Analysis Overview
SHA256
baa630bc3288cb1146c12af9e6016831f73570017ca6fe586810f22ae972f8c6
Threat Level: Likely malicious
The file a7290f583b7ad5a960f1da6e5d02796d_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Queries information about active data network
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Acquires the wake lock
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:44
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:44
Reported
2024-06-13 23:48
Platform
android-x86-arm-20240611.1-en
Max time kernel
174s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.shwoww.bbfafa.jfrhy/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar | N/A | N/A |
| N/A | /data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar | N/A | N/A |
| N/A | /data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar | N/A | N/A |
| N/A | /data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.shwoww.bbfafa.jfrhy
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/adbase.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar --output-vdex-fd=52 --oat-fd=49 --oat-location=/data/user/0/com.shwoww.bbfafa.jfrhy/files/oat/x86/extend.odex --compiler-filter=quicken --class-loader-context=&
cat /sys/class/net/wlan0/address
sh -c ps -ef
ps -ef
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | api.bwan001.com | udp |
| US | 1.1.1.1:53 | api.windmillplay.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | www.speedtest.net | udp |
| US | 104.17.148.22:443 | www.speedtest.net | tcp |
| US | 1.1.1.1:53 | riley.as48070.net | udp |
| GB | 94.126.239.4:8080 | riley.as48070.net | tcp |
| US | 1.1.1.1:53 | api.windmilljoy.com | udp |
| US | 156.224.173.101:80 | api.windmilljoy.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
| US | 1.1.1.1:53 | api.iclknet.com | udp |
| US | 38.162.69.61:80 | api.iclknet.com | tcp |
Files
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/libjiagu.so
| MD5 | 39d77dcad8e2a44dd7226f442b3a6c92 |
| SHA1 | 6560fa96c6b5a038abaeee5f139a16e46088d9d7 |
| SHA256 | 99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0 |
| SHA512 | 7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5 |
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/classes.dex
| MD5 | bcdd44c847ba168f2747a9ead140e39b |
| SHA1 | 113fd4f2e39b3879fcfc75d81e8c54df4170adf8 |
| SHA256 | 53fca30b75e5c62b31aa8e4589f28e66e5b774c4fe321c11cc591b81851decd6 |
| SHA512 | 117b15f59e75405f6371dc8dec1f33e7b3231452bfe6734b798e0e105d38d645aec57b982953b65e26dab069d890916758533f63f561ed9e08f1d55ccb02eb7c |
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ri
| MD5 | 0e9d4ac4f0fe1c027d36360824b6ea79 |
| SHA1 | 019b176eda64bcb83fdaa23cabbc3453fe5a8ca0 |
| SHA256 | 54c4bce09a3ae7364896a6b9f353676f5e1460cb619595c6122a5186cd0de0e5 |
| SHA512 | 0661f354c2167dd29b77acd30fdffd95aadf73c1a7bbf6dd0043695f66aecc7a50e0f0c6fbebeb0348b180d39914997ce8a741c1f7adc6c3b675797b119a76aa |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ri
| MD5 | 3df301511d5a392ff009d9e5d07367d8 |
| SHA1 | 71bc129539ef7173c03a3d3f5e5e6736dd5499c6 |
| SHA256 | aed137b08ab55d1442c3222dc430042dbcba8e0973f86eb506102a06c129f98c |
| SHA512 | 5c4bdbdec45ad586fee27b3f493f3641c37cf623e8bf334d5f3f34125f204dcfc83521220ce8b8a1748614da5a4af2297d71d0282717d7bfab8489b3dcee6548 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jiagu.lock
| MD5 | a08f037e7be709c12f79f6dded371ea8 |
| SHA1 | 67c25caf4466312e7558ce93aaebc12a93e9ce0d |
| SHA256 | 52876dec71aac2aaced15c467975e0f04e1f05f8dd6ea14115b6a0016b2532c1 |
| SHA512 | a0c10ad43ed3a51e6355d5b5f6b24c518f1fe25cbc5fbf3c854a22d15d9c894c34b7a77bf22d601ab28ae01b989ca84c608705f3b6ebcdd8dad5774ac1cb43d3 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.rd
| MD5 | 54582129785746b4b7e6f305d65ea79f |
| SHA1 | 00cfe5b7d2779c63b84089f88691df95a13791db |
| SHA256 | 1520f75a2222a38cea61cc036c3d9331a1b6cb2c66b53092e6396423a09b2d08 |
| SHA512 | dc3ae51aca643c97d27179e1b12edf1c4b04e1941f07bb3d5fd63131a61fa771b1d88ec685790cdd6a2b915bc35a7d9ded985a718df2f9c8e3d2141716a173aa |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.store.report_pid
| MD5 | 7d76b30a84de28f0005276b14ee03b5b |
| SHA1 | fc8ce63f0d148ab6ad21ab8bb476508c28659dfe |
| SHA256 | 2c0db45f47a02de750185cd6a2d0d8bb8b7100d101c2ff412574dc9972b806bd |
| SHA512 | 9390a51dd0efe40a563d95708686997385b3d80b5d7f338464ca243b4abaa284681ce10708401d28be00821a5aaa235777e37fe1ba4977cdfddac3315aec859d |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.store.report_pid
| MD5 | ae4e896c06b21d60efa4b24c1a1ae490 |
| SHA1 | 060a045f6ba7867e618f10f901aa256e6ba437b9 |
| SHA256 | 7a93123831bbded0e25fbf42aae2a1e1985dbe0265a310f324477c5533e452c4 |
| SHA512 | 1b8cdf82950e35f9a7abe74b51441dfcfe7dfbc28932b15f31ed9b1b98bbe8031853171df94be3dd95bd5b29d87aa479c88cd6cf7526ea615a1e19d8ee846147 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.pk.h
| MD5 | d8165d04eb5f3a7ef9c8d3ff2a8a1aa3 |
| SHA1 | d28b4d95991a55249b1c30c45b64aa9b82782c93 |
| SHA256 | be0377cadffa2baff0a1c086bb5b0e94200e0da8c074ded17426544ac91c82de |
| SHA512 | 61e3642a36b7908b8a61db7181dd3c6773cd6a10f0ceda460e905322b01805c4b4054d569924ca585ee74ad184ddc4b31a17fe3f2a4d7dc36991ce47f6be9eb1 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.pk
| MD5 | aefb2a5ecc52884b5d4ddfcf39d1bbc6 |
| SHA1 | f4bc3d5706bcbca3e7bd6612ea99784f6049d02f |
| SHA256 | 69815765d1664ac5eee9e914e5f6b148f3a7d82d0ecc1d62688dae14c662a3bd |
| SHA512 | 6f94147623efac472886b1d7bc0e0bb3547b85f5e3d09174572bb87d2803c7951914a5a77c77d8923c042bd888e8886286f6956dd07842715619525157c48045 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ac
| MD5 | b01414b47699730ffb5abf86ef35eff5 |
| SHA1 | 73a0052e85b12067573185f075bbd75124cb4b6b |
| SHA256 | c29cfc7b25242ba99e89a199da08867c5939074d7293ac72d80b4fe09abf7967 |
| SHA512 | a5ed17b0742aa8914b6d54848f7c31932de412b83bcac27b77a55c4df2f04cae989d20a9c2e0ad704ede7aa08ca3c0c88dfad265a8ba6377e16612b50ecb26bd |
/data/data/com.shwoww.bbfafa.jfrhy/files/.jglogs/.jg.ic
| MD5 | f8696bfb07b145d38a38fff40137931c |
| SHA1 | 57855640a03549677be4267aba78d80d7f59d4cf |
| SHA256 | e0532449c8fc8c93405be3af62fc395ae341cf85a0c29ee41a679300cbb01c63 |
| SHA512 | e9f3af1ee81048f765dbdbebde63c42a3973cca6eb633ae42fa21ddbea2cec7b68bb6cbc65d646c7f8bcdc4a07ef6de4412a8c20c356b5967cfcedf0d75ded3c |
/data/data/com.shwoww.bbfafa.jfrhy/files/adbase.jar
| MD5 | 45c127db9213dcaf96041bf38d80a6b0 |
| SHA1 | e29c8b16c59b44b607afa30233d1bf0ded093094 |
| SHA256 | eb5b3fe15eeca58667063a0b394f48533a389d5e2ca2b617b2b24e8f2e186ed9 |
| SHA512 | c400ddb0dcb4656b5089f145e358f0f9eccdd8815a232f9a98862d28785ea36b3c9e9d689edaf99f55ea68e1772f43d53f2d56116bfe37c94a7944c59dc0bfdf |
/data/data/com.shwoww.bbfafa.jfrhy/no_backup/com.google.InstanceId.properties
| MD5 | cf8c6f60549383085ece6357cbaa65fe |
| SHA1 | 37d9b99bb3ecb974ae3b9476351496c5b511aea6 |
| SHA256 | 2f324e106c0c6b77727f9fef150c0bba17b5302ba737624d1e4ff4386474fc99 |
| SHA512 | eb039c2f5c50b453a02b383a55d25898f2deabfae8e9a84c0b86f648027300fb968fb8b1ab7710d26acbdbf4f1243e0864c6b2ffa3ec429b26d23ff854cb3172 |
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar
| MD5 | 075950b678202c0d8ee259a23a94ae9f |
| SHA1 | 36e519f85b99f8d2221a9b325e630d1dd5477600 |
| SHA256 | e5c0a990fb7c5e1f3078b6f5101b76bd78583ac4e2a11b19554485d1a934a625 |
| SHA512 | 51c99cbe76b385ab832b5a9a9aca46bb3bc07e7f59c135ca46ce0faccfb39f737f5c6c1ef8f1d85b6e414536ddf1503c60ebf787cf8c0ac6144d251e01ae8ff8 |
/data/user/0/com.shwoww.bbfafa.jfrhy/files/adbase.jar
| MD5 | 92b77a588b462e87a58f047015b797c9 |
| SHA1 | d2777df831ad17550c859821debeffe57f48e51f |
| SHA256 | 711448d00c5f7b1b02a112cc1d77b84bea68b748e523ad56d94e80ea74617db5 |
| SHA512 | 9268d95bed9b6170fab091c2218f86f7869d40a3f708b310aa715d3a711f7c0d837ae8ccd29d6553b4f1ce169187db2d8d7edffc733b06d23c46ffb818910fa5 |
/data/data/com.shwoww.bbfafa.jfrhy/files/extend.jar
| MD5 | 9644c5091c7e2511eaf2bf3047249592 |
| SHA1 | 03bea0baf91d9bb62945a7dfeafe0ebd87679f72 |
| SHA256 | b41cbffbf88b4e4b515b5dfed5b728525766c874bc8ccc5c8cdea9c02bda18a3 |
| SHA512 | c2854e6ab3c9ab0cd19c783a9710e13714d79638824f9d23622292920cb244aed97ff4f78a241c6001d30f721f13989ab60458a805daad39d063fe303b2db211 |
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar
| MD5 | 1a38ed7d3a7349ba068965a4b69b1ca3 |
| SHA1 | 59e04ca83dfc3ef0c57379aa120e6536ea743ed1 |
| SHA256 | 0cee48142b980f5d4d733cc5b87bcdd1f6c401d61882679fb2221afb388b3519 |
| SHA512 | 5646ff17dea4bd7c14f2468c96345b3eb04a3d209791b895cfc3332e3391a0af6828249bb40403fa9a8b1243243c11267826b19a61d959e7bc5963d50f792993 |
/data/user/0/com.shwoww.bbfafa.jfrhy/files/extend.jar
| MD5 | 900045dc76a74473c1d327a38966ee3b |
| SHA1 | e21937a611e719475594697b167baade598a7b7b |
| SHA256 | fae11ef94615eba191373311fa2f6f8dacadd10cb01929847d31783648a4e78b |
| SHA512 | c0976f25ff21ace30417ddb9e9d48ddde1ed10e3cb616e5c5be048b0944c62a17026a20e04c57aa02280da2f1d4536b24d0fc317909dad05ea9702980a2718c8 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-journal
| MD5 | ab7ec7de6c8b7f948d622f5d34a20753 |
| SHA1 | 3a4714093c7f2945658cb4914f35b96f2593a39d |
| SHA256 | 06de2c273ef43c77a4b40e394adba42d96e181f0c2b91101720eee55744bd055 |
| SHA512 | 477d4b8c04cead517d0b11956103e01c5b1a1224eb7a117018db71457c7eb3bab07a84e80573a0858629c6a0d48229d8a7bb033aa93d088e4a045ee555f9577d |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | 06f10275717990e883dff70311099d28 |
| SHA1 | 506631c161f171452d0259ec2e2427a1af6cf164 |
| SHA256 | fb1fd029e73c65d19020280deb8f607499d19615dd399236ea414bc36ff9cf59 |
| SHA512 | 7f467ad782d5e0497ead5fd4b6b23dcb83d7325bea8bdf14d02a8d101ab45d6732fdf884b360dc0ffe94f06f50458a98c4e8e66e6f13bb96aea893eef5e0c94f |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | b88b392deed933635be36ddd272ba3ef |
| SHA1 | a62a0c312349e3e6765ee6ab1ffe6e55d5a5b204 |
| SHA256 | 8b17a950439e849d6a7a044a94f3c4893d02e304923b5a9c27f3c8faf3b0c5b1 |
| SHA512 | 643d5243d13671ef59d33b8ebb9b9512a3703600614e38bd238f87cb522f759403299a168048466d11486cf8214591275e203d297eb66bcd13fa7ead987b3511 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | d375ce098886070f3ed5b98d378dfba5 |
| SHA1 | e2889bc0e69c68426085832ded5bd07759403bb9 |
| SHA256 | cb2130eb58da48ae3460f0880b431b067e18c3f70b79aa01c425e2e766276789 |
| SHA512 | 2229f3b2a3cf811ab76b21e73a0621f918001b3b7244e8ead0775556f9dfeaebb8621ac902f62b4918f6f951eaf88c8c67233701e0225c6f9ba93c2bd0d71fa9 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4BeginSession.cls_temp
| MD5 | cc3fe04df8515d0f74d1c26a1191aa56 |
| SHA1 | d61e45b003f03e7928005806b755364959926f17 |
| SHA256 | 5dede0148ee2a3a10be9fa787071a554700401c07df8e6911df069bcd16a3560 |
| SHA512 | c186b628e38f589fd46432ece55ceac72d9a4a54d611306df9333207711e1d0553f9e87e7c0a56dd784d2b0f2a35a329ec587ed57fa781ed8aaf58c76a187037 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | b72611400d8fe0817cde9e4bf3494b1d |
| SHA1 | 37257bad74ea1f4e0d911b1ed53c1bc0c9c807c2 |
| SHA256 | c3c3148929ccf9465d25a5c05372b76abf76eb3fe04260eaef9da9fe9ee9a030 |
| SHA512 | 9bad0d1746d3b1665ceee9ab8db5b600f2d40beafaf11535ecfe51670efe1b698d28bc37b4172e4111046848c5bad0bc3bca139580500de4939b710b11c9090d |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | c9dec07de93c03471e2b74abbec27b08 |
| SHA1 | 08552be1a8ac359fb8a6e25dce523b75c61e862e |
| SHA256 | a534242deab3aa5ac04051ebb8496778b7c2e554b20402e1f2712e8fc2117219 |
| SHA512 | b1efc80b3fcc8bed6f3e563f06f5659c399acda72f62caff6fccf87165f3bd5fe1bc4853d497372192f55b944b7bb50e206bbea2a03a3558c59df6d7a1413e1f |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4BeginSession.json
| MD5 | 87d3046ef92302ce18bb354b25671459 |
| SHA1 | 205551e7a17403b43e380d9fb104376c0711f9f9 |
| SHA256 | 9aa3f09d35fe6b4277adf8d4688a936b0cf567c968a3f2d5661e88b4543a8ef2 |
| SHA512 | b595ae39dd411e50921cf759963732e4ad2be6e600faabed516a9f6c4dfe96a92968e858909e623f284029a5f480f49a44bd36e6852615b6823085679253f821 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_55b01f75-28f0-4aac-96a0-5d9e5ca3a09d_1718322341701.tap
| MD5 | 903861ec5c7422b8c2a2b60365c7053a |
| SHA1 | d1358d2f4f2ec74d21be0dda5e6a6e1d60e9afbf |
| SHA256 | 0642163596b650032d7cacbf8bd6a9d2895d59358b8f5e866b1cd2ea6966ab24 |
| SHA512 | 64ca7be52cd80e8405f328dab17498ca1bd84cb614399f4ed32ce5a9a1cac6dc9f3d82eab8c6e13a643cf80d3fc9d3af0d85f1262c558871b13e5db09be2177d |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | 60f9d7c6db2929cff82047137a5de622 |
| SHA1 | 9bd840ce89d02d6d1edf4fd4bd891f2e0cce28cb |
| SHA256 | ab5ca0326db2f133f146ae7b1b94269543a6262f19d2c350fd4aec578d85feeb |
| SHA512 | e8f92e3cb8b8aa9d1b48b35e74a7d48e55ce242bd96f0cd12957df017a17c669e4acbcd2390dd835bff549e2be396af3c09d12057a9563fb3c9c3e1ab0e76938 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionApp.cls_temp
| MD5 | e1a48c2d08fc17ff61ab5a69d3a20375 |
| SHA1 | 5cc733364da25b8effcef9cc2df5a2f6220c851d |
| SHA256 | 4bd98ad31b368ae4d9bccdb28fe7ee4b680ba9c9cce7eccdd636a9a4c40b6035 |
| SHA512 | d2db15b9629a98f9c25d83d945a2bb5f1fd2db79c648db52119d39149fbecaefa68029a122614724ab5ccb78102626bd30b97107ce4453a3a7bac3d8d3d00513 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionApp.json
| MD5 | c1c55458c53dea99a86250474b40d0ca |
| SHA1 | e1524f70e105b68bb1392fc085d1aa1e01a4eb96 |
| SHA256 | 8a0d85550f897f4251f2a50a279c893d2462139fde7ce24dcd6ea9d98e5761de |
| SHA512 | 946ba17164d79cb22ef47a0a43d11aa7568021b424a86f6529ad4a1d8b39f373b0df7260ee8f89db4a74f2aad60b86a5826c0b904f91165998a65b6b38d56433 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionOS.json
| MD5 | 93023624eb8dff5c20050da136aaae0a |
| SHA1 | acfd1ffed752c28fb135ba83c0c6345ddf2f6995 |
| SHA256 | 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c |
| SHA512 | bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionDevice.cls_temp
| MD5 | cf9cb0612d588a1f71b63084cea67316 |
| SHA1 | 3d035bb92fd3f8997160cf8025c40239af74d3ca |
| SHA256 | 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9 |
| SHA512 | 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600 |
/data/data/com.shwoww.bbfafa.jfrhy/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B849D01F8-0001-10C1-3EE70BA4C9B4SessionDevice.json
| MD5 | 75db92d50c80a89e068550028c62acec |
| SHA1 | d78ea55f5dc682e4da456d26383249f608fe894f |
| SHA256 | 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2 |
| SHA512 | dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | fdec0c20d19f97eb1e3f210029d1964a |
| SHA1 | a43e982b345d111990f935eb6f204e9267859302 |
| SHA256 | 503bc9b3cf9a7dd57ea16b2a1092e1a46ec035e8b4f11ac3df0cb9a5a64e6d79 |
| SHA512 | 6babc0f508d6d23258264b42559547ccc99527de8d107be352a4c7d7a96d8cbc5791143a42f0b0e3026183b4a16efb065368d609e2fbd6ce0d8501f786cc916e |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | 2b6f6c5301b0161a5a191ff766df073d |
| SHA1 | 99317d790310d1a129b248570942e50d16d78be8 |
| SHA256 | 8f369196baac366bf0a2da0a8477dd1b4983906b2ea8f3c4cebc1851c79f32e0 |
| SHA512 | a0930546ef22db60be2078b7b87ddc034c05b707e5452e18b10484420167ba582d41505ff80e5d2e323e2efbaf59d165d222fd463a358803a13b368f3b803fb7 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping-journal
| MD5 | 47cd7784a6cb5a1924878c6b8291aae4 |
| SHA1 | 183a2566d81408502ec4463da46ec8ffb67ff711 |
| SHA256 | 10ff97541cc1820073e2192f1b3d68d5c002e6581f0a85a4d90e5816a0fa7a56 |
| SHA512 | db09e0da5578eb2162e65d3dca854eff2b6c2b1d02de230fae69d4ddb1da26dae259cf4f3eec7a880196f76f7b83aaee4edb56ca110c63c957f2a8bfa13b62bc |
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping
| MD5 | e90ea921239d1fd7fb91691e5353d86d |
| SHA1 | 76699b26b98db472021dc490dc55883c2c7293e4 |
| SHA256 | a469c40779227c6056e29c0a80faaca576d0a5574b75db49714abdab9aa8cead |
| SHA512 | 246c09beb1feb1c2814d666415c01613d7c5040d4ab64ef2a8824ff5a23d1ae747d591c68480b2ef3569a3068d9bbf2599891f710e0850610a73713944f27c52 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/ping-wal
| MD5 | 939b6731a4be11f3d0d1ee434dfa21c8 |
| SHA1 | feeca83f41879d070ad734eabeba9ceae8777cb2 |
| SHA256 | 4d2d4574660a1dd9830759c0f441d521680d35f0d0bb1e4d7c06d97716befcec |
| SHA512 | 90cb5a4e149d876ed70a1c51d66dafde97e180f13b69fb07186c5cd3b290b1f9b1aa31ce9bfc02c253e31631c87a693db88e4ea62f3c6de1ae3778794a72f7ac |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | a07f3272a3a814bd9d86187f17484146 |
| SHA1 | 632c5e81821437ae57401fd5fb9dd53990d6b423 |
| SHA256 | a7f0c35ed0707ae95d0b023b6eebcc70987a76b461db578c52701990967b1f6a |
| SHA512 | 01ae3fbcfe30316bdf301b19ca4751e2ad680f4a76b20934ba136bb9bd6e6a3b96a7096906834f7e412e774e589478a9425f98338d496960763b08cd71c34c98 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | 344dea8796a9964695ccb09ee67d68b9 |
| SHA1 | 8747a3902a323d95d53670d772e6c85e628b5da8 |
| SHA256 | 5dd530a776c4f69d56a8d714929d51b99d6e869370aa4e102903498771571f48 |
| SHA512 | c75410cbf5961fb7871f7a46a07277c07a1941b518df18b6548eb3d9d5198b3565e631c6eb071d42969802a011130a0507a52cb86d32dd296b7791fa2ba3fe74 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | 11c31d84bacf64b82bc74fe0770d7ea4 |
| SHA1 | 86f52cfe1e0d808961e4df3d0bf446a7e75c9d92 |
| SHA256 | b2cdaf5cf06f6ae92f5b587cd20bd26d5bc522a77e611f8a80618985a143324c |
| SHA512 | fc8dc717b25d2242dd8855d78d86e54af7026c21803953cac2f90f4d6438e0285095da59d073bb6eb7fdc56cb3a880512e09732010833b7358b684d279043577 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | c1c01034dc1b9bb5fafcdf6653fde4b8 |
| SHA1 | 3d66318ffed342b1068a6c861dc1dd17214a8c8d |
| SHA256 | 44cd4445c6c6ad767fca94a1b7c2e240f1f64557c7486da4de6098ed098b97ed |
| SHA512 | 783355362a588da2f7b5c78d95a394f7cb082bfa81995d063f15d7d06f5c46f1608e64c00b96f1fff2b7e6302e07a2817c2fbf260fc582f120dd241180434198 |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db-wal
| MD5 | e62765d3284842f1826adf7b65dbaa6f |
| SHA1 | cfc4f3461f561dedb76fd5d37efb85a401f5d3b4 |
| SHA256 | e9af242964fc64e97a81ced51c5580ffe5909af419dd1a68709a2e4e28f5f894 |
| SHA512 | 7f1d3a30523001a97c0577701d24dfad3381369e26cbc7519f3bfce8d9dfadf0318c2e031b6841ab9d299c45fbe0d6c139509ac4076514a886455611aa33a8db |
/data/data/com.shwoww.bbfafa.jfrhy/databases/google_app_measurement_local.db
| MD5 | 3dd6a452d2db2a90730e9bffb1046cb7 |
| SHA1 | e8d3d3fcaf4cf66c1ea64510462106eb44b576b0 |
| SHA256 | 060b72c18f85df54805263b53a339d910371ebede89d3309d32fafdf53b8bdf0 |
| SHA512 | cb2e37d5e214b3fe38a957cf9ccfd6b0ac1d7ac0cdda34754ce88ef680b91a038160b42fc01e514d1f38f8ee3c7248337d7ac678ddd1b7944e3cb817c6944c4e |
/data/data/com.shwoww.bbfafa.jfrhy/files/oat/adbase.jar.cur.prof
| MD5 | dcde68e978a1190c29061fa74b8da0ef |
| SHA1 | 9ca669e014046a88bc7d558c12b89583bbb5d08d |
| SHA256 | e6e43e14046d12aaf60fba18ec2a8ecb68090d3d47d9dac579bfb0c9a4f85988 |
| SHA512 | 3256ce77a5253c51a0a9138ff79d88466e6e6e6b0fd44feb23d42fbd801545b8ed0a22096f406604758d7b7e209d32848ae7048ef431d610e0c9e53bc247dec3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:44
Reported
2024-06-13 23:48
Platform
android-x64-20240611.1-en
Max time kernel
3s
Max time network
146s
Command Line
Signatures
Processes
com.shwoww.bbfafa.jfrhy
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
/data/data/com.shwoww.bbfafa.jfrhy/.jiagu/libjiagu.so
| MD5 | 39d77dcad8e2a44dd7226f442b3a6c92 |
| SHA1 | 6560fa96c6b5a038abaeee5f139a16e46088d9d7 |
| SHA256 | 99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0 |
| SHA512 | 7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:44
Reported
2024-06-13 23:48
Platform
android-x64-arm64-20240611.1-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Processes
com.shwoww.bbfafa.jfrhy
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.shwoww.bbfafa.jfrhy/.jiagu/libjiagu.so
| MD5 | 39d77dcad8e2a44dd7226f442b3a6c92 |
| SHA1 | 6560fa96c6b5a038abaeee5f139a16e46088d9d7 |
| SHA256 | 99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0 |
| SHA512 | 7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5 |