Malware Analysis Report

2024-09-09 12:54

Sample ID 240614-f3gsqazhkj
Target a824999fa9590acc208288b65df0b345_JaffaCakes118
SHA256 c4818f2ef9109617ad7900f5a2664c47740547f92d9bc6b5474a95d25515311f
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c4818f2ef9109617ad7900f5a2664c47740547f92d9bc6b5474a95d25515311f

Threat Level: Likely malicious

The file a824999fa9590acc208288b65df0b345_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Checks known Qemu pipes.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks known Qemu files.

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Requests cell location

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:23

Reported

2024-06-14 05:27

Platform

android-x86-arm-20240611.1-en

Max time kernel

73s

Max time network

185s

Command Line

com.hkx.youandme

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.hkx.youandme/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip N/A N/A
N/A /data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.hkx.youandme

chmod 755 /data/data/com.hkx.youandme/.jiagu/libjiagu.so

com.hkx.youandme:music_service

com.hkx.youandme:daemon_service

com.hkx.youandme:impush_service

com.hkx.youandme:pushservice

com.hkx.youandme:service

com.hkx.youandme:watch

com.hkx.youandme:remote

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.hkx.youandme/.jiagu/classes.dex --dex-file=/data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.hkx.youandme/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.wohenizaiyiqi.com udp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 nbsdk-baichuan.alicdn.com udp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 ynuf.alipay.com udp
US 47.246.137.13:80 ynuf.alipay.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 adashbc.m.taobao.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 59.82.39.0:80 adashbc.m.taobao.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
US 47.246.137.13:80 ynuf.alipay.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 ofloc.map.baidu.com udp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 111.63.96.122:443 ofloc.map.baidu.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 1.1.1.1:53 daup.map.baidu.com udp
CN 111.63.96.116:443 daup.map.baidu.com tcp
US 47.246.137.13:80 ynuf.alipay.com tcp
CN 59.82.39.0:80 adashbc.m.taobao.com tcp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 47.246.137.13:80 ynuf.alipay.com tcp
CN 111.63.96.122:443 ofloc.map.baidu.com tcp
CN 59.82.39.0:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
GB 142.250.187.227:80 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.178.3:443 tcp
GB 172.217.169.78:443 tcp
BE 64.233.166.188:5228 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 api.wohenizaiyiqi.com udp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 118.190.120.188:80 api.wohenizaiyiqi.com tcp
US 1.1.1.1:53 nbsdk-baichuan.alicdn.com udp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 adashbc.m.taobao.com udp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 ynuf.alipay.com udp
US 47.246.136.190:80 ynuf.alipay.com tcp
US 47.246.136.190:80 ynuf.alipay.com tcp
US 47.246.136.190:80 ynuf.alipay.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:443 loc.map.baidu.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 ofloc.map.baidu.com udp
HK 103.235.46.246:443 loc.map.baidu.com tcp
CN 111.63.96.122:443 ofloc.map.baidu.com tcp
US 1.1.1.1:53 daup.map.baidu.com udp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 111.63.96.116:443 daup.map.baidu.com tcp
US 47.246.136.190:80 ynuf.alipay.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.42:443 mdh-pa.googleapis.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 111.63.96.122:443 ofloc.map.baidu.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 101.226.27.166:80 adashx.m.taobao.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 61.170.76.178:80 adashx.m.taobao.com tcp
CN 59.82.39.254:80 adashbc.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp

Files

/data/data/com.hkx.youandme/.jiagu/libjiagu.so

MD5 422963c3bb78aa20eadc44f5f4fb2ca0
SHA1 af24e02f5444933fb26c96c27b202e7c216e8630
SHA256 59bcced6ed4194308da0b757ee9ed1e487fd397485acfa61b484a4156573d06c
SHA512 ad062ed05465ea41382df4696959ba3ac7565e62a80debea2cce3c6e2d52c38de2ab2295b722a52bf7e671a3bc8b9cd9ca7852b49d4b085285017cf897986573

/data/data/com.hkx.youandme/.jiagu/classes.dex

MD5 7d01676f0b089218c3af9a99e76625fd
SHA1 171172cdc2a2a6244e022e81fcf19ccf8406bbf6
SHA256 516f64ab484bf248c932f7afb127ef85e12ac7687de06f38012bc4fb42bbd744
SHA512 d93b6e1f8141814576d5b78be45040bfef2d31a01da0c3f4af44f5a8b981f25a31372b73ae2e2b9f1179d9c01979c755825c6277b6584c1d019010484c8b6b02

/data/data/com.hkx.youandme/.jiagu/classes.dex!classes2.dex

MD5 c8b142f34554741dc00ca5d2bd19a539
SHA1 2b06efdeaa090bd6bb15c3c40c6c50de2205cd11
SHA256 dae9764021d15af73feff942a29253cdeebf421dd7443d6a1605a23f275475bf
SHA512 8168c38a6e51240c42ae3097bcbde2713f078fc33e62a02a8f4c7b135aa88cc422979561249658cda377db2fd9dc638d16b5d81bd51fb514bf2dcde7a7015bd1

/data/data/com.hkx.youandme/.jiagu/classes.dex!classes3.dex

MD5 f85d64e0c6c50a85a2b4761fd4a7e286
SHA1 763e6f738de45275390db17e5d8d3cdff6a41760
SHA256 6a8e3b72d9a974da39297e326ae21b7cb15a720c0892250e48a3d569f099fb0e
SHA512 850ee44f778cd739b415098f09f6d5218d0fe789b9eca0c28747d6f6744565991809ae56d847edddacc3ad6ec6831c93f10eb0205b995258a7043b2660718698

/data/data/com.hkx.youandme/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.hkx.youandme/files/.jglogs/.jg.ri

MD5 af757be229945be283974841139afbae
SHA1 7effab66dfda5890e9c65b2538fb073a71502670
SHA256 9e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100
SHA512 e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2

/data/data/com.hkx.youandme/files/.jiagu.lock

MD5 4e4400f6a2e4a297a83eae374528ad95
SHA1 27acebb320005108cd8f47ec4c8c94ece28a9aa1
SHA256 eb0e2610dac69d2254698c8a322d66715f69c8e15d9106e61aa1a8dec7a4a613
SHA512 46b7f6851495815f8626a1a8b8f99e6426df0a89aaf20b1aded02c93e57c4bc1cac3610975f9dcabd01819ab01ae05cae66ba2035023742788418444c6c12007

/data/data/com.hkx.youandme/files/.jglogs/.jg.ac

MD5 e620ed16754bfd4ded069178e1ef7173
SHA1 bcb10c44342ac553e3917d2ad9af3a70fa11d309
SHA256 bc2b3a31332b1b03accec1bbd13ebc9c3fbd11096f45934d10da30c7e4f877c9
SHA512 ede3c819dbc75a064a55f0d31b72dbcb25c8418022039e36ef6f8fcd983792679175fc6466ee6ea5afa2c6692a2bf3e88e9c9ae139b507b63631b03f6ed3856d

/data/data/com.hkx.youandme/files/.jglogs/.jg.ic

MD5 8bf0a0f453c4e863b6aa0d0f0e998528
SHA1 8125c4795ba6704877994dceef237785dac96a17
SHA256 fa1952343cd068c261fbffa374f36677b5f5fdb2115bb2a60e457a9d77c25377
SHA512 e50e670ccc36d924aa38a602ef3fd1e953cea35efe642ca9e4c6fecd2a3169d7aa2675efd14cf01fb46f8e58d701b38d4772bd668919e7cf3a0208f5b66b560e

/data/data/com.hkx.youandme/files/.jglogs/.jg.di

MD5 209439122bd1633cc8f49001c1d7fc28
SHA1 27d119643c63e55e65bfbcfa84d3cfc13e4ebae0
SHA256 9edbae57a77c4fe0526ce037f0c3fa1adda52fe9031d669317da94cfea1496f8
SHA512 207b823f045f2d331d264d233f6b438b2a9c4e805441cbeb431b09d9821f608c37ece3af924fa36a08467f31284eda0eafbfe10f5f1981c94cd1e35195f063a6

/storage/emulated/0/360/.iddata

MD5 c5d41ef4ed793c3ae93df3b0e7bbbeb5
SHA1 a74d9a2ef0d1af3636c3fefa3d42f2bb30ece7a6
SHA256 7c2782afc2ff6a55fff596c997ca73e56db31f3be6a1d5cf45c019dceb0016d6
SHA512 46d6788be3a2c3878760370dd2c450eafb3b401a9375ef69df73dfbd3cad8a9f3ca842b81c094e776b60595f50ff79175f167332a6dda45f895b7a12970f131a

/storage/emulated/0/360/.deviceId

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.hkx.youandme/cache/image_manager_disk_cache/journal.tmp

MD5 bfeb00cee79779b0614b5b71bbb34fbb
SHA1 3c00868fdcddc1ea6b2529bd9d2c8dd482fc92ba
SHA256 dcdeca8a991ee6ce6a87f7903e3b7c2191d5fe27d150caaba314b7e44d2a0dc4
SHA512 040ab710f2573f19986d6f6c4a9de67d4467f704cf5dec8d8e7696c2fd80d73ae43175b32d4ac30621b469891a1312a323883a4203131872e411b248e262c110

/data/data/com.hkx.youandme/databases/tray.db-journal

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/data/data/com.hkx.youandme/databases/tray.db

MD5 cc546b682834acfaba97de8e46af414f
SHA1 a9ed6c319d54a47d0051b3c8ee9228dad78c2bde
SHA256 e7def5ef815949c12814ed0ba8c4be1ef80a2d7302a0b9cc904b7d7ae3b446ef
SHA512 0525407452e9c9eb55176428968164b37e26aa33a6205a660a38ddf727ff7d390ac5c0011cee6fda7ea572997677daaccf38acab69cf7913d0500b00c2e22a78

/data/data/com.hkx.youandme/databases/tray.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.hkx.youandme/databases/tray.db-wal

MD5 1f6746d5a96a4132bb61ae1947b3b2f1
SHA1 3adc8254dfdd58f1ad531602792f3f5236894430
SHA256 84b784080b212061f5748b11e84203e083b851f7ae1db36191e0fe678a8a8800
SHA512 894aa68194bb142daeef7f4d5a4da03d6b4a7fea44150c0603bc73939c69c00cd35ae2f6f681f234c02ec4af1543dd4b25f6c3c3733b57a58958adff2b4917ac

/data/data/com.hkx.youandme/files/libcuid.so

MD5 a2c5eea72d66c30ac0fba0c181daf898
SHA1 df78f41eb997b722a3f399d6580b5cab96dbc231
SHA256 e155e5f9e07864c75a760ade8f52189da14b98c28b12a84132fc34344d4f8734
SHA512 87d0e5e29a58278f27b859ee533d347c7d9fc84d2a2dc8958a6e108309492059d5a0d8522f493d3aa6fa17bc66f7682bafb4efb0a516f0b3551d185fd0e7b206

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 3065abff5bf0ccd680af61e5985642b8
SHA1 ccd241abff69bcad3d665aa7cdb19f1d71a5af93
SHA256 a015aed62e5138af8f560522d5c5ae7d7fa5d4e89d380fa32b938abbda2024e2
SHA512 f3264abd47a4966b3112ce260437accb366691494b871ab8ee8442f537c0a6d36a3b9995ff7813871ddfa73d369ad60491bfa706ee739e5efe00d2c0d447ca67

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0225eb0df6f169bbe77c8850e15285ec
SHA1 4df5fe4e9d04770c1509f7dead07cf62e21af1ec
SHA256 45f7f222d88c01b03641e9f604c9b51bbb82792f66dee7f23094301ddf658929
SHA512 c0b5777beb0e2c50b8db3e498598c633585bf4f75048d65bd0efc56833cbacc66bc45bc9258723655374d331b899c845fbc8ea183cce1de3a452573bdfb254be

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1f0c570e3b3be39fa0ad6e995e0b9ac9
SHA1 0c64016e4b44f039f3616fa75709157512b326c8
SHA256 22e37f900c84e77da8528b6a39a7535a5d39bdf9d4174199837a5f0a9dcade7b
SHA512 417933820d113fe237b17adfb485e94235904a97d4cff64dff454253c48770bd5b4262b6113ec352ce6b164e04171e5883cfcab3281051f1dabe54051bd421e8

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 27ff0ff57c7f6b9192ac96a2f706e4fc
SHA1 bfca2430d1518de7f038e242613faf8773cfec51
SHA256 f038825f83875401cacd117b650bfa6afd9e4a71555e36aabb96dd2a66c19325
SHA512 a4013d0bde28ff9d609408e4ba0767f25d567780b001b213bf57ac6170f9cb94656689d733fb8069279c5ab4f3e245e1bb3870652e639792013829bfc0c0d069

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f55b86130322198036f400b9657d78bc
SHA1 b7d3a58245c238de1cfd8efbc166ae482ec2e2af
SHA256 91d3a611c383c00079d8919bcd7b85fed91225e2a4a2a6d6a3aad78919f86286
SHA512 1891253126790fb79cacbde57b5fb2e3ae14d925d3d03cd80f06b4a284ba9ef3f3eb56cec6838df4e320e594bd53adc4cc6d04d3dbb29a950b37b8050df57ddc

/data/data/com.hkx.youandme/cache/image_manager_disk_cache/journal.tmp

MD5 7ebd4fc24d0dede7032a761dcbe21fbc
SHA1 9b779a2f2e0498fc8557ac012cad7e4b3ba56942
SHA256 909b7d807e6d249e934ff41fffbfd22195779a0ecd0afc1afb46038b8f3b0878
SHA512 34a131eeb7e85ead573badf5f2d07e8aa1196b9eb9ee4e547548edebe6fc432b4f0bc5250af70479455a1a47625518a8e6cf057e07f6bfafc9ef45124f126145

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2406fd8f0d91fd433571cfb3a793d6d6
SHA1 66daac8647f4cee9e1f158cd59e514c46c96ba0b
SHA256 d7701019b936e4e92e651230f12bd71a0f0c5dcde467824fa827fc5b5c34ee76
SHA512 2f5d6a482e2957712971e165888c7236a35f8946429d47027cf60a83a27c3be770864f7fe66a6678da6286d5d28893550414db6eb613a609bb07f5d0c7e17c40

/data/data/com.hkx.youandme/app_SGLib/libsgmainso-5.1.96.so.tmp

MD5 1c351e57db3e2ae379eb885aa2769c2a
SHA1 79a797912fd2b55bc6b9aa258a6e14593868c977
SHA256 36da0489ea83fd72df317e7aac75288df73c8918e3e1c2269b552f5ac05fef8a
SHA512 f49f79af7c623647332c8f015ea7c31528b645f263968aafdc5bab19424bc8e1685e60edfd134ceef678b37f6108e220d09d5e19eb20fe6b878dda3383049128

/data/user/0/com.hkx.youandme/app_SGLib/libsgmain_1536939900000.zip

MD5 32f2c8b3462ccd5ef664020833c825d9
SHA1 ed5e47c61cedb3acb97d057efd8ed0d8687086ac
SHA256 8eaca414e6f55a0e85e83ecde780e91e17c7b9b60aaf217d6f4317dd69ce6187
SHA512 328224e4fd88934cdb718d6e3d6ae1f93a5430bf0f73a7379e89516962664e0e282c4cd48dde4039d5ffa8c9841f4f32f417a8a084cebf6c82ff82427da266e9

/data/data/com.hkx.youandme/files/Q0VSVC5SU0EK.txt105e

MD5 9648add204b965b3654410395070eda5
SHA1 ab02c4b1f7a55bd1c466be6badbd299a47482e9d
SHA256 40a307a762d4e89a30a6cff655a877f6aa9067cc81114dd43e79a27af67f4997
SHA512 44e48f7e50426332d89f04e2575f22fa62a01ac00e7ec0b4c29997c60283c00225c0eeeaadafde1495bad7903151ac8ae06eda30bfd41d32f55722672a317a9b

/data/data/com.hkx.youandme/databases/Bqmm.db-journal

MD5 5732f166a582db5503e5f3fe821ca067
SHA1 1f3db0a46c8e7ea647bf3d3dcb04ec9b647a8d3e
SHA256 c2f25d0b8635cf7fb8250ff90e6df31e2e461c1174c90af83ce17586fa9575a8
SHA512 a4c1a71d1151e4ef0c253ea317912d315533e150b8ed25da580cc82e50e0e660f1e169253b21510af769c95e5b073fc17e0eb3099c870c54ffce99a968a0cb94

/data/data/com.hkx.youandme/databases/Bqmm.db-shm

MD5 e4c59fe3e23a7e5b4e53f6e71d18dbe8
SHA1 97d2347e7a9573e736fe8cff48404542831a7791
SHA256 ab43a4f5a1edb28cf60e0a1cfeb09f284102f70556680a5e003e06752c664208
SHA512 ddcf585d3d50a97aa36add0ca75b2ff46455ece2ee49ce7aad0a8a9378be77c75a7d62745b16aafec8bbda108932db15d3baba76452d8d03fdc93f058f7127d0

/data/data/com.hkx.youandme/databases/Bqmm.db-wal

MD5 84821aa9de3cd3b1708eac202f72ddfd
SHA1 eea4b9fcf358841374c46e37368493cd47ef42c2
SHA256 ac4e90f0ccaf0768f82eceb583f194a880125e137b85070eb8249ef4f281ab9c
SHA512 20784f8cfe54058d779e29a8515ab06a89032797fd85e8cca871aa2b76dcf2bf8bc5c3e2e78f9eef77de2aaf8ca6e8fc00e355fd6e39e61071f65fae929ece91

/storage/emulated/0/backups/system/.confd-journal

MD5 d2371426568e79f87084205ee13a2a84
SHA1 de35337f8f4f9f6533e84261932b623449f8fd2c
SHA256 7f7fb0aed2c7819666e84cabea94c4f32aba2476efe9205996c9fdcaafe501f5
SHA512 363dda7bcc058ed5191210ede7150bacf33a2d53385e7807b7f6e70f77df123a9e9e0d8dcbc7c9263bd6f1be0561622910043834f58cf9146496cf8d4a8523e8

/storage/emulated/0/backups/system/.confd

MD5 e5beed9bdf4494de000b944109fa1dbd
SHA1 8e8c4555203f16aef7a9b99e78ce42d9a9203ac0
SHA256 1076eb6d37d26d8ec8efb0ce2b82e7baee170db0f34a572dab047b2cac05f75d
SHA512 e1aa5738032834f3126244e1ba8248c78cc5cc941bed508370855fb7c71d81270f3259f326987afa647ca90e9b56e7022b3876213465bc71ccebaa93758b9f56

/data/data/com.hkx.youandme/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/backups/system/.confd-shm

MD5 6220ab5d767f400a5a71fbab3af48313
SHA1 bf214510461ea979d7e5b1a9f3058e37ee29d268
SHA256 9635cd4fe67f40b9136ed50fa04dfcc6bbae0c76a03f7f3dc833c47c6209f4a1
SHA512 9d66addd98e0f28cd97dfeab77e3203ed4aeb7d8a37291dba3518aff14ea608c5102e51d8ad4e675014641c15df2b98b91bd37c272b105250c349d7aae2010da

/storage/emulated/0/backups/system/.confd-wal

MD5 f87b7a8cdba7e3af26a366f7ad685eef
SHA1 ccbef1ba6e315ec17e3d0f10020978bf7521197e
SHA256 3c2c54b7b34d334050aab8ecd9cba52d8c36b53f338da9d8501aab22e769696e
SHA512 415d7d4855ee3bf2147b47fa44590a652fb03222ab02049a7318d558b0c28e115f1c9811cd987bcf1a3d117b85b8af1b0bfe212d27dbbdc13808ec660b8f04eb

/data/data/com.hkx.youandme/databases/youandme.db

MD5 577dbb8a8f5c42d1153fa3de56eab26a
SHA1 d2fa1969270e5337206bce6c35ea37d91c609748
SHA256 54e1f3fa7c4a5cb47c48003528de72cedc06295c1d598560dc6cae4524327f48
SHA512 49775980bbafa5263e7f0bb03caf0b462264a937ba19db0d0bc61a1fecd0548b2c08312483146aab3c7f90c4a24d8c5497e278185000edc36538a6f98da80b73

/data/data/com.hkx.youandme/databases/youandme.db-shm

MD5 0240fd1604479649d6b1aa321054e231
SHA1 9e30dd4bdaab660a66d8dbeccc47b106173564b4
SHA256 2440c1e36a86bcc966be46850fc4f49c6a8222f6c49b98342763d54a9901950f
SHA512 474a3d62483eab387a29b59d10af466e363ad52c616448cf8b0d864d1d83b1ca43ca7b260f7db5a45b14352af9a6c3c1b3e4f5ae7c61b5b08aeecf03b354504d

/data/data/com.hkx.youandme/databases/youandme.db-wal

MD5 5f06f3e1b738b55538e0655d70df6196
SHA1 f662c092ea9d9a0c34224e9297a1f649adb50e83
SHA256 c2c276e0d1fb7440f61131d95048cc311911948bd7ad447df3d48a8f2e7b2d1c
SHA512 6b35b14573d15a08bf4540035778964fc031a6945073227c34da3a8d5d2289ff80d54375e8fbafde3f4d40e13f968d2e2b2fbb91a118422ab69fef5f02d5f063

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 51e622ba668e60a9614e82b26dd21608
SHA1 0922738e8b21d8022d2dc419860bf3d279ee857c
SHA256 8b1517d3b1deb8bd7cd961e99bc9e385ce47dc895dcc7bf619ca2cbf4d23954a
SHA512 c485192ed63f7ebb3b88d34111367e8bc60d0899d84a0ff15c8ec2db4453c4bd4c55534a8a725f09bece5d44cdc0cb1cd8f89db0ab38cc57dfd2d7e250d1d99a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 1d8d0c82509b019ba6a471be7894d716
SHA1 4f66b2e2b0cf2a06a37199e088452f38cd54491c
SHA256 c79ec51ce2f5794967dd25b3e36397102d972575ec105e1f9246457491ddc7b9
SHA512 cd80dfeefa63c0db41ef3823256580471879eca23486aaf7155c895e59ecf982905ac38a00a9d2c7e65626e132e8959ecd606754efd30572400b0d3906632626

/storage/emulated/0/backups/system/.timestamp

MD5 ab6de24df3146870e32468399ccb9277
SHA1 9ecdcf3f84b75538ef6fe13cf84994ce843d0e47
SHA256 a69002ad7e0c92a9f685dddfe8f1f4d70313fa1653640727511969283241ab45
SHA512 4797d8764303f4aceee9762c1e9f80e32c6e45e7bcd137ef4816d76d44e36a7dca6e8410db39e924c1beb34bf0a30168a70892f05db9989ecd3ad1b0533cca92

/storage/emulated/0/backups/system/.confd-wal

MD5 f5c6c1fc2526480f13c56ca992b2c989
SHA1 3833212882fc74aedaec33a431b52c6f35aaf33d
SHA256 d5fef23a3eeb6945c3f36d5e2ef621b6d26b42520debb2793bae6f8ed7bd3db5
SHA512 48e4898cfb70ed24c6305302da52d5b1ef05870a3bf660c60aa9758a6a6f171a7404cd75371bab85660e8c980f4da16873ab59697f071f8cd456c82740af88cb

/storage/emulated/0/backups/system/.confd

MD5 aadf3681b9ed4fb1e5eaf7ea4f323db1
SHA1 0b99313a1737b043ecfe1b1a85d692c4bac74a67
SHA256 a6fe73f5eee6bc5c1ec6f461e67133cbccd8df39f254dd86b45c8efe807e4ed5
SHA512 47fa87ce2b3742fe9fb3a84ea309e454d5aaaa89e6d4863724d5d7bdd985d53fcdbe36148b9edee6d6647710d9d9da59c66b4c57d0a0b43e8bde9bfe22d3e9b5

/data/data/com.hkx.youandme/files/SGMANAGER_DATA2.tmp

MD5 674e920a50f9511fd3c1ee79f532eb63
SHA1 32c6ec33e69ef7d6429cefbf65e52e0e98651464
SHA256 fdf57b588f8235aa5cc2e94a23717bfb398ad1b48e5f8890c11969301da5ae8b
SHA512 915cc1acfaeb36b51568a0cc4c937c2338d203e3f142200efef50b7f9df05508c07ea719d46f47ee1db5807f8a749abd955dbbb2f8dbb7eed1c9ace8ba2c4ebd

/data/data/com.hkx.youandme/databases/ut.db-wal

MD5 10760142380b34e358c396ca8d606a91
SHA1 b8d7f379c3e25bef6f24636fcb243d3baf2cbe46
SHA256 8a25b66e15f4054d677ad667d8eeb4db31ad09188884ae20cff78bfcafdd042b
SHA512 72105e76a0b2252434453074a966bb0f2ba849399bd9b3093004f3af47663003af614ec87ee3dd6d12cce0de9816bc1504a9859ced15c389c18601c36d66f9c5

/data/user/0/com.hkx.youandme/app_SGLib/libsgsecuritybody_1536939900000.zip

MD5 f59597732a9069b73e16c027faf78d05
SHA1 e3558f4e5041a6c6d4372001bed847f2ef77958c
SHA256 9e416ffbeda9461f3efca490dfaaee955f68fbc1f3e455f2394bf4c4310b83d6
SHA512 7a8dae723cf5fff494cb2fc16a75bf347732ee3da99f1cbda99d8c6d26a47e4a7526c5340fa33bf9ee98463a84c1fe276a3683ca8e7bfbc50206e589a82aa6d2

/data/data/com.hkx.youandme/databases/ut.db-shm

MD5 974065fd8510d4018a6e14f291bd38ad
SHA1 cc1c0602ff23407f1fc2fcf9ceccde9254286d01
SHA256 fa89a28261a0ff1ae0acf6944875a7b78edfa1c715561c1d039d1711af4d0ec2
SHA512 b0bedc42cbd334780d8b08f47c40fdc99f9259e73b0cacf2e359e019f20e1a722e80df4b53ee2fd2dd319364683e8933ebac68934965cafc20e935fa2be9173a

/data/data/com.hkx.youandme/cache/image_manager_disk_cache/journal.tmp

MD5 f367fa8e144a23108784a47d6d20751b
SHA1 c76f2a9c289c90c6d54707562b6fd0d3adfe48c8
SHA256 5550437fc8d8e0e2704b40d71e62bb371a833b9a96c65b316fc0755539109db3
SHA512 095431dc5a74f37027eac9bd7208b58244055e22311015f2c7e77dafb086c8f6a964a561b478f05caf90e7eac532323d48c2caecec0d64dcf5e0927cbc305243

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1f95973bd74a864842c9018cbc510dba
SHA1 131a96c2d2ccebcc2d26ed3430d11a477aed6cc9
SHA256 5540cf8e30ac680bce833f62a85beea92a4097e2e44661f0f2d98528139e04b7
SHA512 8c49ec9e6b16abbaebe977998e876f4208ad31ff57e9bd4dfdb70e4fe0b3e5e0d6c3f110cb15838f58233bbf09423c1b3e8490f64b233187bf8c543ee68d47a2

/data/data/com.hkx.youandme/databases/ut.db-wal

MD5 b197c8400b970924b0758270dad52765
SHA1 dcfa71de0101d356047b1b7dbcc635eab152c27e
SHA256 5733d6b1f931879c852e785659f6515a24c384a6c56d013768da1d4f712e95a6
SHA512 f740d40c17eb15275a9a8a9a7dd1000cfc1016a38a5076693ead96b97e63c49c09133814f09925281a4a22ac36c08dc3226fd0c38047ebf477a381ecaab44b8e

/data/data/com.hkx.youandme/databases/ut.db

MD5 d5188cd1001b2622d7856c5b5fd7dbbd
SHA1 6527f7a0f67b19fa27284b6565ee1fa45acf3ebe
SHA256 c74b025f8b99e686acea9579e93fa44a6433491c49d31564879642fda569efc7
SHA512 e6ef3b3609ddcea140845333dd8b74e1a085a8342f42b7c0c5c8c02169871090d34a77d3250c8a0fb7064e140e0e47ec5a798a61c5e9328e633945924626a8f6

/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

MD5 8b36a4dd7712d0e08df439a25a718f49
SHA1 83675d9a193546a7a8668f2e15eafe240f84f32d
SHA256 97a5c28f46481a0db9a1bf4a8bfb082a6a98399e2b7123962a81257d4d7fdc57
SHA512 de00f4aa62af8b68bef4b442eddd30e11834ae3668444636a9bbf9eaca2f2c5e7b2e027d4cf6d6b8d78c0b5a46838ff1b35f1c09f4ec4c473b74772fed911ac6

/data/data/com.hkx.youandme/databases/ut.db

MD5 0791d01d004b021f857318da5e71011b
SHA1 c5c03dd90baa1d9793e583b253607d6f768ed0d9
SHA256 5ec4709915b69c60643fcf6eeb3d64df6db3dab11a8ab77875bd4fa88e39bcdc
SHA512 e9d56749b37c7d671778265c16e80845e0c0144dc114a01667d0943ff8a6851c8ec3999ec73dae6f83991e6e959e35d374aa9c48c7a1c95e91f884f97f449d6b

/data/data/com.hkx.youandme/files/ofld/ofl_statistics.db-wal

MD5 1cbaebfc84d001ffab16eea7acb9490c
SHA1 7c1ee312c8fcc3bc6fa1c8d0af541af347094f36
SHA256 3bc3acd278c56c29ed2cf800e973cb2d425227f8a48beb5fcdd7175e25122f44
SHA512 7317d2fcdfb2f51778b8bf243f6719f269831546adbe7b239744599e6fc5ad8f6e0403b52668a6e60ca325f5955042042ec175a467d15892f385d9875430373f

/data/data/com.hkx.youandme/.jiagu/.jgck

MD5 6ce5b3cabd05097f57b6472bd4488073
SHA1 581a12b7aeda948360f42276c8676bab69678c6d
SHA256 fa70cda6f7fcf191aa3b1fe18fdf1386c2d361d851ea0f1d309bdcbf31dac7ca
SHA512 481632ec15a51154542642603f3f8043cf131e65274988209e67124731c7bab6d7012ade296675c22adcda5ecc503edc739c10c2aa47b44c23409537d0ca2bfa

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 435a64918afc2e1c0b913e47fe0ea37a
SHA1 3bb95dc3ac7fa6ab4f91ddb79f4fa8ca28c9dcfa
SHA256 c0da698cee447793788955e8fce44981ae16d83f15304eebe253aaa580c952db
SHA512 b5fecbc7e070e0a58774013e01f156d7ce8ec758486d87a3b97770c16cf2fca2411fe22e446de1de136bedcbe15087f38634fdd73385c58512f3eea232b2f121

/data/data/com.hkx.youandme/databases/ut.db

MD5 29809b53f677f9b2b324db76f20619ba
SHA1 106fdc460144f061f730af2512d12e1947e2f3f7
SHA256 de134f945bc2ff2c594b3371db748d49a8fbc5d14cc05b51bd42baf5524cd537
SHA512 3f203462d5d31fe16e3e12e25c95664c998f06101f103e449a385e8b16e922f2154447a30310ee5238d90bc39cd81242b63cfccbf8a22d32f4b795cf95498c2d

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 12fbd28e571beaf087f48f465767cd2b
SHA1 c52e0000f850b349b99eadee2db41ae61f961a00
SHA256 8ab90f64a3fab5021ad1692cb5ffb187e47e43dd00680eaefaf8a98aa2712b97
SHA512 043b4a7973113f9ec4f391a8d38d58efed8da4b90946f0a02230d6aa4000a00c1e29a0d27cd3d9233e69e85905b39abfb3e70f2834afdd3f6f355db742e0951f

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/data/data/com.hkx.youandme/files/lldt/hst.db-wal

MD5 a694a17bd2776491f5909364f83569c9
SHA1 08719ee6586046a06c4d99ef4aa07ef1b56fb9c1
SHA256 a7b9b5548bc353fe8e3a6ad896134e60c7e90b03d9867a1adb04c6ccf17cc603
SHA512 e30a36f53ad07920ed180ce2ee54494e806b525360abbc072d5ae9ddb804cd79f2c9586083c7288683739629c0163d967d4d5d0477e6da2ab99d6d848b0faebe

/data/data/com.hkx.youandme/files/lldt/gal.db-wal

MD5 a7243cafb57219ca1a5e383c6504b85f
SHA1 b3906d22fcc0e4a22abe20dbc88405ed08a0325c
SHA256 a3e440560c674a5214cd93d442bdfeae91c842c4a95cb8145ce983fdd154efbb
SHA512 3e80e8ac9326478d29f716e59ff9bc1e068ce878a64c2f0695825e0a4e490e982b8754a773b7724ab1b909120781c8d66bdd6faca8f90ef3667616234532bd21

/storage/emulated/0/baidu/tempdata/yoh.dat

MD5 441018525208457705bf09a8ee3c1093
SHA1 6768033e216468247bd031a0a2d9876d79818f8f
SHA256 de47c9b27eb8d300dbb5f2c353e632c393262cf06340c4fa7f1b40c4cbd36f90
SHA512 d296b892b3a7964bd0cc882fc7c0be948b6bbd8eb1eff8c13942fcaabf1f38772dd56ba4d8ecd0b626ff5cef1cd045a1b0a76910396f3c7430b215a85950e9c3

/data/data/com.hkx.youandme/files/lldt/grtcfrsa.dat

MD5 7c366ea8f849e91e3f0f3093867b5c33
SHA1 88bb005e5643134f8719895233047017afe39800
SHA256 d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9
SHA512 4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

/data/data/com.hkx.youandme/files/lldt/grtcfrsa.dat

MD5 6d613136def26031e18f3f404299bb7e
SHA1 14a7a4a3309b932512dad59dbdb35503845e60c0
SHA256 58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18
SHA512 89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

/data/data/com.hkx.youandme/files/lldt/firll.dat

MD5 fcae67f505f63a3006b46dc29dc81207
SHA1 5db3d420647fbb53163989b2ce95888ad09ff02f
SHA256 5c7f971df97aca27ddeaf6720b383875f694c5d9f77b1e2f0f06549c4a8a3ac8
SHA512 8b4cf6e419666f2a50e2e90e682f01ea3e8dc7d9ccda91b79ac809b4cbc6e061118f28b3e22c1d90a04519854b1472c6c403457cae5c2ec9d4f76f592c57cd6c

/data/data/com.hkx.youandme/files/lldt/firll.dat

MD5 e63953c4aec5de99b3f559437249278b
SHA1 8ac1e8f5822661ff649b4c1ec06b3aec22077f61
SHA256 5dbe363b7e5129dad8550b518737306bb1a68aa0934a2262b404830461b22356
SHA512 bb22a2b6ee466e22998e235481cb463ff81ddc586e343f4cd1c2e1bc50c78e4e405a01d16806abb0d0493ed94d4ff5c957073fc4e1a984b7c01a2cbf13d33df5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:23

Reported

2024-06-14 05:27

Platform

android-x64-20240611.1-en

Max time kernel

10s

Max time network

138s

Command Line

com.hkx.youandme

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.hkx.youandme/[email protected] N/A N/A
N/A /data/user/0/com.hkx.youandme/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.hkx.youandme/[email protected]!classes3.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.hkx.youandme

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp

Files

/data/data/com.hkx.youandme/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.hkx.youandme/.jiagu/classes.dex

MD5 422963c3bb78aa20eadc44f5f4fb2ca0
SHA1 af24e02f5444933fb26c96c27b202e7c216e8630
SHA256 59bcced6ed4194308da0b757ee9ed1e487fd397485acfa61b484a4156573d06c
SHA512 ad062ed05465ea41382df4696959ba3ac7565e62a80debea2cce3c6e2d52c38de2ab2295b722a52bf7e671a3bc8b9cd9ca7852b49d4b085285017cf897986573

/data/user/0/com.hkx.youandme/[email protected]

MD5 7d01676f0b089218c3af9a99e76625fd
SHA1 171172cdc2a2a6244e022e81fcf19ccf8406bbf6
SHA256 516f64ab484bf248c932f7afb127ef85e12ac7687de06f38012bc4fb42bbd744
SHA512 d93b6e1f8141814576d5b78be45040bfef2d31a01da0c3f4af44f5a8b981f25a31372b73ae2e2b9f1179d9c01979c755825c6277b6584c1d019010484c8b6b02

/data/user/0/com.hkx.youandme/[email protected]!classes2.dex

MD5 c8b142f34554741dc00ca5d2bd19a539
SHA1 2b06efdeaa090bd6bb15c3c40c6c50de2205cd11
SHA256 dae9764021d15af73feff942a29253cdeebf421dd7443d6a1605a23f275475bf
SHA512 8168c38a6e51240c42ae3097bcbde2713f078fc33e62a02a8f4c7b135aa88cc422979561249658cda377db2fd9dc638d16b5d81bd51fb514bf2dcde7a7015bd1

/data/user/0/com.hkx.youandme/[email protected]!classes3.dex

MD5 f85d64e0c6c50a85a2b4761fd4a7e286
SHA1 763e6f738de45275390db17e5d8d3cdff6a41760
SHA256 6a8e3b72d9a974da39297e326ae21b7cb15a720c0892250e48a3d569f099fb0e
SHA512 850ee44f778cd739b415098f09f6d5218d0fe789b9eca0c28747d6f6744565991809ae56d847edddacc3ad6ec6831c93f10eb0205b995258a7043b2660718698

/data/data/com.hkx.youandme/files/.jglogs/.jg.ri

MD5 790ddfc4df4ca2331cca1bcfb591d619
SHA1 68066c007805d68b5f2375f1bd98e93a54325f98
SHA256 c09fe4ff822016957c98966936cd6ef4db952b473c951b447020fa372ce00d4c
SHA512 0ee248a3d13b812db28e7f6c211e4d230a3dba4fdd1b24f563ee00eeef0812bb97f346753db086431840e33b2cf51a5a181cc23616a3b1f050abfa8218250905

/data/data/com.hkx.youandme/files/.jiagu.lock

MD5 f102346ef60f8ff71d501a7a4d94f4f6
SHA1 afa8995d337a5bbf9c1f36d6d8428dbb495ea98e
SHA256 d7037581ea9dc70399fe05b61c76a452e7a2b6767d9e7440124ad5d0c49385ef
SHA512 a74ad4a3a1ad483723c5ada624d38b3822595f23fd1c1af10d662905d69362ead5b0fc3a7328f3e7cf5888be2a51109b0c3b92dd808c5916cfcbbd289015784f

/data/data/com.hkx.youandme/files/.jglogs/.jg.di

MD5 f415011bc8d34bef6a60ec96cf0c84b5
SHA1 3da687fcb0af6489a2b31b4d6c2ac2853572cb4c
SHA256 931acef558d4b5be14272409382838d8d452cfdeb10f6abf98cccac14123555a
SHA512 2ab1f518c79fa70679fe017f1176fc8655c344c0114c4137b52db3d289995505451bd1ba525b84ef4fcb0d64547f1f5e907a1995194a9d3592ba962bc0cc0c96

/storage/emulated/0/360/.iddata

MD5 38c9ee21d7cc7488f488cc4c987613f3
SHA1 729430418cd165aaa210968235a3e27cbd6359b0
SHA256 2daf0bfda23151dab274cd1c15c8ab3367fb0b250d73286f7d523b2f6e500926
SHA512 d04f598447a89b0bf379259669c954fd321a184818b3f5e0d632c72cc58d3a36d8b27886ecb3dd80b8318b0b2cde55a16c6581b1ead4f1bc0c327cda72beaeef

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399