Malware Analysis Report

2024-09-09 13:13

Sample ID 240613-eyjk3stgkc
Target a3ce87d2cf83c2fe9c55f27d8ac98bfc_JaffaCakes118
SHA256 01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f

Threat Level: Likely malicious

The file a3ce87d2cf83c2fe9c55f27d8ac98bfc_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Requests cell location

Queries information about the current nearby Wi-Fi networks

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:20

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:20

Reported

2024-06-13 04:24

Platform

android-x86-arm-20240611.1-en

Max time kernel

128s

Max time network

169s

Command Line

com.carlffree.recognizer

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.carlffree.recognizer/.jiagu/classes.dex N/A N/A
N/A /data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.carlffree.recognizer/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.carlffree.recognizer/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.carlffree.recognizer

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 open-vip.bmob.cn udp
US 1.1.1.1:53 aip.baidubce.com udp
HK 103.235.46.47:443 aip.baidubce.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp

Files

/data/data/com.carlffree.recognizer/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/com.carlffree.recognizer/.jiagu/classes.dex

MD5 36d5984fbcf0cbb0956700aaf3bfc360
SHA1 34d3df6870a08526255acf2af24ae8b8ba504184
SHA256 26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2
SHA512 ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e

/data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex

MD5 614e73c6b4be1aaba8782df6da2c32c0
SHA1 6c435932b39ec2c35ed2c28673c7885d44032e14
SHA256 102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323
SHA512 25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe

/data/data/com.carlffree.recognizer/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri

MD5 622e6d8e9d8405764ca1f8dd883c0ab6
SHA1 8a948d4942516e985767df5475ced9f39becd95c
SHA256 4b89f891bd739b3f2f525a9836db20c6680ac9df04c9b4cbd385a177e2db73a5
SHA512 308e1024e8b32eb08aeeb8badbf3d68e60f546f185ddd3716742f058f5c670b5a298fd321690948f6c7cf9c74942449ebfaa95b1b82d1cf28d7e35ed81d4c907

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf

MD5 b3c01655fd5d26f6631e5e409f3cfe97
SHA1 a6168f715231ad8f2c37a4096015cb0c51dff86a
SHA256 61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f
SHA512 a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid

MD5 75947f4841e42b7102c61e7b58471440
SHA1 6c879237d17e53cc104fb6c11c8dd0d09cf0f94b
SHA256 7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834
SHA512 7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b

/data/data/com.carlffree.recognizer/databases/bmob_provider.db-journal

MD5 f113b97ae636c02a57d0e23877d9d3cb
SHA1 7cef7ad3c72bb8eb7ed178168b0211f98e8e7503
SHA256 5b09abb852a396089c01e3847099979d010c7e1d7b85ffbb092d1c90ca21b679
SHA512 6fb0b9b31d98e09c51a4db163ee2fb6b8fe728c0af1eb29a9f4381dfa192cec85426d4b4e3edee78e635cb1b79e0785279612cb260f0a22561c17effe054d668

/data/data/com.carlffree.recognizer/databases/bmob_provider.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.carlffree.recognizer/databases/bmob_provider.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.carlffree.recognizer/databases/bmob_provider.db-wal

MD5 d50a6f340f2a9c3617d41eb74a6dfc8d
SHA1 5c67d0e0fcf681eaa86fb52deab854fc87df4ef5
SHA256 312290a42a4c4ab550779ce2d28bca5e08f77300a5133e6f7d7052d8cecb8523
SHA512 7a6c344e4ffb7fa808bfc4821e1ff1ea91117c2f49a0f5a6b59bdc4583d8d6ad5c6e25b0b14932856544e15f9aa51814d79961bcb37601ba54b88f17b8a1bc6d

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ac

MD5 5f979de5aa2504a13a8d8c0be815f5bb
SHA1 6d628ed96dc1974aa251197f7777215f7573191b
SHA256 16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab
SHA512 9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23

/data/data/com.carlffree.recognizer/databases/carRecognizer.db-journal

MD5 1a5a063fb1de3912169f38fb3b31ac27
SHA1 48a0d178f7ddd1d2213b0984bf39bf6d0e5dda24
SHA256 0775c69564aa3b8066c5de0c7b4f7fcc3d0680773ee0aa6e3646e6c06dfcbc44
SHA512 fc740e25a84582849db63254ad4c67dd812ba0e73bbfcef8d2c3083f9a52f4503da29ab4bab5799f23f548e280b83036a21361c50d30efddf2596d73993a0f7b

/data/data/com.carlffree.recognizer/databases/carRecognizer.db-wal

MD5 34ccb24efa8036c05435d8a6fd87a5ed
SHA1 3279fc6cefa5100ee3db5e995976e5f3796f94bb
SHA256 6c744463f315de8381e4b51de07dfcf7f796aafe800671ffa40c8587116bc6e1
SHA512 b2cda30ab8b2766e5be0487f8b0af31c79a5aa1223ab9dbba1f5050f13c7fa01d3fd03cc2235c0c7e25f9716d1de1c1e04dc720971e85b4bd5745d04189587f1

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db

MD5 18d7bea804c64968545e1104fbb1a8b0
SHA1 c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2
SHA256 f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c
SHA512 69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal

MD5 c85028947470196303866004d0869a4b
SHA1 d2b237a0dc4229879b8c16327e38caf42795f8c0
SHA256 04ecf7b0341d9f48371936213968cadebf2156ccb67568f38b70462aa5f1c9bb
SHA512 479f6b2ba372f43b0e015d513067b7adf789d8142bfdb734e3bebde51f523958654d9fc827cccb0a7eb38088adbc2f5e3c69113842fc1e29c03538685df2f5cf

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db

MD5 6e55a6d0134635580ee5bcf5f1f81d30
SHA1 4b5477530ca166ec2fc309886693da3dd52990b7
SHA256 bbf4ab15bdfb3f68d71451c487796173a39241a42d1465ccbc43b43a72ea4470
SHA512 e59816ce9804c7aaa9a2cc151ced8689a48f2ebd27dfc3e4961b9c4c5c78a9d10c63a2abdb4e23f8f333cd7fe3f0e35769ed375715071bdd54b9631fc4ca78dd

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-wal

MD5 27b42f5640d3a56d14b72ee6738840d0
SHA1 be6e0c08970203479ee84b21ca6f9b446827e42d
SHA256 ac21c5852a78543eaf652784a209521568bc36d8efed63e34fd6aeafa1a8dce5
SHA512 a0779bd935a32b03df6401ac662ad50a58fa2f8dce4eb913e39f8750c1d4c83dd81dc6c5d9b64de48a0bc28aa16c97521ef89c4c5a51d5316e9cdf27f5587f7c

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf

MD5 88db5cf7ab1d85bc2bf6142e1dc57a6b
SHA1 4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0
SHA256 a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3
SHA512 05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri

MD5 a2a7d4ec83735fa862ea90cd682d08bc
SHA1 f35cc137ff7d928a8b3327cd5536a0cad45b8350
SHA256 aaf58e9c4e0186ce53fd7c8f2223ab085ec893c073d5d9ceaf2acae4e2b93dd2
SHA512 462240667ff37cc0c4c28a42258638272b5f1cf662345e26229b9e94bde9219f525dd4fa6d2a52a01f985a2a73bbe7bd356aa0d6408432bcd92f48385693dfe2

/data/data/com.carlffree.recognizer/files/.jiagu.lock

MD5 8c14cdc592a506a8efb340ee5fd704aa
SHA1 29895ed0a14ab2188e96888213219716ae757e82
SHA256 c2d7b94c2bf9dc56e85c4aa121ca14724bdf224c314ee9535f37bd31b977ad50
SHA512 9d5d29d31734f0c3db7966ab80ce78e4889e1cf03b5587906602fab08a421c9567611c6a5f9796a45394701d795f704cf17bda71f337783c313d25e109968d99

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.rd

MD5 55a3a350ecfd0ca15082d91ee19f3093
SHA1 cea5368685fc0542f523a360c404a77ad69f53c1
SHA256 6fcb91841b20729a41e668a5b4c96ed98ab37c31c8220e708c641b47b1d47034
SHA512 95e147c5dc505ee534fb93d5adfb009a107e64d5abb2988b5d102b8c80166a96c2250a9ca502d6776260d24ab231576a39787d50dcfc4f34077854eab7f650ab

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid

MD5 086d00a69d947aa62536357f96e763bb
SHA1 c08f665783cb51bd67badfd22f873de3a4ad11e0
SHA256 509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a
SHA512 846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk.h

MD5 d05f407e008a954bb6a44c9515a545db
SHA1 3f5a9876bf144b9ebe582589d31e02beff4a31c8
SHA256 4490cdd02be25db18e5e8a53a2a824988fff32922f07f8520997dab5be19d3f7
SHA512 e5a213d15442be9b2f4d77e67928022cad8bb5d995934c9d987e6d540c536e3c32f762331ebc78a49356a92303f006af8dcdcab8fda860646c8990f6f759e1c2

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk

MD5 2a968534612b07bd38cc9e6d4aa72941
SHA1 735b82aa4caf66a5310da732b6c306b3eb2be9d6
SHA256 b0986d44b96eb0c95518d65cad6c1d294e8e81e3ff2cda6372e3165370123f94
SHA512 265ca1339ca57a221a5a44336585727f70a0cdaafcfb621e94d35022a348c0c085a901603dc9d583f808e5e5fbbab7dce0fc7a5fbfcb1f8af21a18ea5f3301ce

/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ic

MD5 217654c46822ff14d6aad91309ef8ec9
SHA1 2082b28a7252d21c6c706a6aab62b73599a7b1e1
SHA256 ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f
SHA512 1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:20

Reported

2024-06-13 04:24

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

60s

Max time network

179s

Command Line

com.carlffree.recognizer

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.carlffree.recognizer/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.carlffree.recognizer

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.228:443 udp
GB 142.250.187.202:443 udp
US 1.1.1.1:53 open-vip.bmob.cn udp
US 1.1.1.1:53 aip.baidubce.com udp
HK 103.235.46.47:443 aip.baidubce.com tcp
GB 172.217.16.228:443 udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu_64.so

MD5 198e8f0e9b0d80997fde430f9973c1a1
SHA1 dec0b84b06072ad07d44b445d7e23587c0bc7f02
SHA256 dc9d0faf8652513f0a1eed698b9559e0bbfaefe12c203d239f551ff557abbe5a
SHA512 2868fc26e0bbc32e6f7c7d6e56ed6e9517d0ea4a7d8021a5f50af5945d6ac27fe87f500e32eed5143f37d484ba95fef481c9d5c11b652bac2a26d267358252ea

/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex

MD5 36d5984fbcf0cbb0956700aaf3bfc360
SHA1 34d3df6870a08526255acf2af24ae8b8ba504184
SHA256 26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2
SHA512 ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e

/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex

MD5 614e73c6b4be1aaba8782df6da2c32c0
SHA1 6c435932b39ec2c35ed2c28673c7885d44032e14
SHA256 102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323
SHA512 25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri

MD5 5eaa4fc0ee4a43a1b51e3dd62caae6a1
SHA1 9d43722ef6584e7c82d3693bc14aafdd7fcef108
SHA256 0c6e96936945a4559a37bad6d5fa3b008946db57d02e26faf894cd1da52626a5
SHA512 d00b0afeaf611bbdbe34ba515dba241d92f922c0d237bfc2354f603a192fe4ca99dfca3b95216e6f919359c604234a86dd6c48c3808831bbdd7ab6eb14291520

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf

MD5 b3c01655fd5d26f6631e5e409f3cfe97
SHA1 a6168f715231ad8f2c37a4096015cb0c51dff86a
SHA256 61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f
SHA512 a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid

MD5 75947f4841e42b7102c61e7b58471440
SHA1 6c879237d17e53cc104fb6c11c8dd0d09cf0f94b
SHA256 7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834
SHA512 7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b

/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal

MD5 bc4e44067409d9af18c69057bdbc3787
SHA1 3ebc78007d2b46d746c86775cd09808a1086fcb8
SHA256 cf7b78903ccd23fff5cf928526ba78f3679a8d596aae16e14feaec0f01583534
SHA512 21b8eb9deed7b48f82f978be2e3b8573b712d3162931a0c44dd8d70cc6ac862c88a9477a80b3b11822a2026d5838092a85f9b8346c7e6d0faa8699557783ff04

/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db

MD5 de0071e36e0e648b248b0f788e67c853
SHA1 46ecad625ed01b7d23babbfd30faab8627c16e59
SHA256 7565898f3375002d2dd4d8924d097400c4f3ece5f018ad5b7c21a33f5563444c
SHA512 2a283404d0b90e07f0ed120343c68475f0c63362109a0f27556f9ddbfa6a8bc186612964abdff2301ad53aa9f274679e4e9c0f88a9cb7708f5f72c1e749389d1

/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal

MD5 b449e068ed0e3f01efc0b589ae26f438
SHA1 e4451b4c80b9a0c3c562edbaf56ef049d08da2d7
SHA256 52e41533dc7e6435d6535e23f95647e9c7e4dadff6a02d382749a5324fbced2b
SHA512 a228d750b9f8f16e3def41b49427fee8fe836e4b55346282a6ebc7f89f550e1e13c1d79d22ac11b7389bb0c359a7a8e270f779c5a7e046d67df23a40402d89e9

/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal

MD5 057d9f464ff6b2733f8ca4e6cdd4a67a
SHA1 caf97ef03386dbc8ca8d471209ec367e7c2d1f93
SHA256 93edfe3d95d8bfdc3d924bcb0015bafc8cb0b9611caa1ce40de0ec4a549d80d5
SHA512 ee91cb8df2b813937f13f8e30bd0ae5e78070d02a809b1072d10271125301bfcbcc496254fd5b15c6e879666b38c5bf4d95aa01cb45da216c7de89046e0865f8

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ac

MD5 5f979de5aa2504a13a8d8c0be815f5bb
SHA1 6d628ed96dc1974aa251197f7777215f7573191b
SHA256 16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab
SHA512 9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23

/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal

MD5 2d09a9ef0c4eca484be25a956a2332be
SHA1 204e94f51f301ce2409877fa4cef04eb547989a1
SHA256 89040dfebf8b1a9b210c7f6799ad1dcf797edac1128bc49c0ce41587ea71e1be
SHA512 da9a3185dd34ecec96f786391dd6ae9b93f956b9bc48353d2826aa32b2a5ecba6f437ffd4d4d0fdd1b51ab45dd2eb3e5c3102f73b2557755013297382d112dc0

/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db

MD5 6d527da87c4c692e2091d953eacc7523
SHA1 1ff367e91ec7428668218c1bdc0dcb49541f40b8
SHA256 b78ed93c9a3f339ca2eeb511aa6d79e594931a0279815b239f7065dcb5f810fe
SHA512 5402292ce8d85214e91e24be0c314b41a9846e9dee8ad6ea405553bb04c2597084829a99cad810e6ca327f6fcb80bc99bd42c95f2f6a247d681eb19444d362b0

/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal

MD5 4493085c8a91adc7d573624eff512b45
SHA1 8ed75bf471d046fa8911f9e5d684d4a2a1d6388e
SHA256 c866c870a323ab8fe7cbd2625e7b695ed4a4541febbb84b41850f7ee8a25c8f1
SHA512 56e3914a29be2e27eb07413aeff0cc2a32ec1505d323d9d1c180a88c8c97e6a92b8e24154a75e1a1a3fa50865eaa5009d136da3312283094380297810fed5a5f

/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal

MD5 15dbf2e22adc3b54b9fddc6429785fea
SHA1 9e211ac3b952ae935c44697753e6bf0ef723d7f5
SHA256 91d7d605636a7bfc4f65537c29ecf17aadd108c1a5d33e0727ae99bee4e24a20
SHA512 0f33032ef57dfd0d3c13b772ae8cb3e9ec2d13af25df051f51c14f544c1b28c8e19d3720d5ce54eb8688f8fda3dd844dec2bb1f6906a172b74aaa88895e4114a

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db (deleted)

MD5 18d7bea804c64968545e1104fbb1a8b0
SHA1 c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2
SHA256 f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c
SHA512 69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal (deleted)

MD5 cb82aecb8a61f7a83b044bfaa57e4181
SHA1 1b2bca07db839cf147d8c79e11efc333b0382b56
SHA256 0e0704b3c8f3136095045b1569ca42ae1cb134f37b9bde1da66c94105affc97f
SHA512 01a43dbc5f376b060772de17e193814096f332c3a5e4238d70bd4b560e7f377c88bdce22251600c29af8ce51f1a1cf515014c28ae6fe897c9998cde63edd23f6

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal

MD5 d17694c786d3539d6f2adebd62c50807
SHA1 67b21bc501ec55d83a4e2ee9dab5abfbb36f5785
SHA256 8969a1c1f0aa7a9606fa0474137860561d2482ab544fae913d95cf14d16a7d77
SHA512 18eb5308d9c6e1089a89cb1ba20337302c66a55bac15e69fc69537421d922c42c3cf7ecc223a1edd33098be5d7bbfefc6c38fdeddf8da6e6f18bb21cd07f7bc1

/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal

MD5 58afb8d6faae3080d7aa65ac2c5013aa
SHA1 5588c60598f75a58bf164640e2304e497141f810
SHA256 0a93bacfef22d1a1bd14c8c96a489325a8a4a6ba1cfdde62c1a34fb853ecd950
SHA512 ec5cb5692390b35bd6ad1d5a0126e39c3f500fcf552f673843345d85ef9a31d0e3557850d3f7dc67783d5627b00e2fea1d690a1f47c66dcc8abf463746caa8b8

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf

MD5 88db5cf7ab1d85bc2bf6142e1dc57a6b
SHA1 4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0
SHA256 a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3
SHA512 05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri

MD5 84d09b53a42860dc3cf47661effb47a3
SHA1 896be5a5b76136b4f4a86a8e271e8369346bf153
SHA256 f1676fab24e1734be0a003021c55ede30c2628b6aa602feb9ae70583a08b53c8
SHA512 bee24e34a8adf2bf0dd2174688fdd4cd7719983994189a0b236e8b28f05fd419e0e3d840da9b0fb699d56151d3f6847e1b1407698cc41a2b704d77cdb76f67f6

/data/user/0/com.carlffree.recognizer/files/.jiagu.lock

MD5 15e883453dc3d14daa052cbe6c0314cc
SHA1 41dbfb3929ea2705199f7ac1640c39132eaa72dd
SHA256 242b4bfcb96a5db44b0e3b8657cbbad23a706265400c7d68349b46593c04fee2
SHA512 ac066cced4cbd2b31e4b1d3de7f6aaddf4f32356f965c8418f25144c6c50be0d13b40f397dee72c84b9b0a5b1d52fa1746c8ec3f40de097d340c678cfe2b53d8

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.rd

MD5 e494143f0730bafa7f9482b32a8cf190
SHA1 fb4802f8c430af325284684240f09d89fa7292e6
SHA256 2d4f0e849e98f1df8559d67b5d1b07ee5e5047e72c8d4ce1275be3e7a7923a80
SHA512 b9110851d3e152982f6bb66f4fa20955eb6ae9d9632a7366d2c922c1518cf662fbed4e229907b73aa6d24c6f2d80a3e67f5c64934c57a41c1c5ab8a436e67758

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid

MD5 086d00a69d947aa62536357f96e763bb
SHA1 c08f665783cb51bd67badfd22f873de3a4ad11e0
SHA256 509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a
SHA512 846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9

/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ic

MD5 217654c46822ff14d6aad91309ef8ec9
SHA1 2082b28a7252d21c6c706a6aab62b73599a7b1e1
SHA256 ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f
SHA512 1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 04:20

Reported

2024-06-13 04:21

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A