Malware Analysis Report

2024-09-09 16:22

Sample ID 240611-xxw4wsxhpd
Target 9f44a11b57bb3ff5e1b10272952b6a88_JaffaCakes118
SHA256 fa9e9ae2d63bbb55c4f2560d3dd55b9754501b40a8a88d468edcfa22951cb756
Tags
discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fa9e9ae2d63bbb55c4f2560d3dd55b9754501b40a8a88d468edcfa22951cb756

Threat Level: Shows suspicious behavior

The file 9f44a11b57bb3ff5e1b10272952b6a88_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Loads dropped Dex/Jar

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 19:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 19:14

Reported

2024-06-11 19:14

Platform

android-x64-20240611-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 19:14

Reported

2024-06-11 19:14

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 19:14

Reported

2024-06-11 19:17

Platform

android-x86-arm-20240611-en

Max time kernel

174s

Max time network

131s

Command Line

com.daye.beauty.activity

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.daye.beauty.activity

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar --output-vdex-fd=106 --oat-fd=115 --oat-location=/data/user/0/com.daye.beauty.activity/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

Network

Country Destination Domain Proto
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.169.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 m.zhenyoumei.com.cn udp
HK 47.91.218.196:80 m.zhenyoumei.com.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
HK 47.91.218.196:80 m.zhenyoumei.com.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar

MD5 73221f224e5d32e4f130dbe57ad395c0
SHA1 1a8f63b73dede50dd56f469d0ee9bffa84eb9d63
SHA256 8911616ac34f9c9508d25ad55183ab06dd05f1f80793d70fdf225cd56bf4ad55
SHA512 58a1203866c0c376cfedfb493c21b8733f4796f6743414b810a63aa144b1af0acd9797d132684b8f255b9ebd76ba5405d0b5518c0c353c4a9b8839939a9c5c8a

/data/data/com.daye.beauty.activity/app_push_lib/plugin-deploy.key

MD5 9d1a04b8ab5b51cc9115613f8d493560
SHA1 96be9dc210c3d4a4a48c0ebccdf6785b8115b72f
SHA256 9cb03cbcb9a9c03d5cc6c270f14970db2524eac1423182258464e6634bc2dd2b
SHA512 405f844df2c865725cf0c73eb5fb6052dbe61661c41e633d0e32098133de9509c485165324e0ff49ad9507adc92e868b9c99b62b27ca5291b51946333a52a133

/data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar

MD5 eb172940bb27c649684cc12131db7b7d
SHA1 d022b7d97614de236196d48c40e59625938626b3
SHA256 a641935e2fd81e51e844010c860337a14815605dcc78c96bfb6d8620c47bc55a
SHA512 989219b70ab58fd40111920151d87128c4b18b086074d1ee0d95ac73258f3155a9ca93fa74e702d57a3a881e9e408b5571c4db9fdae6faedce677ae50f2bdd9e

/data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar

MD5 86f78d7f51c3b0e113430319411c2a28
SHA1 b83fe95671ff7322fbf2b72fef0306f8531dc83f
SHA256 488aca21878d63b04052c887a3db9a0916e88fe8db036e2e00200a964268c755
SHA512 4facde88a8971000642953f8f64cdd7beb2ab587463ecc0d5d2c4508e90cc77b4bec8c4cb04f7c43f52f05130d29b950bd8f884a5faca56d129af621512ed4fc

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-journal

MD5 360a73d089792c5220e8f40607550af2
SHA1 d4ec0b0f60473a977ae373cd165a22aa17ed7a4e
SHA256 9d8d084020c8bb42e7a14adb11bcb8f667090d79bba31017954bfc1d48387851
SHA512 fb55247583f12105f35e0b8127e602b1486d48e8bb38f2816b086d0aaefb7e342f732121355cd09b0f57fa826daa9d7a18752cc167d7f698d58d324281aeb60f

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db

MD5 8b7197af34d3ff11df3904d58bf49db2
SHA1 5c93048455f81ca11d25fb9152251dc3e9188027
SHA256 363728c5a2717083401a2d0f78300faf6753a3b363e1fc01cc948c2962976af3
SHA512 83781376b7fbce215e24fdb1e567c8e0fe4aaadb0c8147371b478785a9b7e3310782ec207221a629070cab9839ef5cadc66dbbb618091753297e64b5722566a6

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-wal

MD5 bcb3f04fedefaac6cf79a813e7277ab7
SHA1 05f0cbbed559eea5bf8923d7d10a0a94c372b5a8
SHA256 829ff73c4420526c58211c226c586b52eab56812bf3e287b0dd9625ae4297f2e
SHA512 bad67a3368e90f8426dc1ba8c98ac77af9e8fa188b84f3e3dee8f96c35cb476aab91158091dc2c31d412e6075ec4ca08b5b5fc463ef3ee29ef77d1363b1a2db8

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db

MD5 40f725076e1f7e7dc4be161586113596
SHA1 41f1fc0e2f4ed5f650c5bd957fa222f1acc8cf0e
SHA256 99b8876995598dc16cb8af87b0d1ce4835580f85c66b854eebd08abbf42397ac
SHA512 4dac07e7b990d18a3450c977d3c34020e378e1f50932619de907dbe1d31375f1fdc81963718c6449a3e44df525992ba3ddec87580d97b2d55013ddb6d95a1b84

/data/data/com.daye.beauty.activity/files/mobclick_agent_cached_com.daye.beauty.activity

MD5 68a52c9ab38b1b557944184b49fe1c3a
SHA1 e6aaede6377549ca9fabb2b31ec5e9b92372a0d8
SHA256 b0dad6d36736029331a44de96f18d9ecb8e95f92e4bc778c2e32c03eecd5aaf7
SHA512 1e465ce86fc8fd3dc90fad25cdeae951afee6a3eb1e106ca114e0ae830c75377ac7a4173044c764106e5cf45f1cfdd49c7123723e84a13aba2561b1239bb2728

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 19:14

Reported

2024-06-11 19:17

Platform

android-x64-20240611-en

Max time kernel

179s

Max time network

132s

Command Line

com.daye.beauty.activity

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.daye.beauty.activity

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

com.daye.beauty.activity:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 m.zhenyoumei.com.cn udp
HK 47.91.218.196:80 m.zhenyoumei.com.cn tcp
HK 47.91.218.196:80 m.zhenyoumei.com.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp

Files

/data/data/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar

MD5 31898501da274cac480deafaae2e479c
SHA1 892c3b5f330cc0e1ee056355f847524e9778a46d
SHA256 9295f1f75f3f46fa599a840a5471909f3eb6f31565248146e892ec653739ac53
SHA512 0381c7d22c985c5b5c22fbf36bde86fe3b00f9c6c9ed5f24247b1d18e43751345f3fdea4c1f9e9770ca74e738e8e2565fb391f480e36d9e430b7bc748d73722b

/data/data/com.daye.beauty.activity/app_push_lib/plugin-deploy.key

MD5 9d8d62f1283075181deef3091a786ff9
SHA1 c4b854b95473560a67c118c0d6c4beee4ddb4509
SHA256 438c724f1371afec704d4e4ac6ec1aeba35df415505a7b21bbaf5f3184ae7196
SHA512 102c90db46b44908e0d8ee58a0045e86860dc6004f9cbd1835a4d286e592626e32c4b5a7aee2b3b82d4dbef615db2e5ef4178c75ffcc2fae7b65f19c0db64ec8

/data/user/0/com.daye.beauty.activity/app_push_lib/plugin-deploy.jar

MD5 eb172940bb27c649684cc12131db7b7d
SHA1 d022b7d97614de236196d48c40e59625938626b3
SHA256 a641935e2fd81e51e844010c860337a14815605dcc78c96bfb6d8620c47bc55a
SHA512 989219b70ab58fd40111920151d87128c4b18b086074d1ee0d95ac73258f3155a9ca93fa74e702d57a3a881e9e408b5571c4db9fdae6faedce677ae50f2bdd9e

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-journal

MD5 78f33074d0e0fd0947ad9cebfab51934
SHA1 256d60f65502c739e5cea17043c33ca1dd79532a
SHA256 0c8b277b69514667c47af0b74a31d1a651bf1f7eb1bf413c16cb7128a23bf4c9
SHA512 4e6f76652523a77aedd23fa8fc71c254a2df1fe2d25cdc0030a2e5e98a7dda4f9ecbbdb72e6571bbf5a3490397986e45e70c275d5be8d746c7e1b19ec577043e

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-journal

MD5 834a56c8de8b1e7797a5374ce5e1094d
SHA1 91d750deae36c023f361d2c70eb602544edf2865
SHA256 ae12847deca395a31ea5239e1917009fbc02570e4b6cb0b1eb7ecc748f0fb89e
SHA512 50522b74c45e21be3736183f0609ea520f0ff13c1600968d9667090f8452d6303b6d2bf0d0e752bab35b46e5b25cff24d620d0773ded4c152ea5aa211523e519

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.4.db-journal

MD5 36c5c442910cb57ddf8d4b28f36e9ebb
SHA1 c3dc70469e8ccff4cd48f6f2a10122e296dea090
SHA256 349d3ffd3f963156e3e0969f4314a7f23a8eef320f39a9e0f50876e264153f3a
SHA512 5fbc7b12069f1cea6018a6ea94f3f415ca2a65d6c3d260ad0eadd9654b2cd8b5919bd48fcb5eb5fed11472bd223997baf4e90a1b6aa5d36da4d902dc9a3b93f1

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 19:14

Reported

2024-06-11 19:14

Platform

android-x86-arm-20240611-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A