7a5ab103891d119c75b2158a53a8a5a86295d5a39d094c3e05c2c4f68
SHA512 405e0e741bfd1f917b3feed83bd53d3e77f48076ca98b9eb76e47736c6d3168486291b365d122e3f4809fe3a251499831b0b87e03d9470578b771984cce658fe

/storage/emulated/0/backups/system/.confd-journal

MD5 cf6b82dcd81bb400397569b6a2be42aa
SHA1 3d44c3875b763f4cc6a416ca72b496f52105e3e4
SHA256 dce1ac07e4175c135aa976020fa428d582593fd40a35973ffa1015300e204798
SHA512 6baa5ef32d9c922f405210ed5700607c0fdf529ced5b3c1d6014ea0b8a6c359aa7a611084ba9df581fd079273ee20cb937d820e80fd0507eb1501d954603da8c

/storage/emulated/0/backups/system/.confd-journal

MD5 d6b1488e580bdc5e3194e546486ec9d4
SHA1 fdac4ecd27effd44508dab4d26ec59020fc36e52
SHA256 7067a23e9ae3d044b484de641c2e23e9336edef13e2166017e6b3ec7be8b8093
SHA512 c2b261938e9ae01941553073c7bc288ded4877b630eb422d62c2aabbbdcf8485bdbbcfe7b34904e4c4e2da03c441e4cfb1f5563154c279edef4267ff8a9d1d81

/storage/emulated/0/backups/system/.confd-journal

MD5 879c6215449c0c37b8edc7f81cf2e873
SHA1 ee1581df97b4b966c994889371d510cea7adf1c5
SHA256 bd1348860b4e0c1ba0cb613b9a0dcacb1cc18376d3f916dfad4c67e17fa87f80
SHA512 29b7d46cd9221f0799d4722c634ccb3201a3cae9488b0d859b9174a4ff39a927ca328c23d5be9b0109b84c03f8fdf2768ba2f315552f44e0f56c3ae50ef96f4e

/storage/emulated/0/backups/system/.timestamp

MD5 543f62d947524e9181af2442dd6130d2
SHA1 d6ac881c2c1a6830d6382014492b119ca6a5e26f
SHA256 2281ea49c6a44d017f0444d44b75117dff99ef31fe4eb50bcefbea7172dd7bb0
SHA512 8a158cf403b51b475f5542d4f98024f8ace0da34e17b0ae8e89309e5ad3bac686e04edf3d4c837c95ab4dc8be39b5b1d633521c1fe511291494388e8565d8f3b

/storage/emulated/0/backups/system/.confd-journal

MD5 ab32d81884144d671c65aeb9c079e267
SHA1 8daad9b0e17901c9ecf58b7df86dfdf4da70f8dc
SHA256 1f2ad3e759ae79e55823e300f5e03a03fca2af52a3f916c4007a559052b90ed8
SHA512 67e97c47bb951b6250ac09d639a928b02af44df3c8ed2ee0e1e0f73615f18de304e43aba7c92b2744d10adf67d04a5336db0bd1a2e6d1c908f68eb0f577ecb81

/storage/emulated/0/backups/system/.confd

MD5 30803013c74755b2a79810d47c2bb9d8
SHA1 81c38079f8509e3479b4dd989614b3212504f7f4
SHA256 a0a652236d75cd002f8850de2252f8fbc831e43b2da917dc5cdd4451890236bc
SHA512 b8fad74833377afeed60fdf1df17de32b8d8db6366f04ecb6930c2a1957573f8f8938a27261d564b1babf5f55fe3cfc539ae15c6e6ce0e3f18e358accadecc78

/storage/emulated/0/backups/system/.confd-journal

MD5 4b82c03bf7ddd1456d19772d28848854
SHA1 ff6cc6b901664e47af7a63452121fd3b65239da0
SHA256 6f5aaa3c76c84c3da5fd64f8d8450c45c10940f49e2e54e29b18568dc0d9d09f
SHA512 12678b4b9e437c5e2bacbb56bad44ecfc5149822aae508cd1e4277deecedd6d2f32602e572c27c8eaa4b5c900c931c4a14726e8601a9a9357c858cf15daf1740

/storage/emulated/0/backups/system/.confd

MD5 3c055a49a704b3eadc9b8b78ffbd6d9a
SHA1 2bc9c189b14d5890d25a7e5624001829baf04127
SHA256 904db034090f34a89292ed0cf4f14874eab303b7baecca1c43042a6ab6791695
SHA512 6df0aa07d4314a5e1e60205af9f7fbd7969bf83ed5942af11d5b47e6b03715a6f8c251348349b8c62bf08ae4c408bf8bbd4411f4e464d333b7b85661fe701228

/storage/emulated/0/backups/system/.timestamp

MD5 6258b8b603ef95f88a7d43ab7498651b
SHA1 6c3801f5194a3e60b64d9e823d59b740b500badb
SHA256 c718696c945093421a2e9a91417ffb316088812de7ace1cee8adf39ce75e49fa
SHA512 4bb099146094981baa924e1f927c178798c3c86831d577137a77d7b0a29c8c58a13312125b79198957c80b787d896af845332c135c297a27fec15832410f9cef

/storage/emulated/0/backups/system/.confd

MD5 9d3345901fd528a2e94ebabb48b3ee5d
SHA1 9bb53d8b513d9fa8ff4e26a321a6ddd78a263bb6
SHA256 5fa1500b8c44f1d1c21007593af50bda011e7315c77c27343eb43e359fd0c592
SHA512 aa1d7beadc49a30dcd170086636d812521e451bd7b84579d185eeebc6dae90ec774c6f65624f0a12addd91677105ae90f2fc78bda6c47247fe42f897b5caedf3

/storage/emulated/0/backups/system/.timestamp

MD5 052c6e5d5a1d8f899604125a802a29df
SHA1 732b0098a6ff1045a0371d9480734c23926ad29d
SHA256 1d02fc3c545f6755f7df7eac6108e1fec303de9e269f715f63ab4a7f5b016c33
SHA512 75e79720adf8ce8bfdf04d8180b9f44b814736680451cff6f0435e8390c03da21cbde9f862378a5090a1a509ffd6a218c9d493f0829c2578b4d4639c7df3e3fb

/storage/emulated/0/backups/system/.confd

MD5 631e23ce2e9b0422d3a124a15980030b
SHA1 126ad67399c498936924304a9ca6c698221e0852
SHA256 b8cc5018b1c519de8af288764e2d189974119e27c3b18694933191780a5f99d7
SHA512 2a412f484f331013eeb3cbe31a2938944c0d02774f5dcdb5495a1cfd4f618c4b7e307fb384f38cf7b4733e4e63538f4ed27ffbbb1442419f7f8e9cae55e35790

/storage/emulated/0/backups/system/.timestamp

MD5 3b345af1828e119f7c563bf55c5e8c5e
SHA1 4fbf3d46525f220371442d33c84231587673afda
SHA256 99f0b328cca37dd054faf7744abdb7bd3d7188e9df79f03a96f28dfea4257013
SHA512 acf1b8391fff2a66eec954a8fc29b2b3a1567f978f9eabe0d0fff02bf041b2e3540021b7a2d84aebc51211b09685d54716c8cad0d32dd2e54a9b956e76efeb8c

/storage/emulated/0/backups/system/.timestamp

MD5 18aa0b07fd4e68eccae4cfb2a49f8a9e
SHA1 1076b0ff72fd1919bf138c194549f13da6a86be4
SHA256 727bd758f986614eb8484cdc1d5d634c4fe06a918dc538c85198471c1f928417
SHA512 4a70fc3d05f3d8ce65f66c8182d72bdc541b0e4507eb8f0857e108b66974a727809a3a4356b579e22b9d82fdef5b48e1080382cb7ab73a7f9fda13ac34e890eb

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 06:57

Reported

2024-06-11 07:00

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

153s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 06:57

Reported

2024-06-11 07:00

Platform

android-x64-20240603-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 06:57

Reported

2024-06-11 07:00

Platform

android-x64-arm64-20240603-en

Max time kernel

7s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A