Malware Analysis Report

2024-09-09 17:39

Sample ID 240614-e9jefsyhnr
Target a806c4e2d434c29a9fb81f909c7da6c4_JaffaCakes118
SHA256 f625d8b979df52b5b915bda31316a5af44120a5498cb82a3fb5c7fbaf34069db
Tags
discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f625d8b979df52b5b915bda31316a5af44120a5498cb82a3fb5c7fbaf34069db

Threat Level: Shows suspicious behavior

The file a806c4e2d434c29a9fb81f909c7da6c4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence

Queries information about running processes on the device

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:38

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

android-x86-arm-20240611.1-en

Max time kernel

136s

Max time network

158s

Command Line

com.ms.chebixia.shop

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ms.chebixia.shop

com.ms.chebixia.shop:ipc

io.rong.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api2.chebixia.com udp
CN 115.28.244.177:80 api2.chebixia.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.102.120:80 nav.cn.ronghub.com tcp
GB 8.208.102.120:80 nav.cn.ronghub.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
US 1.1.1.1:53 au.umeng.com udp
US 1.1.1.1:53 au.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp

Files

/storage/emulated/0/Android/data/com.ms.chebixia.shop/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.ms.chebixia.shop/cache/kit/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/data/com.ms.chebixia.shop/databases/rong_version-journal

MD5 c797d8dc4f334fbb65936f632b19ba42
SHA1 aa4333e0fe4329a538ff2f22cbfeebb58203effd
SHA256 885296692b8c0a7deb3cc9eaecd34ee88108d17e9aac9840325289a58aa502d0
SHA512 cba40993925b422443cd7cc0701eace6f370c3536171658af30b2efdcb72f15e5efd6cf29479ab087100aaf7d6463e119ecd0c43cb67e1f39ce8cef97d3ff653

/data/data/com.ms.chebixia.shop/databases/rong_version

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ms.chebixia.shop/databases/rong_version-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ms.chebixia.shop/databases/rong_version-wal

MD5 2435a55ea5335bbcb0351182cb80b58e
SHA1 433cc1694e921fa8d050c4b04ada73029492baf3
SHA256 826dbd960b43f2ed7c7b3632ba1cc88bf6c4682359ad25d5e5e6dde3e05192ee
SHA512 61d342b0054e2678379c6f1b72fcde98242e3f7f2ad08cc0052305156577b881e251b8fafb0790a9f08d2dbe22a83625d0e84bcca16f49efa5c2fefdd6e0e129

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b1583d7ede2c5936b3290a195da36471
SHA1 2ab210ec4afd5febcdf83e49861db1e411c6e4af
SHA256 c5f4c577faece1a05e7714f78337994654d57badfe9a09e211845ebe037c05a5
SHA512 1ec7b5268b9f43eee175524b7fa4312acfc784f1bef83748e0a04d484e7c02c63ba74ceb112af1ab6a48d4543c3f3627e52befd693ed737d40ec6342bb14f77a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 199cebbd1f1d531c1de3f686be14c697
SHA1 ecdb3f44c79669e7688013cc852f59b2bfc69980
SHA256 45da9342f949a6e805deeb4a6f4db678cc55184927ecb1bf3a37f4421d7ec836
SHA512 c228bd1e3207603709b6c6e45f143a046184d76d71d511e994cc353ed0cf7aa54901f0b280e7eff18d2c5e300f898ed186eee137cd7ca186508dbd7f00b1c825

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 fb78dc2501cbb2f3233c43b45585a583
SHA1 1464919dcbe832441d91e392f6f00fd406a5b177
SHA256 eec67abfd2d70d0fa131ec4b8b5d277b527b7e6a1bc961210fac94b0ea66136e
SHA512 1bb6b8f0ea47441d1524b29013852ad52c801c326c373d02e90ef5a64d574bd334f15ee5202a5fdef8d0c6bd7614bd47c305d4549f3a72d1f31b6bac81ce45c3

/data/data/com.ms.chebixia.shop/databases/rong_version-wal

MD5 69be62eb763d9c89a47804c89fa10955
SHA1 24b09467f8537346690eeb5c2a71d345603b7db8
SHA256 14dce110cbd3b82d46fbaff6626720d2a9be8aba9098fbcf8c2361bfa669e67e
SHA512 d871dd7d3b52a1732f61c161f5cd22c70a48c88f2defb290d20f91881cf6194ae05ca915d9076b83bbe43f49ab3379e8c1f3c2a9ebee22df0de04950890a7f9f

/data/data/com.ms.chebixia.shop/files/umeng_it.cache

MD5 7a668e1e24b2998e33163fdddebfd10c
SHA1 28e8e99fd7be9f1dc3df85619e3bccdf83145c40
SHA256 b372a0a32c518639c929b3270b0cee8ce2eb7ed19ba93e53f966cd75c1fdac5f
SHA512 d3b89b8f931aa8f99c877532196b6b49b5ec046903f30f023882bf12d38c601a22f9f99ef587faa0680b2eedb320cb0e2f55c7ccade17dc6bb99b7ce815c6a5f

/data/data/com.ms.chebixia.shop/files/.um/um_cache_1718339995058.env

MD5 5762e7654d3e404836676aa761a2d396
SHA1 77301e421d239991df82e1299032d07b38a49192
SHA256 cbae05ee4e8a77f690da9c0aaf7612b52f43a8243eae2704018105b15b995c7f
SHA512 013fb3698b7121409a7a97a5fd071762e7cfad9803828114cc6308af9102378db15d1af494eaaddf83b2fa52f13325c58712d4f2eebc3b351eb9a3d72bf32045

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

android-x64-arm64-20240611.1-en

Max time kernel

161s

Max time network

171s

Command Line

com.ms.chebixia.shop

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ms.chebixia.shop

com.ms.chebixia.shop:ipc

io.rong.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api2.chebixia.com udp
CN 115.28.244.177:80 api2.chebixia.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 nav.cn.ronghub.com udp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
GB 8.208.8.123:80 nav.cn.ronghub.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 au.umeng.com udp
US 1.1.1.1:53 au.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
GB 216.58.201.110:443 tcp
GB 216.58.212.194:443 tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp

Files

/data/user/0/com.ms.chebixia.shop/cache/uil-images/journal.tmp

MD5 0d350e5298ed4da85adac1e05da80d48
SHA1 1f023b24942bac08e89ee7cf3d48917b73ce7ff2
SHA256 35a6f2264a89f19f5d02443f1f1a7bdf71d2a787582d39ad7bafe2e0e5c190d4
SHA512 0b7144e5d7003a6f1a8393d4751328a62d228e13a06a478ca68f533215a131598decee4c47ed989a94840d8b3274472e8402b0822dfc4ed5db547c2d099e4881

/storage/emulated/0/Android/data/com.ms.chebixia.shop/cache/kit/journal.tmp (deleted)

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/data/user/0/com.ms.chebixia.shop/databases/rong_version-journal

MD5 95680ed5d8701d92da75a46a77c07a8f
SHA1 e5b69b5038bd469c6f1708a7dc8f9bda9b905d99
SHA256 665e1dddaa33c435d257bef469bbe3bbbba82190a0c9198294da7e5a1e906428
SHA512 1d5b4f18da8d19b456a5b3a1f0b0df8a1522e411e65f31037813ea739c94024b29bf70b492652e7e5aaaf167698ce82df0fcada75891c89189025ff4a699d6d5

/data/user/0/com.ms.chebixia.shop/databases/rong_version

MD5 0a3e9683a5aad1598ce00e11d99f70fd
SHA1 0d7735ad6ae5086cfae17f979af6dcd5b010dd74
SHA256 b8e5749456711bb6d3a317dbaa1a3d0357a439402d90baa825be83a6d2948112
SHA512 0cb03d3523738f361171f50beb4d5e376ad247b670bbda3b2cdde1226d41b672e42cb2e9577bbd11d1ad648867e05bff098f78717b8f5e51bc871c54bcc736e8

/data/user/0/com.ms.chebixia.shop/databases/rong_version-journal

MD5 ac9a0fa65dfc5e9ba8d927c33b3dd42c
SHA1 e19cddda4d77f150145c2fd13201178e6eb00747
SHA256 b931724858222dcbce4c04296f13737ec746286cdad50c0c0bc2f36679eb871b
SHA512 65ad730a6f4bfb1a35b0396763284b4a412312e27f59c6b08e23420c8aa024a29cf03155728ffd4c4b9f5d94127cf93d45fe7410d3bd83057e40631ca4a03b95

/data/user/0/com.ms.chebixia.shop/databases/rong_version-journal

MD5 d2f3a626e1f66845e26e1c16bc680e77
SHA1 7dd169dd546e8e00af0cc5f4322acdd56eb690b7
SHA256 18e6cf066b1c08c8e858716702f0609dd637c97b3a64286405fe814e935b697f
SHA512 87d82b8894a787fc809c9c99c3b62b466b8ea7157297bbdb8daff0feb0b978ddef0e7dd9060de9de4a2ce59b99276721caab5e73a77746d4381c314bcb18cfbb

/data/user/0/com.ms.chebixia.shop/databases/rong_version-journal

MD5 63019116a53429d1bf0e4b91ead0c4c6
SHA1 34cbf0414e8454b3bd33ce30eccd2a233360c19c
SHA256 188b604fd68fc7a5577d70cd0af9ed13d9e154f3fbeb8143db82f3a28e301130
SHA512 047877acf283f5180db95fb1603b82bffd04541dc82c4e519be1637e5c329c848c3147c591f5f721bbe824e232d66f3262b9f0b05dec6376456b56d308848ce1

/storage/emulated/0/Android/data/com.ms.chebixia.shop/cache/uil-images/journal.tmp (deleted)

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2c42bf96ae590e482d3b035af014b75d
SHA1 b53a3207a29c962f141deefff8dd6b19bfa78232
SHA256 6e3aa4c9cb390b299a4ea91ec17638bf2e2db5722ce83474161bf452aff5ef66
SHA512 313fde29a92edcf84a277313e86a8768f82635fd9631887ea718bf10a2795a2403fce29f6c481562548e9020b41670bddfb417112aaf0d3ac791dfe327c8d013

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 08827831fc7c14f71fde48d5cf152d6d
SHA1 60eb66383244e4a4626273b01901ca5242451782
SHA256 3c5a4600fafc58f1cda4b394211334a50194a2c7d5cab8691b6b91d21b8b8ef3
SHA512 9c3425f76f54dfd469699be1036aef30e0139f0e1862a17874d1911c035e2fc2672da6780b6f74140f3c849832deb2d916e4a2fc779c4116f729cf6ecf2e65b5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 046efc91bcc0faf66940fb10d8621354
SHA1 f32fc4f41d9982a2c2d252a15a8379fdbcc469a8
SHA256 ecbf961ce312ee8756bb84a6de14cb10f3a5814069e333b5424610be1af769d9
SHA512 3517d1362886471b3a06d42a53027affb0199ed961f9abc6c00e7e639b070defff324948cf98ee91186f1ce2e7d4e6fe5ed9286f8e37705eb4238db1b7dacb5e

/data/user/0/com.ms.chebixia.shop/databases/rong_version

MD5 d1e1e9e0dc7cc773ae2e325725dbcb1f
SHA1 ad0c4a7dadcecb72762b43e3165702c74307b668
SHA256 c8c4a79f48fb9f6f8ccc984621d25b485e5b95578628566f6aafdeb9d0367b68
SHA512 47d21f2f0d72d2df5f84110e7570c408990671b7a59b64ec28dbe94c8e19d27a81da40eabe47d4bffcd634dddbbb0a4e714f7a15f8ffb09c2dbaada83403a499

/data/user/0/com.ms.chebixia.shop/files/umeng_it.cache

MD5 1bf5bedc7b70aefd24ef76d75ba4c640
SHA1 e808343f08b8af26e0790a1a5298b835bef9be01
SHA256 7246d2e1c670835811ebf614e327ee3b328380d3c2f3b457c760d91a1d97db39
SHA512 56389a73f1d977eb4acd8557f730d4fc86fa80d2f941946a18bc294291d4957fc2b324953e9556dcbec3b1f91b5a8a89d8d6222a94f0d2757ca51769c7e36058

/data/user/0/com.ms.chebixia.shop/files/.imprint

MD5 9831188b3cbfa927580e9b49228f25a6
SHA1 c267f276e6b728d61109244d4e885b621440420e
SHA256 cf0f71daa219b0d6b10eb79c6a976ed6e39c02bc562284cc6cab67caca3ebc5b
SHA512 2cb9841f016d84b004d55e066d568ee94a5bb10845a5a8866b3605fd1cd5b7969f07200424b102bd417615421c85b402bf69937e1ca9dde576ef4ef662f1a84d

/data/user/0/com.ms.chebixia.shop/files/umeng_it.cache

MD5 85f8be5c248178c973c1262a0aca4e3e
SHA1 9cb558f1b5d66db0f8452c24a85b69d476cdac90
SHA256 871f5a7e2954dc3e4bda6a623f5275dbfe03806f6ce6f312bc2031e6798b825a
SHA512 2de52eea2218fae764843836635d9dbfdc81f060a62947367dc1608912e22bdbf6549f6fe1687ef655ebd57c61066ea99cf1bd425d04061e5bca19341e950754

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

149s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

133s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A