Malware Analysis Report

2024-09-09 17:51

Sample ID 240613-f8d9sawbne
Target a401e40b619c172ed746298a29bc1bc4_JaffaCakes118
SHA256 e3f416a2211dcd463faed04703c51ae58ce6f288ff43e63b72b00cb817abb06e
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e3f416a2211dcd463faed04703c51ae58ce6f288ff43e63b72b00cb817abb06e

Threat Level: Likely malicious

The file a401e40b619c172ed746298a29bc1bc4_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:35

Platform

android-x64-20240611.1-en

Max time kernel

175s

Max time network

187s

Command Line

com.tencent.tmgp.ksmysjhzol

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.tmgp.ksmysjhzol

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cgi.connect.qq.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 cloud.egret.com udp
CN 49.4.115.180:443 cloud.egret.com tcp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
GB 216.58.204.78:443 tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp

Files

/data/data/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar

MD5 d428e23060b3b30cd1926a33a17f96a4
SHA1 37eb661405ebe0cad99e83ed625cf2bc2e1ae612
SHA256 1f88fdf320cae29d1fd7c639b09ce4d4b468e349cd8bc71376d7c928ffa66f6a
SHA512 daac098768844f55ee1528f40b334b50928ad1862b948a5c942338a36c7cfd947356bbe605bd554e9ac85c00f6a39022c30374625311ce17c36734e291daf2db

/data/user/0/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar

MD5 9b20e11634237a1f000b7afb886dadfd
SHA1 004892c488dd2bacf9309dc19497364571804181
SHA256 f77c4b20ed10a4c168f723d502fb277391a2fa8ac9d189a4085928609b551acb
SHA512 3d23490c2dcd16f998d7665208efb7a5dad0ec3c6755f06a5885197cb4d3fd3ec49ba4db16a841057abadc7f25533f1edd5b598a2419e4fea2a57c5fb76cdbd6

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-journal

MD5 f13413e2e98f9e95d73e41fa4d641890
SHA1 b6dc04db98e708180713f5577c4582cff9d1af2c
SHA256 08e2fb8ffb21774e81475e66f45bfa42b87349fa3ec16836321b5863bc9489fc
SHA512 e7107f793340363ba7def32f2da4d7e9ac719d87200e0f8c60e76e8640e099a9e91c552bb1fe636845806c2f1e25671ca24a304dc3a635de3b71b8b8567f5e0a

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser

MD5 bcf7470dfc6928837ffe2df3debdc52e
SHA1 15eaa9939a3a7cb25318dad747b0cffddc0da38f
SHA256 1e80dd637b83f0706fbc0457a10c93427c2c13b98e7edbbd5194610b71da39b0
SHA512 514643df4ff3a15cc6ae80952e27e0e14e0242691b644f875f4d4bad9d4d312e47213cb6a31cf1fc5b075ed9cd3a98b4e1558a224819ff97bf609f8ef6757e10

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-journal

MD5 0021e267d16bacbaaeb9d6aff4ca0422
SHA1 a0b5168ea929515dcf93c373e100a2b2506ca789
SHA256 3ddae809f6ea42c1812cb58ef507da9b807536df155f7d6f697124818fcbe42d
SHA512 ad5ff0f4a496c20512c15da249c59222325fb62a51ab6e522ff6654e75c08dcfb0b6fd5617051f3d3e839341e97efec0036be81a48df898627a9432c39ba9afd

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-journal

MD5 1797461730ae7af4b065ef8677d2ed67
SHA1 14d1c49fab989a70dc2c5f9886edf7076a17277d
SHA256 b7258e9972385e0d24113900a34024bebb44954b14c711a1a23b95140ae017cb
SHA512 7177b3963b4cfbd29c222e670dcfd8c1d2a16eea3c7fd9ababd84c4640a4477d2be505f75fe12b9b906e58f32fa92b87feb4ba7f144a3f4ccabdec6ab826e92a

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser-journal

MD5 e17ccfd24fb96d70a363addbb46a6a4f
SHA1 635e31aa6e629e737b5ae343bb1d147a55694e9d
SHA256 0f4af7d625a50dea9370a75917c79ded03294ad2f83dac8686b59d0d7e4fd88f
SHA512 f9f91c7f096d557c73419dc932eef1e7807233b76056df459e1300e2e47404e0da2508dc18d76d66f957a684bac6ac07d55660d766511a9bb1e634f3dd55133a

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser

MD5 71c0874a95c09eb36da7f9eeec056db7
SHA1 958b1db3db7701bad70400fb86659f58c429f8bf
SHA256 ba94677766163c6cb73a49a8880cb2236333258166a20ee0c1170177c86cfbf3
SHA512 10811058db6ca2bdb50614b9f6b894d7e587ad5f6af36396d5c40ebe1a459e6e15fc5f9ed653645dd7ba92ce69a675c903096932bb3ade5a000ae1e70edb2cd6

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser-journal

MD5 77e066c1b4b4c743b63441b4377acee3
SHA1 4f731098b709154ac38630f25a0c8be1e0779423
SHA256 eef6b9a63217e7769b71f2129ec3506e6da589e4cb03a08867dbb52188af9b3f
SHA512 fe1345a34cfaab42f01ee3775f6ac2869a7957a7d51779ec10b4a9c697bb459b55279de30553ed9b6b8a6573da90dd85412a94f58d3784af6259cbe746ead326

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser-journal

MD5 d9dec2a8027fc83c3f110a2247ba5f25
SHA1 5bf0dc3a5a6faab3d7183c4e44d1bd0aa6fdb76c
SHA256 0c9fd0ee037a8fbf1f4e0c7b59a663557b722e3f4b79900173c3fc6d215c1228
SHA512 454048a9c55a5a5209e4413d22841e18ee3f80fdc1157f49cbc1508fea3a4e4f68f3bb2cc3a955792b93c710784d78487dd2c8cd0377dc70bfbf84dfddfdc462

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 7e0e32d921a1551045b5b8c25cf0b9a7
SHA1 d290592f6d2e41e8d6ce6aebe0035ab82760e6b1
SHA256 459f1d92f95f483073f33cf9b622d69b6a77ee564633281c32855b07f0c3b8f5
SHA512 471a22339026fa59c969bf5d50eb6fac82f8d6dbf278388a308086e94d08d9fd2c6743caf8f508708ff0c32f5b7e23bd77775fe84558a2c62da57e80e035ab27

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame

MD5 d8d49081fa48b00e3dddc59a5fa9e9c6
SHA1 98f944994b01f097ec87b3701b1a8d0a384350f2
SHA256 8260dbc64eb882f370cbf72959cc6bf7d6453dab07acf30659877c891113ddc7
SHA512 da1e692b21dca48796d9980bf04dd8763a93956e63b42f51c1c46145be5e37ae01867694f155f8af88ba46678be8ccfca19b20170e710762086e81fa8ab35837

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 81b1f9345f4da45ac4076b128eec7b73
SHA1 1df38b742077a6e13dd7f50d8af99b57888e8456
SHA256 b0c52ef74bdddc4de0fff7572be209ec78197e36dd492f7de2cf3ec580997865
SHA512 f409f5fcdb25cb39eef33888d205346ad1a6e8fd7e690f61e39c9be59e81947a73be4843c32256a172d0badb511e74fd18136df7485130b2cbbd383cf04d19bf

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 d80f7446674e11c59202a87a3a5f18bd
SHA1 f2312a1ca1e6a07d1287b3602524a21efb600c76
SHA256 ddb6148676fd16f5768a97ce28d79ae8c1470311b1264456cd47695e5003bd92
SHA512 f780f8d11ad21fe4baace8d32a96f393675f3fcf572ed8115b71280ef8a90e4d93b65022394f17ec97baa2632d5248fde06fd5cc912b7ae32756104fb090cc01

/data/data/com.tencent.tmgp.ksmysjhzol/files/com.tencent.open.config.json.1108203999

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 2b399b152af1cb9123f8472fcc61db09
SHA1 0a90f3647899736727e948d427ff4367bd553941
SHA256 571410fc0707f5420f6ddf49141d8460056b8f6481528514baa633b319eb5c3a
SHA512 b96418c230d335d8dc264ce57b7405002f21413e843424b7d698d4b36235c471663e69bcb57b8c4d0d99d486304149a192e6cacfb5cbbd474dc448fb36d9265c

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 fe91155f778b69a91f53b8c0b893aeda
SHA1 179eea3307a134fa2553eb4e0467eb4a99320191
SHA256 61da0ab12beb5b779c1ce32406d29a8004dc7a930f85dd8747d3189f4b107dd6
SHA512 8e935235d936548cd6b16c6f7ec349be524e2ca93b5411853def1d2383917fe623cd45375ac1569f8eb2f607272b6bef5112f59c5bc204175079a76fc1b73d3b

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 e4d349db1d4aa04b1ce73ef802d58636
SHA1 32359f738593d8da86411f9eeea518a57debc263
SHA256 753e2180151f174bc643adaf7be2cba3d44a3ff3b077a913634ab56db3742160
SHA512 1517e9c2ddb96578e273bfa6f5b9fce9d8580606e82ee6f870bee9f1c1903ea9913c5ada99eed7227579ded90099c3550ff582b70fde2ae72020d17bdf635029

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:35

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

186s

Command Line

com.tencent.tmgp.ksmysjhzol

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.tmgp.ksmysjhzol

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 cloud.egret.com udp
CN 49.4.115.180:443 cloud.egret.com tcp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp
CN 49.4.115.180:443 cloud.egret.com tcp

Files

/data/data/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar

MD5 d428e23060b3b30cd1926a33a17f96a4
SHA1 37eb661405ebe0cad99e83ed625cf2bc2e1ae612
SHA256 1f88fdf320cae29d1fd7c639b09ce4d4b468e349cd8bc71376d7c928ffa66f6a
SHA512 daac098768844f55ee1528f40b334b50928ad1862b948a5c942338a36c7cfd947356bbe605bd554e9ac85c00f6a39022c30374625311ce17c36734e291daf2db

/data/user/0/com.tencent.tmgp.ksmysjhzol/app_dex/ysdk_hackdex.jar

MD5 9b20e11634237a1f000b7afb886dadfd
SHA1 004892c488dd2bacf9309dc19497364571804181
SHA256 f77c4b20ed10a4c168f723d502fb277391a2fa8ac9d189a4085928609b551acb
SHA512 3d23490c2dcd16f998d7665208efb7a5dad0ec3c6755f06a5885197cb4d3fd3ec49ba4db16a841057abadc7f25533f1edd5b598a2419e4fea2a57c5fb76cdbd6

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-journal

MD5 b73fa037db8c5148f97a8eec9c23af2e
SHA1 1e7240de488b787ebb1089fea7909f8f821feca1
SHA256 4756eac895eba3a501cce1d94094b41ae7a6c04564073c23619d5109fe67b947
SHA512 9684ecfbf947d99d5c049f12922b7f7a1de8de233f4c3c76a0b570243b99b7d807cc692cdff03d37765be47af6a8941bce93aab54f1eef215623bb7347b6031e

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.tmgp.ksmysjhzol/databases/QQUser-wal

MD5 099af28a32d42c8b4d043babe77c4d46
SHA1 5adee9da8d55384a3d1d296fc92064e9b6880e41
SHA256 61906914a6de58e2fec4b1e4158570db7a2e4e0298f6c58152ba821cd4441c6d
SHA512 dff0723ebb0c7daf19d95e1a4302b59bf07655cb2229f7591eb433e5b6229a35b54a1d86d030fbb950cabb0c234820580f8525435b3a323e20d03ceeb4f84941

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser-journal

MD5 c2c88462057b0d1f7b381a7f6bfa8efb
SHA1 24201ffbfda9f59ce718f9b0fe4929aa5e03b785
SHA256 b8a57f03bd28e1466c0cfa8d079338a00123f1933c60a215393b59a42a4ad801
SHA512 93ef057238af78aa1a86739222708d765a84f40b081d57f17bd36a300668dc494ad58cc02c79593c409bca5e76120505dfcbb68ff98164a1be969e35c1083c8b

/data/data/com.tencent.tmgp.ksmysjhzol/databases/WXUser-wal

MD5 bd4b892700dfe2b94e8a43fe55b93340
SHA1 11e00150247f1ca4384a271eb755bf91c1d45006
SHA256 ad62b9da33f5344fa20b8da2a9cc52c4fe80aee0934b0df6ded872334060a7fe
SHA512 67fbac2133a1f30def6e2b363cfb138e9f2c5b20fda9fb58bb51eca5ef8f54cf3806a3f1b9d3634353df2d2e8f4043037b9defa3f0e5c5fceff051cf251960c3

/data/data/com.tencent.tmgp.ksmysjhzol/files/com.tencent.open.config.json.1108203999

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-journal

MD5 70efb2969c43c4fea76efcd9cf419cb8
SHA1 d86f4a67b8abf3943539a3080349994b25cad164
SHA256 6633c9b29c918905565a462111330c7e59568123ae70d89a34987b61a1520126
SHA512 f9d3eeb5c4da4085be773dfa1017e9061f854a7db31b0c6018e7b8b213308be163a54c6b1d7c828ef89b7b39610bad7363c9df37262c9e543bd1dd3920248bd2

/data/data/com.tencent.tmgp.ksmysjhzol/databases/bugly_db_opengame-wal

MD5 e639850bbf313479991a3842d8a4ccf5
SHA1 286a2602ac1c904d158168e3f9476d7b66e9cff0
SHA256 0651ed2fd8fd96a34cacb94a49aaf8094e146df84f22c96648e8971cbae0f299
SHA512 6539d1db0ee66dc07deaea809e751c291dd04325fe30ea30940d3edb66ee78627573a3a0d2917ecd91be376c765571e18264e10a1f70f90b18b7af2780fbb29b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 05:32

Reported

2024-06-13 05:32

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A