Analysis Overview
SHA256
01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f
Threat Level: Likely malicious
The file a3ce87d2cf83c2fe9c55f27d8ac98bfc_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Queries information about the current nearby Wi-Fi networks
Requests cell location
Reads information about phone network operator.
Queries information about the current Wi-Fi connection
Queries information about active data network
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:20
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:20
Reported
2024-06-13 04:24
Platform
android-x86-arm-20240611.1-en
Max time kernel
128s
Max time network
169s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.carlffree.recognizer/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.carlffree.recognizer/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.carlffree.recognizer/.jiagu/tmp.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.carlffree.recognizer
sh -c ps -ef
ps -ef
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | open-vip.bmob.cn | udp |
| US | 1.1.1.1:53 | aip.baidubce.com | udp |
| HK | 103.235.46.47:443 | aip.baidubce.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ebjvu.cn | udp |
| CN | 112.65.70.244:80 | ebjvu.cn | tcp |
Files
/data/data/com.carlffree.recognizer/.jiagu/libjiagu.so
| MD5 | 610a895c4a71bbeeaea16eddb1422bbf |
| SHA1 | 9f919de42ed1e80bfadfef48f8202b202166f869 |
| SHA256 | baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217 |
| SHA512 | ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2 |
/data/data/com.carlffree.recognizer/.jiagu/classes.dex
| MD5 | 36d5984fbcf0cbb0956700aaf3bfc360 |
| SHA1 | 34d3df6870a08526255acf2af24ae8b8ba504184 |
| SHA256 | 26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2 |
| SHA512 | ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e |
/data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex
| MD5 | 614e73c6b4be1aaba8782df6da2c32c0 |
| SHA1 | 6c435932b39ec2c35ed2c28673c7885d44032e14 |
| SHA256 | 102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323 |
| SHA512 | 25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe |
/data/data/com.carlffree.recognizer/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri
| MD5 | 622e6d8e9d8405764ca1f8dd883c0ab6 |
| SHA1 | 8a948d4942516e985767df5475ced9f39becd95c |
| SHA256 | 4b89f891bd739b3f2f525a9836db20c6680ac9df04c9b4cbd385a177e2db73a5 |
| SHA512 | 308e1024e8b32eb08aeeb8badbf3d68e60f546f185ddd3716742f058f5c670b5a298fd321690948f6c7cf9c74942449ebfaa95b1b82d1cf28d7e35ed81d4c907 |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
| MD5 | b3c01655fd5d26f6631e5e409f3cfe97 |
| SHA1 | a6168f715231ad8f2c37a4096015cb0c51dff86a |
| SHA256 | 61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f |
| SHA512 | a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
| MD5 | 75947f4841e42b7102c61e7b58471440 |
| SHA1 | 6c879237d17e53cc104fb6c11c8dd0d09cf0f94b |
| SHA256 | 7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834 |
| SHA512 | 7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b |
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-journal
| MD5 | f113b97ae636c02a57d0e23877d9d3cb |
| SHA1 | 7cef7ad3c72bb8eb7ed178168b0211f98e8e7503 |
| SHA256 | 5b09abb852a396089c01e3847099979d010c7e1d7b85ffbb092d1c90ca21b679 |
| SHA512 | 6fb0b9b31d98e09c51a4db163ee2fb6b8fe728c0af1eb29a9f4381dfa192cec85426d4b4e3edee78e635cb1b79e0785279612cb260f0a22561c17effe054d668 |
/data/data/com.carlffree.recognizer/databases/bmob_provider.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-wal
| MD5 | d50a6f340f2a9c3617d41eb74a6dfc8d |
| SHA1 | 5c67d0e0fcf681eaa86fb52deab854fc87df4ef5 |
| SHA256 | 312290a42a4c4ab550779ce2d28bca5e08f77300a5133e6f7d7052d8cecb8523 |
| SHA512 | 7a6c344e4ffb7fa808bfc4821e1ff1ea91117c2f49a0f5a6b59bdc4583d8d6ad5c6e25b0b14932856544e15f9aa51814d79961bcb37601ba54b88f17b8a1bc6d |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ac
| MD5 | 5f979de5aa2504a13a8d8c0be815f5bb |
| SHA1 | 6d628ed96dc1974aa251197f7777215f7573191b |
| SHA256 | 16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab |
| SHA512 | 9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23 |
/data/data/com.carlffree.recognizer/databases/carRecognizer.db-journal
| MD5 | 1a5a063fb1de3912169f38fb3b31ac27 |
| SHA1 | 48a0d178f7ddd1d2213b0984bf39bf6d0e5dda24 |
| SHA256 | 0775c69564aa3b8066c5de0c7b4f7fcc3d0680773ee0aa6e3646e6c06dfcbc44 |
| SHA512 | fc740e25a84582849db63254ad4c67dd812ba0e73bbfcef8d2c3083f9a52f4503da29ab4bab5799f23f548e280b83036a21361c50d30efddf2596d73993a0f7b |
/data/data/com.carlffree.recognizer/databases/carRecognizer.db-wal
| MD5 | 34ccb24efa8036c05435d8a6fd87a5ed |
| SHA1 | 3279fc6cefa5100ee3db5e995976e5f3796f94bb |
| SHA256 | 6c744463f315de8381e4b51de07dfcf7f796aafe800671ffa40c8587116bc6e1 |
| SHA512 | b2cda30ab8b2766e5be0487f8b0af31c79a5aa1223ab9dbba1f5050f13c7fa01d3fd03cc2235c0c7e25f9716d1de1c1e04dc720971e85b4bd5745d04189587f1 |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db
| MD5 | 18d7bea804c64968545e1104fbb1a8b0 |
| SHA1 | c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2 |
| SHA256 | f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c |
| SHA512 | 69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
| MD5 | c85028947470196303866004d0869a4b |
| SHA1 | d2b237a0dc4229879b8c16327e38caf42795f8c0 |
| SHA256 | 04ecf7b0341d9f48371936213968cadebf2156ccb67568f38b70462aa5f1c9bb |
| SHA512 | 479f6b2ba372f43b0e015d513067b7adf789d8142bfdb734e3bebde51f523958654d9fc827cccb0a7eb38088adbc2f5e3c69113842fc1e29c03538685df2f5cf |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db
| MD5 | 6e55a6d0134635580ee5bcf5f1f81d30 |
| SHA1 | 4b5477530ca166ec2fc309886693da3dd52990b7 |
| SHA256 | bbf4ab15bdfb3f68d71451c487796173a39241a42d1465ccbc43b43a72ea4470 |
| SHA512 | e59816ce9804c7aaa9a2cc151ced8689a48f2ebd27dfc3e4961b9c4c5c78a9d10c63a2abdb4e23f8f333cd7fe3f0e35769ed375715071bdd54b9631fc4ca78dd |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-wal
| MD5 | 27b42f5640d3a56d14b72ee6738840d0 |
| SHA1 | be6e0c08970203479ee84b21ca6f9b446827e42d |
| SHA256 | ac21c5852a78543eaf652784a209521568bc36d8efed63e34fd6aeafa1a8dce5 |
| SHA512 | a0779bd935a32b03df6401ac662ad50a58fa2f8dce4eb913e39f8750c1d4c83dd81dc6c5d9b64de48a0bc28aa16c97521ef89c4c5a51d5316e9cdf27f5587f7c |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
| MD5 | 88db5cf7ab1d85bc2bf6142e1dc57a6b |
| SHA1 | 4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0 |
| SHA256 | a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3 |
| SHA512 | 05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616 |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri
| MD5 | a2a7d4ec83735fa862ea90cd682d08bc |
| SHA1 | f35cc137ff7d928a8b3327cd5536a0cad45b8350 |
| SHA256 | aaf58e9c4e0186ce53fd7c8f2223ab085ec893c073d5d9ceaf2acae4e2b93dd2 |
| SHA512 | 462240667ff37cc0c4c28a42258638272b5f1cf662345e26229b9e94bde9219f525dd4fa6d2a52a01f985a2a73bbe7bd356aa0d6408432bcd92f48385693dfe2 |
/data/data/com.carlffree.recognizer/files/.jiagu.lock
| MD5 | 8c14cdc592a506a8efb340ee5fd704aa |
| SHA1 | 29895ed0a14ab2188e96888213219716ae757e82 |
| SHA256 | c2d7b94c2bf9dc56e85c4aa121ca14724bdf224c314ee9535f37bd31b977ad50 |
| SHA512 | 9d5d29d31734f0c3db7966ab80ce78e4889e1cf03b5587906602fab08a421c9567611c6a5f9796a45394701d795f704cf17bda71f337783c313d25e109968d99 |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.rd
| MD5 | 55a3a350ecfd0ca15082d91ee19f3093 |
| SHA1 | cea5368685fc0542f523a360c404a77ad69f53c1 |
| SHA256 | 6fcb91841b20729a41e668a5b4c96ed98ab37c31c8220e708c641b47b1d47034 |
| SHA512 | 95e147c5dc505ee534fb93d5adfb009a107e64d5abb2988b5d102b8c80166a96c2250a9ca502d6776260d24ab231576a39787d50dcfc4f34077854eab7f650ab |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
| MD5 | 086d00a69d947aa62536357f96e763bb |
| SHA1 | c08f665783cb51bd67badfd22f873de3a4ad11e0 |
| SHA256 | 509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a |
| SHA512 | 846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9 |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk.h
| MD5 | d05f407e008a954bb6a44c9515a545db |
| SHA1 | 3f5a9876bf144b9ebe582589d31e02beff4a31c8 |
| SHA256 | 4490cdd02be25db18e5e8a53a2a824988fff32922f07f8520997dab5be19d3f7 |
| SHA512 | e5a213d15442be9b2f4d77e67928022cad8bb5d995934c9d987e6d540c536e3c32f762331ebc78a49356a92303f006af8dcdcab8fda860646c8990f6f759e1c2 |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk
| MD5 | 2a968534612b07bd38cc9e6d4aa72941 |
| SHA1 | 735b82aa4caf66a5310da732b6c306b3eb2be9d6 |
| SHA256 | b0986d44b96eb0c95518d65cad6c1d294e8e81e3ff2cda6372e3165370123f94 |
| SHA512 | 265ca1339ca57a221a5a44336585727f70a0cdaafcfb621e94d35022a348c0c085a901603dc9d583f808e5e5fbbab7dce0fc7a5fbfcb1f8af21a18ea5f3301ce |
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ic
| MD5 | 217654c46822ff14d6aad91309ef8ec9 |
| SHA1 | 2082b28a7252d21c6c706a6aab62b73599a7b1e1 |
| SHA256 | ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f |
| SHA512 | 1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:20
Reported
2024-06-13 04:24
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
60s
Max time network
179s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.carlffree.recognizer/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.carlffree.recognizer
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 142.250.187.202:443 | udp | |
| US | 1.1.1.1:53 | open-vip.bmob.cn | udp |
| US | 1.1.1.1:53 | aip.baidubce.com | udp |
| HK | 103.235.46.47:443 | aip.baidubce.com | tcp |
| GB | 172.217.16.228:443 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu.so
| MD5 | 610a895c4a71bbeeaea16eddb1422bbf |
| SHA1 | 9f919de42ed1e80bfadfef48f8202b202166f869 |
| SHA256 | baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217 |
| SHA512 | ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2 |
/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu_64.so
| MD5 | 198e8f0e9b0d80997fde430f9973c1a1 |
| SHA1 | dec0b84b06072ad07d44b445d7e23587c0bc7f02 |
| SHA256 | dc9d0faf8652513f0a1eed698b9559e0bbfaefe12c203d239f551ff557abbe5a |
| SHA512 | 2868fc26e0bbc32e6f7c7d6e56ed6e9517d0ea4a7d8021a5f50af5945d6ac27fe87f500e32eed5143f37d484ba95fef481c9d5c11b652bac2a26d267358252ea |
/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex
| MD5 | 36d5984fbcf0cbb0956700aaf3bfc360 |
| SHA1 | 34d3df6870a08526255acf2af24ae8b8ba504184 |
| SHA256 | 26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2 |
| SHA512 | ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e |
/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex
| MD5 | 614e73c6b4be1aaba8782df6da2c32c0 |
| SHA1 | 6c435932b39ec2c35ed2c28673c7885d44032e14 |
| SHA256 | 102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323 |
| SHA512 | 25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri
| MD5 | 5eaa4fc0ee4a43a1b51e3dd62caae6a1 |
| SHA1 | 9d43722ef6584e7c82d3693bc14aafdd7fcef108 |
| SHA256 | 0c6e96936945a4559a37bad6d5fa3b008946db57d02e26faf894cd1da52626a5 |
| SHA512 | d00b0afeaf611bbdbe34ba515dba241d92f922c0d237bfc2354f603a192fe4ca99dfca3b95216e6f919359c604234a86dd6c48c3808831bbdd7ab6eb14291520 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
| MD5 | b3c01655fd5d26f6631e5e409f3cfe97 |
| SHA1 | a6168f715231ad8f2c37a4096015cb0c51dff86a |
| SHA256 | 61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f |
| SHA512 | a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
| MD5 | 75947f4841e42b7102c61e7b58471440 |
| SHA1 | 6c879237d17e53cc104fb6c11c8dd0d09cf0f94b |
| SHA256 | 7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834 |
| SHA512 | 7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b |
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
| MD5 | bc4e44067409d9af18c69057bdbc3787 |
| SHA1 | 3ebc78007d2b46d746c86775cd09808a1086fcb8 |
| SHA256 | cf7b78903ccd23fff5cf928526ba78f3679a8d596aae16e14feaec0f01583534 |
| SHA512 | 21b8eb9deed7b48f82f978be2e3b8573b712d3162931a0c44dd8d70cc6ac862c88a9477a80b3b11822a2026d5838092a85f9b8346c7e6d0faa8699557783ff04 |
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db
| MD5 | de0071e36e0e648b248b0f788e67c853 |
| SHA1 | 46ecad625ed01b7d23babbfd30faab8627c16e59 |
| SHA256 | 7565898f3375002d2dd4d8924d097400c4f3ece5f018ad5b7c21a33f5563444c |
| SHA512 | 2a283404d0b90e07f0ed120343c68475f0c63362109a0f27556f9ddbfa6a8bc186612964abdff2301ad53aa9f274679e4e9c0f88a9cb7708f5f72c1e749389d1 |
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
| MD5 | b449e068ed0e3f01efc0b589ae26f438 |
| SHA1 | e4451b4c80b9a0c3c562edbaf56ef049d08da2d7 |
| SHA256 | 52e41533dc7e6435d6535e23f95647e9c7e4dadff6a02d382749a5324fbced2b |
| SHA512 | a228d750b9f8f16e3def41b49427fee8fe836e4b55346282a6ebc7f89f550e1e13c1d79d22ac11b7389bb0c359a7a8e270f779c5a7e046d67df23a40402d89e9 |
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
| MD5 | 057d9f464ff6b2733f8ca4e6cdd4a67a |
| SHA1 | caf97ef03386dbc8ca8d471209ec367e7c2d1f93 |
| SHA256 | 93edfe3d95d8bfdc3d924bcb0015bafc8cb0b9611caa1ce40de0ec4a549d80d5 |
| SHA512 | ee91cb8df2b813937f13f8e30bd0ae5e78070d02a809b1072d10271125301bfcbcc496254fd5b15c6e879666b38c5bf4d95aa01cb45da216c7de89046e0865f8 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ac
| MD5 | 5f979de5aa2504a13a8d8c0be815f5bb |
| SHA1 | 6d628ed96dc1974aa251197f7777215f7573191b |
| SHA256 | 16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab |
| SHA512 | 9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23 |
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
| MD5 | 2d09a9ef0c4eca484be25a956a2332be |
| SHA1 | 204e94f51f301ce2409877fa4cef04eb547989a1 |
| SHA256 | 89040dfebf8b1a9b210c7f6799ad1dcf797edac1128bc49c0ce41587ea71e1be |
| SHA512 | da9a3185dd34ecec96f786391dd6ae9b93f956b9bc48353d2826aa32b2a5ecba6f437ffd4d4d0fdd1b51ab45dd2eb3e5c3102f73b2557755013297382d112dc0 |
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db
| MD5 | 6d527da87c4c692e2091d953eacc7523 |
| SHA1 | 1ff367e91ec7428668218c1bdc0dcb49541f40b8 |
| SHA256 | b78ed93c9a3f339ca2eeb511aa6d79e594931a0279815b239f7065dcb5f810fe |
| SHA512 | 5402292ce8d85214e91e24be0c314b41a9846e9dee8ad6ea405553bb04c2597084829a99cad810e6ca327f6fcb80bc99bd42c95f2f6a247d681eb19444d362b0 |
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
| MD5 | 4493085c8a91adc7d573624eff512b45 |
| SHA1 | 8ed75bf471d046fa8911f9e5d684d4a2a1d6388e |
| SHA256 | c866c870a323ab8fe7cbd2625e7b695ed4a4541febbb84b41850f7ee8a25c8f1 |
| SHA512 | 56e3914a29be2e27eb07413aeff0cc2a32ec1505d323d9d1c180a88c8c97e6a92b8e24154a75e1a1a3fa50865eaa5009d136da3312283094380297810fed5a5f |
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
| MD5 | 15dbf2e22adc3b54b9fddc6429785fea |
| SHA1 | 9e211ac3b952ae935c44697753e6bf0ef723d7f5 |
| SHA256 | 91d7d605636a7bfc4f65537c29ecf17aadd108c1a5d33e0727ae99bee4e24a20 |
| SHA512 | 0f33032ef57dfd0d3c13b772ae8cb3e9ec2d13af25df051f51c14f544c1b28c8e19d3720d5ce54eb8688f8fda3dd844dec2bb1f6906a172b74aaa88895e4114a |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db (deleted)
| MD5 | 18d7bea804c64968545e1104fbb1a8b0 |
| SHA1 | c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2 |
| SHA256 | f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c |
| SHA512 | 69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal (deleted)
| MD5 | cb82aecb8a61f7a83b044bfaa57e4181 |
| SHA1 | 1b2bca07db839cf147d8c79e11efc333b0382b56 |
| SHA256 | 0e0704b3c8f3136095045b1569ca42ae1cb134f37b9bde1da66c94105affc97f |
| SHA512 | 01a43dbc5f376b060772de17e193814096f332c3a5e4238d70bd4b560e7f377c88bdce22251600c29af8ce51f1a1cf515014c28ae6fe897c9998cde63edd23f6 |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
| MD5 | d17694c786d3539d6f2adebd62c50807 |
| SHA1 | 67b21bc501ec55d83a4e2ee9dab5abfbb36f5785 |
| SHA256 | 8969a1c1f0aa7a9606fa0474137860561d2482ab544fae913d95cf14d16a7d77 |
| SHA512 | 18eb5308d9c6e1089a89cb1ba20337302c66a55bac15e69fc69537421d922c42c3cf7ecc223a1edd33098be5d7bbfefc6c38fdeddf8da6e6f18bb21cd07f7bc1 |
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
| MD5 | 58afb8d6faae3080d7aa65ac2c5013aa |
| SHA1 | 5588c60598f75a58bf164640e2304e497141f810 |
| SHA256 | 0a93bacfef22d1a1bd14c8c96a489325a8a4a6ba1cfdde62c1a34fb853ecd950 |
| SHA512 | ec5cb5692390b35bd6ad1d5a0126e39c3f500fcf552f673843345d85ef9a31d0e3557850d3f7dc67783d5627b00e2fea1d690a1f47c66dcc8abf463746caa8b8 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
| MD5 | 88db5cf7ab1d85bc2bf6142e1dc57a6b |
| SHA1 | 4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0 |
| SHA256 | a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3 |
| SHA512 | 05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri
| MD5 | 84d09b53a42860dc3cf47661effb47a3 |
| SHA1 | 896be5a5b76136b4f4a86a8e271e8369346bf153 |
| SHA256 | f1676fab24e1734be0a003021c55ede30c2628b6aa602feb9ae70583a08b53c8 |
| SHA512 | bee24e34a8adf2bf0dd2174688fdd4cd7719983994189a0b236e8b28f05fd419e0e3d840da9b0fb699d56151d3f6847e1b1407698cc41a2b704d77cdb76f67f6 |
/data/user/0/com.carlffree.recognizer/files/.jiagu.lock
| MD5 | 15e883453dc3d14daa052cbe6c0314cc |
| SHA1 | 41dbfb3929ea2705199f7ac1640c39132eaa72dd |
| SHA256 | 242b4bfcb96a5db44b0e3b8657cbbad23a706265400c7d68349b46593c04fee2 |
| SHA512 | ac066cced4cbd2b31e4b1d3de7f6aaddf4f32356f965c8418f25144c6c50be0d13b40f397dee72c84b9b0a5b1d52fa1746c8ec3f40de097d340c678cfe2b53d8 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.rd
| MD5 | e494143f0730bafa7f9482b32a8cf190 |
| SHA1 | fb4802f8c430af325284684240f09d89fa7292e6 |
| SHA256 | 2d4f0e849e98f1df8559d67b5d1b07ee5e5047e72c8d4ce1275be3e7a7923a80 |
| SHA512 | b9110851d3e152982f6bb66f4fa20955eb6ae9d9632a7366d2c922c1518cf662fbed4e229907b73aa6d24c6f2d80a3e67f5c64934c57a41c1c5ab8a436e67758 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
| MD5 | 086d00a69d947aa62536357f96e763bb |
| SHA1 | c08f665783cb51bd67badfd22f873de3a4ad11e0 |
| SHA256 | 509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a |
| SHA512 | 846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9 |
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ic
| MD5 | 217654c46822ff14d6aad91309ef8ec9 |
| SHA1 | 2082b28a7252d21c6c706a6aab62b73599a7b1e1 |
| SHA256 | ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f |
| SHA512 | 1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 04:20
Reported
2024-06-13 04:21
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |