Malware Analysis Report

2024-09-09 13:19

Sample ID 240612-3lr9fsvglc
Target a2f56380193098a50bf708e37afa485e_JaffaCakes118
SHA256 2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d
Tags
upx discovery evasion impact persistence collection
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2b6bd2bcc06de25e402811a818dceeb5998f9730561d183572e3d92a47ae103d

Threat Level: Likely malicious

The file a2f56380193098a50bf708e37afa485e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery evasion impact persistence collection

Patched UPX-packed file

Checks if the Android device is rooted.

Queries information about running processes on the device

UPX packed file

Requests cell location

Checks known Qemu files.

Checks known Qemu pipes.

Requests dangerous framework permissions

Reads information about phone network operator.

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:36

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:36

Reported

2024-06-12 23:39

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

186s

Command Line

com.moxianba.chat

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.moxianba.chat

com.moxianba.chat:ipc

com.moxianba.chat:pushcore

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.cn.ronghub.com udp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.102.120:443 nav.cn.ronghub.com tcp
GB 8.208.8.123:443 nav.cn.ronghub.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
CN 60.205.180.247:8000 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:443 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 59.82.44.11:443 abroad.apilocate.amap.com tcp
CN 60.205.180.247:8000 tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.71.159.41:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 124.71.159.41:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 124.71.159.41:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/data/data/com.moxianba.chat/files/objectbox/objectbox/data.mdb

MD5 80260a9e3fee508fecce3838b727e7e7
SHA1 93873b3ce2ace808632e7ed9dbbe075455db8462
SHA256 89fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c
SHA512 2c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e

/data/data/com.moxianba.chat/cache/image/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.moxianba.chat/databases/bugly_db_-journal

MD5 8bcd8e3208f9f562a9ac7d67cd1eb98e
SHA1 9dad2129318fc96e64cf38abf413dd5075df1011
SHA256 3eaddfe999871566a4af08ff088c9ff27b9944a42f190518ddc935dfa13096c9
SHA512 2655a18c9adbc3362c5ce18ac6a86cff892c17dbb4b87df3226dbf26f1d1752d605c1549d06560929c17868ac9260b60508da34b38e1f676f6226dabec3141ba

/data/data/com.moxianba.chat/app_crashrecord/1004

MD5 da6fce5f86e0f9bf7e3004b5eaf2a0ba
SHA1 d97d5ba50f9eb11cf7a82688e51fba66e9e5e122
SHA256 37448a6fcb000097720eb83d0f421dc22d25b27f4efbe6b45e87099e387fd758
SHA512 259f98f1e68dacaf7cd9eaf9a0cbfa37da7151f96f6fc4898541df510a2b87276be9928904f5f136b67b4266bf1731f65b6604c86f4fcffbfd09c9f381701a58

/data/data/com.moxianba.chat/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.moxianba.chat/databases/bugly_db_-shm

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.moxianba.chat/databases/bugly_db_-wal

MD5 e1b80d174a7d9709b7cbb7c3c7de0d6d
SHA1 762118037e687f6f31dd6a95972747afa0a22ccc
SHA256 51b8aefeec302c97601442ef8fbfb67f140553660bec3a8a8bffff77c127e48e
SHA512 7bf716abcb2d00ec44070e68e178d6710b5e59003696f221f70b96f883e6f5084a1da3f1be5156d828e3f0d8a1925576a9da4bdb93f91b993af86832b4b40e1a

/data/data/com.moxianba.chat/app_crashrecord/1004

MD5 8d2300868d78b5ba7955c18e634300eb
SHA1 dcca8918b1fa7b1dbedcd95b2e7925a056c15c33
SHA256 cf2ac88fe2f7149372786bd680437045f0ccbf9d8d1d5be08e449fc6ce9335d0
SHA512 1a88e691fb3203d2c571f816026baee501edd2af06079af12afd8ee89f80381cbf1d3b54a0bd16e993d191b6a6c6eb8c7dcead4f1b7d3ac799c20689c0df2097

/data/data/com.moxianba.chat/databases/bugly_db_-wal

MD5 4d8a602e88a02dd6d81f9fa511d723c9
SHA1 896be2ce176bd2b8fc7323f4dc937f0fa0373416
SHA256 8ee6194b65462fa6aebab65b8258e5c2dacd3d1cef7048e2cf08ab1302a0cdd5
SHA512 8e3f26b35f3bd7b36f34f9ed1bcc862f29baaec98e9719f0de0b5180fbc5b425b31174307666d1e488ae59e1023723e2c86acd86679b2981d623833a7d4be0f2

/data/data/com.moxianba.chat/databases/bugly_db_-wal

MD5 f75ba95d2ae874a71daaa3e523a4c8b4
SHA1 7a3c2143fb18fa6167728897ec8b2a58539edde1
SHA256 db18cf379edff7612089a7b995b24720ca47eaa3c7fd1bc326880b4e3138bf60
SHA512 dad1ce4768a3e2965fce59d9f3c76d97c131adffeb62d2d0025ac4cf378bae9db5091f3a859517424796d749e54ef37e3ce2471a5d4d69924c39056a0e8fbe72

/storage/emulated/0/data/.push_deviceid

MD5 373afa5beced0a6cf3a2ae951d600131
SHA1 dd7379513730a5caf0d67ad3bf82e7b7064bd49f
SHA256 ba0bdd191e7c2fb8ec48268b1d0f0abc675f4f726ca1a46f41d2a052168c5a60
SHA512 0203c2942eaf6e6c3e013fdb49086a80d0cb4df2bcde2bccfa42d245ba1cfde2d5a05975bc6aa864d5702481e5be641db2513fd63f40c5b2115eea12c981dfb9

/storage/emulated/0/data/.push_deviceid

MD5 7e0a3b7f86bfed99f4eb24826be0c8f0
SHA1 02fe57a2f5a2f9ba9cdc76335a4cc0a5be717a30
SHA256 49cc631583dda3d59b8b73f73f2f3706efe65717ff620d94f7e6b95f18d7d45e
SHA512 ec5f366d79d799605e8645452890fc247679ecf7419a505b86f319d47ebba1227355ec2e40291b07925be33a5ff2f0b730df3be3e892f2b2d019fa8a24cbee07

/data/data/com.moxianba.chat/files/jpush_stat_history_pushcore/normal/nowrap/31708661-e9ec-42cb-aa0d-54b906e3bdda

MD5 4066cda86d3dd7bc328a4071675ff21b
SHA1 cc5d340c02cfaceac459be65661fffbaaff454ba
SHA256 6ba061fefec290a4c89dc66d0c2609cdde6f5803d649e97d726b0fb799d17403
SHA512 4f14f0aaaee51f9bfa73c548cd0077d9a17f7b142654cb8ccd4f9d0e653d2a90f1d4c607cda37f13ec59c7f6383934500581a415e8f689d92ab024dc1c07e664

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:36

Reported

2024-06-12 23:39

Platform

android-x64-arm64-20240611.1-en

Max time kernel

174s

Max time network

185s

Command Line

com.moxianba.chat

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.moxianba.chat

com.moxianba.chat:ipc

com.moxianba.chat:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stats.cn.ronghub.com udp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.8.123:443 nav.cn.ronghub.com tcp
GB 8.208.102.120:443 nav.cn.ronghub.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
CN 59.110.174.122:8000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:443 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.92.77.21:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.84.108:19000 s.jpush.cn udp
GB 216.58.201.110:443 tcp
GB 216.58.212.194:443 tcp
CN 1.92.77.21:19000 s.jpush.cn udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 120.46.84.108:19000 s.jpush.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp

Files

/data/user/0/com.moxianba.chat/files/objectbox/objectbox/data.mdb

MD5 80260a9e3fee508fecce3838b727e7e7
SHA1 93873b3ce2ace808632e7ed9dbbe075455db8462
SHA256 89fdbe9505f901f400687d28512fcb9374b870b578d103652637ecee954b5c2c
SHA512 2c0b114808d2a78597792fdc7db8f819db87844c8e3a989d8d5ceca224676e58f744dc3721e57ac6993b2d097079eb5abc7b8bcd1412c102e34841a4509d757e

/data/user/0/com.moxianba.chat/cache/image/journal.tmp

MD5 99753edd2281986d857a1a4fe795b73b
SHA1 dd0f9b2510c6a8829cd55b9008f2f8aa1f3c45a1
SHA256 3b23ba05c138b74e783074738ce1a22eabee981c611b52fa13117859461661c3
SHA512 8adb7cbf1d4366e36d8d0a515ab532c348793d9fec28421da672a7b8201d71b73e8a32c4f185af7e42e65388d944fbf33f4b69aeaf1cc9c4602d2c73f841bff4

/data/user/0/com.moxianba.chat/app_crashrecord/1004

MD5 2d9cabecf0774bf128d3308674eef1cf
SHA1 7a6b7e3b6b693a791310a790972fa2979ea75b35
SHA256 272ed277034b67b294f50f6c864fd3996ab5bc9f375b6af09942514c626d5c51
SHA512 74818e7ef7e20d16f45932ee126de001eb4fb741366e83fc8e4c6e4c0d03c128959c6b2112b14b444c23401ad8679015b7b551659f5c168980674be14471e174

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 c78969f64e6f0447d1016971706e65f4
SHA1 19b470309c9abc6c5d61b3cab4472a468a79890f
SHA256 18f57c63d770d3050dacc024ec5f92c2cd898f30587a4b7ea9b52261cf48bb53
SHA512 9687e27f0304f792d73c9b0894889e9226c920b955dda5f8d26d5bad42cab18d65863a4ea3b1dae7677ce3fc619f8e8ed1ef478c06b6e2719c840a5ab7063809

/data/user/0/com.moxianba.chat/databases/bugly_db_

MD5 e14d65a71875dc171ce5017073495cc5
SHA1 d59da269594ca960b670bf53e9825433f63bd3bf
SHA256 7580ce22aae6c3e27cdc1ea45539c4b66e6eb38343bad12d5baedb49763ded59
SHA512 28f26134a842ace8671f62b71956a196d7cd86e691fbe242bc77e476a079fc1ff47683b28dc9610e38f5bc4bf7d32c2f042a54896987c582ad692f5897ead3f5

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 9ea30aeb8107007e43c6dd134eaf3e64
SHA1 3ef2750acd6bb48debfc2b20bba9f7c3dfa1665e
SHA256 13d99e4d2aaa12b0ef368f9ecbdd9eba2898dc29a80452fb5bd3a9df5a8fdbd2
SHA512 2d56bfb409d2a6c2a65edc6eb8316cddf87bab9685a049d0016f3e6415a7c2a2f623122122d4edab1120d38d3fd2cd74e22caee8757c4efb3ba2fec6c352cced

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 2b9e47721b12807f92098f0e43d063fb
SHA1 f13fe8cb7cfd5b5bf15ec69168b8895d945c4794
SHA256 4f5c45428e2bd56785f704b3dbb3e726d56045726ee069113af8bad397c52313
SHA512 3ccbc3ebd08dba9682d7852a9e872b9d8dd6c6056d9f0ead8bacc2fb29a107b0393d7428834c5a33aa2f54b27a49bf05d986048f82d2fe438771f185fa67e898

/data/user/0/com.moxianba.chat/app_crashrecord/1004

MD5 9296cc45b66bc791cf1dad9b576b858a
SHA1 6cb2ffef8b239637daa9edf39778bdd3cb4f9139
SHA256 229bb3aea21327554a0d2f98f8b59a5d04a82c3ca4bd8112d88d1e0c4cc7457b
SHA512 c225518c068c0106899b1be5bf023f4fe8a4a4c9f2e663eda003835e78a95536bc98dccee6725147c556b46c279c08989e13addf21f8112370a414753ddd88c2

/data/user/0/com.moxianba.chat/app_crashrecord/1004

MD5 acbf776b0807b5c193164662cc6f2c38
SHA1 e0465ed09f51db0d0ea28f7ceae24c0ca3e2975a
SHA256 baa5deae3732816e98baf9d00b177de4ecfb0d493a44fa9a266e5559f56c5b06
SHA512 671b34a6e98121b11e350a258f0107c048ebd5632a46e6085ecc923e81030871c18759553a76bbfdda7e2b381e9b211efb6c48b40b98afc44defca017a296cf2

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 bbe5686d140120d1c4674e565abab293
SHA1 5b22364855e338147c1233a119e37b925e0f0839
SHA256 045ce6f3bb0ef939b5bdfc826875bb30696efe361dbf63c2e95387e9b1180f86
SHA512 0512d0f04a7ecaf2ad0954a81161a7ceb5c7f7ab18d17d526870b161b3108fd53e745ee4ea5e91c4b224ccf9728db718b5b1180dde8141c39363284c5fc08d35

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 6844a41208dec2af6517656f5235a049
SHA1 2ce26a3c282956c9e31576c5f62102bbfa31ebf9
SHA256 b5487200fd2c143375491bde63e6d8dc09a0b74d2dacdd0e1bd08334cebffdd3
SHA512 3dbf162c6447fb2b6ae995948be2ad4904513b6de71516477ce734f09260cdd96dff018aa323cd171d08d12036e94eaa4584f5e8d0498454af9562ccec7c23ce

/data/user/0/com.moxianba.chat/databases/bugly_db_

MD5 2e06aaeea3ac9695e82a2746557462fc
SHA1 23763fe0323b5e25fb0995a71c178a5d3c016346
SHA256 c63020add6c1f8e2a72679c71e34bedee4b93583b5e042635a8d60253c782e85
SHA512 a8d18518f084aa452faec4b512c66d593ff7d3d832625e6371c216a5be1cb460640d512ce4eda153f2c602ff68eb736bb6b9c1578f8bf15770c75c3199ddddbc

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 ccabdaad8d09e3e6524d9bc29d921342
SHA1 660c1d77eecfb8ddb53eb6b3434caac9f63678c3
SHA256 6315a9fa1e110f5d4db20811913529e7ad9d033ee234bb7a9b6a82609b093f90
SHA512 8ce4e6c195dbcbf83f8ad3f29035d8de8da2132c19789d21f3fc8ba9edccb15f9296900bcf7f0ee6c2d98b6088bc7b7ddb35f57859aeaf5a5a643fd6f1d1561e

/data/user/0/com.moxianba.chat/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.moxianba.chat/databases/bugly_db_-journal

MD5 8adbb79ca0947dd689a9ffcc47377685
SHA1 4bd3dca12ca26a5ca72a2912601293904e7a2083
SHA256 ae6b55cf6ffbb6a7d04ac076b83d23cae34185afd9e110b126b563c7e6eae428
SHA512 ee3c9d1564129c149592c28100bb05ade5ce31cab4062e4cbf603c5d5a6b128d38678703f684b74352f9f2b833b8a00662e896cbdb10530db304a03d77bdfd23

/storage/emulated/0/data/.push_deviceid

MD5 4626ffb8b3dead25667401c473394cb5
SHA1 c90005b95b4b1dbe95f9de68b1680b3029e3ff01
SHA256 db04b289aa2e9c5c322e63cc9892dfe7ec2f58b16363d8dc25d3319deabf8214
SHA512 fdd00388df3fc66fa09246ae80a907e73e1bae7c546326319df1250349fd6761e37aaf744e734bb0a2e0886c653369e2f368c1fe1762b706db64990ce950d900

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 23:36

Reported

2024-06-12 23:36

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 23:36

Reported

2024-06-12 23:36

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 23:36

Reported

2024-06-12 23:36

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A