Malware Analysis Report

2024-09-09 17:53

Sample ID 240613-k8hpessejb
Target a4ce342252048914a9c9ad85b69897ce_JaffaCakes118
SHA256 2e460f98b6b6f43256567a633439f180f33f6211a69f218d5d8cea5a4130a349
Tags
discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2e460f98b6b6f43256567a633439f180f33f6211a69f218d5d8cea5a4130a349

Threat Level: Likely malicious

The file a4ce342252048914a9c9ad85b69897ce_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence

Checks if the Android device is rooted.

Checks known Qemu files.

Checks known Qemu pipes.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about active data network

Requests dangerous framework permissions

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:16

Reported

2024-06-13 09:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

183s

Command Line

com.jingyingtang.hryun818

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jingyingtang.hryun818

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.jingyingtang.hryun818/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

getprop ro.product.cpu.abi

com.jingyingtang.hryun818:ipc

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop

getprop

com.jingyingtang.hryun818:ipc

/system/bin/sh -c getprop

getprop

com.jingyingtang.hryun818:channel

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 stats.cn.ronghub.com udp
GB 8.208.8.123:443 stats.cn.ronghub.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.102.120:80 nav.cn.ronghub.com tcp
CN 60.205.180.247:8000 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 123.183.232.80:443 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.135:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 123.183.232.80:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 106.11.61.137:80 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 123.183.232.80:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.jingyingtang.hryun818/.jiagu/libjiagu.so

MD5 610a895c4a71bbeeaea16eddb1422bbf
SHA1 9f919de42ed1e80bfadfef48f8202b202166f869
SHA256 baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512 ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex

MD5 afd5d36ed27df25fd3003b1154336c11
SHA1 495ae61db259df44f1ae5aae2a4d47592379f918
SHA256 e354e6d5be7892463a456bcc34bed6add0eb13e41521d427fbffbb40ee8b57b2
SHA512 a92507581cd34b075a85317bc3d6fe7811809d26495785917ed742bd2880930794283652e5e4c4a482c01100b6d496a262f29650b8ad1cf4c510dba5ac3d1915

/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes2.dex

MD5 9a8727e1061cbeb0b2648103aef6186b
SHA1 02f8ed339f1b5cd9967ac521d19be087b3d970c2
SHA256 1b6eab5b2ca5978984ef9644c2801787b9cda737d7252db809a47ac948bd518a
SHA512 44f7013218f94222e385871ea3629433538185801090655f01e3143bef5e32464ebdd97dc4786f17bb3f309f7c615a4bbde766c431de990db2ebca8cf87bd645

/data/data/com.jingyingtang.hryun818/.jiagu/classes.dex!classes3.dex

MD5 faac49c95ca0eaf51f712e151181293d
SHA1 30b3cc1cf9fb81349e1723fed4cb3133fa875cdf
SHA256 a87a7952d6649b6262cc9c2ee5c94611b672e7ff2436c74bf335440639b58f28
SHA512 e39f497c47967f110c8460fae01e3b6517c8b5dfa540f623df80fb8deffb1b77959f7960d96c5d158ac63e726f353259cb97eac1377b55b84a251fee7d6d0c99

/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex

MD5 96d0dfa1c18ebeb2e47e0a71ca53a2d0
SHA1 9c09b55640afa8898d5a6c2efcb1f13a11c5437b
SHA256 a6a588a5dc475ef1e37a99cc758d7ea9dbb8992ae74bda7daad50907061c684d
SHA512 74f75fd6efa1a934f654b049dee5bb9442fa0e36c3cfc0fc71dfc30e6e0a4a03547ba3287b06aba4b35c3559f4d3029fb80813175222ad34b1352ade5a474013

/data/data/com.jingyingtang.hryun818/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.ri

MD5 b51d9b594d9cfcd86d545ee93fa705ae
SHA1 e52406a2fc8c4fcfa12a135f973a32d74797bd74
SHA256 82d122b6364f3a4fe2d8af2a1e6ec7bdaa3cb0347dce9064c974baf9a0a40069
SHA512 749f58d0ca1e82c333e2be7a73251f586db04b40438f70d4d68586aaeb662289d0ffb3ac1fac91855074db51cf57fb8faf76d2a60591b0b601cecdea3f00e8dc

/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.store.report_cf

MD5 4ef0ee0f8d2c73f61a4cc0d14719c85f
SHA1 eabcdc15fe1b3530d68dce68399f00b136faf46a
SHA256 bee2289a8a8d48f4c56f9d478dc4564251ce911f08efa1d228699ee850c769c0
SHA512 a961c7d8bc4b20f2d97b078c3b8a2189abc8b0badbe98c26a64a5ab49cd64eb8f7bce3cd5da2e42741a56bd8199bbe2f474c7990a2f20810f13ab53ab1d50707

/data/data/com.jingyingtang.hryun818/files/.jglogs/.jg.store.report_pid

MD5 caaac767bf0481baec3562448da28bc5
SHA1 56d189566d25afc91fbda9bf5e5e32e7b4e7ba76
SHA256 3f6ede5b5d1189cfcbf48c2a4321fcddec7a38fe84446718a38ba133ec565b11
SHA512 bf781732c51e3f193932e8be0279931e33344302379a6d6a311fc8dc30d5ea4d88ea65d3da33cdd820c1f5bcc4615935a6ea9d4b0cb5eed6d20bc8e3f510d4cc

/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-journal

MD5 4ff9feea07afa1dc503b081c2412bc67
SHA1 545d7b874500416cc7e7e705bbdb0881efc4780d
SHA256 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512 ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

/data/data/com.jingyingtang.hryun818/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-shm

MD5 3dae08244679dc4d4f67d2e4cee312a3
SHA1 c8d19dd04c0cbc5329a5850cbff487593d74678b
SHA256 9fcf0ae4899916b1b944864367211ba2e7debbb407a162228c16df1acdc5ebbc
SHA512 38c8218087e38cb3d7bbb2ee5e2499c45a0c37f8384acb588750dc416a35de94af38aa5c09be28931d489fe7bb066638b79f127299324cac198ad34a1de1902e

/data/data/com.jingyingtang.hryun818/databases/MessageStore.db-wal

MD5 c49550347ff83591013f4e8930250f38
SHA1 c7fe96a7525cbc9dbf5bc3d5a12cf830b917bda6
SHA256 c7e35b112c3974242c9e3df80e05f5d0d58c165530a463eae7231a3237bc1be0
SHA512 862c030b6077ba69252e165d7ab48a69f4164d83bb14ce5ab33e395ad6c63db8b01d8b05531b749b336eee05d776e8e3a111deb3a58399b642e6c04794a41b30

/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-journal

MD5 9c46406049ac9055bc7fdf224a0e406c
SHA1 9f03aa5d15e707a1ca1b0576978f9d44df4285f3
SHA256 449c7cfeba0d7a7831930b4b83ec063f7c3e8406f1c41b8d77aa4511dff67f7f
SHA512 2574af609278db99ae777243abef5797ca15335d9bf0071568ef64b1572bce1d1051f3f0a39ae55404b8cefb09a4dc1c5eae7547b07f7730b7a43f66b0117305

/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.jingyingtang.hryun818/databases/MsgLogStore.db-wal

MD5 a3ceec646a217cfdcd5bb330a38bc94a
SHA1 3d8682f422fb3c68f7de38a8539beb1ce26c04f5
SHA256 3afb4bf8401caa6c065a60cad4ff9fbff9b54d4929eb0339934eab602d333e2b
SHA512 461f9ea48d44cba78f7aebcc16af675f0b30be8b2fe45e734b79a173542f21fd9f07cf7cdfa015b6ac1210490b32601b37aecf68cddae767dc87888c3b3ce630

/storage/emulated/0/Android/data/com.jingyingtang.hryun818/files/tbslog/tbslog.txt

MD5 aae16b802a785409f4903a9a1ae8d51a
SHA1 3d2e4aed182f8b2deee0c8a08ac2ae757504b2be
SHA256 215c40d4bca65f7de1eb64e64c0850bb1dac7bc6fe36142c9649eefa2b6f7063
SHA512 078d47b0b1b15da02f4966f9122b3033d9f489dcf3f3e3623d1c24757c90fae9a644e6da23d4878c58d162e05d8f11fe86877d08238d678b73bb8b0c4ede5dbb

/data/data/com.jingyingtang.hryun818/cache/image/journal.tmp

MD5 b84cad6e2be64164d116698122ae0fe4
SHA1 91d849b7732cf65df51bba62c06dae1be3639eed
SHA256 a840240f26635d20be72d13db1ff6e5ffe90a8354e148a9b1d00decc071d3409
SHA512 d568a3668c24659e51bd5eed9a224eb2b50bba1edf05be0e3d7cacca15713afc48a3d90ad98ebe02a9aa06d9f8f05d0f338dcc23f61b7902db0c20b8b13be947

/storage/emulated/0/Android/data/com.jingyingtang.hryun818/files/rong_log/rong_sdk.log

MD5 e18efe77d9a682599b6400dc9de07b0b
SHA1 75a3a1d0283a6f77c1a88e1f8bbe09ccc53903dd
SHA256 47379a781675c31c447c0371ef98627eca74bb43f54924f9fc7a66f9befb6793
SHA512 c1a48f52f9c9e31f29b64bab8df44d22392aff07048ae8c9f141b94ffbf90380069038c640e45e12272aef4e7f82f26fb766424ae0c893d477bd9b48997e3262

/data/data/com.jingyingtang.hryun818/app_crashrecord/1004

MD5 a2be7f1dc8a7349d22b8da328f32efc7
SHA1 b7d457a35966ccc4a189afcefd2b872c0f93f150
SHA256 ec21d1ed14a1d795eae1dd7f0bcd21f3f509486de7159b2a41f440fca1c6db12
SHA512 1106cfa209f366ea5d69208bea30d531ada7df9a1fdd8f9611137c98b7fe3c9be11996073cde34b60e1c93cf4ad7cc8ad64e448cdb3b6f2d8a69784b714f4815

/data/data/com.jingyingtang.hryun818/databases/bugly_db_-journal

MD5 9ecaeb2ce668ffb7eda724940c7bf4b2
SHA1 06fbe9485d7005b9af4ddbbf9b21c21c6ea023c2
SHA256 430cc093fdd4db021d85cb1635dd6c0f28e3c3feccc3a82d564415035f5042ac
SHA512 c94cb2e1a163eb048f3302bab28ff47a3561e8ee53b735a693ddff466eee9c27c42ac1e7e0023f56967e2abf457fe5faa1a8ef48457769995aba9b13a9118468

/data/data/com.jingyingtang.hryun818/databases/bugly_db_-wal

MD5 ff66222057021297c7aa7b4012d133ae
SHA1 84887388f1c10f09c6a972453534dad45e9b5201
SHA256 d911bf1db1b2c05e7123df6fac821fa2191bf722b773fd219fa524b765f0f369
SHA512 358fc3ce49305fb0ca7b774cffe63557ace81aa80f6849379e40ffc6b63df2af574dd8f1b55e1ead1bf8cce484ccf3cd8a63bcb889c1c38df4ebe17e6a3301f9

/data/data/com.jingyingtang.hryun818/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.jingyingtang.hryun818/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jingyingtang.hryun818/databases/bugly_db_-wal

MD5 85acaaa8506d7734f2a417a1610a4afa
SHA1 7a3e3d6c3be8f3a9a745587337f52e79b8d74bdc
SHA256 38f2fc5345e55372c7eb036bfb1cdc43ba5119d60fbce0a1088b6d0f56a8672c
SHA512 ad506e65cf906908f752207104ac588ae94dbb46b618b90b6bf1f20c8e71e03acb13bcbb5b7a1401a2d50b6c3686de7d1ef678d6b9b23d784f77d7d3b164a69f

/data/data/com.jingyingtang.hryun818/databases/message_accs_db

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/data/data/com.jingyingtang.hryun818/databases/message_accs_db-wal

MD5 376a5a34b0d4273165d8b674723f4ee5
SHA1 3b52e1ae01ccb1a974763fa7b42e8bc3fb70e311
SHA256 7601e7522e96f49fd1594444c37f7f800a27954fee13822b30592a8ebb551ceb
SHA512 f999b00688d4f65d3383daa0861d6d8bb91c2fcd0702a24469ca1ab7e399fe093a207f9229242e4f46d0f4bf68f2b222bb2e4d8220fee0be7921dd28e77a4da6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:16

Reported

2024-06-13 09:16

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A