Analysis Overview
SHA256
7eb6d01a00aae661b892b776e8c9fa059e4a4035bb7cc026e71879ec2fc570be
Threat Level: Shows suspicious behavior
The file a401503560da253e8aa5a3c82d31534e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:31
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:31
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:32
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:32
Platform
android-x86-arm-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:31
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:31
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:35
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
186s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar | N/A | N/A |
| N/A | /storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar | N/A | N/A |
| N/A | /storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar | N/A | N/A |
| N/A | /storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.werqwer23asdfas.raiden
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar --output-vdex-fd=49 --oat-fd=51 --oat-location=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/oat/x86/aybydcaamcvhtgn.dat.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar --output-vdex-fd=46 --oat-fd=51 --oat-location=/storage/emulated/0/Android/com.werqwer23asdfas.raiden/oat/x86/whdbgnw.dat.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | csapi.adfeiwo.com | udp |
| US | 1.1.1.1:53 | zp.veegao.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| US | 1.1.1.1:53 | app.taotobo.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
Files
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar
| MD5 | b2dbaa59700e847f1f09e9ee3e697280 |
| SHA1 | 65d35a8889e162e0d93249501d6ece0bdeab75bd |
| SHA256 | 28d30aa230a74582b2f9ff3d28dd93a6560cec5e98c28977a7a272668009e963 |
| SHA512 | cd98522a884af5568427be4600dfa90dbba2519b030bce93ae3413133ac97df5c9779055a50f753be79956390d9404b32f4eaabd74e0f9728fd44f67f985e472 |
/storage/emulated/0/Android/data/code/KI.DAT
| MD5 | 2b53b6b030d7bdb5da6ea0d501b6a165 |
| SHA1 | fa4e9e8d724d91963a3fa3def11790559cac11c1 |
| SHA256 | d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc |
| SHA512 | dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128 |
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar
| MD5 | de202ef37258c62fe80f234ba3e39bdb |
| SHA1 | 4450c81fd144d0c83c40c1c0d106212160b7cbfd |
| SHA256 | 5edfb061613c69e00c02741523b12e1ca40bff92f9aa31a073cd81013d92f8af |
| SHA512 | 3849e2674a4ddd189b4ca00c38144cbe5ce3769b5fdd3ef000ca4cb3122c1f99425d4216257a4b4bb36f8500ec6f6e67ac5829efb15b4b266b370b8e467388e6 |
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/aybydcaamcvhtgn.dat.jar
| MD5 | 95ee813690dd01a75106d988b87c0253 |
| SHA1 | 26ebfbcb5bfdc75a1f202ffd68ce106d7f792ded |
| SHA256 | c50eba8a97c93315d888f2414b1a291a7b2dd97b549097e3d9d7ee2a3909691c |
| SHA512 | de5ecb3b6f393a4064ca6853ed59b63e40d54232bf5b62c96293cb5dc944373bdbb773250915db67a28e6de7ac47f3654c5e794403d2308fe4c205ce4a6687db |
/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-journal
| MD5 | 6b12efeab6a0f226777bfeaf1048e282 |
| SHA1 | 0182a95876a1399c19b3084c519f7d2549f76c92 |
| SHA256 | 783888e8b2a4575c861bf1cc38bb0369f3bf46e7f042db46a2f5aece09f77850 |
| SHA512 | 3f31acc8755388313214f2e7592a6304a980a43f9adaa0fcb4d6b0ce675b041bcde86547c1b93d7d17c62c4cf3ee5b62f01649f00bf46c676d00d77cab11d43f |
/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads
| MD5 | 52683786bf562944ca4cf7530a4fcfa5 |
| SHA1 | fab4541970f696a2eb624172f9143c0abecc664c |
| SHA256 | 32309e33dc7c0d00534c4aec8dba3fb80d6237ac59876c9e319da2f53ebb35df |
| SHA512 | c627907a659ee6868f41f1e5707dd641ab790942a2e3ccc387e82d0b1005d86dd5943e268cd90c6e1862338ba09c9bcd21dcd56339b9614b5dc4ed3ebb6795a8 |
/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.werqwer23asdfas.raiden/databases/cpdownloads-wal
| MD5 | f16bf6828508deb5c8e929a98a60bcae |
| SHA1 | 501d5a20dcf16c816afff95c5167a9e4ddf56cf9 |
| SHA256 | 3518699f608ff189f3507e80dbfa516661f455aa780ac552c8fa9817110de4ad |
| SHA512 | 405957a3fd9908edeec63f6a6e9634e741fd0009cece91a5381ef64b3aa2f6c5619602b75007802cb07feb0ce3dc92a30cea07b6b9aa273e62c9cf3dba4121e5 |
/storage/emulated/0/Download/cp/time.dat
| MD5 | 9c8f6d251c67f629854876711be451d1 |
| SHA1 | 4d93b13daf8e36e5fa5a529115ec04a461b13809 |
| SHA256 | 088546d9c8486226893d053b5930be9758e9a3d2b2f993be050541b9c18b0dff |
| SHA512 | b2695907ae414ec2e1f6105ed72bb80183a5361e2b26636fe0c8e780e6175a5e2979745baa2a134e91c28a606564f3ed48936ad26f69439c9e47be8e24c27202 |
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar
| MD5 | f03109f7d3b909d09d88619e1dba62b8 |
| SHA1 | 82369183044ee28ada441be5b706cb5fb776f11f |
| SHA256 | 7e63c4fb649e966eb8ed50ef223855c361dc15a14e0298bd541f25523932ad51 |
| SHA512 | dcf80a5b89c5c65968c75cf51c44d32155b272bc45a0eee371a3554fcd5084b068150211e334da388e8f5827ff60c79706e54ff1d640eb82cc1b11081109b965 |
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar
| MD5 | eb51c914ecbb3efdf23011cfa9d932f5 |
| SHA1 | 1a6058521ec1233b3ccbc3301db119e1a0c622e9 |
| SHA256 | c6bfa7d9ed47bbc7ab6d6677f13ba9ebfaa2f883c21ebea302319e143b6d62ca |
| SHA512 | f54a858ec00294cc28551f6f367da905b1a6310d78dc65e63b4dc3d079a11cac6ffab8e07e0fc9f64f82c458ce9f37ad2cac835caf295da5ee384cbed7eccc46 |
/storage/emulated/0/Android/com.werqwer23asdfas.raiden/whdbgnw.dat.jar
| MD5 | 6ac13e470c763f47aa0332b146545ddc |
| SHA1 | b307d7fb98377afc0b13f8be32e1712ca7097dff |
| SHA256 | ff5e71ce4f28ad30f21ce057901e5c2ee1cd39921523beef2358f438798483f7 |
| SHA512 | ef4889348fe20d9b43f2a5db114e9b6a7d2cad3d831c8a8f6924a0d607fd8cd3bb726d005e73fa46d7a59264dfa5a395e05fa970321ceb787d3e0e45086daf42 |
/data/data/com.werqwer23asdfas.raiden/databases/vdownloads-journal
| MD5 | 1c41e78d0b5d021d6270332d85cdde73 |
| SHA1 | 5551f56b088e6885dafb592c292a6a4841126719 |
| SHA256 | 03186fc55a9c21b0c78d918adba2bd765717256ef0c3c8c5e65684b9fc71d8be |
| SHA512 | 4da82e58d242c3ae659831342e913399f7afa8b898f91970ae336f035f2391c853c0cbdf84089ffdcb8a6492abeb2a69138afbd87b2f8fc201c1a00186728c5e |
/data/data/com.werqwer23asdfas.raiden/databases/vdownloads
| MD5 | 2002feef33952c647201af0ba35fdcef |
| SHA1 | ba10fa8b04739a30a8e10a924cd537395790e193 |
| SHA256 | 894bc0f995838a6eed66f8ccddb907992116296a9bddc107e1ebc45715d2d07a |
| SHA512 | 249671b13035c8dc3f7c42a328d1ae3ff4c7f8d64177b3d2a3ca6e97fc06985219d49fb6dac5a8afaeef9a655e647b6bd3c3d4be036d5e326945dc1180a2dbe7 |
/data/data/com.werqwer23asdfas.raiden/databases/vdownloads-wal
| MD5 | 1c23491ce86b3b30b5c390cd3c97038c |
| SHA1 | 07be04a2ba27da1f9c0ec158eca14eaa0b61f0d5 |
| SHA256 | 03c5d42641fcfc0cd09793bf40e0dc4d0f11f634d53793b102b053176d4d8fe4 |
| SHA512 | df8f0c6ede45b1af014c99956c3df4c0e46076dd0ebe2fe3e86653b38b46a61805cd78b8a110898ac516071494ad1d55eb84d0c0f3b21f9b559e6700e564bd0b |
/storage/emulated/0/Android/data/code/.vapp.dat
| MD5 | ef29067465d33cd9a794585f88473f7b |
| SHA1 | 76be771ce4615c7228cf3e250e3d5e4867c94c68 |
| SHA256 | cd918c726836e81685449e261a5b9d86c34e6f48f744fbeaef02ba8309e465af |
| SHA512 | d054cbb44ac90cdeb24d9397cce7b5f055f87c973dd20227b87febf69241d2d8da2f2f918ad54155a969eea8c1cfb81ac0fb2ddcd36a63711d5983512fc59078 |
/storage/emulated/0/Download/vgp/clearT.dat
| MD5 | 2bec3d02a6aff0aa96109de1b94f5214 |
| SHA1 | 5caa11f971e01b35a9862f859c0fbe67cf5f2624 |
| SHA256 | 2eaf40cf6fb1cb02309852f331acc45925ca7915b1547f7bbea6bee1247dc39c |
| SHA512 | ce2685ffdf2ba9251384b5a0b1673ef9bce465907612c9163df254761576553da7a325ae8fd1f62e8232475dcd9012f962a4d6bc18298a33c5db09ea217f7cbb |
/storage/emulated/0/zymame/artwork/dir.txt
| MD5 | 61ca60176c21d1c954101c9ae58a42e3 |
| SHA1 | 6ba33a9f273dbb6470c9970e3dfe20efaa02349d |
| SHA256 | c9adf2f60c080d3f7d7946b09eead268bc6d9ff0206ee722ff775288eef8dbe1 |
| SHA512 | 4dd28253f99379111239a315c152ca719a012aede72171807757b1f96cad975bc694c8f06ebc7f05ff2f3f2b0284499351ea0f8ef095452ec3caebbba68c55d0 |
/storage/emulated/0/zymame/cfg/cfg.txt
| MD5 | 906138b640242f8e002752e5403793ab |
| SHA1 | 3bad2e1cde7ea9b0b1745e54551b9170a0728a8c |
| SHA256 | aedf75ef5955cac12c0f11c0db5dcb6e0272db9b43de123e7ee3b433be2167c4 |
| SHA512 | 0ba58c4ea92ceb4649d23ce53b0de6891bdc02d668f21d59633a1c1df9140705e9ef8c150164d245b746242c97513cca1b8e4e4091eadb55570e82556ba32b60 |
/storage/emulated/0/zymame/cheat.dat
| MD5 | c5b456237958c7a7c120a8ad710786a0 |
| SHA1 | c0f20911b6f929ecd8302863d9ced3e5ba9c6b97 |
| SHA256 | 6a8ac178d339a303d78e30191bb06b5f2471e387f0fd5a70d78abac650cf6439 |
| SHA512 | b1a02e051b8e39ff4be46ecc7818e0ea7f6defc9868dd3eb2e6d73df1a8f825dfddbf0395cbf1f9cf021aa4f53e1dc25c846d8733a65ed4340dd6e849483ba97 |
/storage/emulated/0/zymame/clrmame.dat
| MD5 | 1fdd561c16e39b659ef3f90d6ed8bd83 |
| SHA1 | c87b9c9b1c715c8a6924b31f32de941652b238b0 |
| SHA256 | f07a40b7ae503dfc48bbf89d9dcf59e5eb1d8afa31e803814a1f8a56c35a0e33 |
| SHA512 | bd5b7b7c5d3a70c3456636e1aceff85f0e5b060179b06b03e1fdbdec38eac33690a29cfbdce3c1049119c217f40f5340e6da59b26f1019ad1592785e529e4963 |
/storage/emulated/0/zymame/frontend/dir.txt
| MD5 | 0ac0196a072bfb4837268c532082fbb6 |
| SHA1 | 5f8f21f5f4a1bb31b4d08c83bfb6075e191dfd57 |
| SHA256 | 327b0a3bcab302ad351dd22293e1e788eff199cf655fc2d8dcd3aa0136d15ccd |
| SHA512 | 878635bba7220cfe04a39a4bce58848593e506dda6e6f493db6cd3627a557dfdd526aa9328930728c1261ce136d93f7566b112b0a26d42968ef3cf76d20cb25c |
/storage/emulated/0/zymame/gamelist.txt
| MD5 | 8d258144aa9a9f6e2499ec4c8c0659ed |
| SHA1 | 4e5fc5844df4df8366886b21175003ea036f3129 |
| SHA256 | 53fe2508a210b4a27c1a742a774865640440d08937b6a64b64dce2dc1aff8c56 |
| SHA512 | 28ea5bb66347460a9ed4e15088b6f8a18bf290c1a738271ccc2e302f0e2efa17bd10dd1118ecc82fc38fd61bc44c54c63d2ffe81cc02e07223fe72a2e9637897 |
/storage/emulated/0/zymame/hi/hi.txt
| MD5 | 0b4390cde42299bdffa7a66153064449 |
| SHA1 | 593f2c5dea5f2412fa902b091fd40779484a6750 |
| SHA256 | 6fa5ebe3102005d58d6604441be185fe9c81145fbeecd7c5e0af0d960d19b6c7 |
| SHA512 | d9bceb4256b50a263d78d58ed1012d32f7fb54df15dbbd729074f0cfb927327bd904e360a8ad6cf6fdba4f80ec1bcf66ec5707b8d6b34de5f95a3d9071942a41 |
/storage/emulated/0/zymame/hiscore.dat
| MD5 | 5567b18ff76cf4406c915d9d5deac2f4 |
| SHA1 | 830660c510bb185c3278320b2ccbf5f536a1a649 |
| SHA256 | 5343afa128b3549ecde25fa6039d6d0f29863de89bafde18871c6111fcecde78 |
| SHA512 | 8292d2376f1e7d0053ae952b7a3004b86f493db78ac8a6ec6a81994b7cdb7af89240b03fd31c8c70fd3318be276a844a84b87a528259f33d29b5c87a63ce28cf |
/storage/emulated/0/zymame/inp/dir.txt
| MD5 | 50ce09c21997c968d390df50d431cf35 |
| SHA1 | 4f720e2e6454ebab51d58fb7e4514bf1ec8e2eab |
| SHA256 | 2d90bb79562ee8e9bd6a5265f079519804b62f1faec82af80d19ba38e491dfd0 |
| SHA512 | 83141dc97486c797366a4ce05c888434df80aa0b1bc0d7636b0fbff737cb8d02fe8f3ba21ef73bba977b4a2a944861a8f7af03ec7f84d9f5339e057b8ccfcbd7 |
/storage/emulated/0/zymame/memcard/dir.txt
| MD5 | 315dd1d2bef0d915a1ba98969d0add35 |
| SHA1 | b3ec51f81a86dd5b11973dd5c9db5f9d25471df1 |
| SHA256 | 61af626687b67a8bf45e236785f8e64a6be90a52fc77f9c50de3ba7d29427ac2 |
| SHA512 | 70a27570be6409d942a7933daf2ba7127c537599d78adb8535dd79a2e608bf4a798b8ded9893098ea061d7672ff1e06a6618e2ef2fa9fc3b965745dbf312985c |
/storage/emulated/0/zymame/nvram/ddonpach.nv
| MD5 | 60a5cc61552e53b80d010079253e5e49 |
| SHA1 | 7f597107d1610fc286413e0e93c794c80c0c554f |
| SHA256 | deca89913dc67e9ff159d29c9bbc6e41313d260b266d40d82343967e96cb8dcd |
| SHA512 | 162c17dbfb3c5c206c2a5ffe5ce19bb0519003944df8d81e2b7ef5015c07b0f607343e0cf968b9db68f18233ad19413c5f2bace5a1605f68e6fbba3403317a56 |
/storage/emulated/0/zymame/nvram/dfeveron.nv
| MD5 | aaacc5d7f3b1d8744d0157a293120d13 |
| SHA1 | ac7737ad0bea039b3f7f5e4b552b248c26c7700e |
| SHA256 | 1d086bd3b7209b72bac0d1a85ccd09d19075840dcc2af27a6cf71382a73b7c31 |
| SHA512 | b30ca67a570224f5ea926b61d1b8a3fcb6cf5e340a3be4cb56bffeafdaf0827d3053d18c6dd83c7474f997a4638932288150c78fecbfeb59b91663ff927cc647 |
/storage/emulated/0/zymame/nvram/dir.txt
| MD5 | edc7b1035a157da632e12f95276f3c5e |
| SHA1 | 9d56be8ab0b219a4c9a9b86615dbc8bc3d30ecb9 |
| SHA256 | d95ab3a9c76c87af69c90d6212955d38b4e11f419df093c2b3dec4a2e685d34b |
| SHA512 | 219b36eca02f1e7d24dda88517278b8a409845475029c56dd01593e4ba9876547bbfde0b2f01174df4987fda43a0774921f7edc5f06c8e52105afda10bdaa694 |
/storage/emulated/0/zymame/roms/dir.txt
| MD5 | 5c5471a17bff533c549a6c083c0cacb0 |
| SHA1 | ee75224a9890b07c0165849d44105fd4faecb255 |
| SHA256 | 9bad542be120661083668e03612d8cdedab77ca8c8d70dfbda4db4e9131e9a39 |
| SHA512 | 18b0a626dca0b260c8a469b8732e1140b3612ef573662e8bb60ce314100cffa43d20585eca9742ca349c45d3e53d9f60f9ffec7a2ada3f4541eaba21767e3bdc |
/storage/emulated/0/zymame/samples/dir.txt
| MD5 | 9e444957c7e7f6bbb69a527f2fecbf2d |
| SHA1 | 4a2dae3cc8079626692716e377f2d99247ed0a81 |
| SHA256 | 058dac2d76ea0a37dadd7374e3b9cdf4e2d64870125d12220ced0f388d3a4107 |
| SHA512 | 1939a26596f1eab0186bef168a118283828ad8b33d4e90d6a29be8504e36ba70d98965de02067a165860c00b9e33cc8b3e05afb22475ba2004a99b583f76541d |
/storage/emulated/0/zymame/skins/dir.txt
| MD5 | 763795df731edff9329cedee0545ac56 |
| SHA1 | d22c6587ed205a7627c3e680a53533bb0d7dbf34 |
| SHA256 | 8e8abda2a28ffd197e89c725b898fd4708139609b5d08283b17bb01509b2df16 |
| SHA512 | 7e36450d1198342d7f66b4148fa71d6880fd820838e5a4ae7f1dc9bf8adff701d22ebbc0bded3931f3fbe0f01573540b4cfb69adf3fa4bcd538f1ce6da5b230c |
/storage/emulated/0/zymame/skins/menu.bmp
| MD5 | 04bad9d8e44ca10346f49218dd90e844 |
| SHA1 | 4c32cc4cec7b7eb3f2230fb9d194fdb08c3c0399 |
| SHA256 | a3549a84242c5633e8e88eb41cf69b037a1e6c66607dee32aa4d9480d01520e9 |
| SHA512 | dd270a98964b96714c314ac968943ee7c3e0889a99e4e2c8b2cfc9525ebd0c5a4e2512b85cb1a3cc01c2e730a9363db7e05c64f2d7be4b6f945110ff840cfa5f |
/storage/emulated/0/zymame/skins/splash.bmp
| MD5 | 62595501c786a5fd4157e8ab67be526f |
| SHA1 | d5c09a55963840979a68bbec1494c37cd46227fb |
| SHA256 | 12071da10d545011f50f83c96df4957eea35dfe92d6123a4f857025f9e17bad5 |
| SHA512 | e0339d779fb7921f2d59383c8a999c319087656156f8cb29e617763f9a337b05d87ea58c44586b2eb8396a1a279bed211954cdcf31abffd173162903ac66ee74 |
/storage/emulated/0/zymame/snap/dir.txt
| MD5 | f52c4b459c656718ab1b470b5fa3cd9d |
| SHA1 | 71342402d1d82e18d9377797616b2a5d2a4f2d54 |
| SHA256 | 1fbdea760e022cccc6b18e658eb02957b53685b8b21a9808a0032a7bfb960b7e |
| SHA512 | fd21d9c4ba9b1f8cec57490ac5aa26813e85f1062a6095f01eca259068af2b119c0e1184a9c99f9a60e57f11ee5abd37c77d0179470784db01452b9aa6aafbde |
/storage/emulated/0/zymame/roms/neogeo.zip
| MD5 | 88f3a4439a086a36a1c3be4bb4e21db6 |
| SHA1 | c7f5ca66a5bbb0a1312acebb3cdeaef6d661529f |
| SHA256 | af73038bddfe4774a8d7826ed2f9c4576599b28f5f8a28316e595bdd81b2025a |
| SHA512 | 1becf0af2e79778a245ed72fbb81771d2873dfcca85ab32564b83e5ad7b9813afb341a547b736b183669f7ad2a1de470536e70b2e5d4a9bf7f3b1f885f519056 |
/storage/emulated/0/zymame/roms/raiden.zip
| MD5 | 43ad404f5d7af710bd8b7373e45bb2d1 |
| SHA1 | 4b237439ff6184f9aaded0b68a75c6d21383434e |
| SHA256 | 84fe1b18198dd4139ff409803f6f758dc4871a6a3bb625cac9b71dd79c28c71b |
| SHA512 | 72ebd33b871568d87503217fb94372b23b9e2f5ef84d28f01608043ca09dc8b7eae470300f6e9785062d181eb8fdecaca04f52c22f084b233ca9d8b9332c7a23 |
/data/data/com.werqwer23asdfas.raiden/databases/sldownloads-journal
| MD5 | a41d18992587e4b107ad700acfa0c325 |
| SHA1 | ab1931aecaa1192449d94bfa9b297d8e629c3d84 |
| SHA256 | c0c8625207b83c2fd8f714f28536e2b28d3c44349edc0c1d658d7b7ff2f08927 |
| SHA512 | 68a1a271625ac23fc0c22e5b87a07a7a82a4f7b8428c7e5ddcc319273a2ed5eccdfa9bcfd3c11533e2223a66e375920f260551861c77b9733cdef838633fe7d3 |
/data/data/com.werqwer23asdfas.raiden/databases/sldownloads
| MD5 | 1e1871f1e45fd4032bc5d559a12b2e4d |
| SHA1 | 951f0e4c706a87480eb50ed6f21e26b59a8084e5 |
| SHA256 | 23aee3fa53fbc55a96cec48136aef8a903d72f678c9bb8d498b2393826a8f4b9 |
| SHA512 | 4a304216e9d9868b33f1185dc7459d2d56dedbdc31ae28c7df8ea826bee4c4785c851be1a821e6033c354b8e78680a28827127b03746a3d798fe5116d36b0add |
/data/data/com.werqwer23asdfas.raiden/databases/sldownloads-wal
| MD5 | 188c5fdac9a10e7c8eaae349ae87377c |
| SHA1 | bd1387593b2a7343e1d36f66c7fbc196fb69f661 |
| SHA256 | e23dde6f4c496c1740fe4c8ca01c42e4cfbc4f54d169a6e0b66c67c402307969 |
| SHA512 | 34da689de7969fc5930fd990bcd1fd8c923276e7ecdd1d0850eb75587c263a380b2f15f38e4dd93196f74922218587adb4aa576e5483177238ddfce18bdd9373 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:31
Reported
2024-06-13 05:32
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |