Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-lw2r7szgjg
Target a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118
SHA256 35db68b82a03f23cbcb4d4e45f1bc6bf80aa0a93c523dd1fe4e7978febd7124a
Tags
upx collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

35db68b82a03f23cbcb4d4e45f1bc6bf80aa0a93c523dd1fe4e7978febd7124a

Threat Level: Likely malicious

The file a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx collection discovery evasion impact persistence

Patched UPX-packed file

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

UPX packed file

Requests cell location

Queries information about the current nearby Wi-Fi networks

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Reads information about phone network operator.

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:53

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 09:53

Reported

2024-06-12 09:54

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 09:53

Reported

2024-06-12 09:54

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:53

Reported

2024-06-12 09:57

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

185s

Command Line

com.dream.recruitment

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.dream.recruitment/.jiagu/classes.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/classes.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.dream.recruitment/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dream.recruitment

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dream.recruitment/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.dream.recruitment/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.dream.recruitment:pushcore

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.pgyer.com udp
CN 203.107.44.30:80 www.pgyer.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.31.166:19000 s.jpush.cn udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 123.60.31.166:19000 s.jpush.cn udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 113.31.17.106:7000 tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 120.46.131.222:19000 easytomessage.com udp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 restapi.amap.com udp
CN 59.82.132.217:443 restapi.amap.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 113.31.17.106:7000 tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 123.60.31.166:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.dream.recruitment/.jiagu/libjiagu.so

MD5 50750315eef281575611bc425174b939
SHA1 acaff02526d7b4c257e00002ed09af364f66a401
SHA256 c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA512 60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

/data/data/com.dream.recruitment/.jiagu/classes.dex

MD5 77eaba6aa2124cd2f2e832ff2f95ec5f
SHA1 87f88444bc7ea1b900fd2b43904f937cc3579716
SHA256 6214b5429a3ca2ad8a4d849fa1db8aaf2fb2c71f27fccf7026a380131939a538
SHA512 2019f70985eea24fd1f7812f5ff75c11851a35dda6b193b5ce44b0118e8291e0d92b0d8ee8f8c7bd09fcc6d82894c4ad64f1b722516038ec40fce0d2f4af6bef

/data/data/com.dream.recruitment/.jiagu/classes.dex!classes2.dex

MD5 a1cddd046acf5c3f09e5cd6a6f460e93
SHA1 f7d1259d234214cb205334ed60d4977b988c3725
SHA256 978fae90c6616fb3c9c6a463469d854cb699877649ed8400a6d218b2846ac086
SHA512 0eeafa5803243813d6ef83d8c9b2903bfadd627a891b40be11b1e6fbfeb422f810bf2baad2b5ec799d3f04af86a95bbd812186010f1b0732fcf6183f2fb01fc7

/data/data/com.dream.recruitment/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.dream.recruitment/files/.jglogs/.jg.ri

MD5 3b155b00decb000d98a83311fb53b2e0
SHA1 c67cc40949e907d256bebba95370c3b0ec038b7b
SHA256 fcc448c7f16b2c993ee66427f926d5418db2bf0d8be7cc1d3c77b1f69dd63704
SHA512 5dd1bc4d9d70beee87b219be80744db43e61e96d0ab586b280b108c05216be823a5b61f3fc39bb4efe0bb2e3c1f6d3cd3e99429dcf362dbde47390ddb11b37ac

/data/data/com.dream.recruitment/files/.jiagu.lock

MD5 e173fb5915eb64fbd1e39a7d1f9c79e7
SHA1 0ff577246e103172093c4b9cacab520511bbccb1
SHA256 0289c0e7d02362edaf3ca7f87a8fdde132850e3b9ad5efb2fb75d713734cb46d
SHA512 bf6a57d35b51aadd53d4a3b390ffd36ccecbda1d9674d799085c6536f0bf65c3dbf41e77f895aaba40a0b7ad38d2beb8009cf06a559464aa1e4974d71b96aaa5

/data/data/com.dream.recruitment/files/.jglogs/.jg.rd

MD5 f8f7c0b6a3c975930a855b6acae7e9bd
SHA1 2d09b9c5851a6317d06506a7c581a23c36c479df
SHA256 97e5d82df535128ee935de31e071aa76e01e0ce253135f2ecc378a7dcd37c3b1
SHA512 d223362dacddc47245492abfc6f81b92954d145a71ba1e900920e47c605afafc41f7ce6e88b1115e6bbe059ec4f65ccaf235314c6c31755d855810bce49de69d

/data/data/com.dream.recruitment/files/.jglogs/.jg.ac

MD5 9e2a15dc7c51f31e6ae5a3085cbb58a4
SHA1 1b6eff513bcfdf9724069340c95bc16684d332f4
SHA256 cedfcd1b14db8d79e90a912252a42f434eea51313f4179fcc0a754517aeda4a1
SHA512 84dfa0d316a8c19988403de107a94f6f4684c06c0870d1fbd7bfe6d6e17e1fcdb6f96cbc61a7156b4031fa9c2d9ae77fd95eb0f6216c1f67ea44a55d7de50cc2

/data/data/com.dream.recruitment/files/.jglogs/.jg.ic

MD5 47259428bf916543e4e7e7610aa0aeca
SHA1 fe9493ece7adac484273bd057f7f0b7045b67dac
SHA256 25f5ab0f29a0744dc8eb2bd11f293dd015d8aec9984591c8ebcdbd0d0019f58d
SHA512 45e1736620eedb3de6d46cf31badb40512950e10b2d204b48c5f25356d110e58c8595a0c7ef225fa2c51e8f70f075c4ea8dfc5e76059e1009bc1b579784b8da4

/data/data/com.dream.recruitment/files/.jglogs/.jg.di

MD5 be21f0068ccbe2f4d7ec4639483a2fd8
SHA1 cd82ada5bf834f357fd9b9f41ece690d53bc40fc
SHA256 0621086b9e70f055b1182036910e92d0416734e32b21719f876416568a3dca68
SHA512 5e76db1a5b31e563218472f7ca38e4d7cb1b11d6c97b00da312ef4e535f6d45e205112f1defd8a032fb0cab58c0d4445f829edb0a5573019bf4b696526c77e4c

/storage/emulated/0/360/.iddata

MD5 3102636d3b9940c8ad4470657ce77469
SHA1 2f307170eaf8562d5790dc4dfc6238e929bc992a
SHA256 96ba085ae1becbd9288ed3afa552d11d4db311682d3d80c83173f5e7f77a5242
SHA512 9d80869f0abb72c685c5b90c4c437f8325ebc0d243efc946d30d4b41e4d3e252c8fb7ffe939045a94f24959779dfe2ce0e9a2a3e2ffff7bce9b2594aa275951f

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Android/data/com.dream.recruitment/jxfxkjyxgs#kunyudongnan/core_log/easemob.log

MD5 8f6e1ad88671783738de798d67fbae2b
SHA1 0069aa210a9ef13c3be75c2f649ff64770ca1165
SHA256 2db938450eb5cf30b486ed40da0e1bc99e4873d117cdd499f4cb0b302f83c5ea
SHA512 0f87b2c5244a3d426a42c0bc9f00dd67da844084da3c811cb4ea90b51eb185c337d0d43a8c662d9c71a7719802e376a20a61039449723fdfadeaaffdbb4b5cdb

/data/data/com.dream.recruitment/cache/com.parse/applicationId

MD5 91acb7a4a0161c5a9903f73904b12125
SHA1 86be65aae5b6e7dff36c2a87572e8825717a84e3
SHA256 240c1bd1da4c51d73bb3d03aebf64f8d261d2114a9e41669a6e677e4db3d9999
SHA512 ba6d82038a6a57b0e8e665cb90379636e9b81258e08b439152e4e8a4f8babd7623a6e7cbbd86ee599ef1e109dac071aa476fd7c314e5e883933c9d6584aee1a9

/data/data/com.dream.recruitment/databases/logdb.db-journal

MD5 6e68c434a86a023b99841041c7d2259f
SHA1 9d305f4ab3aefc01faadab7675815a6a99d9c8d3
SHA256 9d7031f09727dfc5eec5b54a27a8287dd5c0926dd52808da8d96a7c8df105cdc
SHA512 ce52959fd7178543947aa9e0c6526a52fb4db269157979375d7b4d05dc8cbdfe3ae6916a43295540c0b4441a4feb4a29a2b362772393fc31dcf8efd90f5b65a6

/data/data/com.dream.recruitment/databases/logdb.db

MD5 f472e31e89db74ef438fd9c43c64e5c3
SHA1 802cfe520e21075ec121fc04a95095efb180b350
SHA256 d03ad8a5e6457c8faf3d54d6628161a32d48cff6af61dce08711978da4f26296
SHA512 c544ddc7fe22bff6993cebb0c0093d398dd48292b2fee605abee5af6ca734ec21161af8fbc11c1c33363ab0f2bb85c152c3aee745f1f457d84bad305aaba3d4b

/data/data/com.dream.recruitment/databases/logdb.db-shm

MD5 00b840624badb7c0ee507942af74669a
SHA1 358997a3be2a7a399c8195c42ca72afe03769231
SHA256 01f8339fb9c7c1907d920d0555fa85e0a651414d2bca021e087e95929d4dcae4
SHA512 a2e60d9869a27626b74ac081f345397a52498c7db71dce142a1d81a072f10dbeef3ca23a869143697844bb884e0a0af7921f66748ad1e60518f484cd340a61fa

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 b1c0813d3c79b33419a761a5b2d7ff31
SHA1 0ca47365f85141f1da246f92229f337552a9eb5f
SHA256 18efadd9e828b8c032218bad6104357987d676091d7383b0888357a223f1b83c
SHA512 8b6a7f55026fab65d94c55a1e592685037158dc59665e35ca933acdb46f3d09b45c01beededd79c93cec820d4db5f07ce09972382da888819fec8cd5f8869111

/data/data/com.dream.recruitment/databases/hmdb-journal

MD5 363fec39f4eb95a41c6937370978ba23
SHA1 ddc8daeaf5ab88a9377c51f3f3de3fd1e852ae6e
SHA256 57d414e19bf3306da6a50907439b9e39b20742fd1390b47299a1d26d7c871c65
SHA512 cd7c3454557e08a6b87a1424b596668fed42a575da362ceef5f55195214682c4ad8cf043e5192cd2ef09ec4b1488630d999d48c486c8c2622899aac18118ed1b

/data/data/com.dream.recruitment/databases/hmdb

MD5 0e07edecfa7506a3b24c8817f27f1961
SHA1 491b8291706469b2868f4ec7c06aa0cca3f3ed1c
SHA256 3e27b3cc521e9f9653b9127ef357c9a439716a3261e8571b8b703b0c1808aa56
SHA512 1cea4f6fa4c72664dc0b6dbfe5e07abf9de6dc48ab419d4eefccd4b89259efbff7a07e59cb5281e9522d47bf64ba58c200d8337cda3743049cfbc5ebfc84b9d8

/data/data/com.dream.recruitment/databases/hmdb-shm

MD5 82283f0a0983e74228d7ac5409fbe41e
SHA1 a97c98139b42cc7d0d9aab6c8a33a4c400912ae3
SHA256 75836890e63f2f6593dd6d0a970884e1530976a7d7877559d554936783d62a68
SHA512 21dd3dc614e7a17e8bc6a772fb54dce06615b61d201775f34ee30e7482d51defcf97f450edb839713043bf8041a1d3dd4a8042fa36e34920b53eeef614ddef97

/data/data/com.dream.recruitment/databases/hmdb-wal

MD5 a0928247aefff2530de2f747e7e69b64
SHA1 e41a54242acd909600e19cb4d0e0eed40fe2f721
SHA256 b7a31a6070ad7387c9a24b7fe78676ff592e0bda1ea37302a5aa26c1763e500a
SHA512 c30ffcd734ff6e51cb82833aa54bdf85d6fd48c226cd6578b683452f7c1403175b9a2972082ca57b6d48e4ea6195fd89957888c1a5668fdd4838376bbbc01224

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 d600a1a88070c2b842dac21e850d4a80
SHA1 22bb9027234bd6a09e29a8a01badbc0318974892
SHA256 de22af3fad534fb094f92544ae1fd6b4ed82d29ce6b2530e4b7709a9fffbcb83
SHA512 3481b2563459bc29c1287e0b03529a98f5927da70133cdf31618efeb9490c53ee7ff9d1e477ce66f189cff9c34d1c0638cc8cfea165778ca5ea45f51ceb4e94a

/data/data/com.dream.recruitment/databases/logdb.db

MD5 2d19f1be0ba7106114404b3e20dc7da1
SHA1 7b307f72ad2cf13da3fdcdeadfb6a0b398d529cf
SHA256 b88c18c54c07f34e2f11c7be2322965df84fb0bf03e9005063b716d4e126fd9e
SHA512 196f1168adad8b6eeaacd24b7e7da2d7e5d8951f398d881b77199c63d25a0f7ea8222e017c4c4357734b793f33a6a6344337031ef23d7344574e73b6de405465

/storage/emulated/0/data/.push_deviceid

MD5 4cdf945b94ee0ea496005b3156279f58
SHA1 67b419b7daff463f227c627218958cb6fbcc0a3e
SHA256 83fbb3e482068502f6b631e95d07a189444a9d8414f3b37049f6839f756ddcf6
SHA512 8fd5d3ba9a0b0c9d3ed35d6ffde667d99ed3d5ee9c2dcea6de2c0275bde0f764d73ba826c1122ecf9255fd2d852bf38aab5432cdf6da134bd0aa72a7b961c509

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 b561808028ccb6b5d7e90b2c58575cc9
SHA1 cfbe082ac9fa06a4d8d380b56508b861f8755480
SHA256 bf790a1363b267c65a4219365aa3c369ba363e1a384cf97785ed51ece0abfa0c
SHA512 73ad96e3a62b972b2488d28d1f3f9e4a4b293d5bd3a6356f4cd8217afa0eb2eabdea4524649687f14d6b2e65657dfd9ba7e206bbf5d150a59ce4923c057c5ac8

/data/data/com.dream.recruitment/databases/logdb.db

MD5 60e918a66670488ae5e111bdcbcfa95d
SHA1 ee81e2f5ad9a7301adfce5999095370e532a43d9
SHA256 0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313
SHA512 1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

/data/data/com.dream.recruitment/files/jpush_stat_cache.json

MD5 1e7073cc86e7ab039dfda35f2f9bbd47
SHA1 e308ab8be1796fabdf5fdc134e3bc28f14f2a226
SHA256 8883795af04a8eedb450ddd0f0e8dfa1940a058c9a259793e6dcb73d83636735
SHA512 748135c8e264ae121156a43f2aeb7092cf80ee799332586bc093d448ce53b13cfae24ffe07db21d8ea86c97343bb477b53d2a1280b9869fbf11cc6578f8dd366

/data/data/com.dream.recruitment/databases/logdb.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 a5efc74a4fadc116259c4b22e64497a0
SHA1 0fe58e64aefd91b213cd377f62d0cf67ff940815
SHA256 061f96388f3e08e9a5e97666cfa2ffddb1de261d57364c6d42a16af3b038853b
SHA512 4549a2efe5465e6aa3d25859a79d62795f3dbed52bde6cea2e1ade491d10e4ec11a6a9caa374ca200be51b75f23b1c4a5889def0d7cd5e5aa78bf38ac4c007bf

/data/data/com.dream.recruitment/files/.jglogs/.jg.di

MD5 aae7fedbee3ce8c2fbffdb257a97bbd6
SHA1 f7f14049539f789811d50636c939cf8b3920a0b7
SHA256 ddd9533427a88906a834711b75ff1a218207b54cf323e3554f04823c12a35730
SHA512 3636d2655bdac3f16b62e925002c71488ac8e7d65f146fb6f318f46e19f32b86e6ac4f5f6c96b9d37712822b344ae3f89d0afc5eae0e695d9ea571fc3d16f4a9

/data/data/com.dream.recruitment/files/.jglogs/.jg.ac

MD5 3f36b726ad0bf8749ef72ab3b426fb9f
SHA1 a736b8c4cb79e093b3089275d62a04940cace0a4
SHA256 9596183367785b8e4d62f698125b3faf0d06332eba85643198bae937206f3538
SHA512 8e3b25d4d7f6b364f48647d53a5a903d87a293be65d29113d642053a58a4e62510ca02e58af5b602df13921f16f1e529a62fc0e557e34a1f78abc6faf6b35557

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 226605e6645cc557ceed5b489dd5fb06
SHA1 e7e419e0c0fcab6619278530189af4181627e4f3
SHA256 ba6b91de7293ec5ba6cd62b63e2e72fe7061a2b14765c1a3a719aced6c6cbda2
SHA512 0d01b470afbd755ad58da3613710f310b5b1fcf7f97a10ca167b5a1784cde133d098cf5e640c321058cef4c10d2c4c4e5ef4444f99e9e81e0ec48e1f6b071e3d

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

MD5 731fba9d21f23915576ea5dc2ea3ffb8
SHA1 d1fdbc209db8b71d1b4e5341e75b8cc88647146a
SHA256 87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab
SHA512 b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal

MD5 1657760f2ce209268a0bc51f3849b7d1
SHA1 77c805677e2765e91c1989fccd8e6d8e34c85667
SHA256 d88b79e0f28e82f612d5da01c172109b6db98e2ec4885bad1a01f26193869aca
SHA512 fee604cb063c99d7a4d5c670d2bc30eff9fdca5eeeb8d708594ad73c7a751eb9195a1706f0971db439b283f6230eb7d26b722933497ead0fd0cd1d85af8f76dd

/data/data/com.dream.recruitment/files/a/b/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.dream.recruitment/files/a/b/journal

MD5 adf74c6eeb18424ae96792f31795a85e
SHA1 2a1791759434831de0bde90fb1016ae02fb44875
SHA256 9dfe39523699289bddc58b5d35346e131916607ca6cba18336133700429c065a
SHA512 e39604cf92527f820533f60fb94ec3bce2a75d5192e9009bf1218b6a570fe53c791a0d23860ffe33517431d00d7e98763f9c930992b68ef430a9d7f72ec0a5ec

/data/data/com.dream.recruitment/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 c90beaacef3832c56e0fe9caa94b6e17
SHA1 53cae00732e41406586a1d77579988f566814bcb
SHA256 8d324cfbd51e4349345693393ece3c6d752d983ea0bc43b9708533a40d93d09e
SHA512 d23e280fd69b1171bb02e2eb5024d2f83ec53077eb560217e2ee84f8eab2263041459fa800b6f8bbeccd6b2edec67aaec8e842c049afe8e0f2f4a883542ee703

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 69cd2e3fd4710ab842d9ee7a4fa56459
SHA1 56f0e03a953b385cb87a8ca34a9037d0ee5fd6bc
SHA256 96730852b257a9dfe8c04b5c2922b46e6dcc2bdaf7ef804f6fc17bda0042e724
SHA512 38dcd8996d927a7841c19ec8c5597b5112d1322e743396fc002106ab46e117f1dc40c51b0d68b017a140600cbd24dac950f57571b5af3d75ef0ad42e9100c340

/data/data/com.dream.recruitment/databases/logdb.db

MD5 ea8985a75b326163e0c57f365935a741
SHA1 65ffcd52aacf9bcdb776149626cfaa9c9556f147
SHA256 b096245a8bdabebe026ddc838db0b4f9eac5f0219101066b318c024aa3a50421
SHA512 a8a6489f1825e71a73d4d96d27d0759b410b78684c190511b2b98ed4741b18cc6d03412ac994bddadb862c5dbc433a2e7ac34419ee50d2b0179933a72866943c

/data/data/com.dream.recruitment/files/a/b/journal

MD5 f854ee43e675eb02b015dc153eb50e3d
SHA1 223e88ee27918153215206c5c51c6b25978842c9
SHA256 487f3dd629efc4d2b9d610e378b11117a66bcd8d31192ea30e615d5d3b7632f5
SHA512 375981a46c6bfb48287d46f6e083419270a9f01a7c624298349606b2995da723af0e33637d800179b3e873c620e3d71eb43599a9ff5bbbc580924d3fa92077f3

/data/data/com.dream.recruitment/files/a/b/f533337ed12cb4e7c792a32f24bee6cf.0.tmp

MD5 7db92b931d67570f6a9cf785344dff15
SHA1 2237b5fb11ac46023d4ad02e438f1d9150316dcf
SHA256 9e4fba3af0f22a20ddc9e9058a9c3ab9fa77ff7bed126900b4b5dc56fb13ed9d
SHA512 31162b25f431edb8fde1080be047f7f221ed252ca12c035ce91fcbbb3f0d20c2cca2bb3303c2407908615cd4190707a14fcf00849085da88dbf0c61ce76ee0e0

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 6668283d4fceb7322efa52dfca4edf22
SHA1 519eca8caea20cb91280dfa54b5bc65f24f8cf5d
SHA256 58e55836f5e82586109635446ba1e8ea3f0833dacbc76dc4e2b8206f9dcf813b
SHA512 c7e092f29364ff89672fa5e678ea4d1bbc0bb3a4cdb9354e403e70cf28d8fc4bb4af072e84eb9e7495b99decf35e5dd67e593a49b77f72ab322402d46728c5c1

/data/data/com.dream.recruitment/databases/logdb.db

MD5 5e53c0d3768eeca8f031d0ec81606645
SHA1 b20088af219586fd84f089be88bae8feb564f028
SHA256 191dce4acf3e329d166e052aa99973641a2fe1c4527f4c45cf778c8431104da2
SHA512 6658f8670ebe658687e1375238ca012967ce28bb16b912ee13e923ccc45db7280d5bc2fd4a553ead63cfd465adeee61406606f8bf599de564ba229743d970e3f

/data/data/com.dream.recruitment/files/a/b/journal

MD5 b4e5df3232017f5cd435cce6d67d9829
SHA1 54efbb305cc17b422f7b8a302e1139db358e62d9
SHA256 a7103dc8b0f25f5f7d0b6a052c6e7cb5c4254e826b35eb852669f30d63c2335d
SHA512 d77699f939b130260475d1deb50069fbd43435e83ddf85036f49bed3ccfb9353d0907377265eedcdc754ac96225a16ceaacab3920b387b1d2aa38c2f9c3226f5

/data/data/com.dream.recruitment/files/a/b/95f52b29dd00cff48e643bf76ba01465.0.tmp

MD5 a9628bf9ab230af3c44cc70262d2be4a
SHA1 8bd6103fece611069ce6f3aa62ee9c6a228ae8d9
SHA256 9b7d2d0f299b06aed058d9e6d523ea230eb779b3ce6c45932a173258c9aa0ed4
SHA512 8f075a06f6549543580a60c446e5674f53f133f875ecfd2b0948a543f7afc8d93eecfbf89847688feafa840e1acf112b2cd8ef4a7df6000dda94bd95fde85fd9

/data/data/com.dream.recruitment/databases/logdb.db-wal

MD5 0caa42f01124b63707ec31ebf49d9071
SHA1 8c940f4b366932691bfc9ce9b7ba56941667ac24
SHA256 1d0221ee959196dbb5ab2b2ce5e79eb3e2996d17db348408b3cb2c87c4366ef9
SHA512 6205772bb6471450fb93bcabe4a7533cca640a9ea74455a2635e1792fdceb4625a6c2f87eea4a0c5e712ec07eee49c871c16361022550fea0b574dae46d80cd5

/data/data/com.dream.recruitment/databases/logdb.db

MD5 df8d920ff3c64ee43a87404de68c8d5d
SHA1 195f22c74f4a529fa1ed0e307232dba023b0cea2
SHA256 d340da88714a363ef43d71915cc762d84d41a5dc5b5b34ea09c1ab390722002d
SHA512 98a4fdd88dcc7a6b24d30acd318148a5060474e3859b37a800de167ea60fd61b0cf7304a0a0441e16af97b0e505f0812712f4cc69a2717eded6a77288dce8ade

/data/data/com.dream.recruitment/files/a/b/journal

MD5 5e35c852bb1cd4d3321c28193e135856
SHA1 27b0569d4b298eeacb67d0399428c0eae5490b79
SHA256 54fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364
SHA512 3ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1

/data/data/com.dream.recruitment/files/a/b/journal

MD5 545355fd7e3d85e6ff89918618fca16d
SHA1 f064bc9c261dc987f7a3c8c0f92076554e20d95b
SHA256 8b1375cf8b07acac0d456494a065082d19a7bc61a6a07674567f03c84d3d5feb
SHA512 9c0c7d3da6c2131783cb1bcd2a633339d3a865eb2062a5eba7168d57075e3d56ef7f66ef62b6b8a42f9226ffa790e62abfded9a1bab6fa91d541aad2c5c9868c

/data/data/com.dream.recruitment/files/a/b/c9ff5364ac8ef8a2803ef4181a8dffdc.0.tmp

MD5 2d9d5a67f8d1d9729420c43c4cb62caa
SHA1 69867d4ebf149669b6dd30451e927724f9331df0
SHA256 38eeaae2ae511318ad20313612ea779c592eeb9466d66a402cbf39e05836e650
SHA512 8721092acfdbc1a4f96eed14896f7a00edb295e5198ad43a3dfe594e040a34b627b3112a61734660fdc84555c8edf46dfb747dc335a02a8c487e08f2b18d9dd2

/data/data/com.dream.recruitment/files/a/b/journal

MD5 ab4f74863de13047ec8a98a29d0bf1e9
SHA1 0ad90c66d7ae9d7c0609161b715fe31f43150c6f
SHA256 293394d0d607cf68e62b9a5510a8c8a8cd92d567139cb9c91e84bc3157121093
SHA512 a3575e17a86046bb10bbd799cb5b850005688625e492999e515109ef596682f4806115001885db744184131f07e8a8dd8b41a1a813e0c0c9b12c702727562607

/data/data/com.dream.recruitment/files/a/b/007b49ef3d069fe798facab5b169613a.0.tmp

MD5 55238174cc76a7058c1e4aea7791c039
SHA1 5e4b9d76ad335c4729a8dd2452dac21f1f6a8566
SHA256 0ca18dc080fdc8af8149b9c4686e26c387ccfefa7d3042078d143cc600dfcd48
SHA512 80f48d8a69a1e3c76126b3acfc60f62a9c65b1dc03732b1452191282eb3e27ebeaad757a41d0e376eac5809dc36b75d516af12064b71d55a36bdcdab0744d4cd

/data/data/com.dream.recruitment/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp

MD5 e7b840abe742524228b69170566fccd2
SHA1 d6c1f534577dd7bfc50f0c4c943b4bc5ed5dc6ea
SHA256 e474d55e2afa6aec878bc31fb9147a6d58d4c736afbb3548937984673b69d18d
SHA512 e07ae486a3c253cca26c057554105b048ca1b1c33c338dc7eaf2ff6fa9bdb68bc990b8229aba0de6e7c3419a99ab9b65a1b825b29bfb9dfc974f93a72b4f9ac0

/data/data/com.dream.recruitment/files/a/b/a9019c6b0ee62337782ffefd864f7d5d.0.tmp

MD5 c895a43722a72d0a08be8208adecd261
SHA1 54b9ecee48890d5b61dcd68961cafaefc42cfb2b
SHA256 643d2afc738f86661ba623dd85549687beb3745cc69f6eeff95d6a5971e07d54
SHA512 b465eb2be4fb1884fbfb1a5c7bada8b7a94870b5d94a11a25d426e959952bf8e51f88074e9d95f08e9e727ea92dc58d4a7a61f12d9df940fcb3c0757bfe0fb66

/data/data/com.dream.recruitment/files/a/b/8c7fd458a3352d68fc752a3193251a90.0.tmp

MD5 b5ac87b59592b598e96ffd728f38c488
SHA1 344597ccfa2091b144ed91a3b996321802fe85fe
SHA256 19bce33f0a7f99f5eb11f4f5d67cddb669f895df39b1a624a3ea896fd698a112
SHA512 c8ee6fa2dd23fd95f283f8bce3174117b07441ab8effcceaa5847b7cc701085408b091ba3f766eb2f540a0ad02b89c84ed678a27cb9c10879382a569210aca36

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 09:53

Reported

2024-06-12 09:57

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

com.dream.recruitment

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dream.recruitment/[email protected] N/A N/A
N/A /data/user/0/com.dream.recruitment/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.dream.recruitment/[email protected] N/A N/A
N/A /data/user/0/com.dream.recruitment/[email protected]!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.dream.recruitment

com.dream.recruitment:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.pgyer.com udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 203.107.44.30:80 www.pgyer.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
CN 203.107.44.30:80 www.pgyer.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.92.210:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
GB 216.58.204.78:443 tcp
CN 124.71.159.41:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 124.71.159.41:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 124.71.159.41:19000 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.138.15:7002 im64.jpush.cn tcp
CN 139.9.138.15:7003 im64.jpush.cn tcp
CN 139.9.138.15:7000 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.dream.recruitment/.jiagu/libjiagu.so

MD5 ff158ad446387f3cbc1e8f0dcbf30ca8
SHA1 2eabde05de79be3fcd535aafb08f33707583df24
SHA256 ce714401d6ef068e322395f87b87bdecb28e1ae37d9714bbb84b7151e9242fa4
SHA512 2419304d1ae11ba14f997bffdd479ddcfcba3bcf4ef09e997e24c34f16622a4f6ff8279da36011009ddcdced77f628af4d0bcb2ad451308adb8625e08afa8600

/data/data/com.dream.recruitment/.jiagu/libjiagu_64.so

MD5 b7874f194f1cd6b53d5a7cb7eb08a896
SHA1 29c28cf753a3c64bc3835b312d5795161dd715a2
SHA256 d51c08a11f6b854a5662ea2561dc6dd0ad0135c72bd0e5cbb9e1f912805018d0
SHA512 d298930a4996db8ab96346ca389be05b5195f5a920149144225855891aebf580c0717f6a3b2374df63fb56731053dc359c2eb815cd214b6409b32c36b8275e95

/data/user/0/com.dream.recruitment/[email protected]

MD5 77eaba6aa2124cd2f2e832ff2f95ec5f
SHA1 87f88444bc7ea1b900fd2b43904f937cc3579716
SHA256 6214b5429a3ca2ad8a4d849fa1db8aaf2fb2c71f27fccf7026a380131939a538
SHA512 2019f70985eea24fd1f7812f5ff75c11851a35dda6b193b5ce44b0118e8291e0d92b0d8ee8f8c7bd09fcc6d82894c4ad64f1b722516038ec40fce0d2f4af6bef

/data/user/0/com.dream.recruitment/[email protected]!classes2.dex

MD5 a1cddd046acf5c3f09e5cd6a6f460e93
SHA1 f7d1259d234214cb205334ed60d4977b988c3725
SHA256 978fae90c6616fb3c9c6a463469d854cb699877649ed8400a6d218b2846ac086
SHA512 0eeafa5803243813d6ef83d8c9b2903bfadd627a891b40be11b1e6fbfeb422f810bf2baad2b5ec799d3f04af86a95bbd812186010f1b0732fcf6183f2fb01fc7

/data/data/com.dream.recruitment/files/.jglogs/.jg.ri

MD5 a1e0c69e8a4827173481ee2e6f46c14d
SHA1 37ba5d890086c44fbb61e4cbd588668a0176df61
SHA256 6be12cf9a72c91206709ab0f02c9e19eb9a866694b594ab1fd8748cc951ce101
SHA512 c938d2683e70d8cf65e468eb31346503525ba757f80a581a26dee8d084f547ef06e18b54fe750bdc3315d17ac44a18b4b3c050f084fcb125c3e2a34d7e3d42ae

/data/data/com.dream.recruitment/files/.jiagu.lock

MD5 be4b89a379cd579b26294679f3e8fae8
SHA1 7aa0c7d31b707869a5ca7e13fd933970e841a88f
SHA256 619455e42b99dce9e436db63f2134456cdaf707586c599246624908d0010e3db
SHA512 d24fe344216d9cf74a2b226718c919fa4d6e699dcd791269e2b2339d1b1df599a6ab1b0fede45606044927c169a67287cff426faa2918910677c85cab85cc3b7

/data/data/com.dream.recruitment/files/.jglogs/.jg.rd

MD5 1bb9db288a3a769cbf1f5e38602d6444
SHA1 bb449d2e18404f6eca2ee7698d1d484a77e64541
SHA256 c434b725b55b6799de08dedef2e53f5cd58927968ad0dc9ddc214e79ddb062ab
SHA512 c8f896595a7acc371ffba4e178e594d6130c0e4aed07a4dc9b7801e6bfe3c5a4087ae2e91c871163bbf20130b2b65ba66f16442ca437ea7cf5c16a965011ed58

/data/data/com.dream.recruitment/files/.jglogs/.jg.ac

MD5 7920e3648b8a1fa0bc07d51ae66693b9
SHA1 534c26004706c4896734f2c6611f96909f63725b
SHA256 24a6e6045303cb24656a93871fd70229b45042264405507e3a821e673fba75d5
SHA512 f0aa64c8b147e5b10a1520796f8cab1b8323ef80fde4b63fd55f9b38aed452e8a8e33ca139f6c310ffe08acaa4e5c8cfe7ff8bdd67f5a7092c999ae0bec4c77b

/data/data/com.dream.recruitment/files/.jglogs/.jg.ic

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/com.dream.recruitment/files/.jglogs/.jg.di

MD5 eb0f0e45397f27c8ebb55195b520c26a
SHA1 44fc1d940554eae02b6cc8d3a100594a02231477
SHA256 bfd40b5b53f11bc48c2158b85948283c047cbca2d00742ccfa27daceecd0146a
SHA512 ac3326cf0fbb89b8275f6ac86cb161595063257c7c1b9b66d092db05e43e58a0823abf5f892095e8d0a61d4787e0252eaafd991fb869743b0c410a27be1b3899

/storage/emulated/0/360/.iddata

MD5 3c291214877b706469786127641d5daf
SHA1 6a93f3c723dfffd594f93a6577fc8ada1bfacb7a
SHA256 9271f3c6447890d42d5dbf1a2bb17bbf062b76abaa08b7c25bc22ccd0d71f319
SHA512 909194f6ae2faafbac1d19c787b26a1a6694fd2ac6bd57cc625574158fa104d470f4ee1b63d9f687fe32956eee6a7a38a7fb671cb301d81215e4bc437198beb9

/storage/emulated/0/360/.deviceId

MD5 8683be218c7f607bf3e2d1559fa8992d
SHA1 9e9e5c1574c35c1e7366f76d0ebeebd8dc0c25eb
SHA256 4fd55df002e0c8b37c2af9cbce3ead639632d712cc67903aad94985cb4a3ed42
SHA512 7caaa306c416b5df6282f6535e8f3e4c757ac9e748c5c944e65da5c70e6361e2684c417a3451b8e1ffaccd92fdfaa29bc025a7904fad60a504c85559fe049ac0

/data/data/com.dream.recruitment/files/jpush_uncaughtexception_file

MD5 32ccf88c529feb00f9b87f5ebe85e3eb
SHA1 583aca0e4a6d96754d04994866a5a9e2e9720bab
SHA256 77169c33a3b780d881dde1f4b480ed0b4c7a521f30def8303c3c3c93981d6d89
SHA512 f3fc9804dce19ebb409959cdf85225aac897a62a0b4ba6e9e6186d970d6f832e4b20298aa6187daaad302e9e4252f33e1f8aa50f57923bae45e1ae21c45b2e08

/storage/emulated/0/data/.push_deviceid

MD5 eb057b1259a92e6af586375414276f05
SHA1 aed3d6a9da3fd529ce322670908af738d1d0320d
SHA256 e9d4fa4eddda49769ee2dc1d9ebf74099e8f01aca9a50228b6b8fdb0c5cb2c65
SHA512 ade2ceaff12fa2dc5a2d4d35991da0e40ecd33ccf6a2dbe37bc0b02676bbfb1f69312ed882ac74d473ad5945b3115bb64908d90546b3f1b6af8c5b400dd9552c

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 90a1be8edbdfb32650bbddc5a6715cec
SHA1 e4ba9d05fc12ac7f77f9d3fd4d063cb87c74e85b
SHA256 792880467da0baa0117fe86ee340232533fcd2717f33ea187138967dacc2c056
SHA512 90ab10595e0d4bc6a3b7e7d1f24a32d0da709924eb4502bbee945c5b9b459ed1874949346fb51fa10a9f1ea9f563bb26bde8fc5e1c9b0ae9756c5014995bb88e

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

MD5 aa6a64326024eb67d3d31f8f7bdf9e8f
SHA1 3180b97c12df443d082faa414ad6709bf704231b
SHA256 a943e84d1da0a56f1be0705c5cf2acc5fad7e8995135308ab23b66cee38e6b44
SHA512 a8308648d7bfd3d2312eb96638dd7948c30722ed9bec3b4d04d430ac4ac47df36717f8b6ca4468acd482a72a4970874e26d48180aaec0d31bc8cc15282d2bfd1

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 d9f7165e9cbe38846a751dcaefe43efc
SHA1 8c2709365fbe7cfac358843e155f1a5510d206d4
SHA256 53f98e38304255b3785e5f0d59ea9890c8ec9952058c5790e53a2c89ad5e9c03
SHA512 cf81f6a9ebf311151d5740ac59d4886b7742fbf55d206bd1ae4a1ab04178ba22ef86310cb1891f4fa14763bec058699bab81ca4c81baecefbd8b0265ea45116e

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 1c4bb52938c8932216ba2ab40b6e8590
SHA1 b2b34e2c34f340dce462473f5aab42a05deb881c
SHA256 9daf2ff25a224944b6ebcfabfd8381c829947d8f6b6c6d81106e8ea6d208835e
SHA512 4c5901ae3b298d7441fb4a1942d3beeee185625cc585e1121f6bdeb33e12064725f590218a3b0436b16c6b9f48082620ec6e702ad8a422e4e2607e5dc9bda766

/data/data/com.dream.recruitment/files/a/b/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.dream.recruitment/files/a/b/journal

MD5 7de584b6080af3aa17c6512ea2b1e87e
SHA1 f028997dab670d16fc8aac6a5b0cc76280a62207
SHA256 95c9f31a21a6a536672e06d8d3316dda0c091ab4488f0772a12f85b653204259
SHA512 b97826a32bfdb4e610ef5d10ee7b76013d71a240c4a8753b1ef65cf36f7259577b4317b09127e896c7cf08977c77fe68be5c4b7baf97087f32a4fc76dc185b7f

/data/data/com.dream.recruitment/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 8c5593f91139a5b6911772e70fdb9ec9
SHA1 25cc464e4640f4d20079cd91865e3c05eda12c70
SHA256 1dd6e5c6a1d789d70d3e9127458818b8b306525ddbc3e628e076739c80acea9e
SHA512 a22b3f0e89c2cd12dc588960fa61848e1c666837f6987740ff6c9475e566e67cf48657b558e0d9a1b1f90e6ba51ee96e65ee5b42f897ecc66aecc077e6c55858

/data/data/com.dream.recruitment/databases/logdb.db-journal

MD5 2c766a9aecdfd32c32de09849e7a2694
SHA1 1456e84fecec04ed0b81d867ca82b129d3dfe922
SHA256 0b2fd5a0782e36e20430cc450016e649abcec20ce9dd3a83f9ced9f5597faf18
SHA512 f80b3760d5f090cfd251584530b009bc0d63b52062bb2e678f0607dee1e7b8d14b117e5e1688fc64c61f0837edb05d251fdbdae5a0529440db59a6459c2f1063

/data/data/com.dream.recruitment/databases/logdb.db

MD5 995655d4963744d4f32d85bb40093836
SHA1 c5cd342506de1c8d276f8dd8b76d6a509e7a80f7
SHA256 7381494956dd65796066c972cf1e0595dbd892ae7ab8900d27e0f470d6b60917
SHA512 8b0ad824185172fe59ce98a1729a7b384e140137544fa862fca782d044b0c6fbac0f82e5cf22bedb4b12987bad9457b7856ee90277c458f725478fad941f76b0

/data/data/com.dream.recruitment/files/a/b/journal

MD5 90b931937d32e99d455650284c6b93e6
SHA1 1ec36248d63f3f30f77553075e205c72ff543619
SHA256 e3617a317ddef34c23598df7e4490c6ff48c87ab837faf04460d94e36b5e5506
SHA512 323335c6c57fbdc8389ce88d5f087df956ef85f4544bb1810460e05e91b9af04f858af834bd7b685c15ba4f5994a68516630d3d8d76080228919dc76befda6ec

/data/data/com.dream.recruitment/files/a/b/5d68ca83713ccc6ff7996977be1496ff.0.tmp

MD5 2098989cac23f130408070d5ac566d34
SHA1 9ceee8c532772071636be2e6eff9211beee20d08
SHA256 c6037ff0986d7a3035ca1bba14c8fca7513103ee00d99f10eb3c1d8f7bd2b27f
SHA512 58df959270aa0c02c11410cf981f8d36338cd8d91541e7fde7b0d689eb54f35db1c09b085b92c62cba28bc4456499890b17cf2c7781f09c45a2de01ccf0735fd

/data/data/com.dream.recruitment/databases/logdb.db

MD5 9125c1370ae443887e3295bae7b15b84
SHA1 27387a85158b5a2390cd5c0ccd9034b6ff9d6a89
SHA256 a38ce2523f9fbc3baa3d03140ede08485e54ef588a5a7b6d20be52af48988ece
SHA512 b7098cb83eb9f6027d095d49a0a836b09ec4b24fd68e2a33acd8797b69f3c11f70032d934bb5ff747c14d12607b21d597538cd5d0289bbb14769e4236afb5f29

/data/data/com.dream.recruitment/files/a/b/journal

MD5 9d937467ccf1b2e9619fd6fbf08e302e
SHA1 b5b63a5a775561e15723f70de4b91791d2f6bb44
SHA256 ea82c7b5e5f0b1802c871b2400c713df0a8aa96457c8bc8d04afc12b2e87ab2c
SHA512 fedac15f001d41db0bf2c83fc403e657119d1cf6cea762104c4c3f42d725ed020a99e17257f29bad3463807c9502c8d287c4b9820bc553cae7071c4f59e6d3ef

/data/data/com.dream.recruitment/files/a/b/0da2cf804c79e12d840a9dd526080b7a.0.tmp

MD5 e5339592e6f3d53fee9df635f94f3667
SHA1 b665604fbd3547d89622f6b149ee972ccd2e229b
SHA256 5d40ceaba2e5efda65a205b13487e977a4bbf66ddad30148920e66fc87fb704b
SHA512 b8a4600705f4d6fae783e1762feaf4ce00eb63edcb99258a90e97fed1395a9b44d691aa48ac22f2af2ed4ea1f6e8d3b10bce7beb4083e251af05a099a25c0492

/data/data/com.dream.recruitment/databases/logdb.db

MD5 0e1d9cce7fd442d1a8b61a19a9d3b86a
SHA1 d8959feaefd105d5170bb6a86d852546d36ba401
SHA256 c3324bc761a5d5d9bbfd8163c4990dcee48f971e5391cd870f191fe76ddb6828
SHA512 777177d9dbcf5d0c6def54b5b0b1cf7ec5882fda03006294481a6df506f6be5b02cfd7741373275dbfffdddcb9c4b7360db5fedd6f7754f01bf7bfe681344ef2

/data/data/com.dream.recruitment/files/a/b/journal

MD5 5e35c852bb1cd4d3321c28193e135856
SHA1 27b0569d4b298eeacb67d0399428c0eae5490b79
SHA256 54fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364
SHA512 3ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1

/data/data/com.dream.recruitment/files/a/b/journal

MD5 e65a681b2f07724cce3a6c47e2858188
SHA1 a8f74835371aa208dd60c38f8f630a1143db7fa9
SHA256 e309a2b9da5364ed5f94c47c24c15c46e1e004417f3ab7f41d65808c7057af6f
SHA512 7c627f7caf31bee886d93c725ae13771bb7f767c2f4315237657982ed8b05406876e5199f449dd06af507afec486b8a800314dbb0ab256549b36f66534a58792

/data/data/com.dream.recruitment/files/a/b/24c110e1f76093b35c3c2df1927aab79.0.tmp

MD5 b783780e9615fc7123f283ac5240613a
SHA1 dae662d6c6c5264a319a2d0d5dd44fe50d966661
SHA256 5a73b8d10b0e5810678b3c27e252d70b858896c0d21dd5374a67b340a30e688c
SHA512 04aacbec51e57f136f20bc82d01bdca929e0c897ed12839707ac15f7424a34e944e1167e1aaf8b455f4a77bd7cf6736f623fcd919af458452bb2cb04d58e4e11

/data/data/com.dream.recruitment/files/a/b/journal

MD5 dff59ff29dd5ad2f4ca08c045dc126c9
SHA1 2621d1f07c645a7066cc965b664f2041cf23abc6
SHA256 6ac9121199b915351cb6749e0f825368519cba6355b5c1b54c5de9b633b7ae0d
SHA512 be44027d1f37679a6dcb529c1945abd2dd6fca0b75b47694c8fa0c0ee42d66bb82b943daff27911e9f474664f89d1e4495ba55d804e4468713c65273d40864f8

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 09:53

Reported

2024-06-12 09:54

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A