Malware Analysis Report

2024-09-09 17:52

Sample ID 240613-ft1jgavgle
Target a3ed7b5da541b74710a6a139e13f3efa_JaffaCakes118
SHA256 3ebd5f70464f4197849d08cd455d90a6619de06dcae2b5247515668737646636
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3ebd5f70464f4197849d08cd455d90a6619de06dcae2b5247515668737646636

Threat Level: Likely malicious

The file a3ed7b5da541b74710a6a139e13f3efa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 05:10

Reported

2024-06-13 05:10

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 05:10

Reported

2024-06-13 05:10

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:10

Reported

2024-06-13 05:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

161s

Max time network

188s

Command Line

com.video.newqu

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.video.newqu

com.video.newqu:xinqu_process

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 ksvs.cn-beijing-6.api.ksyun.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.92.15.230:443 ksvs.cn-beijing-6.api.ksyun.com tcp
CN 1.94.119.240:19000 s.jpush.cn udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.92.15.230:443 ksvs.cn-beijing-6.api.ksyun.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sdk.ks-live.com udp
CN 1.94.119.240:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.92.210:19000 sis.jpush.io udp
CN 123.60.92.210:19000 sis.jpush.io udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 app.nq6.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 120.76.202.236:80 app.nq6.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 120.76.202.236:80 app.nq6.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 139.9.119.173:7000 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7002 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 139.9.119.173:7003 im64.jpush.cn tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 139.9.119.173:7004 im64.jpush.cn tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7005 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7006 im64.jpush.cn tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
CN 139.9.119.173:7007 im64.jpush.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 139.9.119.173:7008 im64.jpush.cn tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 139.9.119.173:7009 im64.jpush.cn tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 121.36.205.81:19000 sis.jpush.io udp
CN 121.36.205.81:19000 sis.jpush.io udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp

Files

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 e8be01a3d651b9f955cbb28d7fe2f623
SHA1 04010f8b539c2e98c8d7b7752e9879547aa9dc0f
SHA256 97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4
SHA512 19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

/data/data/com.video.newqu/databases/xinqu_data.db-journal

MD5 26673c61acf39b5e284a3106ae2e2196
SHA1 ab18b83f72a2078681fd2af02c8aedd82787452b
SHA256 e437b7b0a63b587241e0d903b114316b8413f0b2a133ec03596ca4ac93fabc35
SHA512 26edd29e3f99746621edec0906a54da4e94c18ca25a70ea93b360e51e5549d74c46724992f141584964786a069f278ad42232eece84236b4a2ae0bca31673bce

/data/data/com.video.newqu/databases/xinqu_data.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.video.newqu/databases/xinqu_data.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.video.newqu/databases/xinqu_data.db-wal

MD5 1048ce852f93751a367d8de39ffa81b7
SHA1 9504413005fe40e489f0c875aadf547d769fd2a2
SHA256 82449c9e7ce7057341034758c3481ef3d65ec5e256709d9e0bc555ae61300f98
SHA512 b9672fb0bee9bd78ba203aa8c03f5ffc91a473b56e229bbfc7677013ae6350fbdb3bf87f6346c522368a14891b2980f158f25e893e7e7c03f67da43a7c98b6db

/storage/emulated/0/data/.push_deviceid

MD5 6a1687c35cd17589536a0497cb675ac9
SHA1 f3b9aeb51ebf4fc998f904d0142ed0d908afd9d9
SHA256 8a0634c155a17fef5fe811621506e6b7be192e1b21d7f59442b78662098d5911
SHA512 8f496b1a1279f6586962b46d36f2c4f5d6f8e855bc354b26466830ab262eb773ca0e361d189e8bbf80d22058da7513a96c4d56c5cc678fdbdc8ee28508b446ee

/data/data/com.video.newqu/databases/ThrowalbeLog.db-journal

MD5 0a49ccd04dbd70c11f86276ac4683d83
SHA1 3bae3311f1288e18deda780e48bb55232748ae8a
SHA256 10917753bf62307af7ae816d66bd6103c2921a75987fb31cafc882fb4a85a0bc
SHA512 264daaf6cebdf1eb6fafc3f1533e453108eb4d02a8c58a83c16c4eade0c7370dc103e09b6732d71057cab12ab550397a5a7653d56ca90ce24533c454237862b8

/data/data/com.video.newqu/databases/ThrowalbeLog.db-wal

MD5 d4ef4ee0d7f45dc9d97af50b3da0f5fc
SHA1 a3ca313f6a5e382483fd4aa725c3e45fa98b8782
SHA256 b7ebca708177d31e1f4cd5a2f5af16946ceaae053a080f9c27e6eaf112eef7ef
SHA512 b6009785e81fae61a51358bdaeca40d5c06e85ab5fb6f0da395437bbd20d16858b97bb3e7c99721c8d160d602ca0bb0a8ecdee2a467db10ad49bd7d5a5456b4e

/data/data/com.video.newqu/files/jpush_stat_cache.json

MD5 90af234210c6a7576278e2215d5d4953
SHA1 a4b0759512cfd1e30babb6b92fcaef6b285aa2d1
SHA256 6059713eaaf1462d0f5544568ebabb0702aa1fcd43711129306ce1549a22ffc0
SHA512 f50260357a4e364f5e0000da31ab62a32e8864f6f46c1f002b9916cbbc9c335d84d11156a14ef01a2cf645c9f9a63e248deae9579c9cd878104cc5b3d45cfe05

/data/data/com.video.newqu/app_crashrecord/1004

MD5 86b9ef78c8ca239f9ec91b5bbe6acd57
SHA1 7d243f358cd70817ebad8da602698094b6d7a0bf
SHA256 fe97e47b089cc6f6875aa55198fed994a09ea996a17b755fff5607fb2f9bd9be
SHA512 c404d7c1a35c46eb82765a65c939b7ca6811f6509c90af241828021ef62ccf11f5a740267379148bd1b24123d38d1423e92b451a33e51ac5553c0ed84e93915b

/data/data/com.video.newqu/databases/bugly_db_-journal

MD5 45663ca7f1fb6daa6f21504725b354d0
SHA1 94a7e0a11471172e7d746b7ffa76dae5dc365be1
SHA256 843202a880c75c7f122662c78ca9145166d0277f30ee550562a4d071addb0e3a
SHA512 46b940889b8a771db3742a460d7d17aee89be1441fa7ec03478dd7c65767d2bb9eecffdb67a506da0d1d3e8c61ca5ac79e55837223d60a8c10c73c5012082dd8

/data/data/com.video.newqu/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.video.newqu/databases/bugly_db_-wal

MD5 34fec676b92f7e8ce39da7dc845a0191
SHA1 a35d0056c9164f2f652ebe43c338d3bb5208c68b
SHA256 12785d2ce9b1d7cb3dcf197e420b6779570f8a23b09b0b47177d42dc9de3ddc3
SHA512 e9ab858a22f5e26fce3c6dcbefd856bdcbdb2e38922f8e28a281e7769741f676c88200e9fd29cd33278317fd7249aff060242ce691aca01a06af3cf4d7f7055d

/data/data/com.video.newqu/app_crashrecord/1002

MD5 3e1746d72cd766fa6d0c81a5e6a4cc59
SHA1 af101866f74b44df59d28f8a87102baf0f4599e6
SHA256 bcac2b3cada8829773698eec6020131a67890836f657703077582bd62796b746
SHA512 e1d63a812481fabb8f147492e8f35a049675da28d1e0df04bb81124ea961e959148ecf895c8e6988a882c2154b57fe0233b8d2bfe2369c550ddf8d18b0647a9f

/data/data/com.video.newqu/databases/cc/cc.db-journal

MD5 0c0c83879aacf5a9921c1e6a3b8d870b
SHA1 b5c7532f5c8e4d09378a4628157a6c2c417f3e5a
SHA256 ba44026f8ebcade80bb0fcd9c7a286dcb562c9e556c75a6b0f2ae1241f3fd6e4
SHA512 77d51d94eddf3e8e55ced010c942d12629b86307ca13918fa4095f3b0534cb67bbf143b7a9966fbb9883c7b7f86db10917d2cb0912857a470d937b795b142e45

/data/data/com.video.newqu/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.video.newqu/databases/cc/cc.db-wal

MD5 a96ecca03053e307ca4afab7503ae6aa
SHA1 80d730b5741d26f520991ffe99e9aa94fa5857bd
SHA256 c2ee52853941316eb648cdfb2a67fd224d4a9bd373cdae4e4db06b6c03555b91
SHA512 71f6211f581deb797d2eaa39fb4622fe2268fad93ffcb9536af76de51bde0bfd874857c4d72d04dd60e021c8f711efe70276a31c6a88c7b2a918d591c357fcaa

/data/data/com.video.newqu/databases/.ua/ua.db-journal

MD5 fbd24d63752ceab7629988d53549c49f
SHA1 828d02b1f9b4870245be4682550596f882b0965b
SHA256 69fe65c75c3a5f23f41ea8d58aa435e7ce30bd2cb38eee892eb0a758be236d08
SHA512 f7c572f48097d31cc7546a4f47c142cbaabe80adbdfa75827eae9a0d39862750866c28bd196cc6f1191959018ca6b4b8b23619a0f5e367da84e5473a63f367ba

/data/data/com.video.newqu/databases/.ua/ua.db

MD5 b823018297e79e7a0dc9af685d3426e4
SHA1 082f6aee0d8b2454b4910ab3dba0a3a9b3dc8176
SHA256 b5e3b21fa40e315093c089224907bdb4d1674420c9ab8237f529620357f75ed4
SHA512 1d3a3a49f5e196882af6cc92776fe1681abd6a25e4348a12d8a3b20aabe1b16a55dfb193ebf1d92c85cb063d34947128d41cffb3306212888429a4878aa6189a

/data/data/com.video.newqu/databases/.ua/ua.db-wal

MD5 6560916227a7550980389d64c405ea79
SHA1 8c24fd5783103d999c6c017b598da23f506e6c12
SHA256 29fe0e09f0829a5b988e94f6af5473d805f3a2b11dbb52cd30bdcbe65e68f009
SHA512 d49d770de4bf30c012e335c2750f2a3ae17d1cb490d652c919e9baa5e38f40a6a951b2f0cd80fda1fe5b9573645e3c2f313fdd80098c0115f0e4ca95b2704efa

/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 d76981bb850c22bf261d52dd424dd3a5
SHA1 d2b52e926d51927588c2b426836587e63fe68597
SHA256 70ae375f7ebea59b98fc436ff2587d4784dcd83d7e4c94fd059afb49962fa250
SHA512 a3379600f571a7e69cd8b640dcb172f7f0ca0de56ebd4256f65735d2f6053504e02d7756e0ee568489665274c8aa3756d8fb438fea9505d9137dc1216d9874a4

/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

MD5 b95166c2f63e536b6fc4b5b811444dec
SHA1 45fc74323bb2e66f4c2a493b65b70e0de2aeb77c
SHA256 2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d
SHA512 65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087

/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar

MD5 0b5784570f9310b17137d6541b329ec1
SHA1 6d5f66ef2c8da7aa69644020011bdda95ee1676b
SHA256 96451b883d3234465a050ae836f23469de5cc555252c82d5970e1bfe10d3b83f
SHA512 e826e7bbc5dc7f362ead69ea39d8846574a1c578110138ee5769a96842880fabd1f4f19f3fcfcc6de0f775956761f3c651b2a970427b7a048a02b5d0deb19f75

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-journal

MD5 0477a2e3ac67b282af2fcf21af771fb3
SHA1 dc675a3c88ef462c178b0364dc15f10458d9e1f8
SHA256 ad71b37b65d03731df1a154ef1b8d05cec004db87d6fc5af31dc25465d379303
SHA512 e54aaa895d0edc8dbbdda02992cd5b08d326656b5a53b988f000d2abd08828362eef4be4f3bde2e896d3935f118f860299ecc3bd8fdbc74d8695760585b6b35a

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db

MD5 755d1d1b0599d7be973031b5a9ed3373
SHA1 3b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA256 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512 afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-wal

MD5 f068f2c2f8e5d3c53e638dd97cb661a3
SHA1 dbccf9338ae6b84f847365d39da6f49501d7562c
SHA256 dcf54243fb076a599fa8ba0166fbf0bdc11d7b024ced4985dbc51c36fb4433d6
SHA512 a221d7ac83aa85be3888e0529b56944fba6dbadddec098bc2faf436e23cee5f9d30a1a1e48177f7616f06d38c3d65f5ad2ce55df36f6f84b1a9b4703cbd0b460

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ad26d2c5dfd7ec98b84f29e3d9e721ab
SHA1 e4b3d487154aa88241c695d025ef4938ffe6be65
SHA256 77832536a2299509d6cac0566cafed9439e63b9c9176f31fd20cc76465c64bc3
SHA512 f01011a99aa9d1299031fab99bc5e132e8f977760314035d4ecc561c1c67e1a5a524baa32994249acd4d9705d4dc6070549c439e5719ede2410c7be5751357bf

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f3392adbc14ada010a0fb316ac24d8ce
SHA1 f056cf2a6e5ead4e0b7438c70f2d4982049a9cff
SHA256 6be528432e27f0c7a24a24825764cb14d1d369ddc19dfe5b3f43fc6f3940215e
SHA512 e2afb4337c3a2b9a4681782404ff04e4d63ca552a0ba95d71b1b0ec7a109ca44ddd2d47f0e0a8697cc55f5141d978671b310d9c4c5668adb8c010cc53c92927d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0e4bced3a5640d1a7c361b18d81e5ce5
SHA1 6afcd649aae8ea41bb72374687753ea3c6fc90e7
SHA256 2b14d972a2f9cf7e0e1d1c7a1b53a902919b87f1d064df5e53b3f0ff7e2e7816
SHA512 6fd273d002c18afd802c627a47bc081022565fce1636d80182add2818db6d0e63cc2fabf028191884d1a93a889a5ae12bad16d5ad211fc49ee706c3c93bd38a2

/data/data/com.video.newqu/files/umeng_it.cache

MD5 1b48a92f469ee9aefba75bba44de643b
SHA1 0b538f5da16ccc5d808203f9ae4b4e6bb726d1b2
SHA256 71bfc3f36492885423954571f2f42cd16fb52840592e4ff1f0746abecbffe0a0
SHA512 94fde64e134161dd8c5bacbc24dafc87696b743188ecfd498f35306cd4ff2a27bf82bcc6f9316031a8e7d73a36fddd086319a613fdb1449b473b565dad1272b6

/data/data/com.video.newqu/files/.umeng/exchangeIdentity.json

MD5 a74d5d8750acdba2e8db92412f1a5c70
SHA1 0502d0264d2f2d452eed43519c8ff273ed2ab4aa
SHA256 41a8bb119a1b240524cd1d1bdead10c3de1a6e86b16a6b89b5068b90667653d8
SHA512 b3dfe7b82fe12b665c279cebc94bf71eb7c31e5d4916e0dd6dfef9109d5c110b27e02166a3b1e7e22f9c70f3a253f51255b63ea0e844a75992422df707a3dc18

/data/data/com.video.newqu/files/exid.dat

MD5 985d92c46fe4d792f296c38029bb02b2
SHA1 bae1329c174ff4a796572198aa86c8f032b6030c
SHA256 5d23553bdd8c785a156f89e208276dacb8dea58668a54c6d205491f369171458
SHA512 9a12fb75a777042de3c26a7e08e502112dcbdb74fdfcda0cda0218c074360930e938a4c0dd8c4b21e733756038ab597c6117491dcb6e7acaf78dd4aa8fafc406

/data/data/com.video.newqu/databases/.ua/ua.db-wal

MD5 5b2bd17a18b2d285737057742ec3cedc
SHA1 ae357db421525e4e6d3dbe031a8738ecc219371f
SHA256 1e61e9cc1646a2b803af931f4969c5f4563c76be63d869c700d351de023d4902
SHA512 f0bf02c6b0915c70ea273224e623dfef9e5d8e726d44a9c580096d3ac57ecd6572bdb496c80ebcb6133e80c23184744e35218208b13b577e4b9d4380d6d02669

/data/data/com.video.newqu/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.video.newqu/databases/cc/cc.db-wal

MD5 f3ec0aef8fc1e1ed5009a4993bd0ee06
SHA1 244c0a0ead8717d01caae165168ac48487ec039c
SHA256 467736a4c5e798489551ff577e0d970f1b70ecf11fbe8a8c9598734a2a6c6d1b
SHA512 0256ba47be0d2fb5711eef93ef74047c3390f0afae3a62e4906c0b3773f1f8504779e1edb58efb0b881adba555cecfc1142d120767007a9b5ca8e2a7400fc3af

/data/data/com.video.newqu/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.video.newqu/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

MD5 89018dcc99b7e07d720d1853af33b6e0
SHA1 a86efbff20f16a612f1973e6dd1ce6ff1f77ab65
SHA256 4dbd7d0c7c55dde53cebd195c1753f02f46b68a4d4ec89b579118f0b892e221a
SHA512 ac19e5f9112f808af1009b465df76b4a7ba52eb0b4accc60bfc275bab373e7f7f92d104e8af4d74bd50a9a40362bbf392053066be40121ee39934bcfb032efcb

/data/data/com.video.newqu/files/.imprint

MD5 f4079614b8679c47ead28306fb315172
SHA1 181c7ed081a3958d8fc5ad5bdc7c719b11ef3794
SHA256 1f287dc3994b7023ce8ac18b03e16286f709a64ef9bcdeafad1894034a045486
SHA512 61c7d9f0ddeca820d759a417a6cfac2acd3f1099c5360fd4d921b4ed4ddc75e5c14d5e29b083c66b02b901ada2f5cc7ca9607375542651d4ed859dc0484ea177

/data/data/com.video.newqu/files/umeng_it.cache

MD5 dab5de691f6f38ea49d2073c613f044b
SHA1 b0f1805626aa7a4b61497d13504b0120628d1131
SHA256 5fd5c6d04347ca9490e2911c2a7661ab1438f219a3cb5fa8e732a95e56794320
SHA512 119785708958c3bf17da01db85038819fde93ed1a28f6d577a7b4bf6f3b111992b85ef03fb990f37ec7017607669945a16c3c98f499466761a3bacb93afd5dac

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:10

Reported

2024-06-13 05:10

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A