Analysis Overview
SHA256
0b4f89f4017a78db79765c003cc4c541869f29895adc9d7a7d2dd1bf2dbbcb84
Threat Level: Shows suspicious behavior
The file a763ee98cd9e97830dc69e2e8b390de2_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Requests dangerous framework permissions
Queries information about active data network
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 00:48
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 00:48
Reported
2024-06-14 00:52
Platform
android-x64-arm64-20240611.1-en
Max time kernel
86s
Max time network
133s
Command Line
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.yiwyxb.dk135283
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.mkjow321qwup.com | udp |
| US | 1.1.1.1:53 | www.yurewd456qwep.com | udp |
| US | 1.1.1.1:53 | www.0579jiapeiwang.com | udp |
| US | 1.1.1.1:53 | checkupdate34.360sjjh.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| HK | 156.250.27.229:443 | www.0579jiapeiwang.com | tcp |
| US | 1.1.1.1:53 | www.ghyrfd123eqqd.com | udp |
| US | 1.1.1.1:53 | www.qwedsa789qszd.com | udp |
| US | 1.1.1.1:53 | www.vdfrtw654qefhj.com | udp |
| US | 1.1.1.1:53 | www.qzxsaq987dwqd.com | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.s3-accelerate.amazonaws.com | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.oss-cn-shenzhen.aliyuncs.com | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.azureedge.net | udp |
| GB | 18.245.190.190:443 | 4a5c26d88c514a23bf15654abd83adb1.s3-accelerate.amazonaws.com | tcp |
| US | 13.107.246.64:443 | 4a5c26d88c514a23bf15654abd83adb1.azureedge.net | tcp |
| CN | 112.74.1.226:443 | 4a5c26d88c514a23bf15654abd83adb1.oss-cn-shenzhen.aliyuncs.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
Files
/storage/emulated/0/JXCP/aff/com.yiwyxb.dk135283
| MD5 | 6097116514f54a21468a368fd91a7a08 |
| SHA1 | 54d5a86a6e97b4bec43acfe74e98a40214154ba3 |
| SHA256 | 6f2cc30f27eac33dd8d6644ce1605e46ff5d5b2097016a4db6f9a903ad4cc975 |
| SHA512 | dfac9aaadb293206479091d7cebe62b6511feea8bf4d764abbb485b5573f59e45e6eaa39ba2471ecd851f86d964d09f710ff5f5047f42057c743a3a4a84ec706 |
/data/user/0/com.yiwyxb.dk135283/lib-main/dso_state
| MD5 | 93b885adfe0da089cdf634904fd59f71 |
| SHA1 | 5ba93c9db0cff93f52b521d7420e43f6eda2784f |
| SHA256 | 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d |
| SHA512 | b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee |
/data/user/0/com.yiwyxb.dk135283/lib-main/libjcore110.so
| MD5 | 304c4775c940633d9bcd763ef3c59ff6 |
| SHA1 | 88cec29d0123a91bd5fc01adf460d75137592998 |
| SHA256 | 718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad |
| SHA512 | 8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43 |
/data/user/0/com.yiwyxb.dk135283/lib-main/dso_deps
| MD5 | cefa37976e13f1a95c490cb315ef905e |
| SHA1 | d184bb5c46a90a782b8b0b1bb8006f4d6d999cab |
| SHA256 | 43051257def192d274fb3ef2fc68e2dc87f64dd65c7f47bf7e99032d696fc216 |
| SHA512 | d03ec779022ac7dc2b5ecd4648b6b2ef8f92609e85c963406f0b52d683e6bcf3a1dfcb876f299b63aed3e287c9a664009e9e40e6056910c133409c9d21419bda |
/data/user/0/com.yiwyxb.dk135283/lib-main/dso_manifest
| MD5 | f049019de27a3a937680ead2d2ab0491 |
| SHA1 | da7e30a8e411aebc0174a4029287a911bd8ab260 |
| SHA256 | 055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03 |
| SHA512 | 04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc |
/data/user/0/com.yiwyxb.dk135283/lib-main/dso_state
| MD5 | 55a54008ad1ba589aa210d2629c1df41 |
| SHA1 | bf8b4530d8d246dd74ac53a13471bba17941dff7 |
| SHA256 | 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a |
| SHA512 | 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | 6c5ae70691fd2831113d13fe0d375205 |
| SHA1 | c1d7d6a579bf3a2bf7805f6fc0bd11b7e588d0f9 |
| SHA256 | 3f0b807d5cc9a92de1c0f036cfc220167203c9220f879e024edcdc464633026e |
| SHA512 | bb7ed1a4ce23b4bfc92ddcecfcd8fc67ec5878c547d7a504161825a4e4119e00f1ff29fef2e61bded7c4619035bdcc01eeb4f91d2873469ab2b6609cd99dc7fe |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | 3e0c0be4d37127d3c1b11d001e6c8d28 |
| SHA1 | f725837c5eb2296504cd85b5601bf2581b9b82ac |
| SHA256 | 1c213e780c3f0c263ce0fdefb1d90d09b5095f5ddad9cb47507477ed8051fe9b |
| SHA512 | 959273f715abaf6faea1a48a355b1f66e69062a2eb03469bf32b7fa6b00a9abf03fa4a2988b1227297216761af2963b7078104f39db9c4b472919304392d117c |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | d02b18d188d643738f0b87876859585f |
| SHA1 | d8b68c970ebdd544d75356c38ab1df7a184f6f68 |
| SHA256 | 3d398548b9cd2d011783d9b3890d5efba88fe15be5d409a60a29d969f52470eb |
| SHA512 | 1f62b8d58fc392655f2bb0dfd8a0d27dce1e763b31e8d1e2ea00936fbe3bd45f149dc1b12a74e64412cdb9a73e1b8fd8c4f3028be6e5067d01f0d05b80b04f6a |
/data/data/com.yiwyxb.dk135283/databases/ua.db
| MD5 | c96e722b4d57f9311d419c2936bcfbb4 |
| SHA1 | 80d5edd31900f57c3a4e58ab2a188729ad5c0a65 |
| SHA256 | 6407ac6152946cbd20d45d6940e929aacd4c98d0f1ef96feb2dc8fee748d0550 |
| SHA512 | fbf5f413d120aed4451a05faa53e008828b3e149dab768364858cceae8387bef264b43825961b457b2b11ed3d934fcb6d496c988eda09ed36af9b817ec1f371f |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | 5cf2c6274b350285d79ed778dd26b214 |
| SHA1 | c34b2ccc08f71ecc55b1a21dceaa520762686da4 |
| SHA256 | 817a9e4d35ee769da21ce4ad351b85b843517a02ece092bd91746ec4ea07c4cf |
| SHA512 | df7950869d5c37a211708b5bbac463d0bce0ad6648dd6322c4d0a48a5544967960eacd4eff126906c2f041d879b9b105979ac603a3957dfa14b95aef27b85ac5 |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | 752be66fecd26ebeb9d135dfee26fba5 |
| SHA1 | 5af10258a8d2e577b0addebfe5d548dfc8cb8e7a |
| SHA256 | 64e95633c0cf0c3d199783660ce97027041dd4cc7839a1f0c231956e2db5a735 |
| SHA512 | 24cb29b356cfba76274b6da7e754ee33e80370e1f51e8c685a72de69478ee0bdebc7cc44d19b66680553999a276ab0da4e7c08e93780bdb28c457b706d8c7d68 |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | d7be53159393b2cd92c987f2a3ea59ff |
| SHA1 | cba16f0534d340683646b454d6dc00f3e3eec037 |
| SHA256 | 02eab50f5b1c3b21e2ee63922604a4d0a790d9ccab8a732ba5b39e0f44b2b20d |
| SHA512 | 4b35cf5e378ea940d89d29b54f13748168432d295cf84067eabd7a02b9170986666ce9c65d98247d37d6e8ddee7909dcde20970aeb2795ccd99d6fabaeba0544 |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | aa82135def21d9fb84e8a9e6dadd9b22 |
| SHA1 | 8c3cb8001c37302a15aeb41247570b3766e5394e |
| SHA256 | e1442a7ad8ef730571580f0732f2364166133d9a29e27b724409c77fc2fe99e3 |
| SHA512 | 80ab820c76b7b6f932c83e6c8a5b58ebbb398f0dd148098c4f4181e7a6f3f9b571fbda451d8df20d3b845d73109a6fa4903ad3b54e0032efc7cf0ce52d0b2469 |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage
| MD5 | a8dd844c47107fdd6ea3f456ec54bb01 |
| SHA1 | 1f3621fb596bc60390c70630f5ea67b0978d0e99 |
| SHA256 | 169313326a38c579cc6e21cbd1e3fe2b055690d804aff46203ade7c0219cfca7 |
| SHA512 | 4047b64f410a1494531a22038688b7872908daad27395661a0d953d4d2826fcdecda7c6967209d64dd1d60abbdaa7c86d7631b21cdc27577094eab0b42d33b8e |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | e14d1fc00fe8ce46ec9a3eafa74ff9a0 |
| SHA1 | 67ed63fa7996891762510d6be3e81249e533f761 |
| SHA256 | c1745c24dd3e6b91038b6000503e5edc65b786acc6110064be5ba6f4c627b3a7 |
| SHA512 | 12e5a45a5b78a0ce0d181833c6b4a75268bfd0895f24139ddbf5ddf4ba8598060cd9ca8b4a54d813484f58f387981846ecd65220c97554d1991d14486fa5b54c |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | fd8a8d0a11028ed8a7887a47f6c4ba27 |
| SHA1 | f9e53099e0da00efb2ae96aaeb5a9d618ce0b9c5 |
| SHA256 | 3aa7e00e458c2d6072c8b3b8cb01c1ee7766e0885a43d4aebfe60b18cd182f12 |
| SHA512 | e0ab53944974722487042c144e71bb4726e2539349337d0444701e39b45abe5e2c8907a4515f8c47edd9fa9b0f47f3201f293fd136541127a244e4166d6db39b |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | 4483cde32d74e24aab069159beb2edd3 |
| SHA1 | 432a793124ed68a612589ec1a07040a3c86fa933 |
| SHA256 | ec7dbf530e0117f3ad6ffc73e43592470cf78727bb51fa5c1e477092632ff31b |
| SHA512 | 0194efbac72c458a1edc6478cb563e71678c8665a58b48169d0bbc6875011b4c2d00f05b41163d430ed29c0146cc1c2d2db6b5c6f74cb6500d1f3eb9b235e966 |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | a30590a5250bd9ab502037e88205e4a2 |
| SHA1 | 25a87d7093c24cd9d3743a49673a52887a778a94 |
| SHA256 | 358c74ee21e455bd818be4ab275bd1e988972b49651661763558f511bef515b9 |
| SHA512 | 6a9762f1b88fec93a35fbcb821108e7923af709ac9f289b8ad072c85810411e22d1d447722e3f7ebde310a606d29d422d680bbdc32955a7bd7aab4649ed6562a |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | 040c18a5107238ff9bf23a2c573b6827 |
| SHA1 | 515e2fbccd2a9c3d9174300f0dd8626a2f7ce4da |
| SHA256 | fafb25641ed3d257b83e80d7eb683458f1839d8cc07eb39c84a584ff47a5ef8a |
| SHA512 | 2bd0a13f97c9bca1bd8f6551ca596a491ea1f467e95842456becb0bb214642604ab2ede70c7fa4b3ed368d7eb9d9a3ef4e374a5f58de2a1c94b4fdf5da8f9a7b |
/data/user/0/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | 7ddcff50af9dbcb0838ba33b577d2333 |
| SHA1 | aace09d28ff972f2321fcab39ec5b108b92a3e89 |
| SHA256 | 7f8ead58057692aedcc8f719885ec4c22ba5888f5c25754461b324a65ad1ada6 |
| SHA512 | d294f946df7ccd3af76bca5bbdedf2d2696eaac475a449902662c1d979dbf022f39f701a7b9e07ddbe1aded984590bf207c192005efc5743faf7e041a34341be |
/data/user/0/com.yiwyxb.dk135283/files/umeng_it.cache
| MD5 | 180b76d28a92641d61dc3a6cac0ab1ed |
| SHA1 | 3ddac51ef47cf7eefc81be2741a875bc29f72d36 |
| SHA256 | 9742df1ce1e530aa9e42193bd6dc317199efa123907f8f5e1b598d7219b19eb6 |
| SHA512 | d98f936790ab397c0a7762cc5252eb55385516f9e7f030f63db7a46b039cd0c1e164f0d44229e2f5f9e8aab76b4e169d1afb469b29321c8c34be422bbada3bff |
/data/user/0/com.yiwyxb.dk135283/files/.umeng/exchangeIdentity.json
| MD5 | 62a9551697d6d32f62ac913eedd135c6 |
| SHA1 | 9d212a8886675e024e3016aa74e2e443b1468868 |
| SHA256 | 971eb35aec12e255b3fc704fa06b344f14e6c93c7f9fd452dd29f0e9387be131 |
| SHA512 | dcc02a4309e3b9b33f7e55e4cf149f5be5d155768ce864d5e3ef0d77766cd9206bb0054c6900ce0f3c90ec5d353c0283bd131ee295852cafe872b4327f3cc7a8 |
/data/user/0/com.yiwyxb.dk135283/files/exid.dat
| MD5 | 9e21b2ebde4914b294235bea4a3120fa |
| SHA1 | 9df9d97acbe7ab02a50ed1cf45299f550988dcc5 |
| SHA256 | 9f11c0288b8ffd1ef42e1b0b74a6a7176a772049dd68fcda59fee189bc7fae1d |
| SHA512 | fe91c0db62471a5b4827848a5ca27d75d74b0b1c825ed938efa752a4ce2aba30d68c8bcb03c59a12bea1b240a35708eb9f2f393823ae148c42b63b8591d89d5f |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | 239bf6dd756f449768f1b0a3939ff84d |
| SHA1 | 93dacb7b6d5f9c74d06606929a2ac4dc85012a60 |
| SHA256 | 6afef3c79defdd9f24747671b1a88dcf66506ec53e7cc3012b9bbadd01f4b137 |
| SHA512 | 3be6ed5d7b790c6848563ad2446e7a90a7771703c08b4452bef2357ba47b9bb7660a3d8579779f60e66fc2302da569236a2249de310e61d3a08426d62eedce20 |
/data/data/com.yiwyxb.dk135283/databases/ua.db
| MD5 | 4cac7d31fb94d5c9581893537f64c5ed |
| SHA1 | 96bef3288546196ac3058b5eeddbe9da1d999fe5 |
| SHA256 | d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5 |
| SHA512 | 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | 9da0ba73bebda7aebf17a1bdc195ee2b |
| SHA1 | 540afccfc56d81606a3482e493ee17a568420031 |
| SHA256 | 3b6b5d61012f065adb1e36f6156e4620a07fbdbd8e33759308a608c9c825db14 |
| SHA512 | b0d9242431bd3ab9694eaf48c2c4a844a3e4bcd8f120124f95bac7058cbe1c88c3a172fbd3d5a5994e52e3689d15ae8bf6d485f8df100a722360a4f7fd1c6d36 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db
| MD5 | 86752a4be6564d8370f2f0e403995003 |
| SHA1 | 29f7d50675f6e59f3b808eb6dcc8619384412115 |
| SHA256 | 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c |
| SHA512 | 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | ae4d24fb9c6a9ee542ace726bedd3b49 |
| SHA1 | 7a2bc44c71c1e8259ca26734402b90a9c69c32ce |
| SHA256 | 9fd8032425cc6b6c4359a3ee7b486500362b03a5131407a2e7229a387eed1f23 |
| SHA512 | 4ab7d5bd34c8b4fa29a0c76cd6ee85305f000083fac1210ce0745a476d7f05c5d7e0d9eebaea43462a4863ed5ac213a86dd2aff4c78fd59dea5eb1b1b9cad293 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | b05a077c850e5ea039a4ed1e75100a0e |
| SHA1 | 3e0fd19d9b156c5fd72180c20d4da39bf004e0d0 |
| SHA256 | 4f3b06e359263a11db3b7545f8ab9058ce711842c17901485e6b573d5db61249 |
| SHA512 | 21e4072d7b20702367ca91bf1a23478cc9c85fcba703e7483d8c1bcc7022ff5b7f39d89835f98d7c9c9c2dee9761dea17c12b0ab4514a8bb2c529cebda28699f |
/data/user/0/com.yiwyxb.dk135283/files/.imprint
| MD5 | ac8a635f479df4ce5ecbac7764ab73f3 |
| SHA1 | c0b8c4ab4af7f2451a51c832235af122404882b4 |
| SHA256 | c5075cb09d940aae171cbf06caca5bc6ca1f3a0e23438e33b30cdc56ea3fc199 |
| SHA512 | acdf62cc3b32a46167c83c70444ef5c1547f0b9cc46853cacadfd8e84561b88120fafd4d7f9f1d5c999eaf7ee1756ec3d1cf02dc6664f405f0c9fbf3045ce299 |
/data/user/0/com.yiwyxb.dk135283/files/umeng_it.cache
| MD5 | c923878e7e4542f04267e7889a40879b |
| SHA1 | 0c26dc98c0a98f59f2386ff43fe3e8d808b2634c |
| SHA256 | 5097496fe089d75ff0b8b51c1a4231825a0cc2564c6d2613fd3ff1b9f0eb84c8 |
| SHA512 | f80947faeead6fc9d67206674133aa5aa172915bd56705a9cb94039679a244b3eadacc8949a6bed4f056234a89ae1fe5a6f4ae3206ed2db50f7fcebb223d7443 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 00:48
Reported
2024-06-14 00:52
Platform
android-x86-arm-20240611.1-en
Max time kernel
87s
Max time network
139s
Command Line
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.yiwyxb.dk135283
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.yurewd456qwep.com | udp |
| US | 1.1.1.1:53 | www.0579jiapeiwang.com | udp |
| US | 1.1.1.1:53 | checkupdate34.360sjjh.com | udp |
| US | 1.1.1.1:53 | www.mkjow321qwup.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| HK | 156.250.27.229:443 | www.0579jiapeiwang.com | tcp |
| US | 1.1.1.1:53 | www.qzxsaq987dwqd.com | udp |
| US | 1.1.1.1:53 | www.ghyrfd123eqqd.com | udp |
| US | 1.1.1.1:53 | www.vdfrtw654qefhj.com | udp |
| US | 1.1.1.1:53 | www.qwedsa789qszd.com | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.s3-accelerate.amazonaws.com | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.azureedge.net | udp |
| US | 1.1.1.1:53 | 4a5c26d88c514a23bf15654abd83adb1.oss-cn-shenzhen.aliyuncs.com | udp |
| GB | 18.245.190.190:443 | 4a5c26d88c514a23bf15654abd83adb1.s3-accelerate.amazonaws.com | tcp |
| US | 13.107.246.64:443 | 4a5c26d88c514a23bf15654abd83adb1.azureedge.net | tcp |
| CN | 112.74.1.226:443 | 4a5c26d88c514a23bf15654abd83adb1.oss-cn-shenzhen.aliyuncs.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/JXCP/aff/com.yiwyxb.dk135283
| MD5 | 6097116514f54a21468a368fd91a7a08 |
| SHA1 | 54d5a86a6e97b4bec43acfe74e98a40214154ba3 |
| SHA256 | 6f2cc30f27eac33dd8d6644ce1605e46ff5d5b2097016a4db6f9a903ad4cc975 |
| SHA512 | dfac9aaadb293206479091d7cebe62b6511feea8bf4d764abbb485b5573f59e45e6eaa39ba2471ecd851f86d964d09f710ff5f5047f42057c743a3a4a84ec706 |
/data/data/com.yiwyxb.dk135283/lib-main/dso_state
| MD5 | 93b885adfe0da089cdf634904fd59f71 |
| SHA1 | 5ba93c9db0cff93f52b521d7420e43f6eda2784f |
| SHA256 | 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d |
| SHA512 | b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee |
/data/data/com.yiwyxb.dk135283/lib-main/libjcore110.so
| MD5 | 304c4775c940633d9bcd763ef3c59ff6 |
| SHA1 | 88cec29d0123a91bd5fc01adf460d75137592998 |
| SHA256 | 718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad |
| SHA512 | 8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43 |
/data/data/com.yiwyxb.dk135283/lib-main/dso_deps
| MD5 | 591bfd54cd8936dc77011474a058cf35 |
| SHA1 | e631f4b09ba2c6883debcaeb81cf04c04dfbe249 |
| SHA256 | 51ca520a02c77fcab37189cf16e78a37ad211eaaa0f9a7f9c076f4e8665ea998 |
| SHA512 | b424917fdd12c71a98a46813fdaa3153a693abb0aa3346744863e4428bbebdb8b6d3d1c91b1ea6c53856977385d10c5c14b12e7da8d8e8be86a2d20252b91cfe |
/data/data/com.yiwyxb.dk135283/lib-main/dso_manifest
| MD5 | f049019de27a3a937680ead2d2ab0491 |
| SHA1 | da7e30a8e411aebc0174a4029287a911bd8ab260 |
| SHA256 | 055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03 |
| SHA512 | 04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc |
/data/data/com.yiwyxb.dk135283/lib-main/dso_state
| MD5 | 55a54008ad1ba589aa210d2629c1df41 |
| SHA1 | bf8b4530d8d246dd74ac53a13471bba17941dff7 |
| SHA256 | 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a |
| SHA512 | 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-journal
| MD5 | 9a3142db042d7febcf6ad82a3ff779f6 |
| SHA1 | 6dbe63bacba0a6645193687269d90687a8160443 |
| SHA256 | 0a06577ef03f3502d4ec4fd7ff98bca22cd946054b6ec892f144182a9634715b |
| SHA512 | 802dbb439df96f806d406297b8b172f2108db0c16f39414fdc6019a8714c94d2d66c487a62066dcd8fc69982aa4fa97908827df47e275a173e6c9a9d75ecfc71 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-wal
| MD5 | 291fe8643233f09a605b279a97c4c3e8 |
| SHA1 | fc4cd84387169bfcb4ef851bb8484d7ee75a361f |
| SHA256 | d63b76ee00fb3238d6a07ec24d50be81c770e0eae69aaa993ce8a522323dbb32 |
| SHA512 | 81d3959d83ab75e90fd9361d41b29ee90d5244b0d98f69dc5b14f4d9167b69c1e5773e18926376adf3caa54e692bf4e88260ea3c930b155ebbabd19ee5926e03 |
/data/data/com.yiwyxb.dk135283/databases/ua.db-journal
| MD5 | e60c4a3274f37cc781717906611731c8 |
| SHA1 | ba84b8fd32484838bea1218f447e2b2e5627d687 |
| SHA256 | 97160c75dad3dbf125b7741554c386c9fc71006dc2199515e11dd67c1c99126b |
| SHA512 | 123270e602c9db104cb1eaaa3dac0d521cd46d00192d1f0309d57609cd0d51634a1b0bf13c32609f6e0624184f58b90d247f321663e8831a5607a8624c7619d1 |
/data/data/com.yiwyxb.dk135283/databases/ua.db
| MD5 | 53173bd2329923d8b9518de0ad48487d |
| SHA1 | 82373e7e244ba02026f09b5bb93cc58d022f54e7 |
| SHA256 | fa874bc9692fa21123a66e62374f20e6c9d6fc03b2bed996db3bbf7104e27aac |
| SHA512 | 7ad04a35663cbccddf3069b2165f2b33aa204c8f1a4bee84f6265681ae3324c9c392486a3caae1ba16f112622f5c2f632bf931f734d95a3d00bc67df3b125e6f |
/data/data/com.yiwyxb.dk135283/databases/ua.db-wal
| MD5 | 40b318328d6956dc55719a0a1bc33c4a |
| SHA1 | 6a489dd39ca32bf31a8ec7aff751691ece956d7b |
| SHA256 | 30d4721900aed09cb6a6c6a02692795d9c6872eb259208c91d814c1e4b8c7c57 |
| SHA512 | 0a44e02b4eb8bb6c513763660ee11e0abb9773b25e09190f2366fd7f7548177c41f26589d889a23ddc8a90371f3ace87e36f74e6f4d904c44db00e077c3f41dc |
/data/data/com.yiwyxb.dk135283/databases/RKStorage-journal
| MD5 | 9d30652aef349b70e512fca8b735ce21 |
| SHA1 | e246feea3e805d9d46835104d2529fd270374b02 |
| SHA256 | 631eeb93714ff0b2e6d03475937202e7c68ea7238ca704699caa4434967cef8a |
| SHA512 | 317fd40ade4f66db0851981a5e1a91f917e494162d14a04760004476d37e0f66f40a8dcd4b6d0d139a845a13e258bee2423dafc88a000be8e76696de855ae538 |
/data/data/com.yiwyxb.dk135283/databases/RKStorage
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yiwyxb.dk135283/databases/RKStorage-wal
| MD5 | cfce21bb83541ed25b1444c98300d091 |
| SHA1 | 4619737a89ac723fb9c2a377476110a2c5bc7731 |
| SHA256 | 28045e7904570128bb54169f4751375d0b10319b3dc2f99eed059ef6a5509f86 |
| SHA512 | 8338d8c1600f37d2369c481fd50aa6ed91cff731813e8229438b00d9879065f1a3908744563c599a3f3a8825f96f5d5c64f3539314d0d973ebaa44089a126984 |
/data/data/com.yiwyxb.dk135283/files/umeng_it.cache
| MD5 | 7568bc322ec731a0696935cc66f2c12c |
| SHA1 | d3eab253e40eef6764f7a70e7ca08b2108e76e18 |
| SHA256 | fa461d6eb5417dc3989d743637d4801a16620f887017d5f2063625fbc66add3a |
| SHA512 | 5a8e18edb068f9a3596166db4dd48b405b1bd398e7de2de4a2bc325a07987e13be27eea9baaad5c27bfd7ec2a5ff537c1332302f741e80ad96966d8d18f2772b |
/data/data/com.yiwyxb.dk135283/files/.umeng/exchangeIdentity.json
| MD5 | 697fb0324d1ca0e0530797b4d810eb93 |
| SHA1 | c70b0ecde3ad85a1b9dd8ac363a6cd7c657c874f |
| SHA256 | b8b301081ba21b9f3eb051045c79157b6a8d4f0494757aa1b0fb2887a671ea4c |
| SHA512 | bd1c803f64a54df9f719d48e16dbfd37be8637835b508a1690bb1775eded404a93f2ddb3e7b11672640c149c7f4d589fe22193ae02a192eed80bb44c0c1a2dc8 |
/data/data/com.yiwyxb.dk135283/files/exid.dat
| MD5 | 9e21b2ebde4914b294235bea4a3120fa |
| SHA1 | 9df9d97acbe7ab02a50ed1cf45299f550988dcc5 |
| SHA256 | 9f11c0288b8ffd1ef42e1b0b74a6a7176a772049dd68fcda59fee189bc7fae1d |
| SHA512 | fe91c0db62471a5b4827848a5ca27d75d74b0b1c825ed938efa752a4ce2aba30d68c8bcb03c59a12bea1b240a35708eb9f2f393823ae148c42b63b8591d89d5f |
/data/data/com.yiwyxb.dk135283/databases/ua.db-wal
| MD5 | 8d7751745965ca9b942c34f9ab19c118 |
| SHA1 | b78c92f6c39394fe9f59c66b787ac60c4e3461a6 |
| SHA256 | 99750f87f4bf9528d3fee648a297d46e3eba84895e8d66ace5b8ee7f92acaa21 |
| SHA512 | 08b10e2a5a354d70ff3466bcda56276fe89af35436e581f33fa5139d8d187ef595c4c51de0e6574404241c88af7b5ccccd0fc875193f807b753d32d3578aa145 |
/data/data/com.yiwyxb.dk135283/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db-wal
| MD5 | 9bd14f744c416c2693cfc8ed09b25470 |
| SHA1 | 7cd1bf43ec982705eff6c0d3653a4fa10a44f0c0 |
| SHA256 | afa8cef8bf2ca9ff6d1dda32fcc832effa8065597ea4fdbbb58e88d08d6d2eb2 |
| SHA512 | 5d166514e36e7dc2c6e48399c8fe784ee14a68236d5357d0d60313a946504bc2f9477fd1c76ae6048271ef0685ec5705b011b5b3b28d7f14916cd61862940f53 |
/data/data/com.yiwyxb.dk135283/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.yiwyxb.dk135283/files/.imprint
| MD5 | 29ee3723335e4e0eeabe4e3d81dfad6e |
| SHA1 | 5234ecf9c8e237899d8f9602bf8581f912a11b77 |
| SHA256 | 398a6a1395222876da3b0636e6819b1ef242ad02017b93e3f20faa924bf123fa |
| SHA512 | 9618966d1d7bc0c2a2b517e62595aa563135c5ce47ed49c660730e8833b617b385ee3a39438a5eb23322fb06f6a404924faa32324c4c786d202234ffb2bddc53 |
/data/data/com.yiwyxb.dk135283/files/umeng_it.cache
| MD5 | f430047a1199f2b86a98dd74ce1e1b9a |
| SHA1 | c1ad482a9e2fb695fc283aacb5a9d5a16705048b |
| SHA256 | 97214b6758b0757678bc6b12ea5d6b9f13c3e9729c1697a26e134f231f64eaaa |
| SHA512 | 6f6d45460062d66b9c4ce93ee1a76edfec0bb1db6b616aaf61ebf163d34d41e3527ba346dd9e5ff79f97f68992d30501f4a85c2850c42104eae815f1f722398b |