Analysis Overview
SHA256
2e460f98b6b6f43256567a633439f180f33f6211a69f218d5d8cea5a4130a349
Threat Level: Likely malicious
The file a4ce342252048914a9c9ad85b69897ce_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks known Qemu files.
Checks known Qemu pipes.
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries information about active data network
Requests dangerous framework permissions
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:16
Reported
2024-06-13 09:19
Platform
android-x86-arm-20240611.1-en
Max time kernel
178s
Max time network
183s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Checks known Qemu files.
| Description | Indicator | Process | Target |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
| N/A | /sys/qemu_trace | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /system/lib/libc_malloc_debug_qemu.so | N/A | N/A |
| N/A | /system/bin/qemu-props | N/A | N/A |
Checks known Qemu pipes.
| Description | Indicator | Process | Target |
| N/A | /dev/qemu_pipe | N/A | N/A |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
| N/A | /dev/socket/qemud | N/A | N/A |
| N/A | /dev/qemu_pipe | N/A | N/A |
| N/A | /dev/socket/qemud | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.jingyingtang.hryun818
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.jingyingtang.hryun818/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
getprop ro.product.cpu.abi
com.jingyingtang.hryun818:ipc
getprop ro.miui.ui.version.name
/system/bin/sh -c getprop
getprop
com.jingyingtang.hryun818:ipc
/system/bin/sh -c getprop
getprop
com.jingyingtang.hryun818:channel
/system/bin/sh -c getprop
getprop
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | stats.cn.ronghub.com | udp |
| GB | 8.208.8.123:443 | stats.cn.ronghub.com | tcp |
| US | 1.1.1.1:53 | log.tbs.qq.com | udp |
| HK | 129.226.107.80:80 | log.tbs.qq.com | tcp |
| US | 1.1.1.1:53 | nav.cn.ronghub.com | udp |
| GB | 8.208.102.120:80 | nav.cn.ronghub.com | tcp |
| CN | 60.205.180.247:8000 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | log.umsns.com | udp |
| CN | 59.82.29.162:443 | log.umsns.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.97:443 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.100:443 | tcp | |
| CN | 203.107.1.97:443 | tcp | |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | httpdns-sc.aliyuncs.com | udp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.107.1.97:443 | httpdns-sc.aliyuncs.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.107.1.100:443 | httpdns-sc.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | adash.man.aliyuncs.com | udp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 106.11.61.135:80 | tcp | |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 106.11.61.137:80 | tcp | |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 123.183.232.80:443 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 59.82.40.77:80 | adash.man.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/com.jingyingtang.hryun818/.jiagu/libjiagu.so
| MD5 | 610a895c4a71bbeeaea16eddb1422bbf |
| SHA1 | 9f919de42ed1e80bfadfef48f8202b202166f869 |
| SHA256 | baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217 |
| SHA512 | ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2 |
/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex
| MD5 | afd5d36ed27df25fd3003b1154336c11 |
| SHA1 | 495ae61db259df44f1ae5aae2a4d47592379f918 |
| SHA256 | e354e6d5be7892463a456bcc34bed6add0eb13e41521d427fbffbb40ee8b57b2 |
| SHA512 | a92507581cd34b075a85317bc3d6fe7811809d26495785917ed742bd2880930794283652e5e4c4a482c01100b6d496a262f29650b8ad1cf4c510dba5ac3d1915 |
/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex
| MD5 | 9a8727e1061cbeb0b2648103aef6186b |
| SHA1 | 02f8ed339f1b5cd9967ac521d19be087b3d970c2 |
| SHA256 | 1b6eab5b2ca5978984ef9644c2801787b9cda737d7252db809a47ac948bd518a |
| SHA512 | 44f7013218f94222e385871ea3629433538185801090655f01e3143bef5e32464ebdd97dc4786f17bb3f309f7c615a4bbde766c431de990db2ebca8cf87bd645 |
/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex
| MD5 | faac49c95ca0eaf51f712e151181293d |
| SHA1 | 30b3cc1cf9fb81349e1723fed4cb3133fa875cdf |
| SHA256 | a87a7952d6649b6262cc9c2ee5c94611b672e7ff2436c74bf335440639b58f28 |
| SHA512 | e39f497c47967f110c8460fae01e3b6517c8b5dfa540f623df80fb8deffb1b77959f7960d96c5d158ac63e726f353259cb97eac1377b55b84a251fee7d6d0c99 |
/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex
| MD5 | 96d0dfa1c18ebeb2e47e0a71ca53a2d0 |
| SHA1 | 9c09b55640afa8898d5a6c2efcb1f13a11c5437b |
| SHA256 | a6a588a5dc475ef1e37a99cc758d7ea9dbb8992ae74bda7daad50907061c684d |
| SHA512 | 74f75fd6efa1a934f654b049dee5bb9442fa0e36c3cfc0fc71dfc30e6e0a4a03547ba3287b06aba4b35c3559f4d3029fb80813175222ad34b1352ade5a474013 |
/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.ri
| MD5 | b51d9b594d9cfcd86d545ee93fa705ae |
| SHA1 | e52406a2fc8c4fcfa12a135f973a32d74797bd74 |
| SHA256 | 82d122b6364f3a4fe2d8af2a1e6ec7bdaa3cb0347dce9064c974baf9a0a40069 |
| SHA512 | 749f58d0ca1e82c333e2be7a73251f586db04b40438f70d4d68586aaeb662289d0ffb3ac1fac91855074db51cf57fb8faf76d2a60591b0b601cecdea3f00e8dc |
/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.store.report_cf
| MD5 | 4ef0ee0f8d2c73f61a4cc0d14719c85f |
| SHA1 | eabcdc15fe1b3530d68dce68399f00b136faf46a |
| SHA256 | bee2289a8a8d48f4c56f9d478dc4564251ce911f08efa1d228699ee850c769c0 |
| SHA512 | a961c7d8bc4b20f2d97b078c3b8a2189abc8b0badbe98c26a64a5ab49cd64eb8f7bce3cd5da2e42741a56bd8199bbe2f474c7990a2f20810f13ab53ab1d50707 |
/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.store.report_pid
| MD5 | caaac767bf0481baec3562448da28bc5 |
| SHA1 | 56d189566d25afc91fbda9bf5e5e32e7b4e7ba76 |
| SHA256 | 3f6ede5b5d1189cfcbf48c2a4321fcddec7a38fe84446718a38ba133ec565b11 |
| SHA512 | bf781732c51e3f193932e8be0279931e33344302379a6d6a311fc8dc30d5ea4d88ea65d3da33cdd820c1f5bcc4615935a6ea9d4b0cb5eed6d20bc8e3f510d4cc |
/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-journal
| MD5 | 4ff9feea07afa1dc503b081c2412bc67 |
| SHA1 | 545d7b874500416cc7e7e705bbdb0881efc4780d |
| SHA256 | 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c |
| SHA512 | ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce |
/data/data/com.jingyingtang.hryun818/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-shm
| MD5 | 3dae08244679dc4d4f67d2e4cee312a3 |
| SHA1 | c8d19dd04c0cbc5329a5850cbff487593d74678b |
| SHA256 | 9fcf0ae4899916b1b944864367211ba2e7debbb407a162228c16df1acdc5ebbc |
| SHA512 | 38c8218087e38cb3d7bbb2ee5e2499c45a0c37f8384acb588750dc416a35de94af38aa5c09be28931d489fe7bb066638b79f127299324cac198ad34a1de1902e |
/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-wal
| MD5 | c49550347ff83591013f4e8930250f38 |
| SHA1 | c7fe96a7525cbc9dbf5bc3d5a12cf830b917bda6 |
| SHA256 | c7e35b112c3974242c9e3df80e05f5d0d58c165530a463eae7231a3237bc1be0 |
| SHA512 | 862c030b6077ba69252e165d7ab48a69f4164d83bb14ce5ab33e395ad6c63db8b01d8b05531b749b336eee05d776e8e3a111deb3a58399b642e6c04794a41b30 |
/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-journal
| MD5 | 9c46406049ac9055bc7fdf224a0e406c |
| SHA1 | 9f03aa5d15e707a1ca1b0576978f9d44df4285f3 |
| SHA256 | 449c7cfeba0d7a7831930b4b83ec063f7c3e8406f1c41b8d77aa4511dff67f7f |
| SHA512 | 2574af609278db99ae777243abef5797ca15335d9bf0071568ef64b1572bce1d1051f3f0a39ae55404b8cefb09a4dc1c5eae7547b07f7730b7a43f66b0117305 |
/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-wal
| MD5 | a3ceec646a217cfdcd5bb330a38bc94a |
| SHA1 | 3d8682f422fb3c68f7de38a8539beb1ce26c04f5 |
| SHA256 | 3afb4bf8401caa6c065a60cad4ff9fbff9b54d4929eb0339934eab602d333e2b |
| SHA512 | 461f9ea48d44cba78f7aebcc16af675f0b30be8b2fe45e734b79a173542f21fd9f07cf7cdfa015b6ac1210490b32601b37aecf68cddae767dc87888c3b3ce630 |
/storage/emulated/0/Android/data/com.jingyingtang.hryun818/files/tbslog/tbslog.txt
| MD5 | aae16b802a785409f4903a9a1ae8d51a |
| SHA1 | 3d2e4aed182f8b2deee0c8a08ac2ae757504b2be |
| SHA256 | 215c40d4bca65f7de1eb64e64c0850bb1dac7bc6fe36142c9649eefa2b6f7063 |
| SHA512 | 078d47b0b1b15da02f4966f9122b3033d9f489dcf3f3e3623d1c24757c90fae9a644e6da23d4878c58d162e05d8f11fe86877d08238d678b73bb8b0c4ede5dbb |
/data/data/com.jingyingtang.hryun818/cache/image/journal.tmp
| MD5 | b84cad6e2be64164d116698122ae0fe4 |
| SHA1 | 91d849b7732cf65df51bba62c06dae1be3639eed |
| SHA256 | a840240f26635d20be72d13db1ff6e5ffe90a8354e148a9b1d00decc071d3409 |
| SHA512 | d568a3668c24659e51bd5eed9a224eb2b50bba1edf05be0e3d7cacca15713afc48a3d90ad98ebe02a9aa06d9f8f05d0f338dcc23f61b7902db0c20b8b13be947 |
/storage/emulated/0/Android/data/com.jingyingtang.hryun818/files/rong_log/rong_sdk.log
| MD5 | e18efe77d9a682599b6400dc9de07b0b |
| SHA1 | 75a3a1d0283a6f77c1a88e1f8bbe09ccc53903dd |
| SHA256 | 47379a781675c31c447c0371ef98627eca74bb43f54924f9fc7a66f9befb6793 |
| SHA512 | c1a48f52f9c9e31f29b64bab8df44d22392aff07048ae8c9f141b94ffbf90380069038c640e45e12272aef4e7f82f26fb766424ae0c893d477bd9b48997e3262 |
/data/data/com.jingyingtang.hryun818/app_crashrecord/1004
| MD5 | a2be7f1dc8a7349d22b8da328f32efc7 |
| SHA1 | b7d457a35966ccc4a189afcefd2b872c0f93f150 |
| SHA256 | ec21d1ed14a1d795eae1dd7f0bcd21f3f509486de7159b2a41f440fca1c6db12 |
| SHA512 | 1106cfa209f366ea5d69208bea30d531ada7df9a1fdd8f9611137c98b7fe3c9be11996073cde34b60e1c93cf4ad7cc8ad64e448cdb3b6f2d8a69784b714f4815 |
/data/data/com.jingyingtang.hryun818/databases/bugly_db_-journal
| MD5 | 9ecaeb2ce668ffb7eda724940c7bf4b2 |
| SHA1 | 06fbe9485d7005b9af4ddbbf9b21c21c6ea023c2 |
| SHA256 | 430cc093fdd4db021d85cb1635dd6c0f28e3c3feccc3a82d564415035f5042ac |
| SHA512 | c94cb2e1a163eb048f3302bab28ff47a3561e8ee53b735a693ddff466eee9c27c42ac1e7e0023f56967e2abf457fe5faa1a8ef48457769995aba9b13a9118468 |
/data/data/com.jingyingtang.hryun818/databases/bugly_db_-wal
| MD5 | ff66222057021297c7aa7b4012d133ae |
| SHA1 | 84887388f1c10f09c6a972453534dad45e9b5201 |
| SHA256 | d911bf1db1b2c05e7123df6fac821fa2191bf722b773fd219fa524b765f0f369 |
| SHA512 | 358fc3ce49305fb0ca7b774cffe63557ace81aa80f6849379e40ffc6b63df2af574dd8f1b55e1ead1bf8cce484ccf3cd8a63bcb889c1c38df4ebe17e6a3301f9 |
/data/data/com.jingyingtang.hryun818/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.jingyingtang.hryun818/databases/bugly_db_-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.jingyingtang.hryun818/databases/bugly_db_-wal
| MD5 | 85acaaa8506d7734f2a417a1610a4afa |
| SHA1 | 7a3e3d6c3be8f3a9a745587337f52e79b8d74bdc |
| SHA256 | 38f2fc5345e55372c7eb036bfb1cdc43ba5119d60fbce0a1088b6d0f56a8672c |
| SHA512 | ad506e65cf906908f752207104ac588ae94dbb46b618b90b6bf1f20c8e71e03acb13bcbb5b7a1401a2d50b6c3686de7d1ef678d6b9b23d784f77d7d3b164a69f |
/data/data/com.jingyingtang.hryun818/databases/message_accs_db
| MD5 | 486e2bac2b3e9e1cb411d2838a4854bd |
| SHA1 | 81dd0a7537f4af319b830ae834908986be85da8b |
| SHA256 | 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57 |
| SHA512 | c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681 |
/data/data/com.jingyingtang.hryun818/databases/message_accs_db-wal
| MD5 | 376a5a34b0d4273165d8b674723f4ee5 |
| SHA1 | 3b52e1ae01ccb1a974763fa7b42e8bc3fb70e311 |
| SHA256 | 7601e7522e96f49fd1594444c37f7f800a27954fee13822b30592a8ebb551ceb |
| SHA512 | f999b00688d4f65d3383daa0861d6d8bb91c2fcd0702a24469ca1ab7e399fe093a207f9229242e4f46d0f4bf68f2b222bb2e4d8220fee0be7921dd28e77a4da6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:16
Reported
2024-06-13 09:16
Platform
android-33-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |