Malware Analysis Report

2024-09-09 13:12

Sample ID 240613-f74haazclm
Target a401503560da253e8aa5a3c82d31534e_JaffaCakes118
SHA256 7eb6d01a00aae661b892b776e8c9fa059e4a4035bb7cc026e71879ec2fc570be
Tags
banker collection discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7eb6d01a00aae661b892b776e8c9fa059e4a4035bb7cc026e71879ec2fc570be

Threat Level: Shows suspicious behavior

The file a401503560da253e8aa5a3c82d31534e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:31

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:32

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:32

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:31

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:31

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:35

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

186s

Command Line

com.werqwer23asdfas.raiden

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar N/A N/A
N/A /storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar N/A N/A
N/A /storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar N/A N/A
N/A /storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.werqwer23asdfas.raiden

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar --output-vdex-fd=49 --oat-fd=51 --oat-location=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/oat/x86/aybydcaamcvhtgn.dat.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar --output-vdex-fd=46 --oat-fd=51 --oat-location=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/oat/x86/whdbgnw.dat.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 csapi.adfeiwo.com udp
US 1.1.1.1:53 zp.veegao.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
US 1.1.1.1:53 ad.veegao.com udp
US 1.1.1.1:53 app.taotobo.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp

Files

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar

MD5 b2dbaa59700e847f1f09e9ee3e697280
SHA1 65d35a8889e162e0d93249501d6ece0bdeab75bd
SHA256 28d30aa230a74582b2f9ff3d28dd93a6560cec5e98c28977a7a272668009e963
SHA512 cd98522a884af5568427be4600dfa90dbba2519b030bce93ae3413133ac97df5c9779055a50f753be79956390d9404b32f4eaabd74e0f9728fd44f67f985e472

/storage/emulated/0/Android/data/code/KI.DAT

MD5 2b53b6b030d7bdb5da6ea0d501b6a165
SHA1 fa4e9e8d724d91963a3fa3def11790559cac11c1
SHA256 d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc
SHA512 dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar

MD5 de202ef37258c62fe80f234ba3e39bdb
SHA1 4450c81fd144d0c83c40c1c0d106212160b7cbfd
SHA256 5edfb061613c69e00c02741523b12e1ca40bff92f9aa31a073cd81013d92f8af
SHA512 3849e2674a4ddd189b4ca00c38144cbe5ce3769b5fdd3ef000ca4cb3122c1f99425d4216257a4b4bb36f8500ec6f6e67ac5829efb15b4b266b370b8e467388e6

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar

MD5 95ee813690dd01a75106d988b87c0253
SHA1 26ebfbcb5bfdc75a1f202ffd68ce106d7f792ded
SHA256 c50eba8a97c93315d888f2414b1a291a7b2dd97b549097e3d9d7ee2a3909691c
SHA512 de5ecb3b6f393a4064ca6853ed59b63e40d54232bf5b62c96293cb5dc944373bdbb773250915db67a28e6de7ac47f3654c5e794403d2308fe4c205ce4a6687db

/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-journal

MD5 6b12efeab6a0f226777bfeaf1048e282
SHA1 0182a95876a1399c19b3084c519f7d2549f76c92
SHA256 783888e8b2a4575c861bf1cc38bb0369f3bf46e7f042db46a2f5aece09f77850
SHA512 3f31acc8755388313214f2e7592a6304a980a43f9adaa0fcb4d6b0ce675b041bcde86547c1b93d7d17c62c4cf3ee5b62f01649f00bf46c676d00d77cab11d43f

/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads

MD5 52683786bf562944ca4cf7530a4fcfa5
SHA1 fab4541970f696a2eb624172f9143c0abecc664c
SHA256 32309e33dc7c0d00534c4aec8dba3fb80d6237ac59876c9e319da2f53ebb35df
SHA512 c627907a659ee6868f41f1e5707dd641ab790942a2e3ccc387e82d0b1005d86dd5943e268cd90c6e1862338ba09c9bcd21dcd56339b9614b5dc4ed3ebb6795a8

/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-wal

MD5 f16bf6828508deb5c8e929a98a60bcae
SHA1 501d5a20dcf16c816afff95c5167a9e4ddf56cf9
SHA256 3518699f608ff189f3507e80dbfa516661f455aa780ac552c8fa9817110de4ad
SHA512 405957a3fd9908edeec63f6a6e9634e741fd0009cece91a5381ef64b3aa2f6c5619602b75007802cb07feb0ce3dc92a30cea07b6b9aa273e62c9cf3dba4121e5

/storage/emulated/0/Download/cp/time.dat

MD5 9c8f6d251c67f629854876711be451d1
SHA1 4d93b13daf8e36e5fa5a529115ec04a461b13809
SHA256 088546d9c8486226893d053b5930be9758e9a3d2b2f993be050541b9c18b0dff
SHA512 b2695907ae414ec2e1f6105ed72bb80183a5361e2b26636fe0c8e780e6175a5e2979745baa2a134e91c28a606564f3ed48936ad26f69439c9e47be8e24c27202

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar

MD5 f03109f7d3b909d09d88619e1dba62b8
SHA1 82369183044ee28ada441be5b706cb5fb776f11f
SHA256 7e63c4fb649e966eb8ed50ef223855c361dc15a14e0298bd541f25523932ad51
SHA512 dcf80a5b89c5c65968c75cf51c44d32155b272bc45a0eee371a3554fcd5084b068150211e334da388e8f5827ff60c79706e54ff1d640eb82cc1b11081109b965

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar

MD5 eb51c914ecbb3efdf23011cfa9d932f5
SHA1 1a6058521ec1233b3ccbc3301db119e1a0c622e9
SHA256 c6bfa7d9ed47bbc7ab6d6677f13ba9ebfaa2f883c21ebea302319e143b6d62ca
SHA512 f54a858ec00294cc28551f6f367da905b1a6310d78dc65e63b4dc3d079a11cac6ffab8e07e0fc9f64f82c458ce9f37ad2cac835caf295da5ee384cbed7eccc46

/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar

MD5 6ac13e470c763f47aa0332b146545ddc
SHA1 b307d7fb98377afc0b13f8be32e1712ca7097dff
SHA256 ff5e71ce4f28ad30f21ce057901e5c2ee1cd39921523beef2358f438798483f7
SHA512 ef4889348fe20d9b43f2a5db114e9b6a7d2cad3d831c8a8f6924a0d607fd8cd3bb726d005e73fa46d7a59264dfa5a395e05fa970321ceb787d3e0e45086daf42

/data/data/com.werqwer23asdfas.raiden/databases/vdownloads-journal

MD5 1c41e78d0b5d021d6270332d85cdde73
SHA1 5551f56b088e6885dafb592c292a6a4841126719
SHA256 03186fc55a9c21b0c78d918adba2bd765717256ef0c3c8c5e65684b9fc71d8be
SHA512 4da82e58d242c3ae659831342e913399f7afa8b898f91970ae336f035f2391c853c0cbdf84089ffdcb8a6492abeb2a69138afbd87b2f8fc201c1a00186728c5e

/data/data/com.werqwer23asdfas.raiden/databases/vdownloads

MD5 2002feef33952c647201af0ba35fdcef
SHA1 ba10fa8b04739a30a8e10a924cd537395790e193
SHA256 894bc0f995838a6eed66f8ccddb907992116296a9bddc107e1ebc45715d2d07a
SHA512 249671b13035c8dc3f7c42a328d1ae3ff4c7f8d64177b3d2a3ca6e97fc06985219d49fb6dac5a8afaeef9a655e647b6bd3c3d4be036d5e326945dc1180a2dbe7

/data/data/com.werqwer23asdfas.raiden/databases/vdownloads-wal

MD5 1c23491ce86b3b30b5c390cd3c97038c
SHA1 07be04a2ba27da1f9c0ec158eca14eaa0b61f0d5
SHA256 03c5d42641fcfc0cd09793bf40e0dc4d0f11f634d53793b102b053176d4d8fe4
SHA512 df8f0c6ede45b1af014c99956c3df4c0e46076dd0ebe2fe3e86653b38b46a61805cd78b8a110898ac516071494ad1d55eb84d0c0f3b21f9b559e6700e564bd0b

/storage/emulated/0/Android/data/code/.vapp.dat

MD5 ef29067465d33cd9a794585f88473f7b
SHA1 76be771ce4615c7228cf3e250e3d5e4867c94c68
SHA256 cd918c726836e81685449e261a5b9d86c34e6f48f744fbeaef02ba8309e465af
SHA512 d054cbb44ac90cdeb24d9397cce7b5f055f87c973dd20227b87febf69241d2d8da2f2f918ad54155a969eea8c1cfb81ac0fb2ddcd36a63711d5983512fc59078

/storage/emulated/0/Download/vgp/clearT.dat

MD5 2bec3d02a6aff0aa96109de1b94f5214
SHA1 5caa11f971e01b35a9862f859c0fbe67cf5f2624
SHA256 2eaf40cf6fb1cb02309852f331acc45925ca7915b1547f7bbea6bee1247dc39c
SHA512 ce2685ffdf2ba9251384b5a0b1673ef9bce465907612c9163df254761576553da7a325ae8fd1f62e8232475dcd9012f962a4d6bc18298a33c5db09ea217f7cbb

/storage/emulated/0/zymame/artwork/dir.txt

MD5 61ca60176c21d1c954101c9ae58a42e3
SHA1 6ba33a9f273dbb6470c9970e3dfe20efaa02349d
SHA256 c9adf2f60c080d3f7d7946b09eead268bc6d9ff0206ee722ff775288eef8dbe1
SHA512 4dd28253f99379111239a315c152ca719a012aede72171807757b1f96cad975bc694c8f06ebc7f05ff2f3f2b0284499351ea0f8ef095452ec3caebbba68c55d0

/storage/emulated/0/zymame/cfg/cfg.txt

MD5 906138b640242f8e002752e5403793ab
SHA1 3bad2e1cde7ea9b0b1745e54551b9170a0728a8c
SHA256 aedf75ef5955cac12c0f11c0db5dcb6e0272db9b43de123e7ee3b433be2167c4
SHA512 0ba58c4ea92ceb4649d23ce53b0de6891bdc02d668f21d59633a1c1df9140705e9ef8c150164d245b746242c97513cca1b8e4e4091eadb55570e82556ba32b60

/storage/emulated/0/zymame/cheat.dat

MD5 c5b456237958c7a7c120a8ad710786a0
SHA1 c0f20911b6f929ecd8302863d9ced3e5ba9c6b97
SHA256 6a8ac178d339a303d78e30191bb06b5f2471e387f0fd5a70d78abac650cf6439
SHA512 b1a02e051b8e39ff4be46ecc7818e0ea7f6defc9868dd3eb2e6d73df1a8f825dfddbf0395cbf1f9cf021aa4f53e1dc25c846d8733a65ed4340dd6e849483ba97

/storage/emulated/0/zymame/clrmame.dat

MD5 1fdd561c16e39b659ef3f90d6ed8bd83
SHA1 c87b9c9b1c715c8a6924b31f32de941652b238b0
SHA256 f07a40b7ae503dfc48bbf89d9dcf59e5eb1d8afa31e803814a1f8a56c35a0e33
SHA512 bd5b7b7c5d3a70c3456636e1aceff85f0e5b060179b06b03e1fdbdec38eac33690a29cfbdce3c1049119c217f40f5340e6da59b26f1019ad1592785e529e4963

/storage/emulated/0/zymame/frontend/dir.txt

MD5 0ac0196a072bfb4837268c532082fbb6
SHA1 5f8f21f5f4a1bb31b4d08c83bfb6075e191dfd57
SHA256 327b0a3bcab302ad351dd22293e1e788eff199cf655fc2d8dcd3aa0136d15ccd
SHA512 878635bba7220cfe04a39a4bce58848593e506dda6e6f493db6cd3627a557dfdd526aa9328930728c1261ce136d93f7566b112b0a26d42968ef3cf76d20cb25c

/storage/emulated/0/zymame/gamelist.txt

MD5 8d258144aa9a9f6e2499ec4c8c0659ed
SHA1 4e5fc5844df4df8366886b21175003ea036f3129
SHA256 53fe2508a210b4a27c1a742a774865640440d08937b6a64b64dce2dc1aff8c56
SHA512 28ea5bb66347460a9ed4e15088b6f8a18bf290c1a738271ccc2e302f0e2efa17bd10dd1118ecc82fc38fd61bc44c54c63d2ffe81cc02e07223fe72a2e9637897

/storage/emulated/0/zymame/hi/hi.txt

MD5 0b4390cde42299bdffa7a66153064449
SHA1 593f2c5dea5f2412fa902b091fd40779484a6750
SHA256 6fa5ebe3102005d58d6604441be185fe9c81145fbeecd7c5e0af0d960d19b6c7
SHA512 d9bceb4256b50a263d78d58ed1012d32f7fb54df15dbbd729074f0cfb927327bd904e360a8ad6cf6fdba4f80ec1bcf66ec5707b8d6b34de5f95a3d9071942a41

/storage/emulated/0/zymame/hiscore.dat

MD5 5567b18ff76cf4406c915d9d5deac2f4
SHA1 830660c510bb185c3278320b2ccbf5f536a1a649
SHA256 5343afa128b3549ecde25fa6039d6d0f29863de89bafde18871c6111fcecde78
SHA512 8292d2376f1e7d0053ae952b7a3004b86f493db78ac8a6ec6a81994b7cdb7af89240b03fd31c8c70fd3318be276a844a84b87a528259f33d29b5c87a63ce28cf

/storage/emulated/0/zymame/inp/dir.txt

MD5 50ce09c21997c968d390df50d431cf35
SHA1 4f720e2e6454ebab51d58fb7e4514bf1ec8e2eab
SHA256 2d90bb79562ee8e9bd6a5265f079519804b62f1faec82af80d19ba38e491dfd0
SHA512 83141dc97486c797366a4ce05c888434df80aa0b1bc0d7636b0fbff737cb8d02fe8f3ba21ef73bba977b4a2a944861a8f7af03ec7f84d9f5339e057b8ccfcbd7

/storage/emulated/0/zymame/memcard/dir.txt

MD5 315dd1d2bef0d915a1ba98969d0add35
SHA1 b3ec51f81a86dd5b11973dd5c9db5f9d25471df1
SHA256 61af626687b67a8bf45e236785f8e64a6be90a52fc77f9c50de3ba7d29427ac2
SHA512 70a27570be6409d942a7933daf2ba7127c537599d78adb8535dd79a2e608bf4a798b8ded9893098ea061d7672ff1e06a6618e2ef2fa9fc3b965745dbf312985c

/storage/emulated/0/zymame/nvram/ddonpach.nv

MD5 60a5cc61552e53b80d010079253e5e49
SHA1 7f597107d1610fc286413e0e93c794c80c0c554f
SHA256 deca89913dc67e9ff159d29c9bbc6e41313d260b266d40d82343967e96cb8dcd
SHA512 162c17dbfb3c5c206c2a5ffe5ce19bb0519003944df8d81e2b7ef5015c07b0f607343e0cf968b9db68f18233ad19413c5f2bace5a1605f68e6fbba3403317a56

/storage/emulated/0/zymame/nvram/dfeveron.nv

MD5 aaacc5d7f3b1d8744d0157a293120d13
SHA1 ac7737ad0bea039b3f7f5e4b552b248c26c7700e
SHA256 1d086bd3b7209b72bac0d1a85ccd09d19075840dcc2af27a6cf71382a73b7c31
SHA512 b30ca67a570224f5ea926b61d1b8a3fcb6cf5e340a3be4cb56bffeafdaf0827d3053d18c6dd83c7474f997a4638932288150c78fecbfeb59b91663ff927cc647

/storage/emulated/0/zymame/nvram/dir.txt

MD5 edc7b1035a157da632e12f95276f3c5e
SHA1 9d56be8ab0b219a4c9a9b86615dbc8bc3d30ecb9
SHA256 d95ab3a9c76c87af69c90d6212955d38b4e11f419df093c2b3dec4a2e685d34b
SHA512 219b36eca02f1e7d24dda88517278b8a409845475029c56dd01593e4ba9876547bbfde0b2f01174df4987fda43a0774921f7edc5f06c8e52105afda10bdaa694

/storage/emulated/0/zymame/roms/dir.txt

MD5 5c5471a17bff533c549a6c083c0cacb0
SHA1 ee75224a9890b07c0165849d44105fd4faecb255
SHA256 9bad542be120661083668e03612d8cdedab77ca8c8d70dfbda4db4e9131e9a39
SHA512 18b0a626dca0b260c8a469b8732e1140b3612ef573662e8bb60ce314100cffa43d20585eca9742ca349c45d3e53d9f60f9ffec7a2ada3f4541eaba21767e3bdc

/storage/emulated/0/zymame/samples/dir.txt

MD5 9e444957c7e7f6bbb69a527f2fecbf2d
SHA1 4a2dae3cc8079626692716e377f2d99247ed0a81
SHA256 058dac2d76ea0a37dadd7374e3b9cdf4e2d64870125d12220ced0f388d3a4107
SHA512 1939a26596f1eab0186bef168a118283828ad8b33d4e90d6a29be8504e36ba70d98965de02067a165860c00b9e33cc8b3e05afb22475ba2004a99b583f76541d

/storage/emulated/0/zymame/skins/dir.txt

MD5 763795df731edff9329cedee0545ac56
SHA1 d22c6587ed205a7627c3e680a53533bb0d7dbf34
SHA256 8e8abda2a28ffd197e89c725b898fd4708139609b5d08283b17bb01509b2df16
SHA512 7e36450d1198342d7f66b4148fa71d6880fd820838e5a4ae7f1dc9bf8adff701d22ebbc0bded3931f3fbe0f01573540b4cfb69adf3fa4bcd538f1ce6da5b230c

/storage/emulated/0/zymame/skins/menu.bmp

MD5 04bad9d8e44ca10346f49218dd90e844
SHA1 4c32cc4cec7b7eb3f2230fb9d194fdb08c3c0399
SHA256 a3549a84242c5633e8e88eb41cf69b037a1e6c66607dee32aa4d9480d01520e9
SHA512 dd270a98964b96714c314ac968943ee7c3e0889a99e4e2c8b2cfc9525ebd0c5a4e2512b85cb1a3cc01c2e730a9363db7e05c64f2d7be4b6f945110ff840cfa5f

/storage/emulated/0/zymame/skins/splash.bmp

MD5 62595501c786a5fd4157e8ab67be526f
SHA1 d5c09a55963840979a68bbec1494c37cd46227fb
SHA256 12071da10d545011f50f83c96df4957eea35dfe92d6123a4f857025f9e17bad5
SHA512 e0339d779fb7921f2d59383c8a999c319087656156f8cb29e617763f9a337b05d87ea58c44586b2eb8396a1a279bed211954cdcf31abffd173162903ac66ee74

/storage/emulated/0/zymame/snap/dir.txt

MD5 f52c4b459c656718ab1b470b5fa3cd9d
SHA1 71342402d1d82e18d9377797616b2a5d2a4f2d54
SHA256 1fbdea760e022cccc6b18e658eb02957b53685b8b21a9808a0032a7bfb960b7e
SHA512 fd21d9c4ba9b1f8cec57490ac5aa26813e85f1062a6095f01eca259068af2b119c0e1184a9c99f9a60e57f11ee5abd37c77d0179470784db01452b9aa6aafbde

/storage/emulated/0/zymame/roms/neogeo.zip

MD5 88f3a4439a086a36a1c3be4bb4e21db6
SHA1 c7f5ca66a5bbb0a1312acebb3cdeaef6d661529f
SHA256 af73038bddfe4774a8d7826ed2f9c4576599b28f5f8a28316e595bdd81b2025a
SHA512 1becf0af2e79778a245ed72fbb81771d2873dfcca85ab32564b83e5ad7b9813afb341a547b736b183669f7ad2a1de470536e70b2e5d4a9bf7f3b1f885f519056

/storage/emulated/0/zymame/roms/raiden.zip

MD5 43ad404f5d7af710bd8b7373e45bb2d1
SHA1 4b237439ff6184f9aaded0b68a75c6d21383434e
SHA256 84fe1b18198dd4139ff409803f6f758dc4871a6a3bb625cac9b71dd79c28c71b
SHA512 72ebd33b871568d87503217fb94372b23b9e2f5ef84d28f01608043ca09dc8b7eae470300f6e9785062d181eb8fdecaca04f52c22f084b233ca9d8b9332c7a23

/data/data/com.werqwer23asdfas.raiden/databases/sldownloads-journal

MD5 a41d18992587e4b107ad700acfa0c325
SHA1 ab1931aecaa1192449d94bfa9b297d8e629c3d84
SHA256 c0c8625207b83c2fd8f714f28536e2b28d3c44349edc0c1d658d7b7ff2f08927
SHA512 68a1a271625ac23fc0c22e5b87a07a7a82a4f7b8428c7e5ddcc319273a2ed5eccdfa9bcfd3c11533e2223a66e375920f260551861c77b9733cdef838633fe7d3

/data/data/com.werqwer23asdfas.raiden/databases/sldownloads

MD5 1e1871f1e45fd4032bc5d559a12b2e4d
SHA1 951f0e4c706a87480eb50ed6f21e26b59a8084e5
SHA256 23aee3fa53fbc55a96cec48136aef8a903d72f678c9bb8d498b2393826a8f4b9
SHA512 4a304216e9d9868b33f1185dc7459d2d56dedbdc31ae28c7df8ea826bee4c4785c851be1a821e6033c354b8e78680a28827127b03746a3d798fe5116d36b0add

/data/data/com.werqwer23asdfas.raiden/databases/sldownloads-wal

MD5 188c5fdac9a10e7c8eaae349ae87377c
SHA1 bd1387593b2a7343e1d36f66c7fbc196fb69f661
SHA256 e23dde6f4c496c1740fe4c8ca01c42e4cfbc4f54d169a6e0b66c67c402307969
SHA512 34da689de7969fc5930fd990bcd1fd8c923276e7ecdd1d0850eb75587c263a380b2f15f38e4dd93196f74922218587adb4aa576e5483177238ddfce18bdd9373

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:31

Reported

2024-06-13 05:32

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A