Malware Analysis Report

2024-09-09 13:21

Sample ID 240613-bxlr9syhqf
Target a35eed38e14e7b9e093f1f7db64967a9_JaffaCakes118
SHA256 9068a3f71b9849e1fc88488c5630bb3237c42c85dc40ccb00cc8204b697df824
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9068a3f71b9849e1fc88488c5630bb3237c42c85dc40ccb00cc8204b697df824

Threat Level: Likely malicious

The file a35eed38e14e7b9e093f1f7db64967a9_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:31

Reported

2024-06-13 01:34

Platform

android-x86-arm-20240611.1-en

Max time kernel

167s

Max time network

183s

Command Line

io.dcloud.H57993DCF

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A
N/A /data/data/io.dcloud.H57993DCF/mix.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

io.dcloud.H57993DCF

sh -c getprop ro.yunos.version

getprop ro.yunos.version

getprop ro.miui.ui.version.name

getprop ro.build.version.opporom

getprop ro.build.version.emui

getprop ro.vivo.os.version

io.dcloud.H57993DCF:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 dxp.baidu.com udp
CN 39.156.66.180:443 dxp.baidu.com tcp
US 1.1.1.1:53 www.maifang.com udp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 110.253.188.241:443 umengacs.m.taobao.com tcp
HK 129.226.170.70:443 www.maifang.com tcp
HK 129.226.170.70:443 www.maifang.com tcp
HK 129.226.170.70:443 www.maifang.com tcp
HK 129.226.170.70:443 www.maifang.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
CN 203.107.1.100:443 tcp
CN 110.253.188.241:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 39.156.66.180:443 dxp.baidu.com tcp
CN 39.156.66.180:443 dxp.baidu.com tcp
CN 39.156.66.180:443 dxp.baidu.com tcp

Files

/data/data/io.dcloud.H57993DCF/databases/bugly_db_legu-journal

MD5 e3dc24fb21bc5fbdeae9e41cb42255b6
SHA1 314f4bea47ab6fffc8d582069f2ea423213fdc8d
SHA256 69e1d6056e0ce5b70a2b70fce8dbb8fc7c21fb4ef483d4f4404c20f54deca63e
SHA512 2717e49373791f58d9f4790a728731935080f1f284d2caf59b801c16aeb1625e6ee8f853cee3d7bbb9c81fb7a0b829c421f8014a8438cc5de282b8ab7a19595e

/data/data/io.dcloud.H57993DCF/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/io.dcloud.H57993DCF/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/io.dcloud.H57993DCF/databases/bugly_db_legu-wal

MD5 03283fe94d31c8132965e53ee3a84031
SHA1 9be6d38c92fdc591e9f9924dd90215f90442761f
SHA256 8959f1606b66fdda92ef5b97fa68035043068df44232e2260558caf6343d448b
SHA512 56edffbcd760832ddf27812aff7e8711169c204522088df92b817d0f606246994cefa13419f8a5821573fc26f0f99a298f8937871df2f3e05b6e3f95992f7aa3

/data/data/io.dcloud.H57993DCF/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/io.dcloud.H57993DCF/databases/MessageStore.db-journal

MD5 7434636553d6f1e774d36caea7fb8733
SHA1 a60266985beea396d43b39b156c7654c589e6d07
SHA256 805a6c973d09a8c66d6e4e8e2041a8b338823cfd5801cc91d5dc5c3a865606a8
SHA512 5d54a22f08068243fccd1cd41b3f51abc4aee80b86b4e4a29599b16ec7e4c0484ea5e65d39ad25eb02c7591cfc532fefc77a3507deeada8859670bbfbb62314a

/data/data/io.dcloud.H57993DCF/databases/MessageStore.db-wal

MD5 b0bab738b49759146a12863b284b999e
SHA1 a86760be8b0e3801f4cf8cf223c4720c021b475f
SHA256 848f1bb7c43fe81951c64b0600255b317de9107f6fc044036e8948a1068670df
SHA512 17cb49622c1990df5af52ac48a834602979e5ac1a111a5a61171d10b22493896283eb38921c5450567bd9d4e644c8d69f9772beedd4a2e873c289e3daccf7e9f

/data/data/io.dcloud.H57993DCF/databases/MsgLogStore.db-journal

MD5 321759fb1c970cd490bcdc8dacac603b
SHA1 89fefa47ceae4624249aea322a9521128fb8cc11
SHA256 5ba7060f8abda1d3af4fc662842513313802643994eaf662b11ac3a14cf896b2
SHA512 93dba96ae188d947c49e193a7fc87554cbbdaa560616f0b9fdb0319fe61e44691eee966165c7948abb34375d3af9095b3d2b6257cc58f8686f9406f2db13c607

/data/data/io.dcloud.H57993DCF/databases/MsgLogStore.db-wal

MD5 bc07cabed1fe9adca5ae8f58900d0526
SHA1 1753af6bbfeec14752126d6ec69eafce3239026d
SHA256 118c3f0396a3f5a8c7e8f0cfb930749adb7ff4ad4db0b876307e48a9c5a17c8e
SHA512 59bdd8f64b7241ae94842c1b57c5b078d1f1186b2a19fa15f8cfcf861f6980b7cab67bbdc8ccb234516ab2b65ff2e1e19e0c5c6bee381aefb90309b136f9e3be

/storage/emulated/0/Android/data/io.dcloud.H57993DCF/1122181217098650#miaomaifang/core_log/easemob.log

MD5 f4b44e52455474b0fd1865ea083c0b7a
SHA1 6bcce1038c48aa81ecb62fb0b34a87363da7d54f
SHA256 15a17d1b571b7579ca032eb39480609a8c41ac82213f37c10968952b8dfe5b5b
SHA512 49be068145590c23a83effa0d98347e499659b80e561b0a69aa480f8e1628cec42f6e988a4df72e5048b006a23eb426cd6b4ba8741d93d94fc0e02014e0acc32

/data/data/io.dcloud.H57993DCF/cache/com.parse/applicationId

MD5 a689895f98eeba3ad54c857fb7d3d491
SHA1 7b4bbe717287a91a5a6ab19a0bfd0a314fcca556
SHA256 898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206
SHA512 6e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 5438c18293ea6220fba48297c5cd1a05
SHA1 8efd6a8536bd020d56a1c6bacca8d36800a117dd
SHA256 6ecfff3b1bc8bb2c0aeaaa73c3f5aba99a2e3299fd414c15094b2aa752155b06
SHA512 3ef9c6232d0eaca47731af650471905e5c1d6583ddacc523715aad0d06a2545c493bcc9459471a0f26a8b3382e64eb33daabda9156ae42d2692d003cc052e26f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 469611e7639272acb62dc3ae0e071cfd
SHA1 2b222896eedd2fad4a9a8da124e7ea9469d508a0
SHA256 6792662aca7bf0c10e60ac0183f64e0ad1e57616594489650ebe49767b0aeaa3
SHA512 e995257c2c5cb5f17fd1ca287785ecbe3625a9f2fefbdafb47a0acffacf38963a8de5c5bac4e707fccc5e56a7f82e10f83a5d36196027fbf15eb4af6ce051faa

/data/data/io.dcloud.H57993DCF/databases/accs.db-journal

MD5 21ecb0a4ce8dc20a03a02beaabe0d20f
SHA1 0242e5a5b1955879f62b5a1a72d2a9d589963127
SHA256 5c40fb91eab727b92568c38a8b1794a31db7f9e07ad522a8a862639895d5e665
SHA512 b60bcdc0c29e65b392705888b53694b0f58a37b66f7af05fe499c69f9e8fae908fd7fee7843d7d3e894e26ea484e82eaad73b32ae529555341d9d89ec93a1793

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 52f9ab7b985953a6a665a177afa0c4d0
SHA1 b405588e9c4c15084b5f5261a3b6094063cef6c1
SHA256 14161a55a2ea591ab4dccaa1e7b2627afacc5c13f8137b5c3fd4792d53c0ef97
SHA512 bc39b3dd2fee426b2be6411701aadf7f757045f109692e9128096b11a816a9822c03d0b79d1f8ffb23582a846d2a8829bd340e26c6026b4695fe066f3dc57e88

/data/data/io.dcloud.H57993DCF/databases/accs.db-wal

MD5 9f4589905347a279d49455a4c139b7f0
SHA1 8cebd702dabbe90f8430883da23c1d52d3967be9
SHA256 d0a9002864fa1a75a6ceabfa99c7f7bc9bd118c4bd3fea49761bb07ebb204d8d
SHA512 fdfe27c4c502e168ce5eacabe7f44c3cf8a3051e383242c32600daed92b4ee008b3dd75cb428aa7df579ed48d38fad24e1acef618da54cb0950b8ff5e33c790f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 47f189b1fc9f660b84c978241cd61e94
SHA1 b9e64cf750367aa50d0736a3a104301ee225ac34
SHA256 0fa94048a7304f91c78d4cd21e72c374a9da0431a88f336d443f70ee5fa2b0ba
SHA512 e5ea8c3583c9921244088c783039751970e46286f35caaa6ece46e5e92cfa6295222d422e7c5f8b17ea5e2c7daf2c6aa3820319361077b91179c0582bae18372

/data/data/io.dcloud.H57993DCF/files/libcuid.so

MD5 58d223cec0b32bf9b491470005b51998
SHA1 bb12b674cf3113e691b9bc6e920ecd0385e43720
SHA256 851cbd1790b6379d68a1117c89ecf6a274ddfcba33bcff19a89ea35badb75f1f
SHA512 3132835cf646217f10a9f14a5bafac74d5338504337062b36e3d39ec4017ae316986d3f58b4d379497dcf598e3366c72c8594a03ea1d09ca8093a80e266ae7f7

/data/data/io.dcloud.H57993DCF/files/config.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/emlibs/libs/monitor.db-journal

MD5 00fd8aa316d72ef14aade437560b9fe2
SHA1 a7147e76a780e74875db4546ba3d7eaa2c45500f
SHA256 34f9614b6e2df148923aa8ea879f3ef0908eed4039494c924ce3cd5c08e6055b
SHA512 5b4fb6c5b41d25b8874a413ddd2a9d267576271910509d19f87adf6b1f5dc38859bd923a548805c5306909e53737cc561644675bf845110088312f447f2b3986

/data/data/io.dcloud.H57993DCF/files/umeng_it.cache

MD5 ad6cd0b8256202f488bdd1547b036e35
SHA1 3cc4f600b4329bdab56f31ff7b9caae771abab4a
SHA256 7aa4a4acfd38f9a5f600be99181b7586234b2d4a9dd86e8e0c522b0d9a837071
SHA512 f33dcb4e39c26064a1e5508b9d71d97655ab5ff60f16bf6d0af5e74792f22ea1db125769189b573be2afd4e36400fd134af8c708b2b49dc5a9987df50cd64350

/storage/emulated/0/emlibs/libs/monitor.db-wal

MD5 0c15d33bc6b0fbfd5f4bf90fdf9e9b30
SHA1 dc9ace68924b929b38e09675205f7669fe8a4a27
SHA256 5584939cc83d4c0da2e7f7a6bf2bad3b1f4ead0ddcd161f6143a4c697bc77cbd
SHA512 346b58e32006fd52406166a3b5b6752a4bcc5b76ac0e826a74618100ce4c41da9c5f6dcf2b2ad36935c6bf1a1fd2fad3a99ef71e1bd1319ad978aa40a23bea39

/data/data/io.dcloud.H57993DCF/databases/null_demo.db-journal

MD5 5d4be623ad885b1f24e048cd9618e00e
SHA1 d8c409447a42348033f3d3cccc9bb6f7e20c8f55
SHA256 b2eaf4b45231521d1472bc330d1e143495cc446861fae17888539436c5aafb6f
SHA512 3cdacbbb7b3511fe75db7b276e71615f08fc03a52401294207542e7422bd71dac91ed00ccf71a0de43b36a7f35ca313fbe2c95dd020306b6ee6ebe9c055f1ada

/data/data/io.dcloud.H57993DCF/databases/null_demo.db

MD5 b703b172406139b1bb7f35c455b308a6
SHA1 b254a052e0ac6ee91ba4c41fd85c56a2d50d8e8f
SHA256 eb74099d3534ca367b1246a69ce7bb3c68173c84c6ee645668ca8c80a6daf0ee
SHA512 b265ac12d6cc9afa196d9a9dc59018fb678862c710e14cebdc71b71c909bfdc469dfc1f0b4e1df14219e47d9f9164684bb5a79b5c79d349ff3dad255c82e867b

/data/data/io.dcloud.H57993DCF/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjQyMzIwNjE4

MD5 96ef4541a9a77c62a4cd2448515ccb59
SHA1 1d9af656325b974e86974408ccd6342441839b9e
SHA256 983cf2f8d02359692757350b5a640e8933f6ec07dfd75d2baa326a61d65f4736
SHA512 c74f2fa58dbea6fd21cfd2ff2381fd16a2a11ed8721b180fa88e166cce6fa96b04dc24c06c47b6abed12b95692f0c73a4f9242c63a9b768c4e49e35a064914f8

/data/data/io.dcloud.H57993DCF/databases/null_demo.db-wal

MD5 1a1a767d51084507dddd1d0ded21c57c
SHA1 e1746624c327c90e6a9a3ece26cf01f21afaebfe
SHA256 7d436a7d8c6f60eae8fe899073f3f893e91626fa0e075831173ffefb74d3c65c
SHA512 e5e479441bbecbab614f9f2cd498178c16d84a3df9642ec4f60337ef78320c9ad92bde165ce38ffd886f47b82de32990e15f701dcb995d5af07217f8d9684874

/data/data/io.dcloud.H57993DCF/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/io.dcloud.H57993DCF/cache/image_manager_disk_cache/journal

MD5 b95c312668f38529ace2c4b053e277ae
SHA1 b6966f59f24c42df79388458a50b5ede9241b7fe
SHA256 e70a54e334b21895c4ae6a10eabab07ccd2766888e40f753ecd06b88a504ece0
SHA512 99adbca736411352d5ea6ace393995b55bf33f7d294660036b5c14948238b84702b3d989e9d5ec8cea272317a2e0116268c7a0a0284bc9225593a33bbbc3ea9c

/data/data/io.dcloud.H57993DCF/cache/image_manager_disk_cache/1268a8037502af7a9fee05f6484c826e9c6a4f89a1e2ed8070ad962768b71371.0.tmp

MD5 f5009873492402d232805b62bdc5ba19
SHA1 5174805a857aba3b2a9ffb00ee2599b753007b1f
SHA256 ee9943356a7b3e4303460017e2a3eb5195009e9dc0aa3f8c5e5e87471ff3cc09
SHA512 05702de3be990154ae9eec9e173f4f0209a0e4eea7573297a4ff714191ac5aeae6c450076d36fb86d9a1f40e88f28597e2546c0d76aad56fbbd94fafabe0245f

/data/data/io.dcloud.H57993DCF/cache/image_manager_disk_cache/6d6ade35bf2de18297b6cd12067167a309a54707c28634ca27fe54a05d123017.0.tmp

MD5 1dc8c54c266f0f0cf5d9eecc36a6bc80
SHA1 c0e5f4c19bb6c19bc9b3248487dcbe9a68f3e02e
SHA256 8ef5082d46835d15e57e5f48ee2fd73a128a47d568861aa173bf3678337bcee8
SHA512 a51b205afa4d524f0597d41c6a21a89b9e843e0cdec62066c468831295376019f3c00f8a77bbe0e7668d3f16d50af4a3698658552cb5e7b2cd04fd6349b301b5

/storage/emulated/0/backups/system/.confd-journal

MD5 dc10caeeba8783f1b786bf0d7a7c3860
SHA1 e5b127e5518240ceadc609f4e051bf7c13cebea8
SHA256 4d745682ff9595bc534386a500319b979f91d5748156551e6c47beef5a6f6e52
SHA512 e0589534969de4eee6e9b478fc84f2103e3cbfbde77d5e0ab333ad423e753c4c0717b22f7eea6b39c3631e790743dbaff88f5d5b84b59a9d147d762e9570c034

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-wal

MD5 215781804be93f360ef7ff29ac942624
SHA1 1ab113eba719703c8094ec44ffc84ac170ef063a
SHA256 f24d045cc94365158a306403d72c43e717191b60b99ff4ec072be2a6dd993da8
SHA512 6a52ddae05765eb24806cbd71a2f21aced920ae83579f8c0162b3d9fe2f80800f066d85f5c6e625ea003ddbe5859d0b2a053f0ede62d1844ea8ec28d3c415db6

/storage/emulated/0/backups/system/.timestamp

MD5 022b30e69897e7f2f16a3b6bf888cf7a
SHA1 de3ed689845f107f6be3ca920b3760c5b5bfefb1
SHA256 d76152c7e17818803be41031d8f90dde49922ed1fc8c498e9666a07bf2b8fb6a
SHA512 8dd59134df46c07d84cc34faef861ccce02b4a1615be51999302fddcb24a7cca5aa796bc494408a5ae9ede11646678de986af7e6feb02f5825cf0e70fed242ff

/storage/emulated/0/backups/system/.confd-wal

MD5 af2adf6f035955fa1360febacf13f0cc
SHA1 d3f5cf2c9f563520c4f420dae4c8300fe5beee67
SHA256 ffe3da70e4093eb5ae7fe6876a22881e0f4262f2badbc5ce33558204e6c9ec89
SHA512 340d283b480bba917221e56ae79870477a2ca4a755a100ee6777bb1db76d90f5909ec17a7a0f64f323f797bf0bcc14145876f5faec207f390abd337a9a094b2b

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/storage/emulated/0/backups/system/.confd-wal

MD5 86e39a70946f6be79ef01bbdb9c8603c
SHA1 197eb20751f8aace93e6e2c91d65e1b6bbefc9aa
SHA256 1637253e712640d6e8e8f0e785f749aabaaaade05f5b5860370ba79c5ebdf1d7
SHA512 ed6c692401d49c1869efc1bf7cb60d2b7532e8bc1196e7551748fb901fe52252b9ffc876e82624bb76a0789cf8ade6456272237af21149f6580dc1483680beb3

/storage/emulated/0/backups/system/.confd

MD5 520fb40ce94b47a57de31a2612e7e205
SHA1 c4e6ec32fb3835f02b916878104aa24a7de15b9f
SHA256 952c3b292287ff1bcf92c971a1ca44a6ca8efba5dc06612c17fd0a2a51cf621c
SHA512 96d07bc8e421857db326b2af7ece42ff84898096a565ab247fcaa2ea94aabc6de9c03a95841a96df8ca4bfffce17bcefeeeaeb037d560b733637aeb8ef0684fb

/storage/emulated/0/backups/system/.timestamp

MD5 97dfd056ed1b54d6da30669ffd334ef5
SHA1 e8ceb29af03b0a14186e6ced56c516e88bf11bb7
SHA256 780e01095a11f8c4ec27b8508d8d6d18db8e3049f1d9140411fc095f18233318
SHA512 d399444d261e826e311f9279c0153387b4f867cc0d89ce1a8dc2d81334afa98d5d7d73ce67fc68b65610f54ecf5482aacbe3a7e49ddf373450aae20ca1355c09

/storage/emulated/0/backups/system/.confd-wal

MD5 f85e887b2061671bec5b1d8ed4637c09
SHA1 f7e2d6eb0af5c5982057046f993cdaceda98cfa9
SHA256 3f6637dc0c2d6ae985a7c631d83ed5d46547d892a96099e7e9ff7b6828822fff
SHA512 a737415425a1be2f6e37586794f7884e7ba00653a6b87037dd3692d5434c4cff355e040416ce1ae032ee17c863e7bdb5a45402fb60b24ec1156b3e524abb2568

/storage/emulated/0/backups/system/.confd

MD5 f6de370987b9e4d4924a67d01d4e7790
SHA1 9a63b52a4a9db88b94ae71de85261ae7dd15230b
SHA256 53fe7e3cb149574a9d9b247d09e2102861a36f072eb79c1283ec8734df316ad0
SHA512 14adc11fdc23b82aaca6e250f0710524e2a4fe7186e13e416180a4701b344391c3f5cf6de99ce299f866baa012e6482abd5b0ac5b994f73de9aad857054131ca

/storage/emulated/0/backups/system/.timestamp

MD5 26144d2282c0d888e4ed31b6ff5fa1fd
SHA1 19b4ba23edc419e50c1c1a180104265427adbb48
SHA256 c19d6aa6d68d0330065c7f58eebcb05aafd5fa27e1de3b0441dba90958616dbc
SHA512 a32dbb743977822101966cbbd1488a3edc1973d79799c5f509c78cd9274b0a453bc874f803e8779891ed3d4995fd5a2218deaa6de23f84c8d1da4afd96e7a687

/storage/emulated/0/backups/system/.confd-wal

MD5 9a34c2a88aa7d9fb126d256c4074651f
SHA1 b9b505079cf9657bbf0ba07d323666e8b998d3d8
SHA256 1d5460c6ee402edbf177f6cfc13efa7656183b2e95a028729b8e06d003cd4e3b
SHA512 024f758f351c577d059ae5887f6129712df266434202d1da5712879a601410941d84e67e293b88480c715d79f2ca5569dc60b60b3566f706ffa35895a27a4ad5

/storage/emulated/0/backups/system/.confd

MD5 198ccd5c0aac6e5db0aa4e77a10ebca1
SHA1 8a9f8a59a2157dfe227b5f3b715bb3d3919f1980
SHA256 466c8b8cab343b341d1cd99ae959c79ab2892ab46aba9f2b729d6a4604397c18
SHA512 696a60ef0e83d8b1464250d977009c082dc1b030f74aa795df5b257b14d312b91ca1e3dffe8866de45f640fb14dec183ce411d818a32fc263f00c59580c2156b

/storage/emulated/0/backups/system/.confd-wal

MD5 1484a7409a37fbdb4cb143671a40a543
SHA1 44c3b6c64642c4b8235403defb4785532289bae2
SHA256 cbefb925bbeb7507c4fa154fe817e657b6ffb95750938cffe712382221e37ba8
SHA512 8d168f17eed03b5bdd556b268c0a82baa870221500923eb7239067459e695756b780c753f637b0a5f541705f2d351b4251af23cbfd942abbe6821b0718d10c7a

/storage/emulated/0/backups/system/.timestamp

MD5 5c24fe9447d9734b5069428e961a5685
SHA1 3e5d3416ec054b031eb1452749ef05d74066af26
SHA256 f92ec6919e0f1f14a48f4486e37c479c20a42183a80c7ed8e79b092b298a8d6d
SHA512 318b8c084de2cab9f720552448b6816dab6469ded8dae2af778523662b6e78044a5f0571708c70b993a15855584d106aba567380be6eeb987e2dcce29b3e6774

/storage/emulated/0/backups/system/.confd-wal

MD5 d3f76813ffe3de28d6073ae09da066d6
SHA1 ca5031caecc3c4db28d23cedc24207e310434018
SHA256 d2b598a2d687d099fbfc6cd1cd6618a37c111e167af2c3888bd24b9cbcafba28
SHA512 6f6926d74ee48d78f4788721d6d6e0dc527dc72bf94d3804a84cdd1e9b6659dbf90d767832c52d4088eb53116aeed7b4696a836ac18b84f681acd0206f018ab5

/storage/emulated/0/backups/system/.confd-wal

MD5 46d457977f30b872d59169733714ac5b
SHA1 1e74028738ea13156de7f665ba3c29adbe674c0e
SHA256 ee5264b2aa43e348b8a0f0ab53d41280c809c8d2a17cdb568822300389429820
SHA512 803f7b78f578277c09c833ed51d3e23faa4a619d6f3a448601dcf2a1177b713734661b767339070ebe1616f2384f002c7ed400afdb2884bf5ae74e37fc614384

/storage/emulated/0/backups/system/.timestamp

MD5 b10a9fd3eaf42a64ba7e9edd47f4b98f
SHA1 173b1ad38f7d03328aa2cfcc5ce47fdda6b75840
SHA256 e726b4eb4ea0a1dc769763ff2783e27eee71a000ba3821de68b683bdd5f31b05
SHA512 0a63255d70895670fc81fe9e8530e85dfccfe444b6fa7df67a3839a1b6e9224c43c81cf1425b78d62768c537592d1a39958106185935fd44e1019e507cdb00c5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:31

Reported

2024-06-13 01:34

Platform

android-x64-20240611.1-en

Max time kernel

2s

Max time network

186s

Command Line

io.dcloud.H57993DCF

Signatures

N/A

Processes

io.dcloud.H57993DCF

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

N/A