Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-pbbbasthmd
Target a09ddf8bdf8c22ce34d50706caabb271_JaffaCakes118
SHA256 54e486320d2716328fb40f7748bf7bb08385961162f90f9ae01ff47630f0d18a
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

54e486320d2716328fb40f7748bf7bb08385961162f90f9ae01ff47630f0d18a

Threat Level: Likely malicious

The file a09ddf8bdf8c22ce34d50706caabb271_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Requests cell location

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 12:08

Reported

2024-06-12 12:12

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.200.35:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:08

Reported

2024-06-12 12:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

179s

Command Line

com.lywx.qsjsj.mi

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk N/A N/A
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk N/A N/A
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk N/A N/A
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk N/A N/A
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk N/A N/A
N/A /data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lywx.qsjsj.mi

com.lywx.qsjsj.mi:daemon

getprop ro.product.cpu.abi

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk --output-vdex-fd=67 --oat-fd=68 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_GDTAds.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk --output-vdex-fd=69 --oat-fd=70 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_TouTiaoAds.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk --output-vdex-fd=69 --oat-fd=71 --oat-location=/data/user/0/com.lywx.qsjsj.mi/files/oat/x86/lygame_plugin_OnewayAds.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 pub.lfungame.cn udp
US 1.1.1.1:53 pub.lfungame.cn udp
CN 119.23.78.44:6511 pub.lfungame.cn tcp
CN 119.23.78.44:6511 pub.lfungame.cn tcp
US 1.1.1.1:53 data.game.xiaomi.com udp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
NL 20.33.39.99:443 data.mistat.xiaomi.com tcp
NL 20.47.97.231:443 data.game.xiaomi.com tcp
NL 20.47.97.231:443 data.game.xiaomi.com tcp
NL 20.47.97.231:443 data.game.xiaomi.com tcp
CN 119.23.78.44:6511 pub.lfungame.cn tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 xyx.lfungame.com udp
CN 120.79.86.102:443 xyx.lfungame.com tcp
CN 120.79.86.102:443 xyx.lfungame.com tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.23.78.44:6511 pub.lfungame.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/storage/emulated/0/Android/data/com.lywx.qsjsj.mi/files/tbslog/tbslog.txt

MD5 f6fcd4a9f86bc526131b12ad6ccbdf47
SHA1 9078920c022ff846b57daff474656746062c60c6
SHA256 c915043e0f676f483f9fe4abc7a5d867582690bc73697a1ea787aee9fb24608d
SHA512 4f8a368270346764ef53323acdc9e450dd00d46a28b03f5eb750aa8b632ec6db7b82ccbdae897da2f25a4b29f52033a7941e951b24f696f49475981dc1345738

/data/data/com.lywx.qsjsj.mi/files/001.leyun (deleted)

MD5 781164d8a7483ef7e77050ef4dfbb92d
SHA1 e377565f63019b5531762e1227756d43210b1a0a
SHA256 055e70519c769a7e6ad1c81f5420d277af418a25db9ba1b457b030c1b7f20bf9
SHA512 fc0bb76e21df757832a60de193494a473fda041ba8614633641efce74c2b5ee04c01f285f9092b55e4771989a630a92d2cac422c1f10276190dd405989a4adfc

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_z_Ag (deleted)

MD5 72cd841ac4e99b3dadf21b5141e158ec
SHA1 a03ef7c7cd2cd854e5fc1e4a888fc175bbec82ab
SHA256 cf6d07c32c23a870adaa2878b7ebcaebf8ac3e831acf2e3bae8f24c62749639a
SHA512 1ef90984864c80497c819c8a2b4884095e392f59f318d4aa93a84a3523512195553cd1d894a087f18b7703428565367d8ab5ad8f5bbc4c9016500fae7cc08a5f

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk

MD5 931ce07e6451ba502b082a4693ca3acb
SHA1 56dff3ecc65f2a38b7c1ba35565f416a75a34455
SHA256 ac149872e6738ab39c5610f061b0574cab51b498dd787c2c552c084b69f627ba
SHA512 d2083116bcf23d512704f9e6bbb0570109171018a33c06bee1dd4d580a903df2580ee74318bdd25e6cf2aaf741b074680ae635313c235e6b62f4ecfa21c1a6ff

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk

MD5 cdb7e97870091947b53730a9a079c993
SHA1 b10ff45cd2ddaa341776adfed03b9563b8859549
SHA256 e9c03afa896ef90ab686580e464b287577126ad76d8db00040dd41dec8bd83c3
SHA512 a880bbd8f30bd5a35e870d399866f895baa335a17cd55777478b1d49f3afc386ed2fa9aaef7c6a04ca6ec308d1c85aa8d29eb43fcf862e838eeb5ed0799a154f

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_GDTAds.apk

MD5 7000f79fca68c3980ec3683c2dda6757
SHA1 0383b5f67f43870afff749b5b013f0d3133b9bdf
SHA256 755b0e572110247efcd9d6e81e49c76177c28fad1e5e50eca56ead086e1b19ae
SHA512 7c6015508fa55960db7a2e8e5b5e4593ced567652b28bf4e9f6134881bd5dbd87e4f38db1db429ca4e58a4daebf44d17e222efea844df48539abbe1399512148

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_z_Att (deleted)

MD5 0a661884c3b4d2a54886fca6cd889c6d
SHA1 6adad9d9f1abb99bd8ed926641c4f630f7adcd79
SHA256 40b021c7a3ece35e9ef8e0ef1c06ccb8e3461dc72a15f98afeb59eecdfbf01e2
SHA512 e3595a90e6b0aae72f1935efee04c1272e61d3fee9f8aecfb1498d85316fb7a5eb79d6902f15c2df893455ff15cb1bf73463c9fb81f6ef714d74605dff8bd1b6

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk

MD5 aa3b7a6d2c79e179f728f024a97a9311
SHA1 468b76473a7d065c7b7dfd0537ffa45a22d008b1
SHA256 1e662710f4f782b33ed0f99c266fed49981cba6d99aadc6dd575f502bb5b8e55
SHA512 1a707c5399a9d5b43118ea2cec89a26f0f33f32c359f9f3fcee23b1f7582a2c6389e0d96d11e8dfc3b7c28479a5680fe66a8b29484460ede40ee68628f96311f

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk

MD5 c15e4e2d41f5a90e1e96e181dc639d92
SHA1 5cc5dfa12f78b74be82f5ad0c4343fef2a80f45d
SHA256 e92f1c488c493e973e350405e09dd2ab57a6ba03ab839a41f7bf0e3aecb2aec5
SHA512 0376075fda7f8efecd9ad034be7b911b3917df43ea51ef60761a7e4954f0ea56ea3ac77503c16cabb17547156c7fa65654160c59a35d6e54f491ef6dfa6793a8

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_TouTiaoAds.apk

MD5 6a73d1ebb18df7a60d771c76edefcd53
SHA1 e9c8570a3fa10c21ba84429040de98cdc0a03390
SHA256 e29adf2f04beaa4f93582cc14bd6709dfac413eaf337ebace0862f7c6892c781
SHA512 12e13e89b5d1a541f6cc3b636bff32340f5a19796e34918a9786a37c94633a31129f7c5ae149b4b21d2a28623f3cd9041b7e72703392282eef81e491e7f76e6b

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_z_Aow (deleted)

MD5 68cf11a6c1354dab3a008b1c51b7ece1
SHA1 def6cabac9819a805c44ae2a4a96f5c70d6afae3
SHA256 e7968cb4113d020605548d5b140a838bcdefc71ff82dc84de0dccc06c516028d
SHA512 e61c1b2cfdf50967df1b858a8f6666dde978f9ad6d63533e5cd8c723f874183bd03a71eae353a28043bce1f7fd5dbd0335af8fb72593669bab22577a7fe344d8

/data/data/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk

MD5 0ef2f2342d10cd754b330e08648595b5
SHA1 bbc5ae813e805aed1f586b6d47e975ef080f8792
SHA256 764bae0b061e0125ae2f2e128516e4e52ee027e30a23348eef4d9b394d19a778
SHA512 b84222ae93f2ae02629bf39325afd8594681af7a2ca83a123d91753ab544cc51b3b2c094aa859b8d82a7003a6a8abbd2f89f13cdddd888cf4eb6130bc7ae13d6

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk

MD5 3a7f63054694ff5134471b61bba60edf
SHA1 2f6fec05957acd8f5fbfa38386680ebc1361776a
SHA256 ed80f106565504aa6e114ee19f8bc59a269ad7e5f31863a57dfe84faca188d2c
SHA512 9b8847ac09d9a21edf4eb86d2d1224a9ee0b94cc856f0dce8614d1468030f755b98bf185bba511b4b6116c4efad5001dd1a4d00b99c4c7f02cc5b6e17614c641

/data/user/0/com.lywx.qsjsj.mi/files/lygame_plugin_OnewayAds.apk

MD5 d7df6e3388edfaea86f66b443f6b16fd
SHA1 1cc0eee49642249ffcd3dad71d068f01db85d3c3
SHA256 0c34f43e07c29ac370204e3af78f21a8880689eece19bd9ed5ee48a4a7707b01
SHA512 598d37dd79bcbc2fb1b3ff0ddbb5832ab38d97aa1b62adabe671f7b17bf1a5f85bf74427b2989b594cf41bbef4f9da39b1eaf7b02862261579ae3098e4b295aa

/data/data/com.lywx.qsjsj.mi/app_crashrecord/1004

MD5 ed1123adb4f5899c9dea5e47717c2312
SHA1 897763f972351fa24b3cbcf7639cf9a7e73ff3c4
SHA256 e37f48f269bb295be8c743981be33bfd8f5031e78414c938f764a3959eea2e83
SHA512 0d0a9228f9616d7addfb2a81b9f740049afe4c7e4cf83cc2795797a53e7ff4c7c05aa865eab0aab4f4abe9a74af81f8792a00ea59e5ec9fd504fdd582b895cbd

/data/data/com.lywx.qsjsj.mi/databases/bugly_db_-journal

MD5 389b4f2a6450dc1c89a0bf0cade84ff6
SHA1 07e29c067f8fc44aace950d3ccf4212ad7ad9e2a
SHA256 3a99966a4628f5138ffa891497532aafdc60129ae90042a58a8ecf6dac5406ff
SHA512 a7a7d786c89262d90a50f009e59210a66a21cf97e29965337e6b6701c46b8e6c866b1efd3bca9e22ea8c6e3d9c3fcf0e1d1cb35e9f67a09a5348deadb65a7e81

/data/data/com.lywx.qsjsj.mi/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lywx.qsjsj.mi/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lywx.qsjsj.mi/databases/bugly_db_-wal

MD5 c3dd59a1d360d431b7e63f31cbe7260a
SHA1 7f78d4db73bbd2e86a64fc66abe84931abb4c0f8
SHA256 727cab672f795994cb4983fded224def03e7bc3e51abaef7710f8c0f575e7fae
SHA512 802f60a38b490c3762c67dc87efacc7ee34a9d5e3603955125aa62225c5136e5d0095dc147d618b32aea9eb3097b27ef43da05e8a3c5f4edfbe992c3369757e8

/data/data/com.lywx.qsjsj.mi/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.lywx.qsjsj.mi/databases/report2.db-journal

MD5 35bb54457f28dbf080c91e590d805541
SHA1 6e9a4e068573ebde6e1bd37f7abd583f92da391e
SHA256 3e38e55eee9c75f4cc6b2147ae2142199673a8a1ac378d2a36db22728c38c635
SHA512 4741a3bc6ffa657dc1a94192092077b1a8ea08ae518b76eeb8b4a4f5094fbb3daba53a5520bef573d64a7deb96d44f5b51ef476c0f50297f80e2f51df4015140

/data/data/com.lywx.qsjsj.mi/databases/report2.db-wal

MD5 643072142ad81dcdc4ae7592192f50a3
SHA1 cfe83d9441180a7c9029d13a4599169745caac24
SHA256 169d62c329a8c8a442b5445d048469eeb6a4f032ac58e55ec350046c4f871766
SHA512 5636be87b9863a84d39399101002db9e76824010baa3ef34d3f88a9a4a15f84ba94cee098daaf5a863cdab4e3250ecef4546b54c6b55ddf5d832dfd00f5a9673

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 4b42ed7647f1b266a380ce3788ef2a5d
SHA1 8154587479f49ae264ea8e8e85d18c890b1aa0c2
SHA256 178a14521e2c9c0f333d75958605a0ee12a4da00ebc07ff87746bb4e5fdc9b27
SHA512 f178eaf265fcc695a6fba8fb1336e944124bb2298b079daf3b4699f0a2bd09fd9df3b96c0d7f76b936a0fedfa4cf0a820dcbd08a3abcbd1945d1c7c1d3eb2295

/data/data/com.lywx.qsjsj.mi/files/migame.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d09dc3ada84cb47d71c3034e26e8e3a3
SHA1 7fd48a91f4b31857ee7f878904c916ea6d7dd61b
SHA256 6eb031a0d02ed6cfe8a0ca54901e1f2c54a7690b086f46b195630d62e7ed69c6
SHA512 2c256fcbe1f6507c6c6b77321c9be4ebbdf13726aa7c1110d2759ad98933e392dfa8eb577efdad207329e9c0693231ae0103ad68b868b5e458c8d78013390f62

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a00492f7b559c62a6bbca07fdf94bff9
SHA1 0196093213415bf2d11875e969f096d286b4c52f
SHA256 d3032b84f9ee35af524fe88df9a02378e7318c8d4d3c473bf346c3aca6ca590f
SHA512 1c16967a65934c3eed50b81d93be23b24f49b773ab1883934d5b15678714c79171b1686ff8563b0b2d0a23fa7af0a4e6df186f13ba39a1d108d6e99eadded86b

/data/data/com.lywx.qsjsj.mi/files/umeng_it.cache

MD5 516bb7e095c24a0fd811decdde3e3ae8
SHA1 02dae1148b2fb45120dd8b5b2a0b09f1649c51ee
SHA256 97f25ed0c1797e6316a67d3b6d8faf516a85759dfa280586c29cd2db87f0284f
SHA512 355df2c1f0fe8490b05b1c16cb0afbd9c319250b89118ad11adf90e85c701aa85e87f94fc953a2ffc5c02cc8e5fa0c8955584a5cf9dd868225e90d09584c7017

/data/data/com.lywx.qsjsj.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTk0MTY1ODkw

MD5 4d7667c112f47a56f7e60faf3d216683
SHA1 aea19708db5024a8b7c2fc4076801575d46d0b61
SHA256 d0d967f20c215879f737de2db4611665edbe47f833df4671ac513576ea98e44a
SHA512 577d95b90145ed243f671364fda04936d862bb0d2b12232070b88280491c752684c51c4fbdb522167c639914a2dad66eb9420236db9f742d0b28a8d5f09ad150

/data/data/com.lywx.qsjsj.mi/files/lygame_prefs.dat

MD5 72f76cbc8a7eb87e773aad7038b922d0
SHA1 6f3ebf00f3d9fe43bf89dcc25f6d76040dff1cd1
SHA256 529c35cee259772a7faa92c62661ad3807432fc481665b91effffc0178f6a09b
SHA512 af0f659d9a379ff1b0b78d6f396070857e970022f779c1f49e0132052e5920aca31848344029bb4a7b9e9a70a77bbc2ce140c78b40dae5cffd8d46ffa67f203a

/data/data/com.lywx.qsjsj.mi/files/lygame_prefs.dat

MD5 292dbcd416ed3bf813315e96392cdded
SHA1 a8c1f9c3280a0846a726a163d9b87aff5e6def2d
SHA256 c13013432c0917a05e1814f670904988bafa80a3f17460a4d31ed9fde9ef3653
SHA512 33ce0fad42bef33f86d3ae81e83f29ded5f12739f82e5d0877e17f229664366df5d1d4cbfd526f69b1640e2c0467da6dcaa4381f79233120f357fffb90eebe33

/data/data/com.lywx.qsjsj.mi/files/report.log

MD5 dda544c5b28d7efd7b62d6e38a4ce716
SHA1 b45c049f0641573414a1fc28bc931c37b0956726
SHA256 c8a4bc52ac2d639af2869987b707bd553b42980960ac7712ccd81ce016c771b9
SHA512 0c9d487e2cd5fe38a828b62f98303a40582442d4d81bb3c2faa678f804b444b13509e8377526cacc19758702de226f8eea9f7017865e1b539b9c904ee39f27d9

/data/data/com.lywx.qsjsj.mi/databases/jsb.sqlite-journal

MD5 bbacc69410571606a6573f65f800a430
SHA1 c0c32cd9163005015b90b7f987fd24c3074af912
SHA256 7e64d2cf5858bb06abdac154e9ef2c4e8c4c3c8e9f7db126e490d181566453ba
SHA512 47f78474b4aaf99b456ef668d4c99b05949a10c21fccfb20daeb1a85ffe3992c6840edbde3f03e15f701b4e1d98466c7cb495959c3f3305ecb3c2f0713c5d4b3

/data/data/com.lywx.qsjsj.mi/databases/jsb.sqlite-wal

MD5 5d00b547580e5524a611baa261559b45
SHA1 0275fc7d5a4690c5861058ebbc54d49adc6d6714
SHA256 0514e59503489606648030755680986a5d289164d2ce1856ba9e488ccb2fc945
SHA512 976cc65f36a13a255b6338a41e0cd9fa2a1932fbe28421750b0debac0ba15e0a7d3c9a7bde7aa27f535577f97a9f3e01e736ef03d9a6e605d2bf3d325110fe83

/storage/emulated/0/Xiaomi/misdk/logs/com.lywx.qsjsj.mi/2024-06-12/1.m.log

MD5 a09511465a9e21b9ac574330a1379c2c
SHA1 e0a84c3b5c684ecd3df8461507fb357c69f09a85
SHA256 9ef59324545452975fc2cb610764cebde9893807ae08ccd15956eef74ae291af
SHA512 31f4d37457458c31689538a8e3a6e7d065db9f68de420da2ddc4ddafbefa436d4f42aa02510eb1a7ca466ca1dc0481fb99bdcca96fa35732a66da41f5a7fc66a

/data/data/com.lywx.qsjsj.mi/files/res_raw-assets_25_2532633e-1164-4a10-b7a0-0c13c348a30a.4de95.mp3 (deleted)

MD5 4de95f934ce7808b1c40f5d5e1af4172
SHA1 a1def3318929cc0cdba8a81c79801d6a1ba7d967
SHA256 fe6ed4264bdec5eaf3bb220afd896dcf8a3785ea7f39e6aedc42050ad40fe3d3
SHA512 200175b4d972a492699abe125e6c890dd9f278fd2a76b79776d240818ba5a4913c27fcb24ada6ebf2646c7202c15ce2e558ad01d606b735e03ee999dd8387ebc

/data/data/com.lywx.qsjsj.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MTk0MTk2NDY2

MD5 5504cd448000699bd4199d82c0e59e7e
SHA1 2ce476bb81ada8060e21e84e8331a9fcb7c26500
SHA256 67f95780907833cc0ab58b02c659ba4206d6491520632df2bea42e12a20aaf86
SHA512 93f5a53152911ec666c6d99652b49f5b8e29449d8da012b6ed88f33e8a9b763ad2e526cc8f92dbefb77a593ff9ca508e6a80c8e92e9bde3bc87e550597f082f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:08

Reported

2024-06-12 12:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

147s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 12:08

Reported

2024-06-12 12:12

Platform

android-x64-20240611.1-en

Max time kernel

7s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A