Malware Analysis Report

2024-09-09 13:22

Sample ID 240613-jklwhatekm
Target a47aedbe37cfe799ca600133916c8068_JaffaCakes118
SHA256 26a1d9d9dbddbe963f61d736998c93aad1bf9ff9295d1283a5f0f0b9e02a993d
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

26a1d9d9dbddbe963f61d736998c93aad1bf9ff9295d1283a5f0f0b9e02a993d

Threat Level: Likely malicious

The file a47aedbe37cfe799ca600133916c8068_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:43

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:47

Platform

android-x86-arm-20240611.1-en

Max time kernel

162s

Max time network

148s

Command Line

cn.catcap.tower

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/cn.catcap.tower/.ucache/classez.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

cn.catcap.tower

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 b.catcap.cn udp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.66:80 data.flurry.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 47.111.127.224:80 b.catcap.cn tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 unipayupg.wostore.cn udp
US 1.1.1.1:53 unilog.wostore.cn udp
CN 27.115.67.163:8080 unipayupg.wostore.cn tcp
CN 116.128.209.129:8061 unilog.wostore.cn tcp
US 1.1.1.1:53 ac.catcap.cn udp
US 1.1.1.1:53 push.wostore.cn udp
CN 47.111.127.224:80 ac.catcap.cn tcp
US 1.1.1.1:53 r.youmi.net udp
US 1.1.1.1:53 s.youmi.net udp
US 1.1.1.1:53 track.dmp.youmi.net udp
US 1.1.1.1:53 t.global.yyapi.net udp
US 1.1.1.1:53 stat.gw.youmi.net udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 116.128.209.129:8061 unilog.wostore.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 116.128.209.129:8061 unilog.wostore.cn tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 47.111.127.224:80 ac.catcap.cn tcp

Files

/data/data/cn.catcap.tower/.ulibs/decrypt.so

MD5 d7cb8b5358b1c095511cf9edb1c13354
SHA1 2ecc10b8e73597d54bd13b7b2046477f1bd40939
SHA256 e551db916184b19a7dbd2393e41b54543cc5eeb10ce3550b5219695ab6126998
SHA512 c73123bae60da7a98c56f7209a5b43b3939e774b288790a8392713c1eb6c1ae4902948d2e2faa07648df5d0e9c35753cd6ca4c0f2e9cb67c3fa45eb6d5599cb4

/data/data/cn.catcap.tower/.ulibs/libunicomsdk.so

MD5 6cae1508b702db4ebb19682c7261b4aa
SHA1 91eb197382d14418747125763e08c90779e9c887
SHA256 4928b78cb26c84674be1eae723fba27e778292a75c22191fd241f9709303b9b3
SHA512 45ad054078c1909f32f2ebb124f983546a3ef9bea38919883b884e345a79e0d37d0741553d17770f03e39599eacdd6b05c8a7d4910c48a569b1ba759922dcaa2

/data/data/cn.catcap.tower/.ucache/classez.jar

MD5 4bd7250abe1488da8e83824d496cfd94
SHA1 675af10b44c3d06a14e05e43e67f07024e9dde5e
SHA256 2604c84f15b1cafcc9b150ae5720e8c8416060a7e0d67c5ac856816d37657a1e
SHA512 29ce5e6fe6fda905afa1ac7a64c53d15c3c3224b140277111d25f5e5f4dee29122cce7449ad7e61b4553e4908d41b39d0437c321f75df90c1c4f7a144a9e0110

/data/data/cn.catcap.tower/.ucache/classez.jar

MD5 f2c24b326335dc403f74688f6df9051a
SHA1 5ca23af3edcfa7961503c006188ae0cefea1ac63
SHA256 e8beaa3f281a237e078fd8cd30a5050e2bf19f9d9652b497a02e1ce5ddfe6470
SHA512 008ea2dba577edf9656bfab3196bda2c317f93aebde3eee3fb370a9f0cc438505bc5d0a8b6cb437d07ddf2d82cf25421af84cc42f29fbb7aec4d287444a212de

/data/data/cn.catcap.tower/cache/libunicom.so

MD5 652f6c3442c9a214e4eeef3f0e2a9516
SHA1 7d634fab7f0ecab479f814fd3ae11e17ce27d06a
SHA256 f9b06d04575c9bdf6cc1e02b951ca44214a7faed0e47e628d3303f3394490def
SHA512 201cf65d9a5bb92d0c37019fa4b71f4d4ecc97d0cd1c09c7a44c817245a898934bc6cc2b3cf247d529b10386e9deb2746c39d6f7ac91be3f5c8d5d75fa37641c

/storage/emulated/0/Android/data/cn.catcap.tower/cache/profile/unipay_profile.dat

MD5 c79ed998048ecf838f080aa1a54843e1
SHA1 cd7d5431448ab67bbe5548256e800939d1ee1664
SHA256 9b42b42c58d3afe7e757981c6617fe2f6ba4a16ca1e2a9b3acca70a369ebc40d
SHA512 bf0e0e0df6eaebe28d9f9b15c688fa8a16fb62eb8937619b22b33dca1f606d30b3f9132f650ae40213a28ee962519dd88ebd96bd3ab95569cc1d4ab6ce8ff13c

/data/data/cn.catcap.tower/cache/2.0.1U2111B0319_resource.apk

MD5 6088cd3228debc405bf311bb303cdbbb
SHA1 33b28585187d90e5b22b732fc97309bae7141408
SHA256 0e83be96976f936927c16e709622396d814df47fe634f430b4b556e0a9c8b1e5
SHA512 bba92ecd4be50306db8fc220cd97a8bf3023f268450fe5e58edd24f61f3dd224c6f4fe5614d3395b8ee456cf25b72f46881889ec193aa04b07bc6778eafc8280

/storage/emulated/0/wostoresecurity/data1.dat

MD5 6ec14f36db9b1f65d9bef520c69bb8e9
SHA1 6bf3b1c7b6fa3310b5caf04019300fbc80d898c8
SHA256 3c6b68079c243f18783e72cf7af5e5145e6ca763ceba2ad8e2f8bad030371e3a
SHA512 22ea41596205ac49af13ca7f32226817c79616f31b21780bb7ec67abc44111f4b3a082421390302938df69d987a11675fd7f68b03d236f3d81316f0f57b2a0e8

/storage/emulated/0/wostoresecurity/data3.dat

MD5 efbc4cf64a884a399f362b9e8874dfe0
SHA1 217fc6fc5d08e987381d2a35d89b6be76d20fc30
SHA256 e7014a0bd996727b5c728edb8b3ad00407a0515436a01d0c93127356777226d7
SHA512 4bc7ec04e1daa6d2ac0f3d894a33917d83679b4eff4fe641586015b034489add862ed7260838ae0e118833d1e2fe8227c4ae51a1cd660ddbf59215c94a1476d1

/storage/emulated/0/wostoresecurity/data1.dat

MD5 b251181a76630c85dea4401b04be363f
SHA1 d978a86d5bf43336f9abd94a845ded39b9377170
SHA256 bfc3d86b43eae814e00489c41b88db6e35d457ba6f7039a52ac95ca4f0d9a380
SHA512 8e96e16222e66db74aea4cfc17332d3f4f37b991f94093d2d472868f56440bc233d1a90604767888d44081f07b776896638da5bb1536943c9f63be752ec2bcc3

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-journal

MD5 1b49b4d72ae70955f6798ecba424811e
SHA1 266130039a14741c053cb223ae46e7593878164e
SHA256 5eb4b46d6f5b043a6ef0708119d81d3a9959e542373d9b5f13f97b866f87c40d
SHA512 921f9acfde6dd31cf521396139f4dd6cdfa1b84693e85d88e40501ab8db61a1d3ee6c2b54cd52671b9ae3ef5cef6481cb31bb807145484af906a4be66dae4728

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT

MD5 3fc6d1d0b9512e57b3bac46e995392e5
SHA1 7e663584f7144ef7ab6dc142fcf1c80630fa2c1a
SHA256 6c4101e951c6453db9263ddc5418dcd05fee200d8a45d70e1575d27c3a592ec7
SHA512 d48987459ecf40d13208a2ea2f41de559b936ec2fc882c08bbac044bd16f6504c6d94782af7bf837e751dff26a5fa79fa4fc868e1d957f47d8735caa48bdba67

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-wal

MD5 0a0c85378ae25a80c32b281b56e61ad3
SHA1 ed60bad8469294186add3dccfee27fb5fb8a681e
SHA256 112358a59070d9db4d8665fda7f35de7fb0fdfe67d2249cc5b51c44e80948af6
SHA512 aa8f1078dac75462e4283376ad6aaf4dbfb84fe35b8699aeebf12e5ccc9046763785a24a991ed9e664c8452f16784a096eda67b06b93ca51cee518b189fd4191

/storage/emulated/0/wostoresecurity/data3.dat

MD5 a10f30e951e4f5cf4b92d3788d81b4b8
SHA1 46aa9ae8a6c28415a2e61fe1f152bc7e3e74b26f
SHA256 88f0e2d6f0ffc1e81ae6922dd779e29d812046aade1ecf9882215e62c4468737
SHA512 440c988f1616115af6fb9f089352ec8b4faab4b3abcd4053e084c1fc5626bf78d51b309f4f0d4ba54bccfb87d998133eb2ae4e996cc48c27f907c43c9ddf7e68

/storage/emulated/0/Android/data/.dataycache/i42d45df023jnkdd93la483f9xGFKXI

MD5 3c33e392d0bcb15294b1ad95f8c63ebb
SHA1 c421f448ddb928f9dc78f160cfb642b12cca03dd
SHA256 ec795dcf5ce8a6cbccc2078f0a90725cc74b4aaabca0a9535e99d752235d0e81
SHA512 1790a4d4303d805dfa8a6a3a5eaace03abe0cee255fc62b603c283901e46fedb36bc3fe466fb34f0cb181d4221043133a061e498b8c433513f315791e51d121e

/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9-journal

MD5 52ff302e7ad72e35a43b2e53de3951b9
SHA1 16d02dcdd11eb79256c70732fa831b9df493c5a8
SHA256 2a8a2242d6259af250718bb0ab415dfdffe88f0ffd8d44ad1bd506964da8d8ce
SHA512 341c4c8f13eac8b037d39fed58086e6f1ba8c3f52a562ca2e312fb4d5cc4fdf5ee4ab8fe2f32fd27b75f41fca2e29da7bcfdb797f44d46c5ce23228b856e76da

/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD-journal

MD5 34d8595db795e7a364ea0ff7a665b479
SHA1 a394393be7fc90b059b471a24b9e857bb68e1d2b
SHA256 9b88d97e37714d3c2b7a450f831bfd24b08fedd07f79aa4a61096dd8a3709bb6
SHA512 ba6d1737ce80b52b2d61ecd27f53304a9ccee4bb117b4d263386875c1bd278bff5e49809eee2844bb44ad771f34d5ca9950b0ac42d308d93165c00fde50e85bf

/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD

MD5 59413190ea19211285b5c0fed44c19c8
SHA1 ee67b7590047c3c17309f6e6eed48556aabe4c92
SHA256 3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d
SHA512 6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e

/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9

MD5 6c217ed0bac8d2f91b30b79d439f229a
SHA1 9ba63c2aff1bb2c70250a9dec1f4893d2ecf827d
SHA256 344d6a8d8632f380bc914af9dc9f0296429a0e9fc273e68e57870032bded5720
SHA512 fa9386f1a267171f8c80095633baa7aaad145986608f9bdf15c6708b2b50ed19359f98f9b9ff395ad26e361a85cc9e26495b23ccbc1befcdb03aacaf167d58f6

/data/data/cn.catcap.tower/databases/wsUL1uCdKvjD-wal

MD5 52dedeca7a89c43526b4b7c154840fcb
SHA1 e9a4e0fff343b8a22ce5a712dcaf59a089c7a75f
SHA256 0777d84232d792b4e24b3d4cb03d67fc6532b2e493f183ce928099c803e5e7c2
SHA512 4262568f8bdde7862f7f41441c871ba5f6f085f192ae5610a868bec5b100099010b71ac9815397ad45cafe85c580b7fb7e3848f36da885cc0376474ca257cf67

/data/data/cn.catcap.tower/databases/b5544dc81a5986eb998e055a4b77b0d9-wal

MD5 dc8ca200ecc88ee42d0675e40c3302a6
SHA1 092df16fb0c007501a0821c49292d0b3bb20615f
SHA256 580584522e02351efb6a4e1e7e9756737737114f7d57a54a8dd24ff679c556c6
SHA512 d0822ddc0f8e81467632ae0a5b786bf5336cf1d500d3d04251e6d65b7e6788d4df1505570afee3f4258ee486f182aeb9265e1ad2eaf51086988735ba288c533c

/storage/emulated/0/Android/data/.dataycache/s92TjjdfoP2n3o9dfji2l9s1olkjf0p

MD5 95058d3fa3076e4fdbc058e18d566e0d
SHA1 f6082f93a9c0ce4565c1228e61099d1b3b4f1c6b
SHA256 a079ab1b81730bd46de6049424ff404e37db84d47c48c5dae619911c9647f299
SHA512 2bee197091f0e83989094b48f1fbcda3d9af8f9f5bdeb2716f3d659f99e97167e3863d1cd2e4b5e1537b866860ba016f4d7f9005e03e3f2d0c1dc3b2a0b264bf

/data/data/cn.catcap.tower/databases/T1oX0rhhuXWt-journal

MD5 ba3c809cac8b8965b2579415009949b5
SHA1 7edf759fbebb6e6023968815fffa2f706b57260a
SHA256 6d523fb833dd3c51f262c21f2666b7adff1864368d3df6a723943599ec902115
SHA512 446217fc2dd4d9483239de844535842bf74945006ca3cca5863002d6a002acaef197b215526d10ffca9ccab11d3ec0beee1ccf7405e87afd3e62b6f5b1a986c2

/storage/emulated/0/Android/data/.dataycache/m929bb76e8110d1a70260af57b446ebc

MD5 b59f7f521008e55e9592aafa4ce3ae36
SHA1 3696a3e25428639f58fdca352138b57cd796589d
SHA256 00dae9faab5a999144141684ab00fe0d34136bf967b8be2573ef1027e6f3bc72
SHA512 aaf6505afd366e58af9e9e9811e67f7784e7d1258e962d81b9e83bd8e8b507bd840644364f34bfd2a21537efc71c8d00e460810ef73ffe6c258e7f83498e5bb4

/data/data/cn.catcap.tower/databases/T1oX0rhhuXWt-wal

MD5 338ca8bea9805359b33751272bbf7d46
SHA1 34897d0de43d247b04cd179ad2f531bfa9d2e9fe
SHA256 84a991b49b92a29ed761716f16bb4736a2358e66bf80f8e9961c6cd74255bf64
SHA512 a647b0cf07bc9755da6dd12296967437ae91e0162ea4af3f6bb74175fe7cf9d5b76719dea1355ead2d5f89096072bb3e6472b94d368ccb4fbdb7ca1dedb2b7f2

/data/data/cn.catcap.tower/databases/P15pKIjsm64m-journal

MD5 1a70f6f733bba1f50bfe392f702ceebc
SHA1 79b19b1ecceae054ce49bc2884d7d29ca843c104
SHA256 212e735fee71669240d00e6e5c5e078ba66df76a927b1901a0995af76170c996
SHA512 80b925758e80757e397defa1f94b09720af035ed410064a721f9e9649eb7b0f3211686512eb23e999d21efa3d3807cc6df5e2203e596dc00e2f62c58c768cfb9

/data/data/cn.catcap.tower/databases/P15pKIjsm64m

MD5 032abd6bc70ad7c9484f10a7daf57bc7
SHA1 12e3c03375192814883d5fd1671e2b0c64b0ae43
SHA256 9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976
SHA512 aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f

/data/data/cn.catcap.tower/databases/P15pKIjsm64m-wal

MD5 77183ce1f4add4eade17b24eadaace2e
SHA1 950be4f74e9165e5ae335b6af55d0117b8645114
SHA256 f97bb0abec1a3c38e4981eefedb3d4d12dcfc8925b869e927e8202adf1e1d913
SHA512 29299c4ad362f41c387886e157880dc2025d2509b42a95a25e7b03702f3f32429054b2f03d290ddaf8426c774fa74d48c9f9145d59a1c7849306243be0a0b960

/data/data/cn.catcap.tower/databases/XKwVoK0huy3R-journal

MD5 b87b01b678c6118865e12f8a035f2afb
SHA1 b75b077dbcae552f6947931413e3f6c239a68cfe
SHA256 c4e88c91b8ccc13bb6a80477793a223666e669c0da1a6c30823bec66d3bacfd3
SHA512 f593e7a25b244f9b001da8e6c842b4fee0372df13d7306bf36724fca139735e10565f498e17dcb26283a2551b19f136978a464cc78825d6322d578dabc363e25

/data/data/cn.catcap.tower/databases/XKwVoK0huy3R

MD5 9c37108c041a67252d4fb5059436eb9f
SHA1 f65bdd652f9b2a098993d2aca0be2578e8eed20a
SHA256 f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55
SHA512 d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548

/data/data/cn.catcap.tower/databases/XKwVoK0huy3R-wal

MD5 a447328590ec3d9f97793477b0e4a278
SHA1 a96a03c577088353001607e5f6cd92d4e00fdbee
SHA256 ab321a8609d21017fd4c690e27b8c6750822063dfdcd1862d63355d72e9e8021
SHA512 ed3d1da419789461f4612440a494fa4e404df88b4e852e7ee83de07cf7d33b5970a44ca558bb1b7f90c940a5b30c87a367449172e02b9b4480232da9a0180edf

/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX-journal

MD5 df057729a2811893ded8784a0adf3ca0
SHA1 928733d5f5b935f354146815f8e6e8c376469b04
SHA256 b73223749f3d75c2f285b48f9a34d20c1b767c17a6710840b6ea9628c5184076
SHA512 37517c2f7e54ea35f4a7f5aa4b82493ed1be8ea514f50d5bddb8845245c16a4ee5cf0f2ac8fbab35213c0310ab8c34283678e4a182542a3040460d8e0b450588

/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX

MD5 3f46387c5a9161a06c35918e4715e9e4
SHA1 f03b4527b29495a3f50be85d6afba301e9e3f1c1
SHA256 687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9
SHA512 614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef

/data/data/cn.catcap.tower/databases/wIU6pTyUBYWX-wal

MD5 5d8eb0ad68d691c2712ea33ad4b2620c
SHA1 ed3ad6982eeea1070ccd63954b8cc6cc8b0f4712
SHA256 0e6cb1c80a6df8e77162a1c9b8bde497bbfd383e7f7540f65c709a819dbcfa81
SHA512 b0fe4dbef8259600c15eaaba49119d0fe0e06082c074356a0aa10532696bf2a3aec3865d98b176e4d9df9b93ce04089c0fb5648f6fa06fae19f2e4829eaaf9e5

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT-wal

MD5 c561eeb899a45ddadc79dc64d17e7628
SHA1 dad089510cc91cfe80f75dcfa9a045089ec144fd
SHA256 baec7e6931efaaa7c8db27159f7f2a5a1f80b213450d25672fd65e6b0cdd309b
SHA512 da4b77396f22298583b21d0ae08554bb52b5cb4ab7ff2a0ede3939a7b769080301369f64409887f8606eaa56ce0fbfce3511707d507f596b9fd1e0ec693873a0

/data/data/cn.catcap.tower/databases/jqIqJYOT3JpT

MD5 d01275c23a5d860ff4a9c1d24d713c57
SHA1 e2cfd632b76eed2ba667662f42d177ddecdfa2b7
SHA256 e8ab844358d963b27e02ed8630c3c015d7c14c68282f56077d1489d9fce24215
SHA512 d1b1d99f47ce4ae6a33b222baa321d0d905f45b7846bbe7d085c870febd0c59fbb1ce6722c3e2a4c757a05fdd470f6b18a1bd4b191fb4b695a4750721cc06607

/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef-journal

MD5 c2ea555ff130a5be39630cbad05e01e1
SHA1 e5d64d00fd1302aa0780b4b37fcf83fbe0176d99
SHA256 4c0aa4fa8982b03bbb8ab901ebcbf57c425232e11b8151d4cbe12f71cd4d9bc3
SHA512 99527641a7de92d17a7fd8c407f04ae005b911be8f4690819ded0cc0ccf08ad69b74a8e535487058e2e83a19ef6fed7a68d656c8fb9f96b2ef3191777c36a98d

/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef

MD5 02d3164c02790a0271b34d98cfa26fea
SHA1 9ee2bf78e357c6e164da1a811058e05bef68de92
SHA256 5cb8c82a0eb4a2544356b78ae3689ee8e8d1518cb6ef3a4e1f6eff19233b22a1
SHA512 544baa34c48115264e163b78fe59a0223acac72c6de9176a8504562316616780e6db39d77a669eb05de261151c0d0a8e8dea9f8348038966294622fbe72eea94

/data/data/cn.catcap.tower/databases/aa8d690dd4c24dbc0196b9725928dcef-wal

MD5 417593a6de37e884b1d48dde40529c3a
SHA1 197090611b5ae53de7da3f548f9edfede9cb5f34
SHA256 90bc65f2f323bee6ab607545f0d33fb7275a02ebb48de4cc2271f61fc2527352
SHA512 c31b42c0abf9b5add02259147fa7480687c1c26f3fc6be876c85e7d74fb4421689847002caec1e00d4ffc1319c2d182f273beb89fb95e6f4cc726caabf134d65

/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-journal

MD5 40a0a42f2794b40aead551ce25925c37
SHA1 1c31a4e7b151edbfe6d58ffa10054c7b476c0f72
SHA256 08c1d1d5f34947b1b558ac5a0c297ef5ddc454672b87507cdbefd536aff87182
SHA512 26dd0f81a8d123330f0de0a09d36daa330de71ad7e2b92e583a0ccacaa385d3a429c82a91f3f1ce8e0c4e81f13ae1e10dd8a2cb823b47c9ecfe691725ea9ec61

/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a

MD5 4bfa314d6b151570c9f90e87ffa41ac4
SHA1 170294d4982e69ae6c72cd405fdc1f96b155ce4c
SHA256 4a8f9b899d6fc77a3a948f17cfd86a1a58171569578a7bbe4430267fcf7bf2b8
SHA512 ff2df162eb60b3c2aa32ed3d58092e192b3f6bea4c14705d226a2e5a5d3ac93dc428e26d0f28d2b75509b1b34f6439ba79ada49523b4d8a4866f79b518376e7b

/data/data/cn.catcap.tower/UserDefault.xml

MD5 4a8226e4211ccb4cb79f54d4ee35a55a
SHA1 7144e993ff784e4458c4d53d6f9f29930cf13fb8
SHA256 8d5bfd20db452314b315192d7160e28bce53c777c98a31aa6df7c93345a692eb
SHA512 7d7480da93b3363306438c7cc08fb913e29098eb19c4f6ac40ac5282329ecd8eae77fed695822955183a4b7084d18da89c2c937af5fcdf43b3f1bd7854cc7041

/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-wal

MD5 a9f574a4cfaff202c1f69dbc27571e1d
SHA1 e21acb7b2569e0f277b495451d0364c4c28e8767
SHA256 9905d34116a415fedbf5d0930912cf85f7e1ef7f151b801b6f269de99be0633c
SHA512 b438b9ec39f9530b0b07e4a125d95f157200431cacf6ddd3f98febf5f47f5742828405f01bc9ed891a1c44833ceef2b3c767117336782b913e27070bd1da11ed

/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a-wal

MD5 9438e4027c27c311c97605a417c3c9d6
SHA1 4fb2a8f654f2f49c02d876358dff8fcdb800ea29
SHA256 d28782d1e7ca916508588cf2e5024109ed33ca0074e062e1aa6db8d9b84e7606
SHA512 b90f19c72b981348260799427181893597456dfbcd9c3d22a0334114b30e0b3c1f12bfbb761401b5d253309d94d7e86ee8acf2b0c41b435c1e715a296b20ef8e

/data/data/cn.catcap.tower/databases/32ae4893aba45f3113f2ebfa43e63a5a

MD5 df090b130637a35317892ea652c15fdb
SHA1 584b46e6aa124829119c49841fadb64fbea70fef
SHA256 7c916e8d91daaaf73410db8f292f95c7cfe8744881580e45e8c31fdbef33265c
SHA512 e521bf2076c53a256de6ffa2b36580d54a6a25601afe4f6cb9464822c24f20243ba170ecf3d02c7060613e51db352c24f1abb3096bff0be1dd51c5fcc6b58177

/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526-journal

MD5 44fa9d8f035ac2a5db1a52fec935b36a
SHA1 845ced63bcb97ec65453271986670f71f0638fb7
SHA256 a197968568f665b244af56955050234b7ff5750bd41b328ebb7dee9e5eee5de0
SHA512 761e3b050ede3e8425b9ecb4ed0d0fac690a00830c64da90c278377826b3825c0e6fc314176763c15a20f4ec7f33ff68954743a052ed1ebe2761d6b024ccfa03

/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526

MD5 779ffff6a8b5ece4f97f196ba767cd05
SHA1 538e640e74ea8f7347007c883af8ce2e7ae2d46d
SHA256 bea85f267d096ea25051a1c09853f1802e372305e546bf4ac2c3edf96e70e585
SHA512 d8838b7570ce08453e27b95e61c660bc28e0a434651f93b1a354d1799b3c51cc2237a2bdf6ce07f71358ed503a5e5091172d87081defa51d9bbfbdd444f07ba8

/data/data/cn.catcap.tower/databases/d15ad3731a0710b63b4f7f3158ddf526-wal

MD5 18e3ee6286cc19ca5f8eadab0d3f8ddf
SHA1 7966eb5a05b9a660136227c9c668329b41e1bcd9
SHA256 9c2cb43fb7dd86612bc512c513c40e4a0bef0c7d83e1e58aacba1d8679f2d33b
SHA512 91790355f4d69752173d439e58983f341ac25b9fcda7d6f2057741e928de1cc695b23397788cb6fbae123e57ac8ad16b14100f3bc1952a25ac30f35beb17136f

/data/data/cn.catcap.tower/UserDefault.xml

MD5 6db98a875258f1a4a4f3fd6e9c95b2ed
SHA1 c316d8b9736d0d5f06de5fa93d3118d4c7f08f2f
SHA256 bd7d0054c1b5fef9f9a000e3597752a66c1aa3a2e39cfb3d27a4a20c990247b8
SHA512 74eddc91c9424057c47beb68b5cbb0c52f0844d950aa6c5108c6bd83342d64fca9b2a85d43a1387138f2ea3ec30df0f49feb0db11084d9625c5985dd1206ddff

/data/data/cn.catcap.tower/UserDefault.xml

MD5 8e2fcd87958149dc193f0cd24fc0f27e
SHA1 d81afb0b25a8857b9ac3868ade0cab23974367ec
SHA256 34707e5296462d0cb60b41536590651de6bbebd7e8a16cb92bec3a72659dc52a
SHA512 fd1485704adc88ae1dcefb43f1c017526d5b6cd07c82899151d63e4c42fc60b38b0ab4a10c5feb88e6185345c26de79e946e939bb556c96c73e92aed39613ee5

/data/data/cn.catcap.tower/UserDefault.xml

MD5 1cf6a02d38fe40572b7a8892e6c4297c
SHA1 c7a588044cfe519d75fd4467727273640ea19240
SHA256 47299a4faf617f88e8431f7f1959a39ba900ca6ff0f3e34c83af8b5f32eb6b5f
SHA512 70def030ffef62af1b921883336d431a21a7da6645a3cf42b5f15df2f4d1d3c40c908f445b2f3d38656883f18d675530996cf5cdc9b52add3eadff98a3c248bf

/storage/emulated/0/.unicomCache/login

MD5 91d07cb8466776db56d470b96d6485fb
SHA1 f59ad7776e5dd8071922131003c06db65037aca2
SHA256 39317e9588db9a44dd03f957b68221ea2bcccf355a900f5623c92ae2abf4ab4d
SHA512 e822ea1cb4f9bec6e84e5914b40dc9d9b2b0fbf727f06a4e725217b4144424227322cffa74a58b35bab5f29fae59df3e9ab80060e9c817e9baa48ab86551e536

/data/data/cn.catcap.tower/files/mobclick_agent_cached_cn.catcap.tower

MD5 6c7d7fae82411ddd550e3f0ce6829354
SHA1 9defdb701cb47506822bc655c7fb52b24a30287d
SHA256 1b921dcc7e2402a702fe0046492a723e9b4917402fefbd203dcfb2f46f71689a
SHA512 19550db823567873e6e08c0bb5e7c949c30fde0ada79b08b4ab1537ba44daf86b2ff8f64e4499e8fc43ccee9afa3ad320d02c9dee4b83855a62c8d199db284aa

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:46

Platform

android-x86-arm-20240611.1-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:47

Platform

android-x64-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.10:443 tcp
GB 172.217.169.14:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:47

Platform

android-x64-arm64-20240611.1-en

Max time network

163s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.212.202:443 tcp
BE 64.233.167.188:5228 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.212.202:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

N/A