Analysis Overview
SHA256
26a1d9d9dbddbe963f61d736998c93aad1bf9ff9295d1283a5f0f0b9e02a993d
Threat Level: Likely malicious
The file a47aedbe37cfe799ca600133916c8068_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests cell location
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Requests dangerous framework permissions
Makes use of the framework's foreground persistence service
Queries information about active data network
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Reads information about phone network operator.
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:47
Platform
android-x64-arm64-20240611.1-en
Max time network
163s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| BE | 64.233.167.188:5228 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.200.10:443 | safebrowsing.googleapis.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:47
Platform
android-x86-arm-20240611.1-en
Max time kernel
162s
Max time network
148s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/cn.catcap.tower/.ucache/classez.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
cn.catcap.tower
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | b.catcap.cn | udp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.66:80 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| CN | 47.111.127.224:80 | b.catcap.cn | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | unipayupg.wostore.cn | udp |
| US | 1.1.1.1:53 | unilog.wostore.cn | udp |
| CN | 27.115.67.163:8080 | unipayupg.wostore.cn | tcp |
| CN | 116.128.209.129:8061 | unilog.wostore.cn | tcp |
| US | 1.1.1.1:53 | ac.catcap.cn | udp |
| US | 1.1.1.1:53 | push.wostore.cn | udp |
| CN | 47.111.127.224:80 | ac.catcap.cn | tcp |
| US | 1.1.1.1:53 | r.youmi.net | udp |
| US | 1.1.1.1:53 | s.youmi.net | udp |
| US | 1.1.1.1:53 | track.dmp.youmi.net | udp |
| US | 1.1.1.1:53 | t.global.yyapi.net | udp |
| US | 1.1.1.1:53 | stat.gw.youmi.net | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 116.128.209.129:8061 | unilog.wostore.cn | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 116.128.209.129:8061 | unilog.wostore.cn | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| CN | 47.111.127.224:80 | ac.catcap.cn | tcp |
Files
/data/data/cn.catcap.tower/.ulibs/decrypt.so
| MD5 | d7cb8b5358b1c095511cf9edb1c13354 |
| SHA1 | 2ecc10b8e73597d54bd13b7b2046477f1bd40939 |
| SHA256 | e551db916184b19a7dbd2393e41b54543cc5eeb10ce3550b5219695ab6126998 |
| SHA512 | c73123bae60da7a98c56f7209a5b43b3939e774b288790a8392713c1eb6c1ae4902948d2e2faa07648df5d0e9c35753cd6ca4c0f2e9cb67c3fa45eb6d5599cb4 |
/data/data/cn.catcap.tower/.ulibs/libunicomsdk.so
| MD5 | 6cae1508b702db4ebb19682c7261b4aa |
| SHA1 | 91eb197382d14418747125763e08c90779e9c887 |
| SHA256 | 4928b78cb26c84674be1eae723fba27e778292a75c22191fd241f9709303b9b3 |
| SHA512 | 45ad054078c1909f32f2ebb124f983546a3ef9bea38919883b884e345a79e0d37d0741553d17770f03e39599eacdd6b05c8a7d4910c48a569b1ba759922dcaa2 |
/data/data/cn.catcap.tower/.ucache/classez.jar
| MD5 | 4bd7250abe1488da8e83824d496cfd94 |
| SHA1 | 675af10b44c3d06a14e05e43e67f07024e9dde5e |
| SHA256 | 2604c84f15b1cafcc9b150ae5720e8c8416060a7e0d67c5ac856816d37657a1e |
| SHA512 | 29ce5e6fe6fda905afa1ac7a64c53d15c3c3224b140277111d25f5e5f4dee29122cce7449ad7e61b4553e4908d41b39d0437c321f75df90c1c4f7a144a9e0110 |
/data/data/cn.catcap.tower/.ucache/classez.jar
| MD5 | f2c24b326335dc403f74688f6df9051a |
| SHA1 | 5ca23af3edcfa7961503c006188ae0cefea1ac63 |
| SHA256 | e8beaa3f281a237e078fd8cd30a5050e2bf19f9d9652b497a02e1ce5ddfe6470 |
| SHA512 | 008ea2dba577edf9656bfab3196bda2c317f93aebde3eee3fb370a9f0cc438505bc5d0a8b6cb437d07ddf2d82cf25421af84cc42f29fbb7aec4d287444a212de |
/data/data/cn.catcap.tower/cache/libunicom.so
| MD5 | 652f6c3442c9a214e4eeef3f0e2a9516 |
| SHA1 | 7d634fab7f0ecab479f814fd3ae11e17ce27d06a |
| SHA256 | f9b06d04575c9bdf6cc1e02b951ca44214a7faed0e47e628d3303f3394490def |
| SHA512 | 201cf65d9a5bb92d0c37019fa4b71f4d4ecc97d0cd1c09c7a44c817245a898934bc6cc2b3cf247d529b10386e9deb2746c39d6f7ac91be3f5c8d5d75fa37641c |
/storage/emulated/0/Android/data/cn.catcap.tower/cache/profile/unipay_profile.dat
| MD5 | c79ed998048ecf838f080aa1a54843e1 |
| SHA1 | cd7d5431448ab67bbe5548256e800939d1ee1664 |
| SHA256 | 9b42b42c58d3afe7e757981c6617fe2f6ba4a16ca1e2a9b3acca70a369ebc40d |
| SHA512 | bf0e0e0df6eaebe28d9f9b15c688fa8a16fb62eb8937619b22b33dca1f606d30b3f9132f650ae40213a28ee962519dd88ebd96bd3ab95569cc1d4ab6ce8ff13c |
/data/data/cn.catcap.tower/cache/2.0.1U2111B0319_resource.apk
| MD5 | 6088cd3228debc405bf311bb303cdbbb |
| SHA1 | 33b28585187d90e5b22b732fc97309bae7141408 |
| SHA256 | 0e83be96976f936927c16e709622396d814df47fe634f430b4b556e0a9c8b1e5 |
| SHA512 | bba92ecd4be50306db8fc220cd97a8bf3023f268450fe5e58edd24f61f3dd224c6f4fe5614d3395b8ee456cf25b72f46881889ec193aa04b07bc6778eafc8280 |
/storage/emulated/0/wostoresecurity/data1.dat
| MD5 | 6ec14f36db9b1f65d9bef520c69bb8e9 |
| SHA1 | 6bf3b1c7b6fa3310b5caf04019300fbc80d898c8 |
| SHA256 | 3c6b68079c243f18783e72cf7af5e5145e6ca763ceba2ad8e2f8bad030371e3a |
| SHA512 | 22ea41596205ac49af13ca7f32226817c79616f31b21780bb7ec67abc44111f4b3a082421390302938df69d987a11675fd7f68b03d236f3d81316f0f57b2a0e8 |
/storage/emulated/0/wostoresecurity/data3.dat
| MD5 | efbc4cf64a884a399f362b9e8874dfe0 |
| SHA1 | 217fc6fc5d08e987381d2a35d89b6be76d20fc30 |
| SHA256 | e7014a0bd996727b5c728edb8b3ad00407a0515436a01d0c93127356777226d7 |
| SHA512 | 4bc7ec04e1daa6d2ac0f3d894a33917d83679b4eff4fe641586015b034489add862ed7260838ae0e118833d1e2fe8227c4ae51a1cd660ddbf59215c94a1476d1 |
/storage/emulated/0/wostoresecurity/data1.dat
| MD5 | b251181a76630c85dea4401b04be363f |
| SHA1 | d978a86d5bf43336f9abd94a845ded39b9377170 |
| SHA256 | bfc3d86b43eae814e00489c41b88db6e35d457ba6f7039a52ac95ca4f0d9a380 |
| SHA512 | 8e96e16222e66db74aea4cfc17332d3f4f37b991f94093d2d472868f56440bc233d1a90604767888d44081f07b776896638da5bb1536943c9f63be752ec2bcc3 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-journal
| MD5 | 1b49b4d72ae70955f6798ecba424811e |
| SHA1 | 266130039a14741c053cb223ae46e7593878164e |
| SHA256 | 5eb4b46d6f5b043a6ef0708119d81d3a9959e542373d9b5f13f97b866f87c40d |
| SHA512 | 921f9acfde6dd31cf521396139f4dd6cdfa1b84693e85d88e40501ab8db61a1d3ee6c2b54cd52671b9ae3ef5cef6481cb31bb807145484af906a4be66dae4728 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT
| MD5 | 3fc6d1d0b9512e57b3bac46e995392e5 |
| SHA1 | 7e663584f7144ef7ab6dc142fcf1c80630fa2c1a |
| SHA256 | 6c4101e951c6453db9263ddc5418dcd05fee200d8a45d70e1575d27c3a592ec7 |
| SHA512 | d48987459ecf40d13208a2ea2f41de559b936ec2fc882c08bbac044bd16f6504c6d94782af7bf837e751dff26a5fa79fa4fc868e1d957f47d8735caa48bdba67 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-wal
| MD5 | 0a0c85378ae25a80c32b281b56e61ad3 |
| SHA1 | ed60bad8469294186add3dccfee27fb5fb8a681e |
| SHA256 | 112358a59070d9db4d8665fda7f35de7fb0fdfe67d2249cc5b51c44e80948af6 |
| SHA512 | aa8f1078dac75462e4283376ad6aaf4dbfb84fe35b8699aeebf12e5ccc9046763785a24a991ed9e664c8452f16784a096eda67b06b93ca51cee518b189fd4191 |
/storage/emulated/0/wostoresecurity/data3.dat
| MD5 | a10f30e951e4f5cf4b92d3788d81b4b8 |
| SHA1 | 46aa9ae8a6c28415a2e61fe1f152bc7e3e74b26f |
| SHA256 | 88f0e2d6f0ffc1e81ae6922dd779e29d812046aade1ecf9882215e62c4468737 |
| SHA512 | 440c988f1616115af6fb9f089352ec8b4faab4b3abcd4053e084c1fc5626bf78d51b309f4f0d4ba54bccfb87d998133eb2ae4e996cc48c27f907c43c9ddf7e68 |
/storage/emulated/0/Android/data/.dataycache/i42d45df023jnkdd93la483f9xGFKXI
| MD5 | 3c33e392d0bcb15294b1ad95f8c63ebb |
| SHA1 | c421f448ddb928f9dc78f160cfb642b12cca03dd |
| SHA256 | ec795dcf5ce8a6cbccc2078f0a90725cc74b4aaabca0a9535e99d752235d0e81 |
| SHA512 | 1790a4d4303d805dfa8a6a3a5eaace03abe0cee255fc62b603c283901e46fedb36bc3fe466fb34f0cb181d4221043133a061e498b8c433513f315791e51d121e |
/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9-journal
| MD5 | 52ff302e7ad72e35a43b2e53de3951b9 |
| SHA1 | 16d02dcdd11eb79256c70732fa831b9df493c5a8 |
| SHA256 | 2a8a2242d6259af250718bb0ab415dfdffe88f0ffd8d44ad1bd506964da8d8ce |
| SHA512 | 341c4c8f13eac8b037d39fed58086e6f1ba8c3f52a562ca2e312fb4d5cc4fdf5ee4ab8fe2f32fd27b75f41fca2e29da7bcfdb797f44d46c5ce23228b856e76da |
/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD-journal
| MD5 | 34d8595db795e7a364ea0ff7a665b479 |
| SHA1 | a394393be7fc90b059b471a24b9e857bb68e1d2b |
| SHA256 | 9b88d97e37714d3c2b7a450f831bfd24b08fedd07f79aa4a61096dd8a3709bb6 |
| SHA512 | ba6d1737ce80b52b2d61ecd27f53304a9ccee4bb117b4d263386875c1bd278bff5e49809eee2844bb44ad771f34d5ca9950b0ac42d308d93165c00fde50e85bf |
/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD
| MD5 | 59413190ea19211285b5c0fed44c19c8 |
| SHA1 | ee67b7590047c3c17309f6e6eed48556aabe4c92 |
| SHA256 | 3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d |
| SHA512 | 6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e |
/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9
| MD5 | 6c217ed0bac8d2f91b30b79d439f229a |
| SHA1 | 9ba63c2aff1bb2c70250a9dec1f4893d2ecf827d |
| SHA256 | 344d6a8d8632f380bc914af9dc9f0296429a0e9fc273e68e57870032bded5720 |
| SHA512 | fa9386f1a267171f8c80095633baa7aaad145986608f9bdf15c6708b2b50ed19359f98f9b9ff395ad26e361a85cc9e26495b23ccbc1befcdb03aacaf167d58f6 |
/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD-wal
| MD5 | 52dedeca7a89c43526b4b7c154840fcb |
| SHA1 | e9a4e0fff343b8a22ce5a712dcaf59a089c7a75f |
| SHA256 | 0777d84232d792b4e24b3d4cb03d67fc6532b2e493f183ce928099c803e5e7c2 |
| SHA512 | 4262568f8bdde7862f7f41441c871ba5f6f085f192ae5610a868bec5b100099010b71ac9815397ad45cafe85c580b7fb7e3848f36da885cc0376474ca257cf67 |
/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9-wal
| MD5 | dc8ca200ecc88ee42d0675e40c3302a6 |
| SHA1 | 092df16fb0c007501a0821c49292d0b3bb20615f |
| SHA256 | 580584522e02351efb6a4e1e7e9756737737114f7d57a54a8dd24ff679c556c6 |
| SHA512 | d0822ddc0f8e81467632ae0a5b786bf5336cf1d500d3d04251e6d65b7e6788d4df1505570afee3f4258ee486f182aeb9265e1ad2eaf51086988735ba288c533c |
/storage/emulated/0/Android/data/.dataycache/s92TjjdfoP2n3o9dfji2l9s1olkjf0p
| MD5 | 95058d3fa3076e4fdbc058e18d566e0d |
| SHA1 | f6082f93a9c0ce4565c1228e61099d1b3b4f1c6b |
| SHA256 | a079ab1b81730bd46de6049424ff404e37db84d47c48c5dae619911c9647f299 |
| SHA512 | 2bee197091f0e83989094b48f1fbcda3d9af8f9f5bdeb2716f3d659f99e97167e3863d1cd2e4b5e1537b866860ba016f4d7f9005e03e3f2d0c1dc3b2a0b264bf |
/data/data/cn.catcap.tower/databases/T1oX0rhhuXWt-journal
| MD5 | ba3c809cac8b8965b2579415009949b5 |
| SHA1 | 7edf759fbebb6e6023968815fffa2f706b57260a |
| SHA256 | 6d523fb833dd3c51f262c21f2666b7adff1864368d3df6a723943599ec902115 |
| SHA512 | 446217fc2dd4d9483239de844535842bf74945006ca3cca5863002d6a002acaef197b215526d10ffca9ccab11d3ec0beee1ccf7405e87afd3e62b6f5b1a986c2 |
/storage/emulated/0/Android/data/.dataycache/m929bb76e8110d1a70260af57b446ebc
| MD5 | b59f7f521008e55e9592aafa4ce3ae36 |
| SHA1 | 3696a3e25428639f58fdca352138b57cd796589d |
| SHA256 | 00dae9faab5a999144141684ab00fe0d34136bf967b8be2573ef1027e6f3bc72 |
| SHA512 | aaf6505afd366e58af9e9e9811e67f7784e7d1258e962d81b9e83bd8e8b507bd840644364f34bfd2a21537efc71c8d00e460810ef73ffe6c258e7f83498e5bb4 |
/data/data/cn.catcap.tower/databases/T1oX0rhhuXWt-wal
| MD5 | 338ca8bea9805359b33751272bbf7d46 |
| SHA1 | 34897d0de43d247b04cd179ad2f531bfa9d2e9fe |
| SHA256 | 84a991b49b92a29ed761716f16bb4736a2358e66bf80f8e9961c6cd74255bf64 |
| SHA512 | a647b0cf07bc9755da6dd12296967437ae91e0162ea4af3f6bb74175fe7cf9d5b76719dea1355ead2d5f89096072bb3e6472b94d368ccb4fbdb7ca1dedb2b7f2 |
/data/data/cn.catcap.tower/databases/P15pKIjsm64m-journal
| MD5 | 1a70f6f733bba1f50bfe392f702ceebc |
| SHA1 | 79b19b1ecceae054ce49bc2884d7d29ca843c104 |
| SHA256 | 212e735fee71669240d00e6e5c5e078ba66df76a927b1901a0995af76170c996 |
| SHA512 | 80b925758e80757e397defa1f94b09720af035ed410064a721f9e9649eb7b0f3211686512eb23e999d21efa3d3807cc6df5e2203e596dc00e2f62c58c768cfb9 |
/data/data/cn.catcap.tower/databases/P15pKIjsm64m
| MD5 | 032abd6bc70ad7c9484f10a7daf57bc7 |
| SHA1 | 12e3c03375192814883d5fd1671e2b0c64b0ae43 |
| SHA256 | 9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976 |
| SHA512 | aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f |
/data/data/cn.catcap.tower/databases/P15pKIjsm64m-wal
| MD5 | 77183ce1f4add4eade17b24eadaace2e |
| SHA1 | 950be4f74e9165e5ae335b6af55d0117b8645114 |
| SHA256 | f97bb0abec1a3c38e4981eefedb3d4d12dcfc8925b869e927e8202adf1e1d913 |
| SHA512 | 29299c4ad362f41c387886e157880dc2025d2509b42a95a25e7b03702f3f32429054b2f03d290ddaf8426c774fa74d48c9f9145d59a1c7849306243be0a0b960 |
/data/data/cn.catcap.tower/databases/XKwVoK0huy3R-journal
| MD5 | b87b01b678c6118865e12f8a035f2afb |
| SHA1 | b75b077dbcae552f6947931413e3f6c239a68cfe |
| SHA256 | c4e88c91b8ccc13bb6a80477793a223666e669c0da1a6c30823bec66d3bacfd3 |
| SHA512 | f593e7a25b244f9b001da8e6c842b4fee0372df13d7306bf36724fca139735e10565f498e17dcb26283a2551b19f136978a464cc78825d6322d578dabc363e25 |
/data/data/cn.catcap.tower/databases/XKwVoK0huy3R
| MD5 | 9c37108c041a67252d4fb5059436eb9f |
| SHA1 | f65bdd652f9b2a098993d2aca0be2578e8eed20a |
| SHA256 | f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55 |
| SHA512 | d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548 |
/data/data/cn.catcap.tower/databases/XKwVoK0huy3R-wal
| MD5 | a447328590ec3d9f97793477b0e4a278 |
| SHA1 | a96a03c577088353001607e5f6cd92d4e00fdbee |
| SHA256 | ab321a8609d21017fd4c690e27b8c6750822063dfdcd1862d63355d72e9e8021 |
| SHA512 | ed3d1da419789461f4612440a494fa4e404df88b4e852e7ee83de07cf7d33b5970a44ca558bb1b7f90c940a5b30c87a367449172e02b9b4480232da9a0180edf |
/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX-journal
| MD5 | df057729a2811893ded8784a0adf3ca0 |
| SHA1 | 928733d5f5b935f354146815f8e6e8c376469b04 |
| SHA256 | b73223749f3d75c2f285b48f9a34d20c1b767c17a6710840b6ea9628c5184076 |
| SHA512 | 37517c2f7e54ea35f4a7f5aa4b82493ed1be8ea514f50d5bddb8845245c16a4ee5cf0f2ac8fbab35213c0310ab8c34283678e4a182542a3040460d8e0b450588 |
/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX
| MD5 | 3f46387c5a9161a06c35918e4715e9e4 |
| SHA1 | f03b4527b29495a3f50be85d6afba301e9e3f1c1 |
| SHA256 | 687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9 |
| SHA512 | 614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef |
/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX-wal
| MD5 | 5d8eb0ad68d691c2712ea33ad4b2620c |
| SHA1 | ed3ad6982eeea1070ccd63954b8cc6cc8b0f4712 |
| SHA256 | 0e6cb1c80a6df8e77162a1c9b8bde497bbfd383e7f7540f65c709a819dbcfa81 |
| SHA512 | b0fe4dbef8259600c15eaaba49119d0fe0e06082c074356a0aa10532696bf2a3aec3865d98b176e4d9df9b93ce04089c0fb5648f6fa06fae19f2e4829eaaf9e5 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-wal
| MD5 | c561eeb899a45ddadc79dc64d17e7628 |
| SHA1 | dad089510cc91cfe80f75dcfa9a045089ec144fd |
| SHA256 | baec7e6931efaaa7c8db27159f7f2a5a1f80b213450d25672fd65e6b0cdd309b |
| SHA512 | da4b77396f22298583b21d0ae08554bb52b5cb4ab7ff2a0ede3939a7b769080301369f64409887f8606eaa56ce0fbfce3511707d507f596b9fd1e0ec693873a0 |
/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT
| MD5 | d01275c23a5d860ff4a9c1d24d713c57 |
| SHA1 | e2cfd632b76eed2ba667662f42d177ddecdfa2b7 |
| SHA256 | e8ab844358d963b27e02ed8630c3c015d7c14c68282f56077d1489d9fce24215 |
| SHA512 | d1b1d99f47ce4ae6a33b222baa321d0d905f45b7846bbe7d085c870febd0c59fbb1ce6722c3e2a4c757a05fdd470f6b18a1bd4b191fb4b695a4750721cc06607 |
/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef-journal
| MD5 | c2ea555ff130a5be39630cbad05e01e1 |
| SHA1 | e5d64d00fd1302aa0780b4b37fcf83fbe0176d99 |
| SHA256 | 4c0aa4fa8982b03bbb8ab901ebcbf57c425232e11b8151d4cbe12f71cd4d9bc3 |
| SHA512 | 99527641a7de92d17a7fd8c407f04ae005b911be8f4690819ded0cc0ccf08ad69b74a8e535487058e2e83a19ef6fed7a68d656c8fb9f96b2ef3191777c36a98d |
/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef
| MD5 | 02d3164c02790a0271b34d98cfa26fea |
| SHA1 | 9ee2bf78e357c6e164da1a811058e05bef68de92 |
| SHA256 | 5cb8c82a0eb4a2544356b78ae3689ee8e8d1518cb6ef3a4e1f6eff19233b22a1 |
| SHA512 | 544baa34c48115264e163b78fe59a0223acac72c6de9176a8504562316616780e6db39d77a669eb05de261151c0d0a8e8dea9f8348038966294622fbe72eea94 |
/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef-wal
| MD5 | 417593a6de37e884b1d48dde40529c3a |
| SHA1 | 197090611b5ae53de7da3f548f9edfede9cb5f34 |
| SHA256 | 90bc65f2f323bee6ab607545f0d33fb7275a02ebb48de4cc2271f61fc2527352 |
| SHA512 | c31b42c0abf9b5add02259147fa7480687c1c26f3fc6be876c85e7d74fb4421689847002caec1e00d4ffc1319c2d182f273beb89fb95e6f4cc726caabf134d65 |
/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-journal
| MD5 | 40a0a42f2794b40aead551ce25925c37 |
| SHA1 | 1c31a4e7b151edbfe6d58ffa10054c7b476c0f72 |
| SHA256 | 08c1d1d5f34947b1b558ac5a0c297ef5ddc454672b87507cdbefd536aff87182 |
| SHA512 | 26dd0f81a8d123330f0de0a09d36daa330de71ad7e2b92e583a0ccacaa385d3a429c82a91f3f1ce8e0c4e81f13ae1e10dd8a2cb823b47c9ecfe691725ea9ec61 |
/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a
| MD5 | 4bfa314d6b151570c9f90e87ffa41ac4 |
| SHA1 | 170294d4982e69ae6c72cd405fdc1f96b155ce4c |
| SHA256 | 4a8f9b899d6fc77a3a948f17cfd86a1a58171569578a7bbe4430267fcf7bf2b8 |
| SHA512 | ff2df162eb60b3c2aa32ed3d58092e192b3f6bea4c14705d226a2e5a5d3ac93dc428e26d0f28d2b75509b1b34f6439ba79ada49523b4d8a4866f79b518376e7b |
/data/data/cn.catcap.tower/UserDefault.xml
| MD5 | 4a8226e4211ccb4cb79f54d4ee35a55a |
| SHA1 | 7144e993ff784e4458c4d53d6f9f29930cf13fb8 |
| SHA256 | 8d5bfd20db452314b315192d7160e28bce53c777c98a31aa6df7c93345a692eb |
| SHA512 | 7d7480da93b3363306438c7cc08fb913e29098eb19c4f6ac40ac5282329ecd8eae77fed695822955183a4b7084d18da89c2c937af5fcdf43b3f1bd7854cc7041 |
/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-wal
| MD5 | a9f574a4cfaff202c1f69dbc27571e1d |
| SHA1 | e21acb7b2569e0f277b495451d0364c4c28e8767 |
| SHA256 | 9905d34116a415fedbf5d0930912cf85f7e1ef7f151b801b6f269de99be0633c |
| SHA512 | b438b9ec39f9530b0b07e4a125d95f157200431cacf6ddd3f98febf5f47f5742828405f01bc9ed891a1c44833ceef2b3c767117336782b913e27070bd1da11ed |
/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-wal
| MD5 | 9438e4027c27c311c97605a417c3c9d6 |
| SHA1 | 4fb2a8f654f2f49c02d876358dff8fcdb800ea29 |
| SHA256 | d28782d1e7ca916508588cf2e5024109ed33ca0074e062e1aa6db8d9b84e7606 |
| SHA512 | b90f19c72b981348260799427181893597456dfbcd9c3d22a0334114b30e0b3c1f12bfbb761401b5d253309d94d7e86ee8acf2b0c41b435c1e715a296b20ef8e |
/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a
| MD5 | df090b130637a35317892ea652c15fdb |
| SHA1 | 584b46e6aa124829119c49841fadb64fbea70fef |
| SHA256 | 7c916e8d91daaaf73410db8f292f95c7cfe8744881580e45e8c31fdbef33265c |
| SHA512 | e521bf2076c53a256de6ffa2b36580d54a6a25601afe4f6cb9464822c24f20243ba170ecf3d02c7060613e51db352c24f1abb3096bff0be1dd51c5fcc6b58177 |
/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526-journal
| MD5 | 44fa9d8f035ac2a5db1a52fec935b36a |
| SHA1 | 845ced63bcb97ec65453271986670f71f0638fb7 |
| SHA256 | a197968568f665b244af56955050234b7ff5750bd41b328ebb7dee9e5eee5de0 |
| SHA512 | 761e3b050ede3e8425b9ecb4ed0d0fac690a00830c64da90c278377826b3825c0e6fc314176763c15a20f4ec7f33ff68954743a052ed1ebe2761d6b024ccfa03 |
/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526
| MD5 | 779ffff6a8b5ece4f97f196ba767cd05 |
| SHA1 | 538e640e74ea8f7347007c883af8ce2e7ae2d46d |
| SHA256 | bea85f267d096ea25051a1c09853f1802e372305e546bf4ac2c3edf96e70e585 |
| SHA512 | d8838b7570ce08453e27b95e61c660bc28e0a434651f93b1a354d1799b3c51cc2237a2bdf6ce07f71358ed503a5e5091172d87081defa51d9bbfbdd444f07ba8 |
/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526-wal
| MD5 | 18e3ee6286cc19ca5f8eadab0d3f8ddf |
| SHA1 | 7966eb5a05b9a660136227c9c668329b41e1bcd9 |
| SHA256 | 9c2cb43fb7dd86612bc512c513c40e4a0bef0c7d83e1e58aacba1d8679f2d33b |
| SHA512 | 91790355f4d69752173d439e58983f341ac25b9fcda7d6f2057741e928de1cc695b23397788cb6fbae123e57ac8ad16b14100f3bc1952a25ac30f35beb17136f |
/data/data/cn.catcap.tower/UserDefault.xml
| MD5 | 6db98a875258f1a4a4f3fd6e9c95b2ed |
| SHA1 | c316d8b9736d0d5f06de5fa93d3118d4c7f08f2f |
| SHA256 | bd7d0054c1b5fef9f9a000e3597752a66c1aa3a2e39cfb3d27a4a20c990247b8 |
| SHA512 | 74eddc91c9424057c47beb68b5cbb0c52f0844d950aa6c5108c6bd83342d64fca9b2a85d43a1387138f2ea3ec30df0f49feb0db11084d9625c5985dd1206ddff |
/data/data/cn.catcap.tower/UserDefault.xml
| MD5 | 8e2fcd87958149dc193f0cd24fc0f27e |
| SHA1 | d81afb0b25a8857b9ac3868ade0cab23974367ec |
| SHA256 | 34707e5296462d0cb60b41536590651de6bbebd7e8a16cb92bec3a72659dc52a |
| SHA512 | fd1485704adc88ae1dcefb43f1c017526d5b6cd07c82899151d63e4c42fc60b38b0ab4a10c5feb88e6185345c26de79e946e939bb556c96c73e92aed39613ee5 |
/data/data/cn.catcap.tower/UserDefault.xml
| MD5 | 1cf6a02d38fe40572b7a8892e6c4297c |
| SHA1 | c7a588044cfe519d75fd4467727273640ea19240 |
| SHA256 | 47299a4faf617f88e8431f7f1959a39ba900ca6ff0f3e34c83af8b5f32eb6b5f |
| SHA512 | 70def030ffef62af1b921883336d431a21a7da6645a3cf42b5f15df2f4d1d3c40c908f445b2f3d38656883f18d675530996cf5cdc9b52add3eadff98a3c248bf |
/storage/emulated/0/.unicomCache/login
| MD5 | 91d07cb8466776db56d470b96d6485fb |
| SHA1 | f59ad7776e5dd8071922131003c06db65037aca2 |
| SHA256 | 39317e9588db9a44dd03f957b68221ea2bcccf355a900f5623c92ae2abf4ab4d |
| SHA512 | e822ea1cb4f9bec6e84e5914b40dc9d9b2b0fbf727f06a4e725217b4144424227322cffa74a58b35bab5f29fae59df3e9ab80060e9c817e9baa48ab86551e536 |
/data/data/cn.catcap.tower/files/mobclick_agent_cached_cn.catcap.tower
| MD5 | 6c7d7fae82411ddd550e3f0ce6829354 |
| SHA1 | 9defdb701cb47506822bc655c7fb52b24a30287d |
| SHA256 | 1b921dcc7e2402a702fe0046492a723e9b4917402fefbd203dcfb2f46f71689a |
| SHA512 | 19550db823567873e6e08c0bb5e7c949c30fde0ada79b08b4ab1537ba44daf86b2ff8f64e4499e8fc43ccee9afa3ad320d02c9dee4b83855a62c8d199db284aa |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:46
Platform
android-x86-arm-20240611.1-en
Max time network
158s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:47
Platform
android-x64-20240611.1-en
Max time network
131s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |