Malware Analysis Report

2024-09-09 17:12

Sample ID 240613-nay6aswdrg
Target a53bd8f8f38757a075f07fb011e7df19_JaffaCakes118
SHA256 ca773a285950b893eeda0b61e55dd6e1595a79a67c832527ebfeeb5d0f15988f
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ca773a285950b893eeda0b61e55dd6e1595a79a67c832527ebfeeb5d0f15988f

Threat Level: Likely malicious

The file a53bd8f8f38757a075f07fb011e7df19_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries information about active data network

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:12

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:12

Reported

2024-06-13 11:15

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 11:12

Reported

2024-06-13 11:15

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:12

Reported

2024-06-13 11:15

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

175s

Command Line

com.legend.minijjzs.mi

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.device N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.legend.minijjzs.mi/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.legend.minijjzs.mi/app_analytics/analytics.apk N/A N/A
N/A /data/user/0/com.legend.minijjzs.mi/app_analytics/analytics.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.legend.minijjzs.mi

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
NL 20.33.39.99:443 data.mistat.xiaomi.com tcp
US 1.1.1.1:53 oss.migc.g.mi.com udp
US 1.1.1.1:53 data.game.xiaomi.com udp
NL 20.47.97.231:443 data.game.xiaomi.com tcp
NL 20.47.97.231:80 data.game.xiaomi.com tcp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
NL 20.33.39.105:443 sdkconfig.ad.xiaomi.com tcp
NL 20.47.97.231:443 data.game.xiaomi.com tcp
NL 20.33.39.105:443 sdkconfig.ad.xiaomi.com tcp
US 1.1.1.1:53 zeus.ad.xiaomi.com udp
US 1.1.1.1:53 f1.market.xiaomi.com udp
US 1.1.1.1:53 whois.pconline.com.cn udp
NL 20.47.97.231:443 zeus.ad.xiaomi.com tcp
CN 14.29.101.169:443 whois.pconline.com.cn tcp
US 1.1.1.1:53 f5.market.xiaomi.com udp
US 152.199.21.175:443 f5.market.xiaomi.com tcp
US 152.199.21.175:443 f5.market.xiaomi.com tcp
NL 20.47.97.231:443 zeus.ad.xiaomi.com tcp
US 1.1.1.1:53 sdkconfig.ad.intl.xiaomi.com udp
NL 20.33.39.104:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.104:443 sdkconfig.ad.intl.xiaomi.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 api.ad.xiaomi.com udp
GB 173.222.211.17:80 api.ad.xiaomi.com tcp
US 1.1.1.1:53 diagnosis.ad.intl.xiaomi.com udp
CN 14.29.101.160:443 whois.pconline.com.cn tcp

Files

/storage/emulated/0/DCIM/.DCIM_ID

MD5 5e393c835e85d204694124f3dfaa8470
SHA1 dfc914c219652faad941e5112c3a824452a1a7d1
SHA256 1111adfb56f093d004219597c5df3ab46908ca7dc5a06ee1c0d943767d695a40
SHA512 605055ade93707c77efe36d20ef1e521168944b02f091d4c6a1847610c5af4f7a9830319f3212b5c89ce16b5746e4f52931356e172fc1afa82e7f750590fd120

/data/data/com.legend.minijjzs.mi/databases/report2.db-journal

MD5 8720a9c9b5851f2c838d832fed94434f
SHA1 2f87e2d4283299eb1ffcb3c64a4c7ef1ec100171
SHA256 1b907a40923746c3f7dc84311fa0bd65a4b0c3024b5f7fd8f8224269adf21df0
SHA512 5c1ff17005715053679b7bafd6a040329407cb1aec51214bcfe85b257f64d127bdb840c23d2dd8392ebc93e4617539a72079f596c1331b535b305de3c78d82ec

/data/data/com.legend.minijjzs.mi/databases/report2.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.legend.minijjzs.mi/databases/report2.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.legend.minijjzs.mi/databases/report2.db-wal

MD5 b78a4c3db8ea85965219492367e99c2b
SHA1 c6fef02e80af159a8222bcfb733f7eef3147030e
SHA256 bc9f6280d9a45097b143f5530157386fc1e7c36ef17eb5d9766267894a5f6328
SHA512 f802333d7dc0ef8bb1d4d238f6a92301e9a3f249a55ad4f7bbf13b27326d0a455613a806cd2889a4e12dc0bc2dccdb2c8464e5930e7c7f166291cf30e0fb5100

/data/data/com.legend.minijjzs.mi/app_mimo/mimo_asset.apk

MD5 886b25dee1b49d2cffb3d19cc9b195c2
SHA1 64b0f45ca3209957e9704a2194c3d7ac9ab38922
SHA256 3c24a1deda28ab472bef86e676b311d98818c7aa7d426b686c42a8b37df5543e
SHA512 7d973a3800a358d27002f3c40ed875ecafa967a645ffa4a9eae174c9bc6fcf4b6e148870a8e1552a7c7a41759bd0bed2ba7fb53227fb2f21a1e6f80e30247855

/data/user/0/com.legend.minijjzs.mi/app_mimo/mimo_asset.apk

MD5 b8061faeed5fce1d7a521895cb6f2bc1
SHA1 47182dcdf5335ec0dafb3073867fc0a4e65e6d6a
SHA256 a1c65681ff22347f0f9a3bd0aef185788d5cda0fca173eb5ef715f912530e419
SHA512 537e357aa3782c5d99e951df7807e631990883ed54868cc4e74b8c54be62788285e624a5f149237e926d8267af652383845c0a77755fa27e4a08faa414e8a61e

/data/data/com.legend.minijjzs.mi/files/mimo_res/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 26f20c826ca7a4becbf2011dd585fd55
SHA1 288f52bc8e2e7feb8c46c12138967cf97ec8a24e
SHA256 e26a72288a83d9cb6bfa50ed8c8d0755adb9fef8fa248b08536cfbd1826c6252
SHA512 a385c11d5759e7d82b9cc9866c9fab195e010d3cf99e0ac8657e9538cde6cbc5dce367743949bde3e999c973b4abcffc8362db1bed6930493dfa044c1153e479

/data/data/com.legend.minijjzs.mi/app_analytics/analytics.apk.tmp

MD5 771fec16708ba01a54092a540fb0c2e5
SHA1 0692bedf423d86056187fbd9a399111d7988265a
SHA256 0d3a196df1b7c5d0a7c0e522fb72527a4463872d68e58d339f0e90606336a745
SHA512 f2f799a838c4fa869ce350361172ed5f925b8b94b25019913c899feb4ecd671fffd8cb5a9eebd63722a28d537223622bbb83c65675ba425bad2cb0b8c3823445

/data/data/com.legend.minijjzs.mi/files/report.log

MD5 f8d179e13f6c1c41079d514bd5f5da53
SHA1 ae7477ac2c33908a009a95c228ddae7d899591cb
SHA256 44ff696ebd3f03d7fa21d3eefcfcb4a004de5409b39bd5d0340fb5235eff1418
SHA512 9f34ec851ea977d26c26cfc24cfbbe4cac9eda9663f4b058adc37486a23f70b28910680e0423a1fa4e24f2d084d62ad8e95235b60460019b1309810923716523

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 8c57642f85ab456d38b05962a2fcdaf1
SHA1 b282d3fdca07dd413fd8df22e0f8d7234579eb47
SHA256 5088107b0f2f32056a81629eefff279bd9a932724c6c52856f496276791e4435
SHA512 f89819e6b163c88df9689368944db7630409aceecafb3ce7187a7290cb5168c86158a351eaba206af8b52b5b058a873ed643b343ac35ec529d808de5fb318ee2

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 6b76629940f18bec83c3bc6d8f3beb2f
SHA1 8a2f856feda594a8fcccea42d33c2accfd1391bb
SHA256 5e2b0f6cc0fa5c2e32ff528198cbc947f80cbcf897bb0b91b8607714900434a7
SHA512 d76faf0f9940917c68145a282577a17c9564fed85d46a26bca86fdfdd8e3fb16d2e60d59cd15edf8ceb20c6397d614b796a67440b87d74ac73af17f8215f4124

/data/user/0/com.legend.minijjzs.mi/app_analytics/analytics.apk

MD5 0ac8e0f35a5c78b20da7e3b50fadaf93
SHA1 1be28eadb0fbd40483b22947b85b4be2156c735a
SHA256 79a2d70e007be422b7f23db1bf2e3e4414155e37f316e5d4c8ea113368b9b17d
SHA512 53dac74b8fcfe64ba781509348e5a3443a718e25a9b3935e3e34f2ca720b4afc411dc09e40bd3bf94e21512cf23cfa2b0fd7e9b0dca871669ebcae8d8ca6c914

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c33d46ac1173e16d606543af99e3b9e1
SHA1 3643b45cb41653ffc79903d88726e8a4b289acea
SHA256 4675f71a210ddaf6b12c1d2c4d9af79bc43d71a0b0e7c85ab55cf09d8428bb32
SHA512 c4ddbc55f0898270a31d35b7336d55ab6ed7b63c3924e50a15d07622fedfe28b2ee7a592f3a3e61c62e4a055c7fce653cc91da9c47be884d53f477b2fe8569be

/data/data/com.legend.minijjzs.mi/files/umeng_it.cache

MD5 158a1e9188dcb84cb426c9178be03b83
SHA1 d6e47dc0cbf988208baf9eb35ce9ecad58745f55
SHA256 3d978de14f893377828e096b8564fe00f931c2453172c5d118327be446c0a00c
SHA512 b736888761f28d6db35bc094321a2a65d93275c1f7fd8f36b24e189858009fa460687b33b8c8a49bbda1ebfefc655d4dab068b4a812468774d9425c16e79756e

/data/data/com.legend.minijjzs.mi/databases/analytics.db-journal

MD5 c8ca1cf1f5087ffe623dfde091b4eac9
SHA1 ac9803e768b06b1555e8a3bd00e79421b2d1ad8e
SHA256 c94b67cc446ea27b29724a7bb606af684fbfa6539ecfbd08cffe0371ffea09bd
SHA512 1846f66361de72ef793414fe0669475c122706b3bf7834eb106aed6b8556d9a42f9dc8cd27c824e84652c48a23ef726d1f01ee9d8373f111856f3d88db04e9c8

/data/data/com.legend.minijjzs.mi/databases/jsb.sqlite-journal

MD5 2d1da7870ae5313bed78ffb33649f583
SHA1 1bfd84a16798cec8f6755a434921d27df9f194b2
SHA256 7b87182b346bb06ec0977b79a3c7231e9b79ea85697d625cad71ac3bab3cddfe
SHA512 9a54a87f87a98d184f4d2849bb98848ff714486bb4a3dd597b8025ac7d7a901f76c3ce3bbd07634c507014ad1c4f85f52420b08a34a487894bea842cb291626a

/data/data/com.legend.minijjzs.mi/databases/analytics.db-wal

MD5 8c2d66e6ae1114cd16e03df6d0ee1e51
SHA1 c3e4dae2a9d00a252e57a5499bb70c0cf5ab23c9
SHA256 e3d8df54c6a646264751500b9c527472402db882435b52741191e795f3cb4abd
SHA512 8668c44c2570e01436f4273fe61eb9fa3d09a8ddf8520422d50019be475747aa7f0c9b456bb436063505809778b1f41e63683e00d4bc4212beb6351cd37303e6

/data/data/com.legend.minijjzs.mi/databases/jsb.sqlite-wal

MD5 2152ec8b0e1b2d9ce459c6920522c456
SHA1 497cfb7e643de62d0a084d1ef729781f09f0c2a9
SHA256 c5f3d6298d8382ed00072979b6f169d7379026948685399422e18d1b430f20a3
SHA512 56e9d902daa29ce96b40ee9865fdfef72905e3dd36ca96258be857d3f16c80e526e784e6a50b413d86a5e60db79703d7b3ebd9aa670cc59aef107657f136ca08

/data/data/com.legend.minijjzs.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4Mjc3MTg1MDIw

MD5 101eea2a4079bac940b4e3c3ee78ec24
SHA1 5dcffbaa92773801b0c55214d5c2c8ac3307aae1
SHA256 bb2bacf280493d330d82c1d66e51d3e5b419634fe9ce466eb71706729279ee2b
SHA512 bf1055546cdfd6bf2088b1aeeb7e1dc8630d3973308d5d7a31d0ed6c6909111d2fa3a1d3a6fd4a67d9291e648a1872a26113b613a9e28d079765d21734619d8e

/data/data/com.legend.minijjzs.mi/databases/analyticsv2.db-journal

MD5 586478c90d6b6a844e9d0e46f48f4616
SHA1 1d37583339743c084128de2b4cb7918e017c08f3
SHA256 e73656272e6b977907d43e32c7a971807c0e531eebf00e9a00b457cf3331b312
SHA512 da27506d8edfbbea47d3e5345db94bf8e22d209182a1f6107bece1dd7981c83d40af4cec74fadd9f27eb463edc5fc3f6b73453ebe0ecb1597c8834dc8dbb0b58

/data/data/com.legend.minijjzs.mi/databases/analyticsv2.db-wal

MD5 81922b536e79be5e79afe0e21397ab6f
SHA1 b408522199af99137322ebb635c57d4dbec44833
SHA256 8e199bfeadf6cd2c6976922991007049c68feb4d3081386bb379a0869f5388b1
SHA512 401abca70e94c8860e406de81e362079d47c08c18c74859701148736a36e104aa13bd1851096e90ad77438d41eeb75a51e258512a551fe9a525e307383ced3ee

/data/data/com.legend.minijjzs.mi/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 f0326dac3bd2b30f8d216ca46622eb2e
SHA1 e34cdf9529a96288d206b07c5078afb012be5b7e
SHA256 c59de2f2197323aae35f444e18f7f5d7ae2967cc486b0297bceaf329ef8dfcb7
SHA512 b91250a4e5cc4c2464657d7d625a3d19144b321fbc091041bae340dd8f7a27712dbc0c5961d50bc039471014c568fb06df9b8305f20e4ad08c65894e56b4c49b

/data/data/com.legend.minijjzs.mi/databases/requests.db-journal

MD5 8366d4902ff40b6b6b4274bbfc744321
SHA1 4c1d20cb3c8f0deff44a1980b63999181713e6c1
SHA256 4ca87b179bb4c6aae22e0b41999671a2e27bacf6d1683ce78ad630a19aae63ab
SHA512 b0034b2af33e57b568fc4ef2708f8c06c7a53ceb3458300940e219b7a92f052cccbe0c233918c46c878620038b1de2324095138713fe574e3aeb1a58aaf3fa25

/data/data/com.legend.minijjzs.mi/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 27ba19805d52e788ce7ee21d6f82137c
SHA1 36bd2c6b725254b966fb8fef828b4f6f9e41d283
SHA256 c4fb4c4feb09b15b40b6334bccfac10657db63fc94b0043b35cc7173b43993bd
SHA512 c35fe911c13605de5441b5829a925e433bdd8b64c4d076562b07c8d3d6f2ed8bd72273fa7eecb17b946d4ef2584d550d4ac67871822b986f7529c014b0def34c

/data/data/com.legend.minijjzs.mi/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 56d363c8ef820b238d3c42488cf2b694
SHA1 f22a5d95ca270d2bd0b5e109e29356086fbe5db4
SHA256 866cecf8b38bad56c4dc3055a73c701839c90d7d3ffec6dda665d0a0d78100c6
SHA512 9b5a8d5c1eddd4c04ad6d8709f60ad0757fa3a7b28f7da3849342e45333ce02109efecf7f1ead76d90177282861af223c2cc56cee6f51cef213cc9189bded741

/data/data/com.legend.minijjzs.mi/databases/requests.db-wal

MD5 e57cfaafc75cf2df4470c89baaea8acf
SHA1 02e4465d7fa8284547fcfd6da300030949657031
SHA256 974a34762c78c6a3cde6600ec12858a2b064c5c2cd7f11e96d9463676c4cbe00
SHA512 0a756a7f78da13e6b17b13a57d34a2bb6c1dabe86c78e5d89a5e06ddb98102305643cf1a90ee786fc22e2535578921361b12b1889c47378724126fee68cfab9f

/data/data/com.legend.minijjzs.mi/files/a194a0a7214f6cbda0672045c51505d1/policy.cache

MD5 04ecedd182ec514d1a60d8d2ac199148
SHA1 3cc41071881e11ef4a5e8500ba83eb91e0502aed
SHA256 690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf
SHA512 27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

/data/data/com.legend.minijjzs.mi/databases/reportServiceDB.db-journal

MD5 0ad012427acabe904ce8a824c0018372
SHA1 9d652ec0814249f5f3826e47ddfedf885cf7fbf3
SHA256 626082d84800a1d18dc6178d68bd9d157670757b5219923644af166b4e7a48d6
SHA512 730f2e21a4deaa2644319071c7bf5e80413d2f858a277f500318b2681031e7da561bdca4aa332755ced878da226b8b2021eb9b8259009955429f138762dfc66d

/data/data/com.legend.minijjzs.mi/databases/reportServiceDB.db-wal

MD5 00ec9528a1d5ac2a6091a964de3e2906
SHA1 1a75636a057d69ae6cabcd005155792c3ae44c5d
SHA256 42b9e1367ecedd0919cc122267424abd2e4dffd016bd7e2d20b19aa2d66525ae
SHA512 9de2ace88f58c92cea40a80f4eac451cde8f211acf9e6bf13e3147dabf10da88eeb011306e71b83e412f1531093547420c3fab0b2d30471ce7ad28c38df462b1

/data/data/com.legend.minijjzs.mi/files/5a0d76b426bd66bf94b94e19a8719e41/policy.cache

MD5 4d4dc628d8a3facc8c167ffbbb0cab59
SHA1 6f28c74730b309c7536866b5aaf04fa69d95b105
SHA256 742d07ce2cfa3958c889ad99e422f8eb063b824071fdd072e56a6de5c8d325b5
SHA512 59843b5081a0f9dd353159ff0dbf07572cb44ecf0393798558f2f1fa054129902e8dc2da88db38565ddb34fc6857ecd338fc4f24f6c50992be638793e5554bad

/data/data/com.legend.minijjzs.mi/app_analytics/oat/analytics.apk.cur.prof

MD5 324ca4feb260482621663db11bd86a2f
SHA1 e5ad924f480b032d8915034430920f20c8572fcb
SHA256 c297116cf5478cd163c45af18de900e952ba75c8a87fb81c9ead8ee791b40b4b
SHA512 563c2c6c73a77d97db44958caec8a0386f9af47f44edff2e1e9e45d2e254164a7f3a2643827acedfca20f20065c4a9c2ce4ff7990540106c88ec67ac18692fc1

/data/data/com.legend.minijjzs.mi/app_mimo/oat/mimo_asset.apk.cur.prof

MD5 c3d8e12c19ad3c328947d6ded0a49b33
SHA1 60268c259aa08e926c9a7c50ae6d1238c40146dd
SHA256 4e2949fafaecf8122ca84ca0ffebcc2f72a379928079b8d14b8b227f287b5888
SHA512 d4ae7ab57291d7a13b7e9996273b8efa317a2cf40479c0c4b0ed3c78c36c236a88cfcc551d10b434e55f8e1885c7f5fef2750ecf060dd882e3ae42fe2af2d4dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:12

Reported

2024-06-13 11:15

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

148s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

N/A