Malware Analysis Report

2024-09-09 17:33

Sample ID 240613-nc52mazhjl
Target a53f69d0f74df9cf2fdbebe27d7bd24b_JaffaCakes118
SHA256 adc695e9dd417f6f30c550b539cfa3c5259f2af7ae38e9aaca0f097ee73413d4
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

adc695e9dd417f6f30c550b539cfa3c5259f2af7ae38e9aaca0f097ee73413d4

Threat Level: Shows suspicious behavior

The file a53f69d0f74df9cf2fdbebe27d7bd24b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

4s

Max time network

145s

Command Line

com.xiaoao.moto3d2.uc

Signatures

Reads information about phone network operator.

discovery

Processes

com.xiaoao.moto3d2.uc

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.xiaoao.moto3d2.uc/files/libmegbpp_03.01.00_01.so

MD5 411447aa1af1471d6ca90cb73d16dadd
SHA1 ed03f8caee6db81fe7e642f63c7e8908cba6d598
SHA256 d95fb41019e46e8456cf03c5a9a0eb83e771f5bc4eaa6de9c174bfc494e90a33
SHA512 1ba70900809e0cdfb2bf3d4e6dfc0ffaa23cfa12e4a28f8e354108d642934e775d1f32238e99e138721cbb21a11fc9cf5dbf2a38372780ac40f8b6af77083802

/data/data/com.xiaoao.moto3d2.uc/files/d_data_store.dat

MD5 d875b80ae558374abf5b22251d57b3d7
SHA1 dc15766f033975b4c555b5be8e2508ceeff5a03c
SHA256 57726851a19c0cc805fd4481546a3503a9d0eedaaaf8539b727b395840ee6229
SHA512 cb40e2e8d03306487d908cfc73d7a15f4c9a106814698b4913ac52fe3023bd0b14a2c3c8ff3e128d138cce752f32bac308a39a66b23e18c315461e8037f9d878

/data/data/com.xiaoao.moto3d2.uc/files/iridver.dat

MD5 8a0606cc14c6e2eda7a374a3813326c3
SHA1 9434722e1bbe94ab847ca0ee83054eb19789bdd1
SHA256 2a6e7410ca0f350f640434293d191507a96bce422dcb116eb8df44cd1ee165ce
SHA512 ac5d608950a898f7706889818907227f2ee167d4011d37b6dadf062de5031965cdba06ad79e5f4c884b001904f696013c07add6e262905b33db5d94b8a4d6279

/data/data/com.xiaoao.moto3d2.uc/files/tmp/c_data_store.dat

MD5 fc58b11d6e89a9e46fb978ab9a191beb
SHA1 9577c52a2ccfb52eec6faf9a16df8c141596573f
SHA256 37b346b208c05a4ab548e11869b76a40ae7dbe838e7a54f0cd662785f5bcca5a
SHA512 0cfff487eeb6db0d37361322b166f56ec578294c44504ce795339284305d5933e0c7f684353ccdbe545307a6307f810988a510c47ebf4ff98ca4f98159a51b45

/data/data/com.xiaoao.moto3d2.uc/files/tmp/AndGame.Sdk.Lib_20150_86098B59D437DE14494674358197AAEA.dat

MD5 86098b59d437de14494674358197aaea
SHA1 815f17554d45f834c613640bcbf99ba4e245f110
SHA256 d7972f0b375427ebb84d3143143959c5d2d5dfcc4a4821fdd2b0a604cd744e7f
SHA512 0c8823b60fc81a4d403e9042ccbb52efe6304b0f1a42afa4674249ee1ec5305ca4f27b20cbaf6f3705cb127fd5cbbf57fa8d7f6c0de852a5ef9032095f8d9319

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x86-arm-20240611.1-en

Max time network

152s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-arm64-20240611.1-en

Max time network

163s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.201.110:443 tcp
GB 142.250.179.226:443 tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.187.234:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-arm64-20240611.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-20240611.1-en

Max time network

147s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:20

Platform

android-x64-arm64-20240611.1-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.179.238:443 tcp
BE 66.102.1.188:5228 tcp
GB 172.217.169.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.201.97:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.212.234:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:21

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

159s

Command Line

cn.uc.gamesdk.sa.plugin.msg

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

132s

Command Line

com.xiaoao.moto3d2.uc

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /apex/com.android.art/javalib/core-oj.jar N/A N/A

Reads information about phone network operator.

discovery

Processes

com.xiaoao.moto3d2.uc

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.xiaoao.moto3d2.uc/files/libmegbpp_03.01.00_01.so

MD5 411447aa1af1471d6ca90cb73d16dadd
SHA1 ed03f8caee6db81fe7e642f63c7e8908cba6d598
SHA256 d95fb41019e46e8456cf03c5a9a0eb83e771f5bc4eaa6de9c174bfc494e90a33
SHA512 1ba70900809e0cdfb2bf3d4e6dfc0ffaa23cfa12e4a28f8e354108d642934e775d1f32238e99e138721cbb21a11fc9cf5dbf2a38372780ac40f8b6af77083802

/data/user/0/com.xiaoao.moto3d2.uc/files/d_data_store.dat

MD5 d875b80ae558374abf5b22251d57b3d7
SHA1 dc15766f033975b4c555b5be8e2508ceeff5a03c
SHA256 57726851a19c0cc805fd4481546a3503a9d0eedaaaf8539b727b395840ee6229
SHA512 cb40e2e8d03306487d908cfc73d7a15f4c9a106814698b4913ac52fe3023bd0b14a2c3c8ff3e128d138cce752f32bac308a39a66b23e18c315461e8037f9d878

/data/user/0/com.xiaoao.moto3d2.uc/files/iridver.dat

MD5 8a0606cc14c6e2eda7a374a3813326c3
SHA1 9434722e1bbe94ab847ca0ee83054eb19789bdd1
SHA256 2a6e7410ca0f350f640434293d191507a96bce422dcb116eb8df44cd1ee165ce
SHA512 ac5d608950a898f7706889818907227f2ee167d4011d37b6dadf062de5031965cdba06ad79e5f4c884b001904f696013c07add6e262905b33db5d94b8a4d6279

/data/user/0/com.xiaoao.moto3d2.uc/files/tmp/c_data_store.dat

MD5 fc58b11d6e89a9e46fb978ab9a191beb
SHA1 9577c52a2ccfb52eec6faf9a16df8c141596573f
SHA256 37b346b208c05a4ab548e11869b76a40ae7dbe838e7a54f0cd662785f5bcca5a
SHA512 0cfff487eeb6db0d37361322b166f56ec578294c44504ce795339284305d5933e0c7f684353ccdbe545307a6307f810988a510c47ebf4ff98ca4f98159a51b45

/data/user/0/com.xiaoao.moto3d2.uc/files/tmp/AndGame.Sdk.Lib_20150_86098B59D437DE14494674358197AAEA.dat

MD5 86098b59d437de14494674358197aaea
SHA1 815f17554d45f834c613640bcbf99ba4e245f110
SHA256 d7972f0b375427ebb84d3143143959c5d2d5dfcc4a4821fdd2b0a604cd744e7f
SHA512 0c8823b60fc81a4d403e9042ccbb52efe6304b0f1a42afa4674249ee1ec5305ca4f27b20cbaf6f3705cb127fd5cbbf57fa8d7f6c0de852a5ef9032095f8d9319

/apex/com.android.art/javalib/core-oj.jar

MD5 17bf082d9e9a6eb8b5d62d82f4af5476
SHA1 a401c7fbd8feea319dbcece5b4b3f6a254e71fb3
SHA256 4df590b764f65c16b51176ff394458d0b3a866ca75a4f912d6f76b7793043c1c
SHA512 f1a2673bf5c478176de0fceec8419434ab0606a14343c3b7fe1e2b181b0a2ff8f00c888ea1dcb8e711c4eb14aa1294919440adc63ce7735a67e93da21a0f7ae7

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x86-arm-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-20240611.1-en

Max time network

182s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x86-arm-20240611.1-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x86-arm-20240611.1-en

Max time network

149s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-arm64-20240611.1-en

Max time network

167s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.213.2:443 tcp
BE 108.177.15.188:5228 tcp
GB 142.250.179.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x86-arm-20240611.1-en

Max time network

140s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x86-arm-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

137s

Command Line

cn.uc.gamesdk.sa.plugin.init

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.init

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:21

Platform

android-x64-20240611.1-en

Max time kernel

4s

Max time network

131s

Command Line

cn.uc.gamesdk.sa.plugin.msg

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

132s

Command Line

cn.uc.gamesdk.sa.plugin.msg

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.msg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

140s

Command Line

cn.uc.gamesdk.sa.plugin.floater

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.floater

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:20

Platform

android-x64-20240611.1-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:16

Platform

android-x64-arm64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-20240611.1-en

Max time kernel

4s

Max time network

187s

Command Line

cn.uc.gamesdk.sa.plugin.floater

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.floater

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

132s

Command Line

cn.uc.gamesdk.sa.plugin.init

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.init

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x86-arm-20240611.1-en

Max time network

169s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

135s

Command Line

cn.uc.gamesdk.sa.plugin.floater

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.floater

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.234:443 tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:19

Platform

android-x64-20240611.1-en

Max time kernel

5s

Max time network

134s

Command Line

cn.uc.gamesdk.sa.plugin.init

Signatures

N/A

Processes

cn.uc.gamesdk.sa.plugin.init

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.227:443 tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:20

Platform

android-x64-arm64-20240611.1-en

Max time network

159s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.180.2:443 tcp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.200.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.35:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-13 11:16

Reported

2024-06-13 11:22

Platform

android-x64-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp

Files

N/A