Analysis Overview
SHA256
1e78e41b59fe2c16dc2150bf1b78f9b21b5abe63ab70a19208fbc6e5edcc3ed3
Threat Level: Shows suspicious behavior
The file a4c44f081d43c5e76eb939bd64fb50ff_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about running processes on the device
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:05
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-20240611.1-en
Max time network
165s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-arm64-20240611.1-en
Max time network
165s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| BE | 66.102.1.188:5228 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3-dz.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x86-arm-20240611.1-en
Max time network
152s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-arm64-20240611.1-en
Max time kernel
4s
Max time network
136s
Command Line
Signatures
Processes
com.tiangong.android.plugin.demo
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x86-arm-20240611.1-en
Max time kernel
177s
Max time network
194s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar | N/A | N/A |
| N/A | /data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar | N/A | N/A |
| N/A | /data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar | N/A | N/A |
| N/A | /data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar | N/A | N/A |
| N/A | /data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.shangleqiu.shop
com.shangleqiu.shop:GuardService
com.shangleqiu.shop:multiprocess
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.shangleqiu.shop/app_plugins_v3/oat/x86/a.b.c.d.e.cache-10-10-100.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/com.shangleqiu.shop/app_plugins_v3/oat/x86/a.b.c.d.e-10-10-146.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | app-router.leancloud.cn | udp |
| CN | 106.75.100.17:443 | app-router.leancloud.cn | tcp |
| CN | 106.75.100.17:443 | app-router.leancloud.cn | tcp |
| CN | 106.75.100.17:443 | app-router.leancloud.cn | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 110.41.53.90:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | ws-oss-json.syrnight.com | udp |
| US | 1.1.1.1:53 | plist.yuanrongtx.com | udp |
| US | 1.1.1.1:53 | update.sdk.jiguang.cn | udp |
| US | 1.1.1.1:53 | plist.aotubangfen.com | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 124.70.128.38:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | azure-plist1.vnongchao.com | udp |
| US | 1.1.1.1:53 | azure-plist2.tjhuitai.com | udp |
| US | 1.1.1.1:53 | azure-plist3.tyjhgroup.com | udp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| CN | 123.60.89.60:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | plist.mowanshidai.com | udp |
| US | 1.1.1.1:53 | tcp | |
| CN | 121.36.15.222:19000 | udp | |
| CN | 123.60.79.150:19000 | udp | |
| CN | 124.70.159.59:19000 | udp | |
| CN | 120.46.141.4:19000 | udp | |
| US | 1.1.1.1:53 | tgqmxe8r.api.lncld.net | udp |
| SG | 119.29.29.29:80 | 119.29.29.29 | tcp |
| SG | 119.29.29.29:80 | 119.29.29.29 | tcp |
| US | 1.1.1.1:53 | tcp | |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7004 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7004 | im64.jpush.cn | tcp |
| CN | 119.3.188.193:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| CN | 139.159.137.254:19000 | sis.jpush.io | udp |
| CN | 123.60.89.60:19000 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | tcp | |
| CN | 123.60.79.150:19000 | udp | |
| CN | 124.70.159.59:19000 | udp | |
| CN | 120.46.141.4:19000 | udp | |
| CN | 121.36.15.222:19000 | udp | |
| US | 1.1.1.1:53 | _im64._tcp.jpush.cn | tcp |
| CN | 119.3.188.193:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7000 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7002 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7003 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7003 | im64.jpush.cn | tcp |
| CN | 139.9.135.156:7004 | im64.jpush.cn | tcp |
| CN | 139.9.138.15:7004 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7007 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7009 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7006 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7008 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7005 | im64.jpush.cn | tcp |
| CN | 139.9.119.173:7004 | im64.jpush.cn | tcp |
Files
/data/data/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar
| MD5 | d11e680da708e66c182ac4c2e01207f1 |
| SHA1 | ef4abe76f0b05a23e65ce440a53d81c9c722d9e6 |
| SHA256 | 1b77977571eb01344fa4ee385ed6e912cdb2f4729d15da2db98ccd92dca2a0bc |
| SHA512 | 006bb40849cf6616a1d9f3083cdd5b5183a6b34f4df451ad5edec7b3dab4f4859897fa56c51defe49f4e44c102bbc5ee25b03ba1fa1505bdb44beeb90e4c465a |
/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar
| MD5 | f1519e6fc9e8827ebd3a77d1ba18e629 |
| SHA1 | 9ec36f0d8bb650df3804599b8598ace6d5da7d14 |
| SHA256 | cdc20eb19a67c060d60a9de1a594ad3c3874ed61009ed754f653517bc00a31ac |
| SHA512 | 1e7f3a35449fe6ea186dc09c14bbcb772970089fb131503b56be0ae3f6870157fd8ad284444fa9a3eaccf2b855868c50b4e151b39633a8809a914d92141be9f2 |
/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar
| MD5 | 8d4950b71650c8e83c4a7561b6d2863e |
| SHA1 | 162acadec50187d6aaeeebc11ee79cff5a3e465a |
| SHA256 | 58a42255740c6082d04d43acaf65aa285791ba1a8ea5118455927fa68c27444e |
| SHA512 | be61c8fd7ee1079f9d10d60c917dfb09c06eb5e8a96bc738de0b9d2a88e007fd4b1718f3b541386d65d462af575f2f46d173a200c76a1f47cbf9f58e4f2c351d |
/data/data/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar
| MD5 | 301cebffcfd9405fcbf67b851c22655d |
| SHA1 | 5ed5f2c21ae3d7141953f81c4f642ada82f801a2 |
| SHA256 | e51d9f4f9f55e1a3c9592ba09d9928ead3a41b9658c0fcbb06bb46c3176b1d81 |
| SHA512 | 51dabd63fc9e58e70d9de4dd2be10d7e0e7d3c78451192a547f436378546785b8071f631c0eb95910512d705caa8c0212a9c9b346a639480eb01c2e2ebea505f |
/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar
| MD5 | 183255719912a3fb83c31cc30cd610d2 |
| SHA1 | 05c213ebd1694ee60dfe2cdc9fe0d210d04aca76 |
| SHA256 | 0424f362e34042b9bfbde76877713ddba5f23f44f456917bd01b01f3de16c313 |
| SHA512 | 8a0581cdce49e2855c4972c51efab116e81dace43a09e9da476998441e1452e0e9888b5f7f9cacdc191f51d8549b5e2e3b138cd52b240f79d532fd7171f3ecc0 |
/data/user/0/com.shangleqiu.shop/app_plugins_v3/a.b.c.d.e-10-10-146.jar
| MD5 | 2985be3f1dfa736fc1afbcad6a4fae97 |
| SHA1 | e37b014aa8820efeb38e22b78a9fd3b8865c0ff5 |
| SHA256 | 5a4ba4f7f12fecd8e1ccc7e6cabcb8199f45bdc88da90ca4fd29d738e689c072 |
| SHA512 | cb1018bdd399eae6bc29609451acbe5cbabc2850749d697dcf3ff33bed3ce3c0dccfb33123b67f96f15d2f21913a0dffa2c62c1bceb740694f5ca7a8fe79d674 |
/storage/emulated/0/data/.push_deviceid
| MD5 | 7d2d810bb4010d6c599aeebf79bfaabc |
| SHA1 | 7272ad454a94b309cd940904a1376701b23458ff |
| SHA256 | b964fefa0e250e048c57f0ee05bbf4a5301016fdf346d6fee527e1843a8f0e3a |
| SHA512 | f6a9d9a297cd34428094489cff5057c7f81beffc1363753688993169ff968953f07053006441f876c20ed8f024aac73a4435ca3e31ec2c20798c721775c0ebdb |
/data/data/com.shangleqiu.shop/files/jpush_stat_cache_history.json
| MD5 | 2c3395f06dbbbc80097cc3e64dab8568 |
| SHA1 | db1cbd4a01e8ac63e561c8bd17c28bb42b7a8b34 |
| SHA256 | 7d32a80e6d6f55f5e8f0ae5b80517270fe4ec81619ac891f4c6d74cec1e0706a |
| SHA512 | 8e25d744863d587bccfb7a59960c0dedf74d5d7c9c93171ecccc51ad4244e779ec629889efadd9c47d9f715159136c7bdfb2123dc1e19798a4109c02d55f911f |
/data/data/com.shangleqiu.shop/files/jpush_stat_cache_history.json
| MD5 | 08ef92fd9fb88b428270b93ae48813d2 |
| SHA1 | 56ac6d650a511cfe47579c4fcefe8f1b22c92036 |
| SHA256 | 2520e131c6128163fe5d3944415052d765e2531144656280085da28a1cd2452d |
| SHA512 | 93db4ad38a5e127c27b5fb6031a49a784529925f548c275c350b80508efaa3b022e78305d10d58f3b50e935ddc0c20d3bf09d555606cecc8bd09547f4d5fd3ce |
/data/data/com.shangleqiu.shop/cache/ACache/-1578142395
| MD5 | 7d9619be561d44671cb2b25a09fef1ad |
| SHA1 | 158f453e878b4f973f7764b13179d189e436ce45 |
| SHA256 | 9b1a71d854b2f945f289e933bec2118faf02e7b1cf30e86809bb3103fd34c933 |
| SHA512 | 4dcb3c29891bf1dad35595a54edf4f4087f76c7188601eff5341162c9d1b2bba6c6ce2bdcbd4ed784edb8231b2c7e49db749e9b72d930409729f0047ef6ac884 |
/data/data/com.shangleqiu.shop/cache/ACache/1256040752
| MD5 | c81e728d9d4c2f636f067f89cc14862c |
| SHA1 | da4b9237bacccdf19c0760cab7aec4a8359010b0 |
| SHA256 | d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35 |
| SHA512 | 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114 |
/data/data/com.shangleqiu.shop/cache/ACache/-1548376672
| MD5 | 9cd57c3ae86dea081714577fcda1264d |
| SHA1 | 39f388b2860ec7ba6d176c42c01af78250349c19 |
| SHA256 | 8fa454addada64b8d9e15542136c7f0c6dd66b71669f9e6589f844e05a2896a3 |
| SHA512 | bb019959ea3907f5797b8a9d7ba8408e6e3eb70eef92f693852a60197f76eace71b4f06a4eeb6fcf4fb705504de3cda8329dd3e0a28075ffc25049312758ea74 |
/data/data/com.shangleqiu.shop/files/plugins_v3_data/a.b.c.d.e.cache/cache/ACache/-1795434967
| MD5 | cf7a9ee135960978f36c500b6f89bf00 |
| SHA1 | 8c4beeaf7f38283e8d2b615f42ae5bf1c37c10cf |
| SHA256 | 7bede90dcc8eb6aff78333e98db34110c4e64e20621a1ff93e360f0258f9adaa |
| SHA512 | 164406b4b1f23e1b2c6177cd41ed886fc07092711a13e780ac1a31e77e41b0536f4a538b1ceae5be414665da93bce564f0e0c8e3eb8d5f4a38fd9cd2acb4b8a6 |
/data/data/com.shangleqiu.shop/files/plugins_v3_data/a.b.c.d.e.cache/cache/ACache/-894512560
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
/storage/emulated/0/Android/data/com.shangleqiu.shop/cache/ormlite-db-date.db-journal
| MD5 | ee969e8785b59d25661e633d071361ff |
| SHA1 | bef06ad3ef308d1e568f83963d6959e870b88309 |
| SHA256 | 345601e915ad0ddd0a6501ff1e0a8d0167f16c8f009d25e86e01ebe48730dabf |
| SHA512 | bea8ff15b086a925d2461852369d7ce5536d48c2193ffbc1c345786f77951e007edcb4324b87ccbcfbca6258cb1ead5d25d0a16e3371129ee82137a6e58cbdc4 |
/storage/emulated/0/Android/data/com.shangleqiu.shop/cache/ormlite-db-date.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/storage/emulated/0/Android/data/com.shangleqiu.shop/cache/ormlite-db-date.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/storage/emulated/0/Android/data/com.shangleqiu.shop/cache/ormlite-db-date.db-wal
| MD5 | 4b973275f70c65af4ace623420216c9f |
| SHA1 | fde94a8a844512b82625e0bbc2a54a585a9f592a |
| SHA256 | 094864fd11dd3e4ca5df4d0a947a436d818140def52e2ffd8791cd0824d04f90 |
| SHA512 | 430b49b3a474e72a3f631a24f4b49171c69aeac655e37d392ca62d0949b1498e0efae05a72dca5db868c5a19fa0b0f19392ce92a096e0aad4bb5f5513918c956 |
/data/data/com.shangleqiu.shop/cache/ACache/2110136299
| MD5 | 570dbe5b27f3d4937a429874c4f1485a |
| SHA1 | a6d32ba22f1d5f72304446d5882312424e8b877f |
| SHA256 | c65bce40676fb2f02e0839bb615454b52f8c1f823c2a7343d534d6b4607559e5 |
| SHA512 | 026c9f67d965121bd1fff50967f07dddb3bf4dc0e0d0e09195a39ba39bd8f743aef80a70d3c9979748370e5c5058d1e3a0ce220fd0c33295011f3ba5821762b8 |
/data/data/com.shangleqiu.shop/cache/ACache/-106815946
| MD5 | fb71b8395e073f73d504e0ad3ad5d929 |
| SHA1 | 70e2e9c5a1c9b090332efb956ff9b39085edc7c9 |
| SHA256 | 1ace56344bdd1d3f20ea7b0caf3a991a39c61ad26e9cee88eb3fbfa9fd4fb430 |
| SHA512 | c9a92ab65ab8738c2c107a3e8f290dbf2a65ed96dd256882ec6baf20724583880746697b361e96b91f631c2f86250eb38291fd8f7d5b6203b79be2897fb7f337 |
/data/data/com.shangleqiu.shop/cache/ACache/-1256049348
| MD5 | b95570cb89c3cb21c84d6d1a87e1c573 |
| SHA1 | bf09e1c02adbb4296d6508536e687814cc52811d |
| SHA256 | 6fafada4cf9f71dade3932c1b64c745f0315d27bddf5b4379d4588dca2a74dde |
| SHA512 | c923e06daeb85efeec6fb9e7f954b629b2237d277d83486df665e0e7105b97027a7a6238fadb0aa45126d1bf26bfd7ec0f2ea715bf782652a62cdad280924da6 |
/data/data/com.shangleqiu.shop/cache/ACache/1391917710
| MD5 | fe7aa46943ee7a2a7ddfe309d7468510 |
| SHA1 | 580593250eaf52f6841f1734ee433773c77b294e |
| SHA256 | 98df2ec897fe794cbdb5366333ecd17dd763d65857f210f310450de69874e35c |
| SHA512 | 6923de3c1ff867c94af1d88eac6a541db3a4908cbf2d1706172e52717a3ee307ba314274cffe6bbd4fc87599410a31ab089bcef65c17ed192e9bab58976bd47f |
/data/data/com.shangleqiu.shop/cache/ACache/-1813379398
| MD5 | 26c276d83df2ecd7b9aaab972103b7b0 |
| SHA1 | 0b71f1940d31c492a8a9576d39ad4857206a1369 |
| SHA256 | 9984f3e228d14a1d8a710338f52f3c39513c9cf85138920f87f583ef04d30269 |
| SHA512 | d5f0db41dd6a0a5395fd855cd488cf7eb8246143466513445a5d12d29345181fb9582b3e3bb16508a830fcadbf130c9254255e808ab2f891685df1acf741e726 |
/data/data/com.shangleqiu.shop/cache/ACache/-1795434967
| MD5 | f8f80ad2548f2939d74cb85702708757 |
| SHA1 | 81c9dc6e0307300d5a463955f2150c73e3e0d639 |
| SHA256 | 0ddfe620e22a99b3ffe3e37ac0402a9243b648e1efe77ee0f83e799a6cef8073 |
| SHA512 | c78419286ecfdf5fbb31a6ac9e648d1f7994aa9b831d7509bef00658880f75bbc3c77b3fe1dbe7c30e4d512ebe64a41701cd46a4ec207ee9fe09956a8904a374 |
/data/data/com.shangleqiu.shop/cache/ACache/17195168
| MD5 | 68934a3e9455fa72420237eb05902327 |
| SHA1 | 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 |
| SHA256 | fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa |
| SHA512 | 719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d |
/data/data/com.shangleqiu.shop/app_plugins_v3/oat/a.b.c.d.e-10-10-146.jar.cur.prof
| MD5 | ab96091b1e1fef17461058eac229d3dc |
| SHA1 | 4e64f85b717f5c5fa85716f002b82beb00ef4dc3 |
| SHA256 | d0b37e00ccd61188fdeee180cf92982caaedcd91e5003b399455bae300de488c |
| SHA512 | 4cc57f082ce7d57d59ab982c71d8694670b66e16db5f13fa0d656175e3e583bcf1f2a2e5dd3d90116dc1d6858dad1b84dd273d98ba0aed4715c62cfd21d4e04f |
/data/data/com.shangleqiu.shop/app_plugins_v3/oat/a.b.c.d.e.cache-10-10-100.jar.cur.prof
| MD5 | 5991d32e2a6ebdfee7c655ce690736e2 |
| SHA1 | 7008e8c5af9eaf9b49644815e3beaf9ed9ac0dd2 |
| SHA256 | 329d7d20f22c4d7b79439b303782398b2f1be7a5c369911a2a74f1d274ab2bff |
| SHA512 | 56ad8c69bf36b342c735b267aea3cf214aab3325be44dd1fbf9244ce80d34753fefa95469008d31f59b78cb937f2c759ae75c81c2f204b294e3b72e71caec22b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:05
Platform
android-33-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-20240611.1-en
Max time network
134s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-arm64-20240611.1-en
Max time network
167s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| BE | 66.102.1.188:5228 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.169.3:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh3-dz.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x86-arm-20240611.1-en
Max time kernel
4s
Max time network
141s
Command Line
Signatures
Processes
com.tiangong.android.plugin.demo
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x64-20240611.1-en
Max time kernel
6s
Max time network
132s
Command Line
Signatures
Processes
com.tiangong.android.plugin.demo
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 09:05
Reported
2024-06-13 09:08
Platform
android-x86-arm-20240611.1-en
Max time network
143s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |