Analysis Overview
score
8/10
SHA256
0e44369bb4b46011ff4d554d2a9d2dbb5e324bdc194bd86443dd6721c642b5f7
Threat Level: Likely malicious
The file a575cbe3fa9935bdb2f1127a836f68af_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Loads dropped Dex/Jar
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Requests dangerous framework permissions
Queries information about active data network
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:08
Reported
2024-06-13 12:12
Platform
android-x86-arm-20240611.1-en
Max time kernel
175s
Max time network
184s
Command Line
com.hdfex.hufenqi
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /data/local/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes3.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.hdfex.hufenqi/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | s.appjiagu.com | N/A | N/A |
| N/A | b.appjiagu.com | N/A | N/A |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.hdfex.hufenqi
getprop ro.product.cpu.abi
com.hdfex.hufenqi:channel
sh -c ps
ps
ps
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 111.63.206.54:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | log.tbs.qq.com | udp |
| HK | 129.226.106.211:80 | log.tbs.qq.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 111.63.206.54:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 111.63.206.54:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | amdc.m.taobao.com | udp |
| HK | 47.246.103.9:443 | amdc.m.taobao.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 111.63.206.54:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| HK | 47.246.103.9:443 | amdc.m.taobao.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | s.appjiagu.com | udp |
| US | 104.192.110.60:80 | s.appjiagu.com | tcp |
| HK | 47.246.103.9:443 | amdc.m.taobao.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | b.appjiagu.com | udp |
| CN | 180.163.249.208:80 | b.appjiagu.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 106.63.25.33:80 | b.appjiagu.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | msg.umengcloud.com | udp |
| CN | 124.239.14.132:443 | msg.umengcloud.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 124.239.14.132:443 | msg.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 111.63.206.54:443 | umengjmacs.m.taobao.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 110.253.189.166:443 | umengjmacs.m.taobao.com | tcp |
| HK | 47.246.103.10:80 | amdc.m.taobao.com | tcp |
Files
/data/data/com.hdfex.hufenqi/.jiagu/libjiagu.so
| MD5 | 1da618896802fdb4b6f17c92703424f4 |
| SHA1 | b48aa81ac014a5a7f6e95e618e4f951ee12d34c3 |
| SHA256 | 2cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f |
| SHA512 | 620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6 |
/data/data/com.hdfex.hufenqi/.jiagu/classes.dex
| MD5 | d30724581328b122cbf6d5a90be1bae1 |
| SHA1 | 449b61acdaad9286e72b1f125bfc3f0839bd5523 |
| SHA256 | ed2ffa0ff00849a31fa01c98fa9b7b54a3d071fc224bec9ab4f6874f64118947 |
| SHA512 | 6184003e91be773baa314c09d93625fa27405c65ebb57cdc9b2c99d010372c6f21344c9540a97b5233edd660832cd0424a1069e6e97f58671461e2f207302db3 |
/data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes2.dex
| MD5 | a20276a4ee08e8681853c427224860f3 |
| SHA1 | 78aed3488a443475cb1bc5abea1f905b58515a23 |
| SHA256 | d48ea6a44ec3c5d08bde053930083742c6870142d88e28623f9a368fdec4f9a0 |
| SHA512 | 167db1b4b1746be80f083705c05f6a1aaa5b9a845b692bd3a27f286fa221e73967c7264d7db1fdc51f4c7ff01e999b330f170c8ae2f74b45007f436363745cfc |
/data/data/com.hdfex.hufenqi/.jiagu/classes.dex!classes3.dex
| MD5 | 947209bdcc4e82d9a918c8a54bb2ed39 |
| SHA1 | 9f89d440246fd867d1c052340b740aa4cf533e34 |
| SHA256 | ac1e5687d52381071df40dbd76165aa0cb3c5e09743549a5cf97064173cb2cee |
| SHA512 | b01f85c99d072a13e6c72c900ca4d8f14ff49d85629b5e2cee0bbedb3d33e5ff5a832e2c1a150c1e41194cbcb8f58bf52b5e7ef7b6e237eafdcd56af3aa2d4f4 |
/data/data/com.hdfex.hufenqi/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.ri
| MD5 | 2e583ff02a40eb17bf51c5bcd7f0b350 |
| SHA1 | 7820d34516d31d954ea7d2e550a5d5090a6a65bc |
| SHA256 | 9f22b5e5dd45edc999048e5348c7aa6d8af5344067526666815098ee4f4d19ae |
| SHA512 | 50e12a4a70144e98941ab46bd4107757762a139fbe8a2278ef0f26aed160977d817cdf7f6eda281eed4a8a10735b76e88c8c2bd1caf0579d9d98b459d9c28f83 |
/data/data/com.hdfex.hufenqi/files/.jiagu.lock
| MD5 | 76b9b2d6b91ab2d64f86ad6de6937cc5 |
| SHA1 | 7a12a33c9a1bfdae556cc610ac5fe8ef1bc65268 |
| SHA256 | 3361fb53264e49c41198d7eda98983d26dc8f734a9db6fc6c963d09dbfe83fbf |
| SHA512 | 16a6c43647a92289254b8b74c5c814c3f958bd8ccba343f901b2dec2cfb8a55ecb0a564da461742352a3d854f67e52270b06f7c4cced8b426ea1f6455c1e60a7 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.rd
| MD5 | 5a076447c3235535b453d5b03a1efcaf |
| SHA1 | 5a75ee861f63cbfa2586986ba03ace403eb448d3 |
| SHA256 | a4fb5e3c0286039c39515480bea49220017e77cf074cc00ce72811f588dbfeda |
| SHA512 | bb76733507fb474f492f49f6fac0a5c5e3eff6b976acfd3ab8cb5ef98af22d6f16adc5ef89515f0e83cdf41e38ba386bb969a2ea2da842303a0fe453489a45e8 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.store
| MD5 | 0d8e99e6b6fb62a1fb579d7645539a4e |
| SHA1 | 192ab0a440a3aa9936523ea37075e0b24564a74f |
| SHA256 | 38a5e1a422c09210b770a1623ac63f531b1297ab0ed8a06981c9315dec89ab1f |
| SHA512 | 3d890607d05c1eb5b88044f6c9a0ed044184f9e5ee8e7e790c9eb0bec12134af69fb7fdf612c1b6e7661adadc9509c19b3562d8e76f5b7cea8d3a1690df91d28 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.ac
| MD5 | 8099e512d70f371f2d7ad85c0aa80a21 |
| SHA1 | 18175dc86a596481bf037eb39d540f3852d9f5c6 |
| SHA256 | 4082883f9195e4a908b3317866a317ff9ad69120490f55965fda7a618dd90e15 |
| SHA512 | 6b2ff9444f1c963c2fa1c1ad24023db3aa15231864ab2ea6bc5221d18813029c45c5793db54b279f08350b150c6b15ceb76f436df8a0802e7640973f2a542407 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.ic
| MD5 | 16c74a4b9c3c672c25000361188e2e6b |
| SHA1 | f08d95ae7621bf94eae341e9a9e73af15af984ad |
| SHA256 | 36be81a152ce1c09bb9d33bb42b9bea70220c140ecedd8e4395e0b09f07f6307 |
| SHA512 | d3aba434d2adf68fc9bf489a8c9cb2b9109078392be80ba9ce3264c70d246e5c6d26fb8366e68c74b981f851cd0f6d8f848ca6545597f7da7d64cb697864a83f |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.di
| MD5 | 486e2bac2b3e9e1cb411d2838a4854bd |
| SHA1 | 81dd0a7537f4af319b830ae834908986be85da8b |
| SHA256 | 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57 |
| SHA512 | c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681 |
/storage/emulated/0/360/.iddata
| MD5 | 1278405313ebbb29a46e0c5d16192a66 |
| SHA1 | 02be9366b6eeab001fccf0007af1ab981f3349ff |
| SHA256 | c9a2dd03bb2aa5ca49b96317aee577998d9d24e5081fc9d7c582ed35a07a4e25 |
| SHA512 | b981812455ca70af8e0c7c5844f31cc4d4370025db855ea53f24e4f334cb64457fd9494aef8547409bedc881e37f4f2bf87cfcbc89715363cdd4a393dc39c065 |
/storage/emulated/0/360/.deviceId
| MD5 | de13b0c54c2bd654482a743d52b49c4d |
| SHA1 | 740c26d524ed604f92fa654f139ceec2fdb5b8b6 |
| SHA256 | 63d903c46fc74dee6115f020dd0c070def08e36a6755eaafadf81b8b9a8c95ef |
| SHA512 | b7094a4f40c7011064a31ef8cd0ea13f079f3020d017d4e0f07986f4070384746afdb553cea3f2a1561fd0194d33e44938b7af910bb3eb4a92f6987d58306a49 |
/data/data/com.hdfex.hufenqi/databases/MessageStore.db-journal
| MD5 | a79d41c4c13d2271a0eea8f710a0bceb |
| SHA1 | 21e21d3c7d716c239f315dd8786d346f8e5da3bd |
| SHA256 | 8a1320b3063ffc89197565a4be5811b3c649efd685bf8901e6ca5150946903f1 |
| SHA512 | 003dfbdeb649c92391b5bd432ea16aa055945e2fae493bcfe9e005877051572f86bb0cf101c0ad8005ffde31fd703009e628f72d96311863046fc65c8767c369 |
/data/data/com.hdfex.hufenqi/databases/MessageStore.db
| MD5 | 1c4274aa7a9a5cac8c6d1df71e4588c6 |
| SHA1 | abaecd685e01cc68801292e3dc7085654a22feba |
| SHA256 | 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be |
| SHA512 | 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c |
/data/data/com.hdfex.hufenqi/databases/MessageStore.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.hdfex.hufenqi/databases/MessageStore.db-wal
| MD5 | f221aae2018afa9ee1298c5413fd4fdf |
| SHA1 | 9dafb1954afdf5e90bf5e8a404e713a0f2b9c76a |
| SHA256 | 03a5425df8ea7187d67e67a52e9d89b370d268c849bd522f5adb8214830675cb |
| SHA512 | 65dda44097aa6546a40cd0e6cc88fb5627d82efb979c3ab0254edd17e74f6994c4340f5ca0297dd146f5d7ad6bd66fffb26d593dd6c63df05ed73bc696d1f620 |
/data/data/com.hdfex.hufenqi/databases/MsgLogStore.db-journal
| MD5 | cc48bbe5fd7200df0198da396cea544f |
| SHA1 | 5d7673a69727eb001a5ff27c35deb14b0616c278 |
| SHA256 | 23f4796011e1521a5c80708cce8ef854028e702044c51046c3aa6abda66df26f |
| SHA512 | 38a795b00a4dcfa626d1b2f210d6b4d65b25842054cbc41115bddaf1e5393c02d52762e850d457983e6f312ff9069790fa45e47f116bc2b153f32f3c3b311d73 |
/data/data/com.hdfex.hufenqi/databases/MsgLogStore.db
| MD5 | 203513d4e606c00fdafc106759878e32 |
| SHA1 | abd541340d0c63c4e3d88689d1a0efec0bdea733 |
| SHA256 | fcbf95e95fd9c35bf18883b16463efad2d61f659e2b4d03b7081492a94c40cd1 |
| SHA512 | ad545d3fae4e90cd60015334d5af92f2ad386180fb864aaec3d83da7de4d0e07efd701aa543485e33be7dd1af033b05442bc3bb3d4465df17ad6205b7f88200d |
/data/data/com.hdfex.hufenqi/databases/MsgLogStore.db-wal
| MD5 | a0898f99faa2314c90827752d08ec885 |
| SHA1 | d0f7aabe0479fbc0c573a0728973185c3c8fef09 |
| SHA256 | 8caed32d3d5ddb716a61e414410987e125f59d5d18a04ba9f921ac7c0942ee20 |
| SHA512 | f1e3a7f5fd4aebb447682160904c530256017e8b5522ae9c7a0ebdf3ea8f2342aa4dcbd2f716cc3b705b75e22b4c5ac2e9494e1abb3e51c8763457128e428e9c |
/data/data/com.hdfex.hufenqi/databases/accs.db-journal
| MD5 | 0bf1b656ea048384daa7d6ea4a13e426 |
| SHA1 | 8f02d9ffb54e105bdf6a0f949527011005970c08 |
| SHA256 | 8936521ec7669831fcc1a6552d75d83b3fa87d93a09558dae6c4af1c4916f0aa |
| SHA512 | a201baa66db2c853563401252ed72e2868624c10b4094869d18c9160d176b5fdeaf1b1f0b6736d6f9cfc85bfbbe7d02ee1cae0c32fc688fb030ba0a2878d02e6 |
/data/data/com.hdfex.hufenqi/databases/accs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.hdfex.hufenqi/databases/accs.db-wal
| MD5 | 0c808f5ad8b593188a2a13606aa09395 |
| SHA1 | 82183d8db8b50767029809520fdb9171163446b9 |
| SHA256 | b18db4c4d5fa71787b895445eb19132035b003d53f62eaa6bde2d2c28468f3e0 |
| SHA512 | c88c4ff231439f167c82ccf673f847846ff9a145f08a3a7b457600ddfe69637893fe7c50b4d79547760273e8afafa4875afda1196bb26ef2fba4244603425f40 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | fcf27a00737c7ca4dc48d65fa9ed585e |
| SHA1 | 605539e16048597e44d136ec4a0e6fdafe5d279d |
| SHA256 | 927a98062381cebe96cf75ae4d5cc917bc6001b132427ef0ced0e4a739b35174 |
| SHA512 | 6067f71520400d58cd6c461e6db36f41d1a138bc50861c7726a5686a368a1eae3c8219074fe9a1021a4a9c66afca42d1dc7141a49ed42467352e03e3ef911a41 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 788914a7c3e062d10f9f2fc89eeba6e1 |
| SHA1 | 290f99edd54f002d4983fbac95a5eea7a4dbf678 |
| SHA256 | 52c3871eecc875682a53b90116ee6ee64989eaf4b849f06935c927a5fb3fa7e8 |
| SHA512 | 3106a413c0c610039f185adf8f1fcb62cd868833dcf79fab3571e939e72dc42f883af47b10152403a8b48a9cd929e333430da7af048684b5bb991e0f2021ed77 |
/storage/emulated/0/Android/data/com.hdfex.hufenqi/files/tbslog/tbslog.txt
| MD5 | 3791dfc0d741f2c256c820c23a46d13d |
| SHA1 | f46fcff7c31132796dd87b9c4f446584e4c128fa |
| SHA256 | dea4dc616e725d028cbe9887b9326055f7b6dd30c6018727487a45f62812d89e |
| SHA512 | ed9914f5e6c191847fdbc957b62f9a11fb7e41e4f637af047d490d5809a192b028825f073cc3e0c512e5d9a617818dbc7589eabefcca0babfec6a8b11f879900 |
/storage/emulated/0/Android/data/com.hdfex.hufenqi/files/tnetlogs/inapp_20240613.log
| MD5 | 5c353bedd138379f29a9f773dcb7c54b |
| SHA1 | b4c4de9369dbca44de8010bf7654867237938b18 |
| SHA256 | abc0e13fb0815093b9537eb6f92e4e3cdc51488323594fc0a0b09853babf4ace |
| SHA512 | 0550dce9b587a198f05691f432caf911b64919974c4574908cc31730899643ef6991c7f65761bf57666210bf3eeab346d9f18ef5fe32e7272a923b80f35523a9 |
/data/data/com.hdfex.hufenqi/databases/ua.db-journal
| MD5 | a2570ad7ee691e2cacaa2b99f83c936b |
| SHA1 | e46ace0e42138d7b5776743c1980db9f4689b054 |
| SHA256 | 6488c4431c27994749a1905cedea537ee6ab65676e1607ec26247e08f6828a86 |
| SHA512 | 62542681ce23bc572e6d054025ba274804e550ad9b3871959e66cb3d16ddf43655d750902108b9ec0fe93f9973327d485e9da6588d78abde050716cece0997d3 |
/data/data/com.hdfex.hufenqi/databases/ua.db
| MD5 | efb5629748764f0572ce71777282c86c |
| SHA1 | bf594e4221322de6b26c0c927943cf249434c4e3 |
| SHA256 | a1c0c202b841c8eb108c0723713f4b0d95aa76b0fc68a256e4ca83056adbbb9d |
| SHA512 | 24ae477faf7bdb5d89c21c04b91be4755ffb8da5119b8fffc3e69c66ae0b711c6b8bd4c5e5dc64593334e952c5059c8d18c024e398829830d38f2e151cbd9602 |
/data/data/com.hdfex.hufenqi/databases/ua.db-wal
| MD5 | bc48b59c4d9065099e1f68281dab4725 |
| SHA1 | 5c3c4785cac2f6879ecf1dcf5764408f48129d2e |
| SHA256 | fccab0a946c67388187c41b3765797b8087b81e2605619191d82c10e33ad50fc |
| SHA512 | 559da85e89120661aa52f6c73c7d7b1b0e5426b1dc8886539edc91276554f5c8fd03d183b99c046b9297c41d15df7e7a32bda8d91c571446966326fc8f08f86c |
/data/data/com.hdfex.hufenqi/databases/cc/cc.db-journal
| MD5 | 2f194948df30a6e12c7a386c85a3a4b6 |
| SHA1 | a6c2415f009afdc025ceedb3025ac2e4300aa62c |
| SHA256 | 97c7dcf24c8a54104423ddc552f6fe58056d3c73f9b875d1360aaf0ed3fb6268 |
| SHA512 | ce63cdd8e1eb29bdade52f784bb464239f0e7256f467c6b6b67efc7150a3a59c91b91b90976ea700cd0751473aae1f51b543c1e3f7cad1838ea07612d4aafa8e |
/data/data/com.hdfex.hufenqi/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.hdfex.hufenqi/databases/cc/cc.db-wal
| MD5 | b2c997d6b5795da06627699b84f41a5e |
| SHA1 | 18870c4402c2ec95fd895827c6e8ef1bea6c3440 |
| SHA256 | 9fe14adec97a676470195663ba807afb5f8644653171822135118eaf35989e4c |
| SHA512 | c26635304d3948026c2a03f94ecc1c5fcaeb389074d489f3b04180d7104491ecad0cdb2e44a8c9b1ec6ae70b2db0767c6839758933223d5b27a5c852d20a4564 |
/data/data/com.hdfex.hufenqi/files/umeng_it.cache
| MD5 | a2bccb1def8e2404c07a1f76731e7cd2 |
| SHA1 | cdf9b9e0d2b54cda5ccf027d95e95f836b5b04b5 |
| SHA256 | 5b92fedbae48af66016cd6c13f4e6affc29f188094223fe306c706780783c271 |
| SHA512 | 16d7cd4bbccc60f1d08bc97e28e3788cf3830cb25317f72905e1aa0b78395a344b96482d106a667524df0fef1c684eb58b1c48138ecaf5151a64a8b08cef40bd |
/data/data/com.hdfex.hufenqi/files/.umeng/exchangeIdentity.json
| MD5 | c36ce9d8ec8f71d1ad7b3ad045b04a85 |
| SHA1 | be9d5f99ff9f93915b07381a7449ff781a3f44f7 |
| SHA256 | 7cbaf8be79be37f28607fe520a17fb3a741c6028e4489dc0c29df7dac6d10bbb |
| SHA512 | ec0e9e428f04a57fb8a16ad57332c45dc9248d085cc69ff6dfae8e3345037776317dd1e4a8569efa3538b2ee8d09c53693fe7ed46263562502ee26aafa606330 |
/data/data/com.hdfex.hufenqi/files/exid.dat
| MD5 | 0188db5cd5323c05f8ecba7c23fd092c |
| SHA1 | 3fff739d65d02e4a272eda475d03ead48056012d |
| SHA256 | 64897d4adb9fdfed919d24adc3a2e34a891581c5ab787211af6ced9208353ea2 |
| SHA512 | 7bdca60e64804f4e53b39ac5eb40a8d2919b31aaf7f687b11baa7020f015c37384ea7b7c84420f6902204b9a7b4c6d37dd7b6713aa1de09f86ba8d6667bfdfaf |
/data/data/com.hdfex.hufenqi/databases/ua.db-wal
| MD5 | d9ba32b1fae80f5248d88f3aebb31928 |
| SHA1 | d75ec636f2a8a327308fecc99e892bed3d7547a1 |
| SHA256 | e9c982d65139a69e05ec249ddb38bbf46c5cf7f6151662efb769610643be0980 |
| SHA512 | e05b1251e2c1c25d0b5af8df8b11a1ff7f90ed98ebd4c7d3bdc0ab6df107120d936d0cca9a2bd0fd067f667d37180429d632f01c871716f27bfacbbef5c6e0b7 |
/data/data/com.hdfex.hufenqi/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.hdfex.hufenqi/databases/cc/cc.db-wal
| MD5 | 2295a36da701478ef749ea284a4e034d |
| SHA1 | 424ac87fe0208b345dfb426d0622e8ba25fe8e93 |
| SHA256 | 5ef33dbcf53124aa90d4bf2fea5afd4a1e6eb02b7b7ae73f0d1aee308c40218e |
| SHA512 | 9da37f0635551969f760d0b108df1ddeb22229692206b46cd44f69ab3b28a6bc4043f7585742374580bd26898d4020563cc6782ffcf0ce897cbd6a6183a1eed0 |
/data/data/com.hdfex.hufenqi/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.hdfex.hufenqi/databases/ua.db-wal
| MD5 | 705c209d5548a99a962ebd985f73bc56 |
| SHA1 | 67c38abe78100f5b0e0d137a972999f09ca81ee3 |
| SHA256 | e1cabf212de5bb401bb6b26af896a97533215f80bef62c3129ad56688dc62794 |
| SHA512 | 6c7da92a673e5dcfd55739621516aaa524533c8fa443b5cc9d3f9c3c3d983a6ad1c628a5da04c099c10a9b027be832590baaabcb7f108553d4c72a1270e8553b |
/data/data/com.hdfex.hufenqi/databases/ua.db
| MD5 | 1f3536eadb2c6146a68526d55b3c1cef |
| SHA1 | c16d2a903de4ce88efad06311d2fa3684bf98d52 |
| SHA256 | 22a3528e946c87e7e57cd7f8175d0131af6987ef2b1e35604358b067afda5e53 |
| SHA512 | 6cdc73f4c72a77c89dbd5310c63c97b66070c448df518dbb1611ac26c312e8570a1c48d302d3b34e699466f56d7b423e312437ee71d3e09f259c02364e3e83c5 |
/data/data/com.hdfex.hufenqi/databases/ua.db-wal
| MD5 | a979b6d0bd5fad9ea38870e895e80065 |
| SHA1 | 518a02b31e18f5c47c1b72e96b2723526aa41405 |
| SHA256 | 40b79ff06e27c6d72bae8d55ad423296cf8750b75cc36df5cdf96f06266772f2 |
| SHA512 | afc66aa59e6b3fa63947dc427ca7ef39d7134d2b9b844fdaf51c3d5ef7a946df7e791a991eaceff3b8625bf65f6d630eeb7c6bf2c3f8124e0de9df26d26ce108 |
/data/data/com.hdfex.hufenqi/databases/ua.db
| MD5 | c9bd2bb3776491e04a22d17b9799c8cf |
| SHA1 | fce878c4ae99ac0e9d9cb6306759f6fc1759b264 |
| SHA256 | 9527202211a94030938fd3e5b850eb497f7654dc1e36c79797c1aee938beb8d5 |
| SHA512 | 3ee24e73f6bfe10e928c5736239f08880b296570161df311ed9854f299e0e268ed4647e39a58c1994e9e62e807f889c22ea2a68cb4af36a9e73de69e0f308602 |
/storage/emulated/0/Android/data/com.hdfex.hufenqi/cache/f245344c68014f5f9e266ace4f00d2a4
| MD5 | d373348b4a617513e2f72e44c9c8ec98 |
| SHA1 | da4681af2462e215f97c555043e82fb50ac2b581 |
| SHA256 | aa102cdaf2a524e96b8050fe59b5a6922e432304ecd3642c037b91197d687310 |
| SHA512 | 6fe6d725ff2a7911e1abf995ea1749a6e62d5241700a708ee66b60d552dde416cea9908b06a7bdea18a1ada5a4fc72c6f41db48c207f747f46a4c3977d8a0eea |
/storage/emulated/0/Android/data/com.hdfex.hufenqi/cache/803c1fdc72ba4b258cf982a53c80888e
| MD5 | 4013f922d6e2b5127df7532c533abfa3 |
| SHA1 | d2c113e1b1527a8525d50ac571499d2cfb04eb1e |
| SHA256 | 8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e |
| SHA512 | 99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.di
| MD5 | d7b8f8d00bf62e428ba97e5e23a5b638 |
| SHA1 | 8cb8574f8b74ece62476ec20747c3c2dc8c98a4b |
| SHA256 | f241a3b2f36f2934324804ce951dffe2c1437ccdf765976150fcf4ae296158e3 |
| SHA512 | 72cbd0a869b66d5bb92c8f0d96d4c3ba39392be5e9ac4e1e8a8b4207db182cd20cc859b8cdc97a3ae3cfc43a610d25e9b20d81c2f70ea92b15c6e568699ab364 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.store
| MD5 | 50162cb6242f207b25a319a23a5fe7bb |
| SHA1 | e47a2cc8b2fbcb826384301aaffd1109451431b3 |
| SHA256 | 2789758388ded6d3d37fcaed91ded395b027ff9ec7662c950cb14fb0ddc69d31 |
| SHA512 | 4bb452718eb4f167109a9f8e84a685a3af788cda6cbeb5ce267a65af584680a72bda43028b71aba650428b27be777d5a17f32ce2ec03a6b2525d215a55347e27 |
/data/data/com.hdfex.hufenqi/files/.jglogs/.jg.ac
| MD5 | 073330b1b451f7e6f81ca3c3a8be5848 |
| SHA1 | 1ccb2b34310484de54a425f8532c5eb86544177b |
| SHA256 | 4eba4ef9334ac0d5eff8a09fad20d82645f67173048742e4197c87d31cbbf6f0 |
| SHA512 | 2b3ec0c0767aa630ec384eb38e9d674ad3ecc0703dc78917b09344e046ecb2d1f76137d5605ac56cc6a1643e45baec30601aa0b9e198d415d3f6ffc735c9277c |
/storage/emulated/0/Android/data/com.hdfex.hufenqi/files/deviceToken
| MD5 | 536492bddd308b3e85c0a773a94599da |
| SHA1 | e289de8be29c99371ce9119a4e1e4b4f3270bcd2 |
| SHA256 | e64a92310e7dd9eb061fbb1e76fd32f90b0980315f6c26b52ba43f35a1c63709 |
| SHA512 | 3eb19d263c60185ea79bdee12b1f034d022c59e6c2b2a57a6df0e34b6332f4b4c90645e42f3e621e46e3bd5ce0ac5cffbde6cd2997c38d6db54e36c9cecae2a6 |
/data/data/com.hdfex.hufenqi/files/.um/um_cache_1718280685852.env
| MD5 | 4e729246c66114a0c6ed6ce620123fb1 |
| SHA1 | 7b9c47dc1b9bcac2ccfcaa2d98b420ec69bbc8bf |
| SHA256 | a2e26b0ace50922ec2ce8a812b0b1d803933f6247c51d0b4c35e5ef5ad47ef46 |
| SHA512 | 5eb70810ca67e1f677c06bac5e2935b833ec0095d875eca1b9f9a2847d2e0463381d0f6c688e189a3acb5d390123de62a4dd51dda7e5d10da3ee62ebda6d4033 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 12:08
Reported
2024-06-13 12:09
Platform
android-33-x64-arm64-20240611.1-en
Max time network
8s
Command Line
N/A
Signatures
N/A
Processes
N/A
Network
| Country | Destination | Domain | Proto |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.234:443 | udp |
Files
N/A