Malware Analysis Report

2024-09-09 13:19

Sample ID 240613-a2edba1ekk
Target a3329d98253d480cc9a58b7edb072857_JaffaCakes118
SHA256 4f6400ca760eef1336900ebf914caf3b15ba14431a75430a2c54363457c1c713
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4f6400ca760eef1336900ebf914caf3b15ba14431a75430a2c54363457c1c713

Threat Level: Likely malicious

The file a3329d98253d480cc9a58b7edb072857_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Requests cell location

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 00:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 00:42

Reported

2024-06-13 00:45

Platform

android-x86-arm-20240611.1-en

Max time kernel

157s

Max time network

179s

Command Line

com.xrzj.xrdecoration

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A
N/A /data/data/com.xrzj.xrdecoration/mix.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.xrzj.xrdecoration

sh -c getprop ro.yunos.version

getprop ro.yunos.version

com.xrzj.xrdecoration:core

sh -c getprop ro.yunos.version

com.xrzj.xrdecoration:core

sh -c getprop ro.yunos.version

getprop ro.yunos.version

logcat -d -v threadtime

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 app.xuanruizhijia.com udp
CN 39.108.219.197:8888 app.xuanruizhijia.com tcp
CN 39.108.219.197:8888 app.xuanruizhijia.com tcp
CN 39.108.219.197:8888 app.xuanruizhijia.com tcp
US 1.1.1.1:53 wannos.127.net udp
HK 103.129.255.21:443 wannos.127.net tcp
US 1.1.1.1:53 wfd.netease.im udp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:443 lbs.netease.im tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp

Files

/data/data/com.xrzj.xrdecoration/databases/bugly_db_legu-journal

MD5 3ee424210052638568364dccf2296f78
SHA1 3a3835df525cd442edfff9a4598cf0098c393ae2
SHA256 273f9398c071aa6bfa47bbacc3b371c4abd2e5ae942bfc6e0b11a741c8819f78
SHA512 3707042ff2e647e0eac6550b01de3cda3418e3791cfe0b7abf6144ecb22c54a301ccf2533fbdaaaa8d07ef81fffd458b06df00e97ca9ff867b0bfefe09573dd3

/data/data/com.xrzj.xrdecoration/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xrzj.xrdecoration/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xrzj.xrdecoration/databases/bugly_db_legu-wal

MD5 0ddab62003896a54635768852cbab4dd
SHA1 9f62fa6ba0d782fa16b663fcc43678a68ddacf89
SHA256 32b3f04367cd8003315e37ffa917e62e0cfecab33e0d8b35be6eb254034a46cd
SHA512 af3a0f3a46862c669ea1cf93e52497f937b2c47443a9c443eda2ae6d99f1dc04ccc982d065960d1d55e73d0d2a8ee2ea9e9bab8acc389f87f5b2e0084fa4201d

/data/data/com.xrzj.xrdecoration/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.xrzj.xrdecoration/databases/decoration_xr.db-journal

MD5 e9db79e68dffefd38d1169f6f70b8cb4
SHA1 3a1c68da6d4bbc3c796992ca2394a376fbd000e4
SHA256 15f4c8b2eaf647c1eac9c70828e39cee453b87b2e930f4a7e04fa6e258e6509e
SHA512 97310ba1a987471ff22ed0515458dc94fd180cbb72a8cc106e962f5cabfdb3adc783c2a922c12d7521a4ac1b2bb13cf3ceab2a127d715aded4dc8069547b01c0

/data/data/com.xrzj.xrdecoration/databases/decoration_xr.db

MD5 9f1d473cf22f0aa6b65c967e761bf23e
SHA1 9484833b09b3728464c26c4214c559fbaf936e4b
SHA256 2ce72e95ee93fc3eecc58fce51f3b2da7526ef96f72daebdb59ff6875f467d13
SHA512 731bfbf7062e3fce0854b3d46810372a147357d29f667c7917cb123f40a74a5ddfcf4360f48834f13a585afd6cd5520baf58f7e88b991f01863366381a68127f

/data/data/com.xrzj.xrdecoration/databases/decoration_xr.db-shm

MD5 5931ff0f2b6177db7e460a1e801c6039
SHA1 be2ec994b5f50dcba50d9ba128e349dd52dfcf23
SHA256 b4693f758f145a73d3ffd3e464d5c4f75a82442c97b67e4b80f36fb459603094
SHA512 4755d2008e33cf56fa35017128d513b312c6b2e77729d29b4c851b6cc8e80ba3328c8043736333b50e482ab5e43345b0942c6fcacc4e1acebe0dfd9a0461ad7a

/data/data/com.xrzj.xrdecoration/databases/decoration_xr.db-wal

MD5 5a95831283726e0d133734048fe37a76
SHA1 0387b0cb084fa617d81b8eef538e23e62b7b899a
SHA256 9cb7c2cfb9b347b51549a8d75e9b3538cd27d1a530ff4c8337bf9b82f910699d
SHA512 b919f20fb4d1c67bdd6e4d4ec1090459ae50c6528be8f546922784844dc44404db324537b733b0b9ea02a1c548dd1db5be3c0609304619e2aa7019c3ec3439f1

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 27b63da1e606fdf2be01c0be5ebec0c6
SHA1 ac7daa2bfe9c7dac8fadde1d75fc6699f276f770
SHA256 ed98d29f94f2e8eb8794538ab778546b2fc582fb69b0b57df2cdd676ade6668d
SHA512 8dde4fde729a45ba0af1872b3b41d1535d053c93e94ff5e7fca46b93c070b1f15daf4631e4459d1ba99025cffce582320f50ae65621f98bfc1851883d863afa9

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 db2d113f8673fbd1542d361154d114f2
SHA1 a573c7b324de9a39fd8a28cac72e95b078b642d0
SHA256 7ba429931a563571ee806aa3eb9fa7e8771da882baa4c4a2a0aefd481e2617f1
SHA512 30cfe4f157a86a1a13b25f24610aef1758e6941c0491a4224f98b56bd8eb2d4252d95ef61a310e0d2d2d61a31fb9dd08ac5f9fdfd2cb4317781f3a75ef5dbfce

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 7eeac4bcae58dd17cdf9e4ca7e3aeb23
SHA1 52928573ab871d3fe47ecdf8d4062e9de5b66e1a
SHA256 9bf386c4c33e30bdaca168f431c408913d661d716c90a73f02bc20221847ba85
SHA512 ce2f7c5f48f9fcfc791361fcb37f39bced00142552378a2b8ef3fe558a42e08a4650ed4eb22e318b340ab0faabcdc8bea2025f0db2e3b59868e637033a9f4eeb

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 04023e85f4e54c2879bccf768998376b
SHA1 af4edbd5ef9b9a6665e108bec47403179a165977
SHA256 fccb3a990fd5c9ee9039216cb8f6acaa94fa14795a8e2bff3c2b5896e69ae19a
SHA512 6fb568ab6bc0f48aacabdfe96898e5b31ef3a1da828a66098917963009dfad6922e0875eacfecf5360ebcfa32c23ead062b4cc2a14f2bc10b1a076bcc3dd12ee

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 961ae0abfc0e96703ffad34e51091621
SHA1 cf9192c570a88d54cc32423c8656b43f7236013f
SHA256 53ce2dce9d90232d5b413a3d9f7ce4ccfc45473d4d54d639068b9bd2f29ae8df
SHA512 1723a81f454eed996161c019afad0eb020448f0536b204e2d375c661aea0e81e0c0ae0124956db697c2a83697fab89919aa857595df2f2398bd27aed2c2a608d

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 21d86e74e66d7512d10fdf69608a965a
SHA1 95a99bc1204d01aa03def5d6c388768e0ebc2fcb
SHA256 50fac058e03a9924685059b6676425c219d28976a557c67ef7ee78fcaadd4324
SHA512 32ecb9c5224602be6d496df7e7cd6d478da61763d728ece727a1fbf3be664b46929c7372f8e0a1c85515e587843aa17265052912b30fb31ae11039669ec50303

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/app/log/demo_20240613.log

MD5 f8f9a0ae8e2d324473eb2ba5aca31664
SHA1 4e7e611d15fa3e57732a18215831fc42d8487aec
SHA256 9bf53106cd7ed64a2026320af31fa3bc53d7c16911689b48a12589c91e7f3221
SHA512 fdcbd67ad6e53f847af930e62240bf6e783ee4344b613dd6b0c0a395cb6fcb777a8ed2dca67ab265c56805000372350fb10c591fca8abe7980c9eb2edb68f3fa

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/app/log/demo_20240613.log

MD5 a27dce099a17bf3fa89f16f4f501b0f8
SHA1 8a1ad5c1a97eb2848ef8c06dad932cabd55334a9
SHA256 9507441e598724e1bf3eeb922d1ae479393ff1acd3f163e3109ddb6e8cd05f7d
SHA512 b1808b5fd9b24088c3246f4d9d205f962869b9e0f7d4873c377ffb35149c7240adc43a69215bf64f3d4e4721755b62880742847aabd834bb122a1f2ac9100c95

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/app/log/demo_20240613.log

MD5 aaad4e773f03879eefca1b6241b2e4f6
SHA1 cb1aa553e81aaec36e920a4523fab64d2f77e97f
SHA256 c7fe93d07d8a3dc49c608fb5bd3242ba9b03727ec997e8c20095aee80d1977fc
SHA512 7393b9bfbdeac3928411ae1d79b1c415a1cc9c542d9e566bea318e56e7a9051b4098286756bbdfa61a093ca9f1a15e88a4f869ecf737ffdd1e3965466072e5f1

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/app/log/demo_20240613.log

MD5 88e77ab314aad01d0d10014f74a64122
SHA1 7dbab5269b932cf51bd1e87c621eda31a5c80755
SHA256 4319876d0c398e034492d38f72910409c2db8e0d39d8ca5af3fc87f2305140fe
SHA512 a71a99de7f322e04d037393e142d06ee9fdf3e4c4e4159f810bb452099063d1fd07cd9b5c5a7ecd00a79bc2efdbcf0ace4e4139b4a123bd0a96bf6a362d5f998

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/files/tbslog/tbslog.txt

MD5 006cc860e88f8139f132c801b5031be1
SHA1 f37641e760a076e036a9098ccec65d7e73bd99e2
SHA256 ed68f68271e20a7d9136468d905374c28fa5325760c7972c3f7c425f8e89c9ba
SHA512 31d6b719868a784d074f285a20d62ab07dd43770781e26a4852d63ea7a747ca481c050aa719d2a4fd7ed1f29be01cae716bcdec842b32eae91f6f93a9e7b4dbc

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/files/nrtc_config/official_config

MD5 1c4e4cdc8d2a582e6da538d99132da52
SHA1 f878ffd104a2b5d943a53ec21d8591fe6e7319db
SHA256 931064431d95601b3bb3f491a369c8745efd7f6d44325a2ec81234619ac711f8
SHA512 eb109d2265f8bce8142bd0e9c34596c12a28cd7cab5a2e12af3a38fd4e43223dd932ffc8a3e617dca6234f556ec310000de6cf9760e6333325f585897fa79433

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8d863e65818d4d00b57314a227797d30
SHA1 09012d5bc590e64bf62b83c8b47f96ff91739cf2
SHA256 f95f8ce7b7f123ece0d1212fa9fdf04063e2acba65676b891676321d111965bb
SHA512 e62db492b9ec7825427f83065f92acfd8129be32cf538ef61ddc3961cbadf42d867df3ab9dd1a03a0c4c90b93e647c5b0f5b1d6966ebe08900cb33175ae941e9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 12cae66e3cd9994606f8c068b76c9948
SHA1 cfc790f2c01e7c5737add97dbf8714afeb7b33e2
SHA256 7715480f903dbd22170fcd095515de5fbcb6bddcd341cbd3f3a5450fc1b243bd
SHA512 e3177915a99846d599ba00abd8320c308cab3cc632451383f20f1f58117d807d588974f6763a365cb1156a8b4236b3b84edec0315fadd9b85759ddfb324e7ad3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 164c8fd86b4af4b99d2646f6486db8dd
SHA1 c3713e0c5c3e750f8fa075b35b5b193a89d462b9
SHA256 3ba3af4ee8abbd472c11c507586aa82619555295127849cf41a394a297d4646d
SHA512 72c4d4109888f87837e960e95ee7b87d5fc4bfc422a814c81c8f06208c1206a4dd20f1050920607db7d1b1b578e77447ecc1408f7ec8fcba2f35742d8ae03e71

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 5133ee2648351c78dc5ad5e961de7691
SHA1 7be5b1fde39d21a8d8d8514dcbcba08978e8052c
SHA256 497c23e88d9ca47f980b993ab332f5f9310343da29443336d5eace93d8b48583
SHA512 99310bc18ed3a7020ecf1382fdbc99a618cd2d2c1929ca88a9f91d6acaf15d3498ec2143a996a74c46714bbd4159c23bbcc032bb06690e4172977b9cc4d8af04

/data/data/com.xrzj.xrdecoration/files/umeng_it.cache

MD5 1b4b2c6d6051f4cc4a9d0391b37a1121
SHA1 9b7aba338072abed255a1e7187cde2807544803c
SHA256 9f34035351a7c850594123d1db6636348d4fd69018c7a43c204baccafd71f2d8
SHA512 759a9ca1af1a228d0ad9644b4b1eba2643b200b82c71ceb5c161b6f1a006b17a0c3d3ae0b21e757a3fcaec5854849c6a4cd979aa370b5b62468f07377196df26

/data/data/com.xrzj.xrdecoration/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjM5MzYwNDYy

MD5 d258bb213314a8c0a7f541a44907b521
SHA1 a6ee0fde5b4c551ee26a9f8ee1871a13f7df922b
SHA256 8f88b00ffb664643f99ebab2c5b33eaf1702c9d8e5fb2476eec0e8becf300870
SHA512 085b9bb437852d9a98baf355ea8eff7d345738749e788dfad12151c266fb4f71605a456e637219f6456fd48d4d971558495ae0c7ea59dd271afaee55115c27f8

/storage/emulated/0/Android/data/com.xrzj.xrdecoration/cache/nim/log/nim_sdk.log

MD5 b4a79c89121f73e39fc9a7425016bd22
SHA1 05868c2681d9cf6bee51876c4cdcdd6570983094
SHA256 973a19748783600a4329a0f9888c394fdcd68a08ff37e9ea3bcc02b36c20a44c
SHA512 31c37dd7c6085f0f49500c13930806a05ebe796cdc5dd7bc3c99bebd620d9f74d5d4c7f8c831235b2034d6c212ff168eb6923dd90b7eb33bfc4affa025d8d35d

/data/data/com.xrzj.xrdecoration/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjM5MzkwOTAw

MD5 723fb7398b85a0d2ee62353491c9da23
SHA1 39e13037a2331cd354f70e7c4a348c621bf3df88
SHA256 284565eb23a6552f872507b7a600c4b46bc69ba1e6eb6898f3e2d341ff9afdd2
SHA512 c46328b28afc44325cf62e9706700180700e643dcfe786f556ea8150740bfa52a37382eb2b0e2fe1098d7ace937d9bf8bc48aa74860afcdc7e41fa039e2fdb03

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 00:42

Reported

2024-06-13 00:42

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp

Files

N/A