Analysis Overview
SHA256
14f93b5cc6c23e4b12ca135925299f84378fc59c2fbab34a60237ce9cb45ff96
Threat Level: Shows suspicious behavior
The file a6ea358408f738b43ba1b74b090823cf_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:35
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:35
Reported
2024-06-13 22:38
Platform
android-x86-arm-20240611.1-en
Max time kernel
164s
Max time network
153s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.ciwong.afterclass
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/ciwong/AfterClass/images/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/storage/emulated/0/ciwong/AfterClass/html.zip
| MD5 | 36a685348422df8e76b8f5bbf68e34be |
| SHA1 | 7837cc618b83319cb19ec0a376df5ff17e73e74b |
| SHA256 | 2dfa5a8a02fa062cc539206cc766fc13d6a097869c8fb5ebf4724cd8ae4e28b9 |
| SHA512 | e7b8fe9be132109ef6a0f787e49fae3d9b4917e617373a21e8b89668a3be2dff56a5a831dd9f78068536fe370878d6736af7de0347af59ca9c68ef5f41ca6510 |
/storage/emulated/0/backups/system/.confd-journal
| MD5 | 81b2f8b89f35db10030d90470d6e5cd3 |
| SHA1 | 1053f22c313f534bdff33407428053d50bac4fcc |
| SHA256 | 2669f0908adb83f07611009c5312b3e35d7b33e2d8b54dca49f2963b73b170db |
| SHA512 | cfd904115918d3027a1ed48381f2cca263abc8662cabd98f30104213eff079099571a3a440aa8747585a7708abab40aca2d4a1e45d1cd8595b63a1d664eb9707 |
/storage/emulated/0/backups/system/.confd
| MD5 | 048c73f536f234f0ad0d2fa8bdbda899 |
| SHA1 | dba2e666721e0b0988807b8bb3ce0452dad3448c |
| SHA256 | f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07 |
| SHA512 | 6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0 |
/storage/emulated/0/backups/system/.confd-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 34497277b832e75dd428144acc9e6837 |
| SHA1 | 6e97cef9881c437354c67ec5537bb976dde8f68c |
| SHA256 | e3c35a3b6346c16b2114e034518ff7b057c3a3ce59b8f607b178ba8a99a76e68 |
| SHA512 | c8825f1b9eab284e063acdd5cd3594a5f3d753fc1d52aa7cd5ab2449166be2bcb21ca7a276cf1e48ae5614fd73c83c9c203e2ea12dfd7940ecc198a11c1162ae |
/data/data/com.ciwong.afterclass/files/libcuid.so
| MD5 | 18d61abf6432218ab1bf33961256bed7 |
| SHA1 | 76bbdcc44a41f609df884f8865011e1028af0a74 |
| SHA256 | 8c191a329966ecc4c5780f251e5d9643bec910a04a4f10020a8332c3cc4b6b09 |
| SHA512 | b869c52c5e3d65356118f8ef6b8b8780cf68eca982bb00394efe62d34e94ae6816e45351f4f60230e52ae3ca4a3de9baf1c011c7dda6685cccd72675c921db14 |
/storage/emulated/0/backups/.SystemConfig/.cuid
| MD5 | c035a8581ba91362de1530f3cee0fb2e |
| SHA1 | a1dc6c24180163c08af3c9607d6cfb171b258938 |
| SHA256 | 04761d288f675f2240f996a902b85db961ef1d6965b1adb9014f06cb0190639d |
| SHA512 | c06c5fcb294b894fb8f9fbd4aa33ed8786baecf8f311f9d65d0b33273d04e3de5d977dbbc9eea895787c4cc58d8412b1f9fc919533adf50ccf1f15d015b85fe5 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 858a9e6e8439977edf2e42e9dc09720d |
| SHA1 | a3cdb5b060579f3ba0f8fcc8fcbd893ef8d69c4b |
| SHA256 | 479e9ba501503137151484ee7d963c851388bc0fe1a6dc7b79648b6240c251d7 |
| SHA512 | 2f4e4ff664a583e34d05af3bf061ae5d6d98eac192b386fd481e9df67209727472b28e455ce6ce7123508945da16d31f498b36655857ace42ed9d2af457b52d5 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 3ded1b23bd21923b89936ce025f1d6db |
| SHA1 | bf2a49b9a11f9d4af82efe625c32b8b20985c245 |
| SHA256 | 6480147a3d20acaa7533ffeb9feb81b5f3426c8e6324b79d8f2368817ac7ecc9 |
| SHA512 | 3876b6d10186ac0bc3dd78a58d36b45bdb9501e4b789d5a0642c1366655bef81c35873cd0f960895ddc577f746cd0c4a5ba0cf8aa7c3923b96b1ef453b21d33d |
/storage/emulated/0/backups/system/.confd
| MD5 | 55923621b66b89d2bcb3226796538513 |
| SHA1 | c24904af6bf2db5a2269f187e02c87ab669de605 |
| SHA256 | 2cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6 |
| SHA512 | ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859 |
/data/data/com.ciwong.afterclass/files/__local_stat_cache.json
| MD5 | a4b2e23d788be692b2267e04c66ea43a |
| SHA1 | 5c86859340a8d49c85e750e0f973b26103f2258f |
| SHA256 | 648a272050b16d34f68b710d4354529d98f076b0cf6f6e47f115fcc6d5ef3365 |
| SHA512 | 3cf7c0f5c479f3a56704e12dda8cf59313bc8375b67d11dbf2832f5ad6b404d331173f3c4491260259a7a663a0374dff1b0f7e68167e76d1e6dec75c9ec858df |
/data/data/com.ciwong.afterclass/files/__local_ap_info_cache.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 58aea35f10d95cf984940d418ca8cb05 |
| SHA1 | fbc1beedd93912228eac77cc101248613e127184 |
| SHA256 | 2b474cf53c3ba2953fd7e2409d2b8bdf086f6a6e366d1f18b0425f92d8ec93b5 |
| SHA512 | cdc0a4c769ed7abd23656087d7c0b0a0dbe2371716b51fc5e582d5d47578c2fd2d2f624e99cbcae2402791968f836686e4cae776d586a0830b21b0c16ef25980 |
/data/data/com.ciwong.afterclass/files/__send_data_1718318119211
| MD5 | 3f20569d9e568e69ae7ef2d582fcb2e7 |
| SHA1 | ff376232d117457117249ff3be1abba29ac5cb30 |
| SHA256 | b24c92c647652f7205092ddefd43a7162c2b49358430a7cb0bb1e1a27da07ed2 |
| SHA512 | 4cc515163f28d752a4f32b702ee69139ca148542c80685487410ad32573545dc687e7aaeddaa437ead4740a9c69762ed3713d70960340685cdb0fc617cd29e24 |
/storage/emulated/0/backups/system/.confd
| MD5 | b588e2490bcce471506ee6753ce4bf63 |
| SHA1 | 3420e6a0337dbe618b2c16c66b86c8f0f2237dce |
| SHA256 | f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59 |
| SHA512 | f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | 5ddb2774d8659cc2ebd25fb42ae2f800 |
| SHA1 | ed6500f9314db06b4148bb735d5a4f9fb6fef828 |
| SHA256 | 12b8f6ee513eb330e43f628928bc62dd251bcb4afb1c734a753d84f41a25ade9 |
| SHA512 | ea5ea3731c4c44fbb7601856947d077adea61277f1d929e48bc4a4451ed0f95369fbc01b355031a73c06acd1a566671ab0c21d6fa8a94016a9072029907c66ac |
/storage/emulated/0/backups/system/.confd
| MD5 | b436e28c3144ef004303921453ac0f3c |
| SHA1 | ead9c1219efef6d0c5842e9c09aefea8fa63f1e0 |
| SHA256 | d4ec539f64a37833c2aa723d7d86d032f4bfd8da1889241bd9f4116cf965e2bb |
| SHA512 | 9343e8cf84bdc4382c498538043277818000541070b29625e3da3b3602b720512a6c01c3b7974193839fa71b5f240b535e89b10c3654551734018ee5f04b9680 |
/storage/emulated/0/backups/system/.timestamp
| MD5 | 6e09088cb7d6cb5ef3a84371b51fe534 |
| SHA1 | 2bd244a11d6817808296d1d7c379670297983c28 |
| SHA256 | 669e9a66dac5ea1cf1114bc9d040e8534a7af0eb0fa9654708ea5b1341cb495c |
| SHA512 | eceab5f17d83dab5b6867dfd8065e54be06890686e4d38bfadac81c1537f9cd2d2a016b04e4ff46d0ab2f2b00174ee91faad1254f8e30fb04ae89056909e10b9 |
/storage/emulated/0/backups/system/.confd-wal
| MD5 | dbc1512f8b078f0a3bae950cea495b03 |
| SHA1 | 77575979e8423f3336bdbd1f9dc0057a6a167ba6 |
| SHA256 | b9cea9f0b71e55a97485647d8fbfa977f33382a837986f506aafed58603f07b8 |
| SHA512 | 685315acef7ea9ede895c6a6e7ea41da3dc1ec791aa7516e235ef168ce45c5fd171c07a31f8461a18f85b0f0b77061060d75df6c35a9684d94eb52654d1a44d3 |
/storage/emulated/0/backups/system/.confd
| MD5 | fa8659431632b78f04c2cc6e56b740f6 |
| SHA1 | 7e4a7d900d7c796b1b8b441a0a2c60eef347d306 |
| SHA256 | 68743edb0d68b93105abe9eaa8cd8220389f0401e2b9bbd0575199b82826e5de |
| SHA512 | 80da6b9a31f03480598eeaefa1b3349a5b7df55ed8038aae1da713b3919d3aef12d78c6d6fbadaeca44e7b6cbedafe12212f44c5aeb83a66b3fd3505b724f9bf |
/storage/emulated/0/ciwong/AfterClass/html/css/question.css
| MD5 | cfaaf3895c5207113ba15bc8c81a5225 |
| SHA1 | 4b7891d9fed1b1ae2a7c5b181029ae7ebc0e00eb |
| SHA256 | e236cd8dc4447aa51b989ea58d91e58a47f51fedc7495078d0bef30ec3eabfdf |
| SHA512 | efb8a29f71105e43983c41d55f3905bab99f14c5a03accfa3ffd380a1d7b2ec27d3c0991a3b30c402857f88311facfad28470dcbf7e7f8005d07c1fce23684ae |
/storage/emulated/0/ciwong/AfterClass/html/images/mark.png
| MD5 | d3f2feee4712d5c74e19b425a45ad4e9 |
| SHA1 | 2289e780442cd8d7c42cadaf4e7bb424096be8dc |
| SHA256 | 6121fe4045c4e671e9219c7546fbc85cd87738da9d2fba2863d71f069e9d70cc |
| SHA512 | 81e95005ab632b4c343d2a40912295bd9795c863b99dead612f1bb1c21378c6b631ae2bb9197ab969eaff06469ff13d7e2122b1bc3d940bf58d471bd0081da3a |
/storage/emulated/0/ciwong/AfterClass/html/listenResult.html
| MD5 | 60d5a7f84aad4e1b9ea2b0c804962ade |
| SHA1 | d63fc375d67c293192658ae3b9a03689f8e118b6 |
| SHA256 | 1bcb401055f37cc6f327bc44f868b3bc29c7c75d63e715f7631f6b07458975c3 |
| SHA512 | 1ce68461ab52fc582736599d6196d48dc26e4799fa3c8745627fc78a6933f8dcf2a8b463c6ad055aa311374157843519ad30e6f4e6a21d3c78cc8b2ba6a3057f |
/storage/emulated/0/ciwong/AfterClass/html/newsPreview.html
| MD5 | 1b239dc079eca01c9df524e4b4d1bfea |
| SHA1 | b909d964eee57ff6a1ac03478dff4cd15b4ca45b |
| SHA256 | 340415ff80408f446fd99e8fdfab413295f69dc5f872e211ca65a5aa7febeec5 |
| SHA512 | 51091b4bee1f3f44bdd5ff13b877728156bc78f297e4d2b8312f26c51c3b4ed1a8ca567e5965de360016530573e45c667d84a19f487dc2ef55daee4f06e75818 |
/storage/emulated/0/ciwong/AfterClass/html/paperDowork.html
| MD5 | e34fc0e4bc6b1fdec667b69f46b31c4e |
| SHA1 | 324dffd2c6e3bbdb4f99b2f73058c418cc45b2a8 |
| SHA256 | 4258d9ef908753eea8e810ca2fb37dde41d50695cf57f34b1d942d0bfbf6f696 |
| SHA512 | 5dfe0aa7fd67e7edcdecc78dc8526cfa941092c01ea0134960c2a68a33e52d27f435623f46c517f9f193344b3b1bf63bb200da028196e39232bbb3b298df7e08 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/artDialog/jquery.artDialog.min.js
| MD5 | 3eef3d2e9b80725fffee6d91268cd740 |
| SHA1 | 692eea7040c59a548aea862330777318c3a1fec4 |
| SHA256 | c717cb6ca11412c3ca06c04daef687e0ac3e2d1b553b09fd34f3dcbee3ce318b |
| SHA512 | 20533be382dce726a51733466f9987d698d2eda8e313748ad44b6d47dd4915a6980062710496f5ec7cae727be0453a13e673b2ef014aba690b1b5f9e33d0de68 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/artDialog/skins/default.css
| MD5 | 34457aff3c2ea9b1f026856b94d3880e |
| SHA1 | 83b022672629527a7ae457b5e53e405ae37faba8 |
| SHA256 | 3df00ade8254165971ce5276725bc4760c6ad7acd00a0680b7a5b93dada38104 |
| SHA512 | d3cd0e9918f88f37526b0acae5ae6bd1f2869bbcdb66a5ad6b8fef5acf8309b2c321b59d4e9d7e96d4dd756e7f839abccb138f1914790a236a3b3e7fb4237905 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/artDialog/skins/images/dialog-icon.png
| MD5 | 40901e013065e2d298f07cddee6bbb54 |
| SHA1 | b490e9448019949ed882ff96364b014449b2e7fa |
| SHA256 | 89fc0962cebe53a09e0421bbb8d22c6c9f585929f060fd4a20d9311400cb1e1a |
| SHA512 | 870f3d6a8a156d00b09b4a0eab0993a37ee5c03e12a07658242516b871e634e3746ff7f2d4cae2f1447ee914cf02fb42d352f2d8d0c0c39d4ed52a7f82980e0e |
/storage/emulated/0/ciwong/AfterClass/html/scripts/artDialog/skins/images/loading.gif
| MD5 | 99d7406e586b00e2673faecfa8152853 |
| SHA1 | 7b1b03e492ecddd78646a94d78cf6897f87d0c44 |
| SHA256 | 2d502fd15d843deb12428588f86968146cf6bfe59dcb49ca0f2eb57214a36840 |
| SHA512 | 245a4b94c3fe5cd6a6dbf7cdefa669b1850a1ab3598bd4d3b610662821ff4840900f84dd02ff56f94e286d14463f55ccf0816d33bb56c6ea592740541ca4b2e8 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/audio-player-noswfobject.js
| MD5 | 12e30da545b6e17e3dc4921294faef32 |
| SHA1 | c9ebfdd6aed11936618dfd47c881b6ac5b483b14 |
| SHA256 | 5d062ca62d7cb31447c176cb84aadaf307f1509e0a901deb6cbd371306774ae4 |
| SHA512 | 3f8fe2d2dbaf7ac82b3806822ec03f3a7e9ed631d3ae13a5c2f9daa7a9ce6b72acd3c2e363103f2425556b35565363092925f6bd892dc62b793d29d8896c14b4 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/audio.js
| MD5 | a510230fd349edf58dc3235b1b2b5601 |
| SHA1 | 231fe0a67fc1bb2863a298cfb6ca0ce4697972a1 |
| SHA256 | b8758dfdad84ae467e5acde1ecd9253ebf493ed8cea9b2c9ffeb52dba1363fc2 |
| SHA512 | 367e8bd49fd1bbe70fb2c3d13ea40e2e964e2a26dc66f893442cdc91644b890dde750b8c6b61dd08d4b5624ffb5cbbbd6ded0f670c5abd60ff3867b057fc6a9e |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/audio.min.js
| MD5 | a43c1f2ba224cfbda631f36c5c9a9a59 |
| SHA1 | 2a6a4ce7e3d00db0b198257e3d56f84276714078 |
| SHA256 | 3d579b1cf89b3ae8a160da356484886363681680dcd755595f607e41ecc626e3 |
| SHA512 | 4e1a113230fca489f1870fe72ccae0b5ec368b7a82c1e4db4fb275ebcf1d750db22315d0354ed3bebab6297d0474a1f86226efb1768857648d897c642382aaaa |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/audio1.js
| MD5 | 3585f08efbe6d6051e519267022a88a8 |
| SHA1 | c605b17a2f3ee36011687e7d7e90983bb0c4c6c2 |
| SHA256 | 04f85c35b2e939fcbeee00bcab0428ad57f3ae28382df39143e00db216aad287 |
| SHA512 | de80150aeec31870dd766d17a5b2f6de8c57f1ab167c7429c23dbe39a85dda551bce72afdee3e5b4d7fa5580520b71915dd0f131ab41391936377bd8d14296f8 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/bg.png
| MD5 | 2ec9a931f4b5e32640a79b7b42bc9ff8 |
| SHA1 | 3c3e718d27600923915358ebb8121089066cf3d5 |
| SHA256 | bada12ab57c27dd56a1bdd614ecdf8475e0a2cc1f4ce346d4b583fcfca9126d3 |
| SHA512 | b7c37a85eada43dceb2e779b07ee02572d336882f02bfa971bc9d8b90381e0d10782198f9be44c3d56f608eba4d40c44e2bcd16211f3993851769b6091c88eda |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/bx.png
| MD5 | 4aaaf9bdd3648104f073ed7adbdfcc71 |
| SHA1 | be912cd2c68a0f9bd7b9a28a643272e0d7d3e637 |
| SHA256 | 232ef197578588c084a472a47e8747b4f5bf58250140991185e062327b42a530 |
| SHA512 | ca1cd876ffed3c66f53596330f3e0c26eea9cc3a6b5b4d59a600d9a395fbd273e1d5e69ac4b014eb2b4326d54753e8c45ace40dd490e55734fdc0cb435d2e224 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/juicy.mp3
| MD5 | 9db8b0768ab110b18f7824e2eeb3a6ae |
| SHA1 | 239fbcb48cc8ef2b38414b66251baaa95673af1a |
| SHA256 | be43b62eae0fa709e9b49d852c22df941a292705b1a27de69a6a368e120dc396 |
| SHA512 | efdd4d66ab06ce922bd61a3363b1479093aeb9c9aa718cdc8a4e86fb31221bc9c8ce9f20bf050a596c416496b58ea39cd2b3506f6391bba4d25cfb382737a125 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/Audiojs/player.swf
| MD5 | d6fabf5698a15a1c29f1dbdfa5b90f3e |
| SHA1 | e222dc000de3baf390b68018a8762402809b8235 |
| SHA256 | 5195f55764e086c8526bce9aa160cf2a6d83b826cf87e5747e53603f01c72e2a |
| SHA512 | ee0876ac9bf073d02605f1b79f45c3fcd780b344d378b460141b49bbbb3780c6edc2d4fc6c0a2d5fca7dfc909ecf39246fc6f6f1ba1790306b7d760fb39d9189 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.browser.helper.js
| MD5 | 3ff58c8f48f0495479e84a46dfefc9d6 |
| SHA1 | fe22daff9cbf1f06e7ec7f09408cf5abd9fb0913 |
| SHA256 | b31328f19ce53e383b623be5416bae5424bc0f52f28cfb49e14b32e9981965c5 |
| SHA512 | 381fd6ed26f96ce5e3730b0c8da90afdc434ac43ad7b4f6c32a4af8802e3c46135c1ae538c609df4dc40399f6382323b3c2c473f5c2f6760472260fdb733da13 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.resource.preview.correct.js
| MD5 | 298c0590e438b870f2d5163089158506 |
| SHA1 | 9949cd40a3dc644a0a385def239651ba9823090f |
| SHA256 | bfa98a4c4a2ae2a7d2894dfb9ab85063152515c9081d8ff52b4fde68b41a1800 |
| SHA512 | 9e1927bd4821a8575300c55ddf207430e539068f4ddda66345ab40b3aca92ad1d0e38a273adf2d8fd1c50cb5e2a78247637751dc12975fa5b55a4665879d35f4 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.resource.preview.extends.js
| MD5 | 4c011e65fdd56f14c79bb2d1bdbc73b1 |
| SHA1 | 06670592c6a3e7072e19857d13c00ef083ae7366 |
| SHA256 | c3b2d829371efb0f23b9081043f7366669c42bd862479e65d8744f8f7a36e4ae |
| SHA512 | 7e23661254e2d842609dd9b964c030b51ae0edd444a67767606bed5f1518712e4b162580fd0a323a100fe9f9467fd5a36fc20b0147a7231e4c06a316a5c09c2b |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.resource.preview.news.js
| MD5 | fbd18518b3281a181bf99b0ad646002f |
| SHA1 | 73fde37d2f1d771a8a7103d3fc7c05d8adfb098b |
| SHA256 | c4c74f344c137bee17f8b6df6215d3e6e413b247e81fc306714ed0976b213201 |
| SHA512 | c8e6c332c246cc59e5ce07750fe1fbc6c0356649c63628fec4f44a2b4f967c82df9a3418185444ad59c37c0381ab502be3f95dfa4e8477e44ed989f66295f017 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.resource.preview.paper.js
| MD5 | ce2bb89e70ced2793338b856ea471ed9 |
| SHA1 | fab60eef012c144df0b7750f9ba035d9ed15e0ce |
| SHA256 | 9817e2d7e92b97338f1ceec62874594430a90ed52202bd5058f54d5dcd117c5d |
| SHA512 | 93ae8bd95efae539f955f49f9e204b95a5c875164e590b59b235c015e595c19491280733de5734711a5393b4a4a0b4952ea5889103b6f327d9684db568585fee |
/storage/emulated/0/ciwong/AfterClass/html/scripts/ciwong.resource.preview.question.js
| MD5 | 8352ff94bbe9f7026c23d97e63c45d65 |
| SHA1 | 0e894b64db787ba500c7724963f4adcb8d1bfb7c |
| SHA256 | 90634db0bfbdc8b546e389bb5a0c90efa91ecde505e3d744664bfd3da6153929 |
| SHA512 | 26d9779aa0240350255e5e822285f35ea6168cdf6139947079a8ef2737d6d83a616bc2497259b6cb0e5dcabb768719234fdfe81771ac860fc84b34e751196f36 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/jquery-1.8.0.min.js
| MD5 | cd8b0bffc85bb5614385ee4ce3596d07 |
| SHA1 | 359c6c1ed98081b9a69eb3513b9deced59c957f9 |
| SHA256 | d73e2e1bff9c55b85284ff287cb20dc29ad9165ec09091a0597b61199f330805 |
| SHA512 | 00e0cbee27607df41e36c61d4f3badd3d9f3f4020d723863e231c3ef61dc2e2aec89d6c2f2dcfe7687fb81c78e0900fc5ac91eb9115f27d0ac8194c794c88e62 |
/storage/emulated/0/ciwong/AfterClass/html/scripts/knockout-3.0.1.js
| MD5 | 1286282ebf882bb87525c08840650d45 |
| SHA1 | e8e64865c4bf8ef63a57d20fbe6f6ba98b5c9886 |
| SHA256 | 095233d6393a9e33f6bbc9e7fd3eaec348c6c53ee20e608e6a885aecf3b8fdbd |
| SHA512 | a6f1c029537668d66d176edce32535da225ecc8f6e41588f671544e102acecf95443e3a4c31d3e3593db29f4cd2037fb01ea909c3d4225927c8ccc8a51f4845a |
/storage/emulated/0/ciwong/AfterClass/html/scripts/require.js
| MD5 | 20f944fc50da1de9c83ecf78ace1da63 |
| SHA1 | e929881e51c1701e7fe4805b4df719d7923bc2cd |
| SHA256 | 1933c4ecffa363de59fb28f4c645d4d01568765d8e39466745743858ba408ddb |
| SHA512 | 1b0f1301d1c9578019a67aac5f7f3bdab7299189a320aab20d4c96526190461f2e53b1b2f7191c6e3ef421348f77b3f17339022acdb741f7467fe398a779cb6e |
/data/data/com.ciwong.afterclass/files/model.zip
| MD5 | 28b56323065dc93c5b003376a34996eb |
| SHA1 | 0270312f297043a036c3077b821b1abeccabe7ab |
| SHA256 | b727f543b943f8f76d1b44ced93b80ed262f2ed0ca1f0bfb4b9636a8dd1c73bd |
| SHA512 | a1ac40f0fc46c3f68a8dcae52d044888055184cf1df4de9f17edb72f74f821ef54b03c754a2e794cda488e15ae5b09ff30451c25461a53c07bd216bcae714ce0 |
/data/data/com.ciwong.afterclass/files/am.eng.dat
| MD5 | af0819d228e5d75cbb24950910fbabe6 |
| SHA1 | 0cf7825497ce9c19cb3c3b83261d47efc52f6f9f |
| SHA256 | 015214edfe8e580d71cb72c502beb7260bdf649c7dba34e2e95ae17cc4cd672d |
| SHA512 | 1a657f5ef07c91cd79e489a65ccce2e2fa644e0c13a6ec31bfa818b2b760cf7819bd7c19d62ed5945b7657a8a1587c41088de04ea7b074819a302ec57917e63a |
/data/data/com.ciwong.afterclass/files/dict.bin
| MD5 | 4b1122a7ba656bbf42df443c4b49f17a |
| SHA1 | 9480a84d04f390f10fc33c8df5cb6bc38cc941dd |
| SHA256 | 69f137ea7fee64bf6de3f35633dec1c96d66dbba47bb21df15defbbcad4544dd |
| SHA512 | 87731a979effac51481625f6574ce7b083494d69740146f6d39b4dea7effa7c1081a8da723e4045d373647a0060d7367df9096c575207a8ee321d714f45baaac |
/data/data/com.ciwong.afterclass/files/phoneMap.bin
| MD5 | bcf1c5d675fa2f7f0f9d942a9de648a6 |
| SHA1 | c5f5aec86d1f11f12f38f7a8f9b8027c9a0b2b3c |
| SHA256 | 6aa7e0c66a585717980546fe6b3bc46a5a6949c485fc2533663b5c9ec445cc59 |
| SHA512 | c1ed53c10180aacde1a6e498e83cc72e1348d31a28ee78bce790b490b65044d1e9251c432169cbb9fa525280bbed392964facc1db6e74913f808109bea37bc44 |
/data/data/com.ciwong.afterclass/files/seg.cfg
| MD5 | 1263f1cd86deae326b8498a48aa0fe47 |
| SHA1 | 9f0452d369a35484de05c720e62e90af86dcfa4f |
| SHA256 | 72df510de082bd0a7a9f13c9de050ee9189136e95e32c00a111b766d27c02f09 |
| SHA512 | 6243d2526cc3466271c1426a962568a348b7fcc39839bda2511d06c0ececb59d5ee6c2f5e93e690076798797bbd8e679805193c5b9c49775c3f5d2a4405901f9 |
/data/data/com.ciwong.afterclass/files/tiedtripho.bin
| MD5 | 64be4192f07755b65a6f28c7b9177dcf |
| SHA1 | bf0d7b98ce08c5bf9b8da10eaf14324023e61863 |
| SHA256 | ce64f3cc561d06163288e824f1e28a8a5b9e35dda3bf21491872b3b7ff5bd69e |
| SHA512 | 7169302c074b25f60106dbe0cd640698b0f568d1e8e20f7acf359edb873a9b50e371f7ebba007185e1bb813c0b9c25bcf6ea74d03071f4eb9f95adf254c4085d |
/data/data/com.ciwong.afterclass/files/tri2sen.bin
| MD5 | 894945ca892064877dde66a07a9da878 |
| SHA1 | 26265c963fd92c6b6fa0fddf0a23cfddc42b826c |
| SHA256 | 99fa25cac348adab8677515f2ddd926fa60a91b4026bd090029eb1f5e99575b8 |
| SHA512 | 218bbc6dcfec559bcfeaef3286fb07a25e60676dbb2064af2ce448673723cc7ed569cfbdd001a2cea32f800242a72ceef0a7b362b43d0dda49d77423c02a3473 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:35
Reported
2024-06-13 22:38
Platform
android-x86-arm-20240611.1-en
Max time kernel
6s
Max time network
170s
Command Line
Signatures
Processes
com.unionpay.uppay
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 22:35
Reported
2024-06-13 22:38
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Processes
com.unionpay.uppay
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |