Analysis Overview
SHA256
3ebd5f70464f4197849d08cd455d90a6619de06dcae2b5247515668737646636
Threat Level: Likely malicious
The file a3ed7b5da541b74710a6a139e13f3efa_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries information about the current nearby Wi-Fi networks
Queries information about running processes on the device
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 05:10
Reported
2024-06-13 05:10
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 05:10
Reported
2024-06-13 05:10
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:10
Reported
2024-06-13 05:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
161s
Max time network
188s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.video.newqu
com.video.newqu:xinqu_process
/system/bin/sh -c getprop
getprop
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.exc.mob.com | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | ksvs.cn-beijing-6.api.ksyun.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 120.92.15.230:443 | ksvs.cn-beijing-6.api.ksyun.com | tcp |
| CN | 1.94.119.240:19000 | s.jpush.cn | udp |
| CN | 180.188.25.46:80 | api.exc.mob.com | tcp |
| CN | 120.92.15.230:443 | ksvs.cn-beijing-6.api.ksyun.com | tcp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| US | 1.1.1.1:53 | sdk.ks-live.com | udp |
| CN | 1.94.119.240:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 123.60.92.210:19000 | sis.jpush.io | udp |
| CN | 123.60.92.210:19000 | sis.jpush.io | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | app.nq6.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 120.76.202.236:80 | app.nq6.com | tcp |
| US | 1.1.1.1:53 | sdk.e.qq.com | udp |
| CN | 113.108.27.88:80 | sdk.e.qq.com | tcp |
| US | 1.1.1.1:53 | mi.gdt.qq.com | udp |
| CN | 43.141.43.110:80 | mi.gdt.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 59.82.29.163:443 | log.umsns.com | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 120.76.202.236:80 | app.nq6.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 123.60.92.210:19000 | easytomessage.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 59.82.29.248:443 | log.umsns.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 59.82.29.249:443 | log.umsns.com | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 121.36.205.81:19000 | sis.jpush.io | udp |
| CN | 121.36.205.81:19000 | sis.jpush.io | udp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 59.82.31.154:443 | log.umsns.com | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| CN | 59.82.31.160:443 | log.umsns.com | tcp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| CN | 1.94.119.240:19000 | easytomessage.com | udp |
| CN | 121.36.205.81:19000 | sis.jpush.io | udp |
| CN | 121.36.205.81:19000 | sis.jpush.io | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
Files
/storage/emulated/0/Mob/comm/.di
| MD5 | 70a42cba408700f9a6c01c7941a8829e |
| SHA1 | eab01cc2c0671538795fb0b1146017dc099d0984 |
| SHA256 | 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f |
| SHA512 | 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c |
/storage/emulated/0/Android/data/.mn_410185822
| MD5 | e8be01a3d651b9f955cbb28d7fe2f623 |
| SHA1 | 04010f8b539c2e98c8d7b7752e9879547aa9dc0f |
| SHA256 | 97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4 |
| SHA512 | 19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f |
/data/data/com.video.newqu/databases/xinqu_data.db-journal
| MD5 | 26673c61acf39b5e284a3106ae2e2196 |
| SHA1 | ab18b83f72a2078681fd2af02c8aedd82787452b |
| SHA256 | e437b7b0a63b587241e0d903b114316b8413f0b2a133ec03596ca4ac93fabc35 |
| SHA512 | 26edd29e3f99746621edec0906a54da4e94c18ca25a70ea93b360e51e5549d74c46724992f141584964786a069f278ad42232eece84236b4a2ae0bca31673bce |
/data/data/com.video.newqu/databases/xinqu_data.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.video.newqu/databases/xinqu_data.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.video.newqu/databases/xinqu_data.db-wal
| MD5 | 1048ce852f93751a367d8de39ffa81b7 |
| SHA1 | 9504413005fe40e489f0c875aadf547d769fd2a2 |
| SHA256 | 82449c9e7ce7057341034758c3481ef3d65ec5e256709d9e0bc555ae61300f98 |
| SHA512 | b9672fb0bee9bd78ba203aa8c03f5ffc91a473b56e229bbfc7677013ae6350fbdb3bf87f6346c522368a14891b2980f158f25e893e7e7c03f67da43a7c98b6db |
/storage/emulated/0/data/.push_deviceid
| MD5 | 6a1687c35cd17589536a0497cb675ac9 |
| SHA1 | f3b9aeb51ebf4fc998f904d0142ed0d908afd9d9 |
| SHA256 | 8a0634c155a17fef5fe811621506e6b7be192e1b21d7f59442b78662098d5911 |
| SHA512 | 8f496b1a1279f6586962b46d36f2c4f5d6f8e855bc354b26466830ab262eb773ca0e361d189e8bbf80d22058da7513a96c4d56c5cc678fdbdc8ee28508b446ee |
/data/data/com.video.newqu/databases/ThrowalbeLog.db-journal
| MD5 | 0a49ccd04dbd70c11f86276ac4683d83 |
| SHA1 | 3bae3311f1288e18deda780e48bb55232748ae8a |
| SHA256 | 10917753bf62307af7ae816d66bd6103c2921a75987fb31cafc882fb4a85a0bc |
| SHA512 | 264daaf6cebdf1eb6fafc3f1533e453108eb4d02a8c58a83c16c4eade0c7370dc103e09b6732d71057cab12ab550397a5a7653d56ca90ce24533c454237862b8 |
/data/data/com.video.newqu/databases/ThrowalbeLog.db-wal
| MD5 | d4ef4ee0d7f45dc9d97af50b3da0f5fc |
| SHA1 | a3ca313f6a5e382483fd4aa725c3e45fa98b8782 |
| SHA256 | b7ebca708177d31e1f4cd5a2f5af16946ceaae053a080f9c27e6eaf112eef7ef |
| SHA512 | b6009785e81fae61a51358bdaeca40d5c06e85ab5fb6f0da395437bbd20d16858b97bb3e7c99721c8d160d602ca0bb0a8ecdee2a467db10ad49bd7d5a5456b4e |
/data/data/com.video.newqu/files/jpush_stat_cache.json
| MD5 | 90af234210c6a7576278e2215d5d4953 |
| SHA1 | a4b0759512cfd1e30babb6b92fcaef6b285aa2d1 |
| SHA256 | 6059713eaaf1462d0f5544568ebabb0702aa1fcd43711129306ce1549a22ffc0 |
| SHA512 | f50260357a4e364f5e0000da31ab62a32e8864f6f46c1f002b9916cbbc9c335d84d11156a14ef01a2cf645c9f9a63e248deae9579c9cd878104cc5b3d45cfe05 |
/data/data/com.video.newqu/app_crashrecord/1004
| MD5 | 86b9ef78c8ca239f9ec91b5bbe6acd57 |
| SHA1 | 7d243f358cd70817ebad8da602698094b6d7a0bf |
| SHA256 | fe97e47b089cc6f6875aa55198fed994a09ea996a17b755fff5607fb2f9bd9be |
| SHA512 | c404d7c1a35c46eb82765a65c939b7ca6811f6509c90af241828021ef62ccf11f5a740267379148bd1b24123d38d1423e92b451a33e51ac5553c0ed84e93915b |
/data/data/com.video.newqu/databases/bugly_db_-journal
| MD5 | 45663ca7f1fb6daa6f21504725b354d0 |
| SHA1 | 94a7e0a11471172e7d746b7ffa76dae5dc365be1 |
| SHA256 | 843202a880c75c7f122662c78ca9145166d0277f30ee550562a4d071addb0e3a |
| SHA512 | 46b940889b8a771db3742a460d7d17aee89be1441fa7ec03478dd7c65767d2bb9eecffdb67a506da0d1d3e8c61ca5ac79e55837223d60a8c10c73c5012082dd8 |
/data/data/com.video.newqu/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.video.newqu/databases/bugly_db_-wal
| MD5 | 34fec676b92f7e8ce39da7dc845a0191 |
| SHA1 | a35d0056c9164f2f652ebe43c338d3bb5208c68b |
| SHA256 | 12785d2ce9b1d7cb3dcf197e420b6779570f8a23b09b0b47177d42dc9de3ddc3 |
| SHA512 | e9ab858a22f5e26fce3c6dcbefd856bdcbdb2e38922f8e28a281e7769741f676c88200e9fd29cd33278317fd7249aff060242ce691aca01a06af3cf4d7f7055d |
/data/data/com.video.newqu/app_crashrecord/1002
| MD5 | 3e1746d72cd766fa6d0c81a5e6a4cc59 |
| SHA1 | af101866f74b44df59d28f8a87102baf0f4599e6 |
| SHA256 | bcac2b3cada8829773698eec6020131a67890836f657703077582bd62796b746 |
| SHA512 | e1d63a812481fabb8f147492e8f35a049675da28d1e0df04bb81124ea961e959148ecf895c8e6988a882c2154b57fe0233b8d2bfe2369c550ddf8d18b0647a9f |
/data/data/com.video.newqu/databases/cc/cc.db-journal
| MD5 | 0c0c83879aacf5a9921c1e6a3b8d870b |
| SHA1 | b5c7532f5c8e4d09378a4628157a6c2c417f3e5a |
| SHA256 | ba44026f8ebcade80bb0fcd9c7a286dcb562c9e556c75a6b0f2ae1241f3fd6e4 |
| SHA512 | 77d51d94eddf3e8e55ced010c942d12629b86307ca13918fa4095f3b0534cb67bbf143b7a9966fbb9883c7b7f86db10917d2cb0912857a470d937b795b142e45 |
/data/data/com.video.newqu/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.video.newqu/databases/cc/cc.db-wal
| MD5 | a96ecca03053e307ca4afab7503ae6aa |
| SHA1 | 80d730b5741d26f520991ffe99e9aa94fa5857bd |
| SHA256 | c2ee52853941316eb648cdfb2a67fd224d4a9bd373cdae4e4db06b6c03555b91 |
| SHA512 | 71f6211f581deb797d2eaa39fb4622fe2268fad93ffcb9536af76de51bde0bfd874857c4d72d04dd60e021c8f711efe70276a31c6a88c7b2a918d591c357fcaa |
/data/data/com.video.newqu/databases/.ua/ua.db-journal
| MD5 | fbd24d63752ceab7629988d53549c49f |
| SHA1 | 828d02b1f9b4870245be4682550596f882b0965b |
| SHA256 | 69fe65c75c3a5f23f41ea8d58aa435e7ce30bd2cb38eee892eb0a758be236d08 |
| SHA512 | f7c572f48097d31cc7546a4f47c142cbaabe80adbdfa75827eae9a0d39862750866c28bd196cc6f1191959018ca6b4b8b23619a0f5e367da84e5473a63f367ba |
/data/data/com.video.newqu/databases/.ua/ua.db
| MD5 | b823018297e79e7a0dc9af685d3426e4 |
| SHA1 | 082f6aee0d8b2454b4910ab3dba0a3a9b3dc8176 |
| SHA256 | b5e3b21fa40e315093c089224907bdb4d1674420c9ab8237f529620357f75ed4 |
| SHA512 | 1d3a3a49f5e196882af6cc92776fe1681abd6a25e4348a12d8a3b20aabe1b16a55dfb193ebf1d92c85cb063d34947128d41cffb3306212888429a4878aa6189a |
/data/data/com.video.newqu/databases/.ua/ua.db-wal
| MD5 | 6560916227a7550980389d64c405ea79 |
| SHA1 | 8c24fd5783103d999c6c017b598da23f506e6c12 |
| SHA256 | 29fe0e09f0829a5b988e94f6af5473d805f3a2b11dbb52cd30bdcbe65e68f009 |
| SHA512 | d49d770de4bf30c012e335c2750f2a3ae17d1cb490d652c919e9baa5e38f40a6a951b2f0cd80fda1fe5b9573645e3c2f313fdd80098c0115f0e4ca95b2704efa |
/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc
| MD5 | dce7c4174ce9323904a934a486c41288 |
| SHA1 | e117797422d35ce52f036963c7e9603e9955b5c7 |
| SHA256 | 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f |
| SHA512 | d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143 |
/data/data/com.video.newqu/app_e_qq_com_plugin/update_lc
| MD5 | 0bcef9c45bd8a48eda1b26eb0c61c869 |
| SHA1 | 4345cb1fa27885a8fbfe7c0c830a592cc76a552b |
| SHA256 | bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec |
| SHA512 | 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812 |
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar.sig
| MD5 | d76981bb850c22bf261d52dd424dd3a5 |
| SHA1 | d2b52e926d51927588c2b426836587e63fe68597 |
| SHA256 | 70ae375f7ebea59b98fc436ff2587d4784dcd83d7e4c94fd059afb49962fa250 |
| SHA512 | a3379600f571a7e69cd8b640dcb172f7f0ca0de56ebd4256f65735d2f6053504e02d7756e0ee568489665274c8aa3756d8fb438fea9505d9137dc1216d9874a4 |
/data/data/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar
| MD5 | b95166c2f63e536b6fc4b5b811444dec |
| SHA1 | 45fc74323bb2e66f4c2a493b65b70e0de2aeb77c |
| SHA256 | 2f92b98f55c7d4417dff3fc2af9245c66aad3ab8be65177954ed7a4f13bae20d |
| SHA512 | 65eb813d39270d83e6d43956ec139f04779dbea58e517da1727a0f4fad9de32bb4cd49bed1dc1fec31b95a95b1c653c22b327aa38cba1645330c9d256d94c087 |
/data/user/0/com.video.newqu/app_e_qq_com_plugin/gdt_plugin.jar
| MD5 | 0b5784570f9310b17137d6541b329ec1 |
| SHA1 | 6d5f66ef2c8da7aa69644020011bdda95ee1676b |
| SHA256 | 96451b883d3234465a050ae836f23469de5cc555252c82d5970e1bfe10d3b83f |
| SHA512 | e826e7bbc5dc7f362ead69ea39d8846574a1c578110138ee5769a96842880fabd1f4f19f3fcfcc6de0f775956761f3c651b2a970427b7a048a02b5d0deb19f75 |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-journal
| MD5 | 0477a2e3ac67b282af2fcf21af771fb3 |
| SHA1 | dc675a3c88ef462c178b0364dc15f10458d9e1f8 |
| SHA256 | ad71b37b65d03731df1a154ef1b8d05cec004db87d6fc5af31dc25465d379303 |
| SHA512 | e54aaa895d0edc8dbbdda02992cd5b08d326656b5a53b988f000d2abd08828362eef4be4f3bde2e896d3935f118f860299ecc3bd8fdbc74d8695760585b6b35a |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db
| MD5 | 755d1d1b0599d7be973031b5a9ed3373 |
| SHA1 | 3b13cffb97005729fc20cd9b9a8547e0fa32632d |
| SHA256 | 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46 |
| SHA512 | afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2 |
/data/data/com.video.newqu/files/gdt_database/GDTSDK.db-wal
| MD5 | f068f2c2f8e5d3c53e638dd97cb661a3 |
| SHA1 | dbccf9338ae6b84f847365d39da6f49501d7562c |
| SHA256 | dcf54243fb076a599fa8ba0166fbf0bdc11d7b024ced4985dbc51c36fb4433d6 |
| SHA512 | a221d7ac83aa85be3888e0529b56944fba6dbadddec098bc2faf436e23cee5f9d30a1a1e48177f7616f06d38c3d65f5ad2ce55df36f6f84b1a9b4703cbd0b460 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | ad26d2c5dfd7ec98b84f29e3d9e721ab |
| SHA1 | e4b3d487154aa88241c695d025ef4938ffe6be65 |
| SHA256 | 77832536a2299509d6cac0566cafed9439e63b9c9176f31fd20cc76465c64bc3 |
| SHA512 | f01011a99aa9d1299031fab99bc5e132e8f977760314035d4ecc561c1c67e1a5a524baa32994249acd4d9705d4dc6070549c439e5719ede2410c7be5751357bf |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | f3392adbc14ada010a0fb316ac24d8ce |
| SHA1 | f056cf2a6e5ead4e0b7438c70f2d4982049a9cff |
| SHA256 | 6be528432e27f0c7a24a24825764cb14d1d369ddc19dfe5b3f43fc6f3940215e |
| SHA512 | e2afb4337c3a2b9a4681782404ff04e4d63ca552a0ba95d71b1b0ec7a109ca44ddd2d47f0e0a8697cc55f5141d978671b310d9c4c5668adb8c010cc53c92927d |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 0e4bced3a5640d1a7c361b18d81e5ce5 |
| SHA1 | 6afcd649aae8ea41bb72374687753ea3c6fc90e7 |
| SHA256 | 2b14d972a2f9cf7e0e1d1c7a1b53a902919b87f1d064df5e53b3f0ff7e2e7816 |
| SHA512 | 6fd273d002c18afd802c627a47bc081022565fce1636d80182add2818db6d0e63cc2fabf028191884d1a93a889a5ae12bad16d5ad211fc49ee706c3c93bd38a2 |
/data/data/com.video.newqu/files/umeng_it.cache
| MD5 | 1b48a92f469ee9aefba75bba44de643b |
| SHA1 | 0b538f5da16ccc5d808203f9ae4b4e6bb726d1b2 |
| SHA256 | 71bfc3f36492885423954571f2f42cd16fb52840592e4ff1f0746abecbffe0a0 |
| SHA512 | 94fde64e134161dd8c5bacbc24dafc87696b743188ecfd498f35306cd4ff2a27bf82bcc6f9316031a8e7d73a36fddd086319a613fdb1449b473b565dad1272b6 |
/data/data/com.video.newqu/files/.umeng/exchangeIdentity.json
| MD5 | a74d5d8750acdba2e8db92412f1a5c70 |
| SHA1 | 0502d0264d2f2d452eed43519c8ff273ed2ab4aa |
| SHA256 | 41a8bb119a1b240524cd1d1bdead10c3de1a6e86b16a6b89b5068b90667653d8 |
| SHA512 | b3dfe7b82fe12b665c279cebc94bf71eb7c31e5d4916e0dd6dfef9109d5c110b27e02166a3b1e7e22f9c70f3a253f51255b63ea0e844a75992422df707a3dc18 |
/data/data/com.video.newqu/files/exid.dat
| MD5 | 985d92c46fe4d792f296c38029bb02b2 |
| SHA1 | bae1329c174ff4a796572198aa86c8f032b6030c |
| SHA256 | 5d23553bdd8c785a156f89e208276dacb8dea58668a54c6d205491f369171458 |
| SHA512 | 9a12fb75a777042de3c26a7e08e502112dcbdb74fdfcda0cda0218c074360930e938a4c0dd8c4b21e733756038ab597c6117491dcb6e7acaf78dd4aa8fafc406 |
/data/data/com.video.newqu/databases/.ua/ua.db-wal
| MD5 | 5b2bd17a18b2d285737057742ec3cedc |
| SHA1 | ae357db421525e4e6d3dbe031a8738ecc219371f |
| SHA256 | 1e61e9cc1646a2b803af931f4969c5f4563c76be63d869c700d351de023d4902 |
| SHA512 | f0bf02c6b0915c70ea273224e623dfef9e5d8e726d44a9c580096d3ac57ecd6572bdb496c80ebcb6133e80c23184744e35218208b13b577e4b9d4380d6d02669 |
/data/data/com.video.newqu/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.video.newqu/databases/cc/cc.db-wal
| MD5 | f3ec0aef8fc1e1ed5009a4993bd0ee06 |
| SHA1 | 244c0a0ead8717d01caae165168ac48487ec039c |
| SHA256 | 467736a4c5e798489551ff577e0d970f1b70ecf11fbe8a8c9598734a2a6c6d1b |
| SHA512 | 0256ba47be0d2fb5711eef93ef74047c3390f0afae3a62e4906c0b3773f1f8504779e1edb58efb0b881adba555cecfc1142d120767007a9b5ca8e2a7400fc3af |
/data/data/com.video.newqu/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.video.newqu/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof
| MD5 | 89018dcc99b7e07d720d1853af33b6e0 |
| SHA1 | a86efbff20f16a612f1973e6dd1ce6ff1f77ab65 |
| SHA256 | 4dbd7d0c7c55dde53cebd195c1753f02f46b68a4d4ec89b579118f0b892e221a |
| SHA512 | ac19e5f9112f808af1009b465df76b4a7ba52eb0b4accc60bfc275bab373e7f7f92d104e8af4d74bd50a9a40362bbf392053066be40121ee39934bcfb032efcb |
/data/data/com.video.newqu/files/.imprint
| MD5 | f4079614b8679c47ead28306fb315172 |
| SHA1 | 181c7ed081a3958d8fc5ad5bdc7c719b11ef3794 |
| SHA256 | 1f287dc3994b7023ce8ac18b03e16286f709a64ef9bcdeafad1894034a045486 |
| SHA512 | 61c7d9f0ddeca820d759a417a6cfac2acd3f1099c5360fd4d921b4ed4ddc75e5c14d5e29b083c66b02b901ada2f5cc7ca9607375542651d4ed859dc0484ea177 |
/data/data/com.video.newqu/files/umeng_it.cache
| MD5 | dab5de691f6f38ea49d2073c613f044b |
| SHA1 | b0f1805626aa7a4b61497d13504b0120628d1131 |
| SHA256 | 5fd5c6d04347ca9490e2911c2a7661ab1438f219a3cb5fa8e732a95e56794320 |
| SHA512 | 119785708958c3bf17da01db85038819fde93ed1a28f6d577a7b4bf6f3b111992b85ef03fb990f37ec7017607669945a16c3c98f499466761a3bacb93afd5dac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:10
Reported
2024-06-13 05:10
Platform
android-x86-arm-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |