Malware Analysis Report

2024-09-09 17:16

Sample ID 240613-3gp9asvgkh
Target a71c62a3ff65beb7a952ee74ccbee676_JaffaCakes118
SHA256 0d9166af12a8f92090f451d3f457b78d8af2bcd527e0590d9193efbe68a52620
Tags
discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0d9166af12a8f92090f451d3f457b78d8af2bcd527e0590d9193efbe68a52620

Threat Level: Shows suspicious behavior

The file a71c62a3ff65beb7a952ee74ccbee676_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:29

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:32

Platform

android-x64-20240611.1-en

Max time kernel

23s

Max time network

170s

Command Line

com.enormous.powder

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.enormous.powder/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.enormous.powder

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.169.14:443 tcp

Files

/storage/emulated/0/data/.systemid

MD5 a9ebe2d249ae9a1ef5d05b7633f370af
SHA1 3d082b3b5e0e1171d783717063170b8e0fa99299
SHA256 1ef01a7fe0dc812676d6e880ecec62587188a8129a058b0286349b81528f3142
SHA512 3491f2f325f510c92201d2f671c28e489725af8407b0e8b1406fc17cecd8d1bf9d3ebf0bbcdc801bf462ccfae0485e0518dd9f0d4bf4f82117a66a3dc4df08b3

/data/data/com.enormous.powder/files/stares/updates/sta.jar

MD5 8ec43e10005ec4bc91c4e45b8e68e304
SHA1 66fb42cb11e77900e55cbd4a8e247841dad1c5ea
SHA256 18d90827352cf0ed3084c4f1f94d98026908f674914889e1e58c2ac5e68be63f
SHA512 6077f32c03361faa552bde6c7cb9676c6393a9b7a30a9622095e6eb93da484b29fd75edd955523c8b51d4e86fe4a19fbce5cc456f7612162dbdec76e43b563d6

/data/user/0/com.enormous.powder/files/stares/updates/sta.jar

MD5 f4e9864345c65cfda19a2f32209cc1ac
SHA1 a28bd5640006c97399085831a71f444cc9142123
SHA256 a908ee5efebad005c51ab86e6a47b56ea8f11b44129e149db376fa8d5eeb383c
SHA512 9b0f40b2f8eebed0817b5a1ab31ab61af2da9d2e3ae1f5b880b40552986e5bd192ed9d1c31c5fe74cf458a51e809f05300f1fade9e4c28a3517a3a1c6ffc5f7c

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:33

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

164s

Command Line

com.dbgj.stacore

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

getprop ro.board.platform

getprop ro.mediatek.platform

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 d5221378428abd1bd0f4c129d941953c
SHA1 b3e1c15198bfa2d5c763fc122558aa0b320a8b0d
SHA256 3c83a1b68822d1e0c365d00bcc55e622252e29e77bd510a7bbe92705a9b1ae88
SHA512 652fc93c1b9cb5b5d7bcf5114be3b3925ae98a11c9ddb717bd3bdfee00eee953f80109dc25e2e925f660d1fb3146a67c7abea8e1b46422a4a6aee3b4754c8137

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:31

Platform

android-x64-arm64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:32

Platform

android-x64-20240611.1-en

Max time kernel

4s

Max time network

188s

Command Line

com.muzhiwan.market

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.muzhiwan.market

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.42:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.muzhiwan.market/.jiagu/libjiagu.so

MD5 9885f6c9682fef5e0ab72e530eb52ebe
SHA1 8b480c3ec2bdd236c26e3b3a6e7d95fa14df43d0
SHA256 0e17f244f4927f3fbe422cbbfcf19c829500ff0dec09c4442b0801b4db7e8fdb
SHA512 f7e39025f354e75e826eb023a5687640796e8a343926a1f6338f353a6930655b0dd5108cea246f5592b56fe32395f95814f469203dd70ee22f20d420f79692a9

/data/data/com.muzhiwan.market/.jiagu/libjiagu_64.so

MD5 963becf6fe4ffcef09dbe85f5fd8c621
SHA1 053afb03ebc223d77503ba6d3cd2f0a44af3f149
SHA256 a611059785ea7fb47b7fc52b7b5b48d1a231748ae4a7ddff5905cc5eb7121946
SHA512 bbdd35fa05ed348c3eec2add0b679f2c57e63b1ef29829711548198f01a82fbe7a9a39e7594f734cf38fefa33adce39c0e6486edcd52442bd768d0a470ff8640

/data/data/com.muzhiwan.market/.jiagu/classes.dex

MD5 3c79da0d95d99b9d5a31436cdda76828
SHA1 969c7d830f245df06f40238c35f36bc6955057f5
SHA256 86634370a791151dbc829b6475fd64389a06582bbee718c8fb5ea18b85d50779
SHA512 beee337d38a2ce5c60411f64b794dce54839f32d58e2945bac5a8216a75998bf9db3cb441f5f5470cb4bab84f60a3efd1c2491aad0f605ba8b67af317bf5f4d1

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:30

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:31

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

4s

Max time network

132s

Command Line

com.muzhiwan.market

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.muzhiwan.market

chmod 755 /data/user/0/com.muzhiwan.market/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.muzhiwan.market/.jiagu/classes.dex --dex-file=/data/data/com.muzhiwan.market/.jiagu/classes2.dex --oat-file=/data/data/com.muzhiwan.market/.jiagu/classes.oat --inline-depth-limit=0 --compiler-filter=speed

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

/data/data/com.muzhiwan.market/.jiagu/libjiagu.so

MD5 9885f6c9682fef5e0ab72e530eb52ebe
SHA1 8b480c3ec2bdd236c26e3b3a6e7d95fa14df43d0
SHA256 0e17f244f4927f3fbe422cbbfcf19c829500ff0dec09c4442b0801b4db7e8fdb
SHA512 f7e39025f354e75e826eb023a5687640796e8a343926a1f6338f353a6930655b0dd5108cea246f5592b56fe32395f95814f469203dd70ee22f20d420f79692a9

/data/data/com.muzhiwan.market/.jiagu/classes.dex

MD5 3c79da0d95d99b9d5a31436cdda76828
SHA1 969c7d830f245df06f40238c35f36bc6955057f5
SHA256 86634370a791151dbc829b6475fd64389a06582bbee718c8fb5ea18b85d50779
SHA512 beee337d38a2ce5c60411f64b794dce54839f32d58e2945bac5a8216a75998bf9db3cb441f5f5470cb4bab84f60a3efd1c2491aad0f605ba8b67af317bf5f4d1

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:33

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

166s

Command Line

com.dbgj.stacore

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

/storage/emulated/0/data/.systemid

MD5 0a51e9d2689500cba45fc8889ac872ae
SHA1 9a7f69558644f27106203aac383189690b6b0514
SHA256 42e09049ae01115ae83344a88d4ac54ba30630543337316e7882fd6518065b1e
SHA512 e768414d64e8b1ba624361e7ebe76421482db4f4d6efa47abebd17275dac90d90cd2a27238159d51633c784cc7ae3dd7fea6edb5bee0279e90bf473f6889c4f8

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:31

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:31

Platform

android-x64-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:33

Platform

android-x86-arm-20240611.1-en

Max time kernel

9s

Max time network

150s

Command Line

com.enormous.powder

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.enormous.powder/files/stares/updates/sta.jar N/A N/A
N/A /data/user/0/com.enormous.powder/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Processes

com.enormous.powder

getprop ro.board.platform

getprop ro.mediatek.platform

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.enormous.powder/files/stares/updates/sta.jar --output-vdex-fd=58 --oat-fd=63 --oat-location=/data/user/0/com.enormous.powder/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 2d194d4aa1549e4aca30dfc19f0ecaf0
SHA1 96a3bec4cf22176cd8eedad1ebabc784a34b5d67
SHA256 05f7f3c8bba4c63c7f3fdc3f33b8c3defbc1fd5cf2bffa9bcfe28c643d8f2f56
SHA512 26aef53d64d84438dbed91b180b1242466109961d83da9a6a56be2f82d1a054ea0a114bdfc950e74f212830c76fde879146eb57fdfaca2edeb264d240f7eb00d

/data/data/com.enormous.powder/files/stares/updates/sta.jar

MD5 8ec43e10005ec4bc91c4e45b8e68e304
SHA1 66fb42cb11e77900e55cbd4a8e247841dad1c5ea
SHA256 18d90827352cf0ed3084c4f1f94d98026908f674914889e1e58c2ac5e68be63f
SHA512 6077f32c03361faa552bde6c7cb9676c6393a9b7a30a9622095e6eb93da484b29fd75edd955523c8b51d4e86fe4a19fbce5cc456f7612162dbdec76e43b563d6

/data/user/0/com.enormous.powder/files/stares/updates/sta.jar

MD5 f4e9864345c65cfda19a2f32209cc1ac
SHA1 a28bd5640006c97399085831a71f444cc9142123
SHA256 a908ee5efebad005c51ab86e6a47b56ea8f11b44129e149db376fa8d5eeb383c
SHA512 9b0f40b2f8eebed0817b5a1ab31ab61af2da9d2e3ae1f5b880b40552986e5bd192ed9d1c31c5fe74cf458a51e809f05300f1fade9e4c28a3517a3a1c6ffc5f7c

/data/user/0/com.enormous.powder/files/stares/updates/sta.jar

MD5 a76a0eec70efc99ea0ac64c07f6bec32
SHA1 8102d17f7690ba9697f1be3de7cedfb765e70d51
SHA256 aa563dff1eff005677766ff94f60884b3ca72e1b4e0e478dd8ba781269dca37e
SHA512 dff801c2e27bf4e62a1fb04f0a120a8be7f7cabc3640195dd3caacca4c6c3741eaeeb4d9e5afe151d6b8cf38684779acff4f99d37fe784329ca6b9ecfd2cd0c0

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:29

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

167s

Command Line

com.dbgj.stacore

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/storage/emulated/0/data/.systemid

MD5 5fb32de21b2c01677f0c80115a073472
SHA1 3cedf0a26108e83357126c6ef44bb9744dde21ea
SHA256 9dfb66625ea1abf8a68f658f9a47bc8c325c36f8fa9e1e1da76286c54b9927d7
SHA512 6f34fa933f22351f08e5204f2c90332144d0531e7cf3bb66c2e40a0d9c5059aba0f0634c53f61c7a705ec2aca60007c53689d31b85f22017b1ba79650fdd33d0

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-13 23:29

Reported

2024-06-13 23:30

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A