Analysis Overview
SHA256
966bd3727bf14b5c4445281b51df448e2b9e8424f6a4a705e0668de19aa1f17a
Threat Level: Shows suspicious behavior
The file a396e03d71076f107eef467bb20718e8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Requests cell location
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:48
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:48
Reported
2024-06-13 02:52
Platform
android-x86-arm-20240611.1-en
Max time kernel
168s
Max time network
157s
Command Line
Signatures
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.xiaozhutv.pigtv
com.xiaozhutv.pigtv:romote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | api.xiaozhutv.com | udp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| US | 1.1.1.1:53 | abroad.apilocate.amap.com | udp |
| CN | 59.82.44.11:80 | abroad.apilocate.amap.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 120.53.213.17:10000 | api.xiaozhutv.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | apiinit.amap.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 203.119.169.174:80 | apiinit.amap.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | restapi.amap.com | udp |
| CN | 59.82.132.217:443 | restapi.amap.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
Files
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 5008fb9bf75c41cd1bb3fcc4f1f0fc53 |
| SHA1 | ec1bb1c98c15cc1f7c40c008cc04c11e4df95938 |
| SHA256 | 0fcae6f2843e37ee2fe4b30676409285fcbff66ca1c0d35e3aa0a6f20e7e7a43 |
| SHA512 | 2fbee37ffe6fc96249ec6304e5f88e6cb57d7b14244639d76b990d004172288dc8f37bdf11b628f63c1531d9a0efd37c0f4803deb2b546f1be5342d5fd3e3e05 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 5707989a96d4e0bde1d75c04cdf15448 |
| SHA1 | 18a3ca9d2ed3f8eb135aa24a9d887b8d07af4adf |
| SHA256 | fdc6b8a00aabcccf372171513a9c66074115ac34e4b9d54bad615e9e4ed0f2e4 |
| SHA512 | 92ae47b610f738652faf16566a5c8d2c03b0c2767b72281097d8f92c698747ca3281e5978d4a9f459ec0cca05f693235980d4b09842c2c726ee6a0a340a6f862 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 1acdbcbb51626baf5042bf804c4d44cd |
| SHA1 | 995a6ca32f40e43a8afae31f25a339855fc66e8e |
| SHA256 | 143bd83e37ddeb599c5ce58012e125825b78b802e1292b7eae506928ca88aaf8 |
| SHA512 | 592e890756c93378f8ecbab87db0ea91366484b544070a8c944db90a8774b210857813e415984b518aa1f112a54c61677e82ba6558703ad380cb42f1e161edd2 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | cf12bdf1782f2b4c9df30384516c0250 |
| SHA1 | 6a8801ebf102516eeb97ff1905489362af91e83c |
| SHA256 | 4a2ad2721da0d7ec19135c856b0ccdaadc539219d134f39b1846b2cf4e0b811f |
| SHA512 | c5580d34fd8dea81080f560a7e4ded381070b8eef5dc55ca7faa35ff4010b24a6a7c1ef6665cfcee904bdd55f3200e08a8494bd489cf45b64dbd3d1547690932 |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-journal
| MD5 | 7c4687652d00fb607fe9c076240cd08f |
| SHA1 | b3aec71af67c73fe23a8658aa6d6648497203430 |
| SHA256 | 765a46c29cb8e797b1013ed78d0ff0d4ef7b8791db80eb36269c44a201ba9672 |
| SHA512 | 59e9ee4d456792a79d524957443030656afe4a4e6d7235006b22f1715f963c10c2ae80e6b0f4547f2685716e86803dab42c05b43deb30450652459b60a180a4e |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-wal
| MD5 | 43a4b4a3bf930d5a406abef004ee423b |
| SHA1 | 60ae43bf994fd6ae36e91ab51a8a8f00a168b45f |
| SHA256 | d594093c2ec3e13929778c2ad07c368afe8c9ff74acabe60cbd7cabd1e8c21d7 |
| SHA512 | 177ce38069b37010fcd3e3e9d289a23e52730aa75f4d4dd3ec85a221a70ba776785e1becbd810a473f8e861bcb9e7c8b286b942316b27b59263f92f894127c18 |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-journal
| MD5 | 069e047a9114fc2516b4fbeb55740bf1 |
| SHA1 | 82191cac883d4d92ba3d15edfec86cae66e979c6 |
| SHA256 | 86b6487f5e32c3d6a6ec04b46b044be461481edbcee4534efb9a550547131d56 |
| SHA512 | 1c6d83de8e61059683593557b738e09cc5945cd110eb967b4854a321a3b7b4d23f4e696f5a4f9090dcb177fb7408a9aa7d6e20d130f190a64cfe1c246601979e |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
| MD5 | dfa742fddce558e29eb869ea5ebc7e65 |
| SHA1 | 6daded8176ba9253737d41490108332f9f64fff0 |
| SHA256 | 430aeaf5267965d52da2320255ef1e7569773ce2eac9f9db3ffba3738a98493a |
| SHA512 | 7072a0e412065b34f00276ea2f14dd1992e50cf93d031e105db5e5797d558582e19e25f2700f32e84246f6758fc0849706b979dbb4c6b63bc717ec01c45b900a |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
| MD5 | 9469f19c8b7acdb876a544cc89574f39 |
| SHA1 | 0a94cd48f82195f85d9a4f787e694b006d23de87 |
| SHA256 | d143c3b22b05cd6a4c40ed3d9b279d034f3c022efc154b12f05b0673bb58bae0 |
| SHA512 | 2b5d0150d666f763b4ea07ca1bf3b48dea04326de19b09ad2208ae788802b0d800b40d22d4b1ebb89a5318a99670dd3ae3b6b9be73597b160d5797ec0034334f |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
| MD5 | b7272ee3408090bf76298ba6bee08247 |
| SHA1 | 0c6d7ff9ce13a84ab9066abe317b5e76fc84e3d1 |
| SHA256 | 35706b85afab721b4ad4d7a951244a91654deafb6f5fa50116cb74bbc3ccd5c6 |
| SHA512 | b93627ae6087e85922f0581e5eeec00ab43ead8e6758e6d1d55b0d6af861c09741cb03d6e66d698d47adf09041e3a6c3f5f5e4e5c1b612c369745aff32019d8d |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
| MD5 | c38ebc0bb438e94054bafbed202081b0 |
| SHA1 | cfb88c966710fb981e368ab2a493518aa6d07cbd |
| SHA256 | 263dca744e18915fbfc01499e24005269384d9f770116680f1b0b8ac75304981 |
| SHA512 | a6ea2a27f3b53d232c5f0f3efdc1fd295658b96147f8138cf91b517906bbbd69d1b7d16d7f8f11c33c2d49f72830d26d125e88a8c3540ff57a573c634bbbfdb9 |
/data/data/com.xiaozhutv.pigtv/databases/hmdb-journal
| MD5 | 08b9c14328968b76b81b2f31c1dfcb60 |
| SHA1 | 0b496b1ac8b4733626c7b9b8b92935561b2aefd4 |
| SHA256 | 6b259e1e211fc61de8cb4bab17e72e15ec2f9e4d437a4ee8f677d85cc3253fe7 |
| SHA512 | 1a6cdcf212b93b8b8849c6c302b3913ad37c4e32b9a0d35589b427607a9b5a0b1a873ac392ca550928a264314161512cf077e55184644de7e29f17dad89c61f4 |
/data/data/com.xiaozhutv.pigtv/databases/hmdb
| MD5 | 3fe30614d7e0d11db870b4624f6c50e0 |
| SHA1 | 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533 |
| SHA256 | 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d |
| SHA512 | c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae |
/data/data/com.xiaozhutv.pigtv/databases/hmdb-wal
| MD5 | b6b82c9fb3c1ac95f4e0302620575b54 |
| SHA1 | 9e7770d6e01990dc85f14d7ff8c4f3c3fe0666b0 |
| SHA256 | 1f77634eccbe31e88de548322381cd0552ae3d353ef67076e3e882823407f6f8 |
| SHA512 | 63f40a21fba94aa913c234a9a96d7a06a695d8e421b87daec0b3666d1b362977ed657bf946dd40200d7167c66696eb4b47d9b44650f2d43d392e0d88ec6d51d8 |
/data/data/com.xiaozhutv.pigtv/files/umeng_it.cache
| MD5 | 7466ca916a986eb46345448dc07ff1af |
| SHA1 | d925b733a5558757b909b5fc70d6727db9e0e668 |
| SHA256 | 5c4b93d2b3f1d006652ed7fa39f95d6239249cdf097750b8630495579cbc29d7 |
| SHA512 | db5e650f6c9737a38e07c6d764124c30f367d6e24f49f806789813f2a8b37ca366ebe51e80b66feb34475dc4cf635785c7644154bdee2565169e32fb457879de |
/data/data/com.xiaozhutv.pigtv/files/.umeng/exchangeIdentity.json
| MD5 | 75640f7a82922a7a944c2bcd2c6fcc91 |
| SHA1 | 8fd2001509f712ed504db910831d15d91cd2a6d4 |
| SHA256 | 5c635b0cce8962b8269a0c988a0e8409da4df338b39e9c3517e29d659f15dcbd |
| SHA512 | abd64b262c9f86f047ec4850cc24482cbb47b7e2e4291d4b0a323475eb51febbb7d85d4270773c027f5374375c9ba639bc6087a3033b4b83cfb2b46b83636fd3 |
/data/data/com.xiaozhutv.pigtv/files/exid.dat
| MD5 | 06b7d8fe0f96ce6e758d03442b42f928 |
| SHA1 | b557be80f3ce6500bbe4e4ca687533d0c126bc0f |
| SHA256 | cf10f6b6db3f44e4b4ebedcfcd6e2b75c624f5444f09f52030606f7b31adea36 |
| SHA512 | 534f72a2f18853c4bd8329001dc27ea47906eb4e2338d9bb5133d2500d47fbee9d1e7c6aab1011455d8032f151e381152940501374fad58707d002ddb6ed78f3 |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db-wal
| MD5 | b9e8f80101311259aa371ceccc463b59 |
| SHA1 | a02ee40d5f907dc111c317f61784b3c5d8b4e0a1 |
| SHA256 | 5cdd344e8c47692b7027f1e5527904ec00a84ba8b887fbe87e5e96bedcdef69a |
| SHA512 | 58c3958616c9aa0f5f66151486e7d46d52d143e5620aad1f5c19c3e969653d96f84ed5a921d38001340ca8708559a57fe5b8a091541ea1737dd75738180d4708 |
/data/data/com.xiaozhutv.pigtv/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db-wal
| MD5 | 0754bf046c49856d0242350ba3e73bd9 |
| SHA1 | c2b2a0a0103c703a34ecb37a31d420bdb3e42fd4 |
| SHA256 | 12f1441aedfdcf95a2c792cdfac080197b85f8f01253a8cdf2a4298dff25a683 |
| SHA512 | 215730d5400e652ced792e702d312eaeccb20efc1fa3dae39740c700119bd5b7e4df80ad4ab5009e71d670a228f048d13ac1194f103c0f0c996d8adf114bbbfd |
/data/data/com.xiaozhutv.pigtv/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.xiaozhutv.pigtv/files/.um/um_cache_1718247078792.env
| MD5 | f0be096855c632e41f38d5e9b5e8809b |
| SHA1 | 45214ec12fc7643d9d8b927866c5ff62b58224cf |
| SHA256 | 2a339d3b6e403d1ba19fcaa6a00d2a70dfbaddba07cabd0bfabc468c2cb197e4 |
| SHA512 | 07fae2ca174d7d9a30c1cdc24e8a6650d436a603965bacc9a07677c92c1c1fa0965ffcecd25be5d9ad8111c57c4c8c5c623a19cc8fe76abe1b3fec427882aea9 |