Malware Analysis Report

2024-09-09 17:10

Sample ID 240613-18kf1sselh
Target a6d960d9e473a3415e9b167b28180bc4_JaffaCakes118
SHA256 bc3458619cf290bacf13e881684995f24bdd18f388a68369414b5e84ecd73b47
Tags
banker discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bc3458619cf290bacf13e881684995f24bdd18f388a68369414b5e84ecd73b47

Threat Level: Shows suspicious behavior

The file a6d960d9e473a3415e9b167b28180bc4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:23

Platform

android-x64-20240611.1-en

Max time kernel

128s

Max time network

150s

Command Line

com.jm.android.jumei

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jm.android.jumei/app_push_lib/plugin-deploy.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.jm.android.jumei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 redirect.networkbench.com udp
CN 154.8.188.31:443 redirect.networkbench.com tcp
US 1.1.1.1:53 mobile.jumei.com udp
US 1.1.1.1:53 mtr.jumei.com udp
US 1.1.1.1:53 cyysjm.com udp
CN 123.59.226.2:80 mtr.jumei.com tcp
CN 123.59.226.2:80 mtr.jumei.com tcp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 mob.jumei.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 123.59.226.3:443 mob.jumei.com tcp
CN 123.59.226.3:443 mob.jumei.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 123.59.226.3:80 mob.jumei.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 216.58.213.14:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp
CN 123.59.226.3:80 mob.jumei.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 s.mobile.jumei.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 123.59.226.2:80 s.mobile.jumei.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.59.226.3:443 s.mobile.jumei.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp

Files

/data/data/com.jm.android.jumei/app_push_lib/plugin-deploy.jar

MD5 394bd5d7d2d595c19a27fa95959efc23
SHA1 1c19442c8f05af69d8cb01b4c0836dc836c66b8f
SHA256 af090825241b7b0c0fab2f6fb72601204fafab385076d3a54c00711a52784e27
SHA512 ef9b2484f0e02c6d53ce76b4daf0182406fe72674bf051abdfd8f5148805342c5468a48d92eba5ebee3172cb546907a09b9e731f6b60e762394514f8e56aef82

/data/data/com.jm.android.jumei/app_push_lib/plugin-deploy.key

MD5 a26e6353e7f666766a37bf1454cdbc64
SHA1 28289502c5514f908ac6a976dd8f5cf4394f79bf
SHA256 9730af348d9c0d7b366e8eaef67b03f88762424539026f5018db2283fefac855
SHA512 f1a5f41fe956a591934cf36907483b85bb105b3f557da67791c12cd81c99632c39d7bc740007f91b1b6b3336b4766304cf02c0742f3f4ed0aa89ffc475ec1f98

/data/user/0/com.jm.android.jumei/app_push_lib/plugin-deploy.jar

MD5 cdfdbe1021a6269c6c5d5753d8f91f06
SHA1 173bfd5a9fc6681eceeccccd73460076f94906c1
SHA256 3923d4f2b26e4969819e2c791605959ae7394b91ccafdff76dd765b2d61a8f18
SHA512 b80bf59fdb2a19fbfbd53325a86d71df0912ce4e7c86b59813528b863c500f816cb7b7ffcb52881cba3475b0ebe3565ebb8864c59b507f214dcefd833ccf807e

/data/data/com.jm.android.jumei/databases/eagleeye.db-journal

MD5 bba006cfefa95cdab76bba093c355933
SHA1 35e0b24884e0314aadfc9492f1491e465a75dd5c
SHA256 a91773591ced7fb746f3fec472fecee81ebc124d2b4b60c2b1b311f6f6c76fd9
SHA512 f718322032534c251bd4904e88ae61f954d5389d5fe3e25e62b2bc3eaca5573d7ccc62506512c6aa66280caf63a6a20092d623055d2c6cae23d0e95e3558c7be

/data/data/com.jm.android.jumei/databases/eagleeye.db

MD5 e1f8fcb502af6ab9a119c7809562022a
SHA1 8ad7e28f44722c493c771dc4c7baa0c289db89b7
SHA256 8d8aa3a1df39d536b57fa003b693c26cf54a184c11801b3813a4c1af4c58ec3b
SHA512 128d5ee374a4a29de7bba8c55cb80092146a316fa7a864932d8a5bb80d5c1db9a94371daf2d9e831e4c445604b140539326590cb9b7c8cd67855d7334cb574f9

/data/data/com.jm.android.jumei/databases/eagleeye.db-journal

MD5 6a88bb9dbc30be206d7cd30833278d84
SHA1 60f5faff793aff89c75d47e1a2ec93d052d7dd95
SHA256 abf5f1c4a2f12a9a2cb90f7a81b058e2338fe006c92c4cf49c1e10f08840a610
SHA512 fe76a8e157d68f926d72833f080981582a9b44c336be3d98aca6c193d4f387711fb8e49620e4f4305fb81c2f4de8218cef5be5de70ad9d931b888047c0526b93

/data/data/com.jm.android.jumei/databases/eagleeye.db-journal

MD5 17e872e0a90cc1f873887ed958be6c87
SHA1 910bab29501ab87687361242eed9fb088c8ed9f2
SHA256 28a6acec8d5b675b18628af2a353c4bb5b8bcf1cbf83550414064ec1c6ae949e
SHA512 549dcf27e1071eb32f5d4ff931fae0509317dab0db76d2db9a4d91b79f91931450b3ed3dda2b8c7b9373bda75b7f5f5c50e2dafa01f1f56403c3cf63c04dabfe

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 083e35b3b86de531603c1038d95a233b
SHA1 335e498b1ac9c1ec7ac7e31b9be1d27e5919dbce
SHA256 b40fe0eeda92e955d9cba1aeea32ab9701a0f897f21878eddc90f47557a69153
SHA512 79a9510ebabdb78d3bb60ffcf9a079216beac78dc35e9c6d98fd2a78718b0584f63086eb95b353d175dc0682410e167994298e89a920af1b43647e5449607779

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 0daf8bb7b73fa450821f1f817d15bc8b
SHA1 276e33e660c47acf37ba7be164835490af9a3b7f
SHA256 e6515e23e2ad1c440c336536b49f45176652f546586a0d1033b9661f5c3e02ec
SHA512 5868b5cad6d25ebc96628741250d4a7f01875eda611a06cd171ce5af6f7b1aafd561c38c25787f55e0c065beb297a3bf862f6c386f998e80477f28db2bfd216f

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 0a805e70e04c0ca9b7adef9d28da80f1
SHA1 056e3d84a91ba5a6d9b3d78144c22e2831469050
SHA256 52b242f517d63412bb11f6fb9401c290900d722016f2faf7f21c5e2b0c742d30
SHA512 011f849f298efe1337faeb0e1e4e32a176094be8c2e15b1ef1c13e1cc2e708d438f0dd74ab01a859aa74d7d27c6c3e53b5177582f766778c2401d2b29d724ff6

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 f4e1278d8757065dbaeda409f09239ad
SHA1 3048aec25a7102d1aaf7c35093cb53520cf3d295
SHA256 816a1c1d3db60e21470c78971b7fbf436dc97419942f05d9a7a6a0ae223117a5
SHA512 2de41a50fe6d9b140c6784642c4a8cd6fa85fc149c4ea851998d889541b9c8b573d13db591af524d2d4d9c9459c78fb5a2ec8deb85d887c7bb49bcd2129ef5fa

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 299ca1e2b563b4bc1fc2c799a30be6a2
SHA1 14b5c0190b19cc90cd9952ef86472b022d20a6ef
SHA256 5e8630e0b8598724775ef5c9eb831921554e796a7d0c30aa648e5f1757abecf6
SHA512 6490df75e73c0ee2ae7ac382b98452abf69bd0f0296b10b773d8b89745515db7e78ca7ae121f25c8cc1f9486804e31b2b4d3d37f19f31f9a47c988fc8f051b70

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 798df2437766114760c681d7719b82ea
SHA1 6136fef3b20a47485e7708d2add66315be6456e4
SHA256 e947ef03d0db0ae8c4b2f4a39f10a98d08a3e75a5495019966fed0674cd86d41
SHA512 8aa86d01eb1e76adfdbe986c67cbe9276f87ccdda038a1ab60719210657d0cd64aa4109dd4c18aaa9f4687239a241e6500d7d82a78c173927739a885788fa8a1

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 3b520cf3c515dd98fcc87086ed454345
SHA1 e8ed6a63d10157d9122f00ac569809f14c0a71a1
SHA256 aecff974adffd04d40b7306e9515df4d409a1fd33a99a55fd849c3721006c2b0
SHA512 5d7602f78be613debc3b6324000935ba5eddb983ee7bc0eabef735821dd52ef11baf1f47ae8204a695039bbeb71a8c8baca9d9cf294aec5ed6297a281ca80ccf

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 f1b05e584cd0aa5652ec1598a571692c
SHA1 f2cfc3bace5a32bcccb8b83b7878edcb3d714356
SHA256 887e93b0520a7aece87e435086d9d2e1b4da297a79ad1e8eda5550e2b009b2de
SHA512 ed4ea719492f2d2a13ab4a7b7f3a83373d6932db22e93f9f1a604484051fb0c9daadc49ef61ab29450770abce58bb6b6b091130cc0b393d77519fc5f8622db87

/data/data/com.jm.android.jumei/files/umeng_it.cache

MD5 b882ca49f681fe033ddaf7d9d8991c53
SHA1 e209e28d52c3e4d905ad228ac5f91859b1f56a35
SHA256 46f632ff6d49356184451ce33c4602e5777520b52cfb3a56c8818516f10b5ffc
SHA512 a8c6be16692af948496b4ec71078222e3e83bc5ab70e28795df7cd2ccb959d15281444552b173f5d02a3152e4a36258965540c254a42ef72de04f533cd22deb2

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 56113ff1ae9e432944c0509bcc14e3ac
SHA1 bf768c57d76c296e0500f6b10963c43d0f02cb15
SHA256 71ebe7dc2fb5da51748815b041a7385ae7598942c29cfd245f70a376b3b06327
SHA512 f2558b62e66a288791d2f3a7f791b147c8fad7ff1b5d11461f955c5ad7c42693029b00b6c48f6cd7148c248cfaf7b02328b9e6f468b02bdab3e8c15044b190e6

/data/data/com.jm.android.jumei/databases/jumei_address.db

MD5 9d64425f547802919a2351d462cde3dc
SHA1 0a175de67ce62bbabad145ab7b75ce0196c52345
SHA256 ffbd7075863dde2fe3dd2212fbe008999445d4cec9fe2c1ecbdc68323f62e4b2
SHA512 cdf223d197e67274fdf9d4b9fb9e5fca7ef2d1036a69a3c1c3df77df61218b75bd72a3f60265ba69408084af9444f8d98a0b1524419d18dcd396e1837e0ac0d2

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 bf8e7dc763331bdcc0f026ea05aa6de4
SHA1 fdc417c966fe5ce5ace4195a3b1235d8e2c983f4
SHA256 0512eae46391ac660bc1c4be5e5b3f165ee26a063b109aef9e14be48862807fe
SHA512 ef98a62f3071e683e2d3427ded676baf96a2bb9af45a82c0ba65327f2a9354a1b0df287f6995ac6cb293d758018cbd1271d2f0627f9cfcf67c4c7e075a4a51cf

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 2362e56e726fa2a92edabfc75f9d427e
SHA1 32795003997b260f5b600cca6d9927d7440bdcec
SHA256 aca8fb81f5c7a317c63e4c21cc9ddb46a5fb2d976fd33edcc651cea58bee3096
SHA512 af9afad0048bbefbb326e67993c05ab91bf314ea50d17a9aa6e02330ae8b935288fd3fefea22398ab8765496b81df1fa4ea945ba15046ace34aebdec6b6e0af2

/data/data/com.jm.android.jumei/files/mobclick_agent_sealed_com.jm.android.jumei

MD5 81c367cf64e0df939edf6e6c4177f150
SHA1 11c87d7284d626d58a889d92dc3a2848b2b4e3be
SHA256 7198359faf6ba903811fd9b96ed1e9e9ddfb758c2b0a442700d5d2c70f665254
SHA512 93ebcc446362fd962f85697050215e03256a721447f8ef8a4697c12a88a012a01140780100f16813e1c8b4c59a0a4ac9453673ad6372934025866387172cbcaf

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 2c47af3c7bdaa257b25787249c42b384
SHA1 9f85ee6418ad1f39d24f20156a2819c600bade52
SHA256 28430ffbc54b4d38b6163049ec33db47c8bd25c473bc0fa9a76bd5ef7d8e8b2d
SHA512 9870c2ae944e1536c65319f4ecc0cbeffc752203779fb55af61b38cf39515fcd7ac77289831274393c26885cbdec6b4a04d4060115003a51d7002b07ccd356d7

/data/data/com.jm.android.jumei/files/.imprint

MD5 4f2f354224834bc533fc1e5a7af58dff
SHA1 d73914ad5b12feef8ebd39c0b417ba9710acf67c
SHA256 1e059f8a69be9b740a4c9d1e7d9d6ceb1c638155b1109fcc9680756f56d5b32d
SHA512 86788bb36db3a0788555e4f50c70f160197acd79677923f596a2028b3c82bbe083f21e7f9e456fd582e3f63949542c506d4ee9c8b61def9ea6a9f212960f2f62

/data/data/com.jm.android.jumei/files/umeng_it.cache

MD5 0e1eaa862f47adcfc9934a6ae1853796
SHA1 a07b9fa3a067334b1bea6530eb6cbbddec1a334f
SHA256 6f6ab27822a6e059caae48ff3c3f733bc341e7019b4611a6694506141cfde857
SHA512 8122cabd3c2c22c15c196a9148831344f6a76fc10ece2a019e8ed97331bcc2756c6849bfee85bec91fbf9057be950513ed3f5d6f7a4f2174ffb5918dc7404d29

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:23

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

159s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:23

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

135s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:20

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:20

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:19

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:19

Reported

2024-06-13 22:23

Platform

android-x86-arm-20240611.1-en

Max time kernel

128s

Max time network

140s

Command Line

com.jm.android.jumei

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jm.android.jumei/app_push_lib/plugin-deploy.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.jm.android.jumei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 redirect.networkbench.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 mobile.jumei.com udp
US 1.1.1.1:53 cyysjm.com udp
US 1.1.1.1:53 mtr.jumei.com udp
CN 123.59.226.2:80 mtr.jumei.com tcp
US 1.1.1.1:53 mob.jumei.com udp
CN 123.59.226.3:80 mob.jumei.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 123.59.226.3:443 mob.jumei.com tcp
CN 123.59.226.3:443 mob.jumei.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp
CN 123.59.226.2:80 mob.jumei.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
CN 123.59.226.3:80 mob.jumei.com tcp
US 1.1.1.1:53 s.mobile.jumei.com udp
CN 123.59.226.3:80 s.mobile.jumei.com tcp
CN 123.59.226.3:443 s.mobile.jumei.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp
CN 123.206.5.129:443 redirect.networkbench.com tcp
CN 154.8.188.31:443 redirect.networkbench.com tcp

Files

/data/data/com.jm.android.jumei/app_push_lib/plugin-deploy.jar

MD5 394bd5d7d2d595c19a27fa95959efc23
SHA1 1c19442c8f05af69d8cb01b4c0836dc836c66b8f
SHA256 af090825241b7b0c0fab2f6fb72601204fafab385076d3a54c00711a52784e27
SHA512 ef9b2484f0e02c6d53ce76b4daf0182406fe72674bf051abdfd8f5148805342c5468a48d92eba5ebee3172cb546907a09b9e731f6b60e762394514f8e56aef82

/data/data/com.jm.android.jumei/app_push_lib/plugin-deploy.key

MD5 a26e6353e7f666766a37bf1454cdbc64
SHA1 28289502c5514f908ac6a976dd8f5cf4394f79bf
SHA256 9730af348d9c0d7b366e8eaef67b03f88762424539026f5018db2283fefac855
SHA512 f1a5f41fe956a591934cf36907483b85bb105b3f557da67791c12cd81c99632c39d7bc740007f91b1b6b3336b4766304cf02c0742f3f4ed0aa89ffc475ec1f98

/data/user/0/com.jm.android.jumei/app_push_lib/plugin-deploy.jar

MD5 cdfdbe1021a6269c6c5d5753d8f91f06
SHA1 173bfd5a9fc6681eceeccccd73460076f94906c1
SHA256 3923d4f2b26e4969819e2c791605959ae7394b91ccafdff76dd765b2d61a8f18
SHA512 b80bf59fdb2a19fbfbd53325a86d71df0912ce4e7c86b59813528b863c500f816cb7b7ffcb52881cba3475b0ebe3565ebb8864c59b507f214dcefd833ccf807e

/data/data/com.jm.android.jumei/databases/eagleeye.db-journal

MD5 5e84afe6c2f2cdf3090506d11a08dd02
SHA1 6445bc76fe0d653a133ac491d5052a7490e44e7f
SHA256 837e2292f915b524886811574ae7f363f0f7be7fcf82376df5f20c438275e06d
SHA512 68843aa9975ad18f986360f958ee461ff1b540e192b108e798c5bb419189d00ffe08fe5acff909e010766f40fd5c4c69cac7f17289858fa02c4c9896af13029d

/data/data/com.jm.android.jumei/databases/eagleeye.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jm.android.jumei/databases/eagleeye.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jm.android.jumei/databases/eagleeye.db-wal

MD5 7360b4de98267076e7024624e8d3cc6a
SHA1 9884527d5b9e9b55a2edbbbef35f0ffd480788b7
SHA256 3ffec0ad4f9520019bc157573871739e65cf27dececa2baa383bb38e94acf4b8
SHA512 9ce6be7c182b40f1ba4f429f977d0a68baaa3577255402598e8a00b8b0df49b08d7a22ee4ba94de70e3f032cd799352770e44c436aa95551457dda819689356d

/data/data/com.jm.android.jumei/files/TDtcagent.db-journal

MD5 ef359df0a422273eea2721424b1faeb9
SHA1 2607df07e344f8fe26086c9e395c7eedefba0470
SHA256 5077d3e374a3b322077c839e4a4b8b73d48d18ce6b68613cbb4426dd95329caa
SHA512 2ac0ed7396b57ed8e2fbda3eb31fc8ad518b5a9a71b621199d9eb5140f50dde66cecd262e93d21670613a00a82513eb97e0fa8348f094d7fcf150864eaddd18d

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 82beb96400c8501a4dfa5ac958c2115f
SHA1 66f6c6c1d890b625791bd335d5be25453dd1b984
SHA256 3b04d3bb43eba8a29efda892286a2850eb5621d52d646f828c751686b637607b
SHA512 700aa4e3a0d41e344668b4b116066b00fe80cae98b99df0d27775b1bc4715dbad2cdd368b8a34136a8531061db947e019d0aee399de7d5bab4a45c4745cabaec

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 e0146cc24380289c3787eb72f7c767bd
SHA1 2b49ed14bac86c31eda26d43852d3f8f14c4e43b
SHA256 d3256608e33de0ac472e0cf3941636e34a46aea9f6d2724f19e24b3cd9ab20b8
SHA512 83431f991afdd60d0987d52c944fb208f72851f5135bd8890a8406b33d861e2ad3e896ba65e17bba6e8ac29fa04f460af52212ffdcd99b225916eb0297a6f402

/data/data/com.jm.android.jumei/files/umeng_it.cache

MD5 aa99862bf527384f8646b5373ac0f1dd
SHA1 82cf006c0e35a0a25bc47577f95a33887076a21f
SHA256 376705ff9e315f1df453f754901579433efa6eb9d4e74fe6d36f763f1b1026d3
SHA512 f68cdc8de4ee981747e54b12111aaca69f16b8b46e296a363cd864704fdf57504fcf888682bbe3c2efd96f2b1f7384def7acf41c62089ed5bcc5f98921cc0b23

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 bd76478e753ff2e776a8118bae91444d
SHA1 742fb4d4011f10826f5bdc121a72cc0b76d22d8f
SHA256 d6eb71b69c7c49204cd2f71411842e0ed37b35131d40602d955cb8b3e9b51dcc
SHA512 57c683a15a8729b85abc6564d12ece17642d1880be2d15eb85b14deb6655011f09533d3ec7685c4940e17e3182ad23605e5bfa3a871b047c6b66b6468e96ee90

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 ec560932186528a640c4fc3c26deacf0
SHA1 5486c4ebef9816f7421985e78e5373170ea2c873
SHA256 36c29fe73954656da2ed3f59bc305ad6b618476491952b4bdf15e7faec06578d
SHA512 4d25a789adb0a66bfe5c6efb580015c88105b408a31e3ca02f1e1067e6993b1e7381b49d939df0781750491c76a4af8ee8f79d0d6f27f777dd0c3ff20ffa25f7

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 82cfed3daf1f6fd1cd4a61b4492294a1
SHA1 6c2582c9d7e5a0426a48a60b6decb2f98b09a213
SHA256 68e24d38e07e5ad850bf47b8cbfbffe56e2daad7bede14c464ef12ab03205951
SHA512 f9af9678f108c091c0bf7feb1e7f96e0437f04b94918eb9b94929204b5101239afa56bb5ae77c1425a926212614bca09d2a6f39db57a7af929ed9a840b98c556

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 4dbc4175f6369160924c0056f9de2722
SHA1 cf3ac7024afe8fef71a97c0784f566f8e9f8cb81
SHA256 18931cf4bbfa88cebaeb06ce1b108f50488854f32bb6067e67b2470695307104
SHA512 d939de1ff865dc1e3257ddc0cf2d97d23312d152ab21c8448ae8f4ae97c865453d550854e4ae05e154db16416a1693b1e82a8048e20966f07299736bc2e6f1a4

/data/data/com.jm.android.jumei/databases/jumei_address.db

MD5 9d64425f547802919a2351d462cde3dc
SHA1 0a175de67ce62bbabad145ab7b75ce0196c52345
SHA256 ffbd7075863dde2fe3dd2212fbe008999445d4cec9fe2c1ecbdc68323f62e4b2
SHA512 cdf223d197e67274fdf9d4b9fb9e5fca7ef2d1036a69a3c1c3df77df61218b75bd72a3f60265ba69408084af9444f8d98a0b1524419d18dcd396e1837e0ac0d2

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 0f69d9d4933630189f9e23abc8ac7be0
SHA1 01bb608b5eae2e9402a13fd4eb860c109594be50
SHA256 2563f344b5386c33b27cee266c2005cf9d86ea89c99da2751ef893ece842dd66
SHA512 5bcd34ec01b02ea85d7d80229198205911473ffe3057b897621dbc1b3503de79c8e6a96a46d65ca85b87958946fd3c7726792dfc16b18846320a8f473376acd6

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 3dc1ce58081c8e3243f86436268632b4
SHA1 df3af26cf3bcbd192db0fc37447daaee6d8497a4
SHA256 279d90394fb22c2530a43b41b32557b28aa1001f7cab41b53d03401d953212d3
SHA512 016b6bdfe12efaa4994a0225c7fb9a79b41e90b7b4f595a0425d7d6e1cb04baebcde3fa332c6678d6c82d39ad4740d4e9d2ec2d6ab2ff1be871317240c0282fa

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 29c71377334de582d96e349aac423ee2
SHA1 bc96ada101f6a41ba244281bc2caa4c56f728988
SHA256 9d80063f8f8c3c3e3991d6cc23aa2daf0895d196bca62e6474d963e0795f334d
SHA512 5326ff45a5e269648984d88ce62a9460df821a16f6637403d3fdec02177bd6229fa364848b2249caea2337030391f6ee6864f7c7a904d8de409302a2ca9696c1

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 d1044b73fd96094af4ae2abcba2d7f0c
SHA1 f52a9000b350180da7d687944940ca380de0d6b4
SHA256 42b363c783979ac2274fbf669cea4eb6d69ffb9c418dd8466e500a42927f8e73
SHA512 0083e5b4326a6e078a8193b358ebf4a5e777b535565131d23c3066c74d9c725caadfdafa47cb4c96133748a3341ddec934ccb57546b185b5b91884d97542c04e

/data/data/com.jm.android.jumei/files/.imprint

MD5 ca9ed5cd6298a581035b420d956423e7
SHA1 c3bb8e10389b3872590f450cb926bd7fb6237e25
SHA256 13c55b6bbfcda505a41aebaf10fd2178a6546982429e6dd2007c8d9b4ca7eeae
SHA512 4b2ae7adeb50c9989d8f2c5fd2a7c568e12f42a2c7eaf28c83a595170426cc2ad610b4d02fc0eadbb5621834f110e88c885a399a0924e92af1bb1c75825076f8

/data/data/com.jm.android.jumei/files/umeng_it.cache

MD5 b2b04afcdc5765b60b5d3b29f4c8b291
SHA1 83e017d299ac7e1a4270b2fd4c73e4826aa26806
SHA256 6092f6dd08ad4807279d8f1f08cd8ddec9ac9ff3db284b3028d0d80a904bc99e
SHA512 a225088443da4ab7094eaabbf2e07c5670b102832ad202a65de182a25b5552b80fcfbfedd05b4e5850ca2a5bacdea14a18441adaac588a2c29eabedb6ec7e3dd

/data/data/com.jm.android.jumei/files/TDtcagent.db-wal

MD5 d337a814acecf7ed8408cf0bbe9733f6
SHA1 a340e778c8741ac610067c23a85aa51d56a6de59
SHA256 822e62600d30880af154ef38a4c92b4c895f3941a752fcc71516a68b3bca03cb
SHA512 478b767424fdd3a0888cd1515df1c4d1803b706cf44d1b5d531cb782df745cf0c0c8d8121d7e6d7b5ec4568e8f1984735846dd7336b6b2493c1062a37a4372ce

/data/data/com.jm.android.jumei/files/TDtcagent.db

MD5 dbebcfdebc52d4433240d7aab12aeaa2
SHA1 1e226f2765c18a321f3fe4d1a332eeca7287dd41
SHA256 60b1f772ab2bad4a9194c3bbefef0dce7d6d50c64ac0bd51cec4efa882b0bee7
SHA512 4e939eee0be48669d1bd1d1ba03497d55bdaee57b542c5e637579b29a971ef6fa8ef105fce861d41bb825c6c99bc801b3bbd5ba48a48518a2945b31dbd310d72