Malware Analysis Report

2024-09-09 12:54

Sample ID 240614-fectvsvhmd
Target a80b506186c0d1907ed63626db476d6d_JaffaCakes118
SHA256 128bb81916971f2e6b8c66d881a250b582a81bfcea24321ade55f928cdf65fca
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

128bb81916971f2e6b8c66d881a250b582a81bfcea24321ade55f928cdf65fca

Threat Level: Likely malicious

The file a80b506186c0d1907ed63626db476d6d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares services with permission to bind to the system

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:46

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:46

Reported

2024-06-14 04:50

Platform

android-x86-arm-20240611.1-en

Max time kernel

26s

Max time network

131s

Command Line

com.wanyue.quvideo

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wanyue.quvideo/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wanyue.quvideo/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wanyue.quvideo

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 video.wyuetec.com udp
CN 121.12.124.204:443 video.wyuetec.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 203.107.1.100:443 tcp
CN 121.12.124.204:443 video.wyuetec.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/com.wanyue.quvideo/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.wanyue.quvideo/.jiagu/classes.dex

MD5 fe162e97cefd49c1a21b6e2e7d36a3b7
SHA1 c41dca7d62ae5267546c0634df136b5d6357925b
SHA256 7cf644d6a643c637f61455b2ba27f38087fce57e190aedf2ca5cb0eb18c27371
SHA512 eddad1d8a9d486010538d1d531047ade183934fcca229d7a18d0298336faa3364934064e7b593b134ceb204d89465e4d69de89f679c27d7cf31ccb5153ef4493

/data/data/com.wanyue.quvideo/.jiagu/classes.dex!classes2.dex

MD5 3e05d3e26c75c97c85ff30e4e87567df
SHA1 6eea5f528755bb667e4f256a7b9393c8b730d4dc
SHA256 0495c351fb246394985eb278c25cabe5d8bfd990251844059ebea8faf16afd3f
SHA512 b102258f9162a8bcf4bbbe9a4aa3ac740d42d5e52d35562f4e49eba4d4b892aea1b9646956a5567bf692b9ff655413b748429c4f49f233bf593c115c08ebbc00

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ri

MD5 8a33d753bc29aff766cede06ac8f7560
SHA1 cc4f4f320ef7211e881c9fc633e25a6d3e383d87
SHA256 3dfe11fa800d25416abd80ff5e18bab33479d5e800dd4f1dab5f715f790756ac
SHA512 47ef6db0be1161c1beee440e861c1e55c168dea0dbda4c6a487b3d16788c7de9fd34a194dc694487c767644021320994691e0021a102b3b9321883af9d07d2ed

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ri

MD5 9a713063384d505105ab354c6818d783
SHA1 32a2bc6b1e64a59ec3dd91c5972ddecae9a093c6
SHA256 7c8313754a26e49e07ed1dd1815929ed0ee2e5b668e2ae27b9031b26c4e81be0
SHA512 73935f657870a4a1b1b1a9f7d59183097de232bf1a68114c60e049fe459a6342b87b5a87c5d1a71cebea557cc6e9b934c27f30a087ace676ad61ca72eddbbf8e

/data/data/com.wanyue.quvideo/files/.jiagu.lock

MD5 97c16da9a47bf3455195623fc066f038
SHA1 5c5f7799f62e3f7f08b3521d62dbb9ffb1c17b75
SHA256 6be75c4d7260ca069f8189bdc14165be95528dd904089dbe9976d9ca07ed4b03
SHA512 f120a80d0fe99716ffd5dae61c92829c9cda7ffdbe7d86d4dcf8faa95d28c2cc1e87fcaad99f09680a7d1910ea58c3632229436e41347d826c489264da7d43bb

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.rd

MD5 b4c5cabfa749271ea90b840032904732
SHA1 12f7578a14281ad67d561419bf12aff17c76b44a
SHA256 405bba3d3e89d0a68073ea7de7bff757adac3eeafefdd253c199ad357fb66d8a
SHA512 b6f969505daa38f9ed72c810d84a14d8e2a3d8c8a88fa3d5e7cafac264457577bba1ec8b836d9b0db6fa828923b1d6c219333713f6cdf3eedf575fc888ca581b

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.store.report_cf

MD5 b2b5152417a7ecb5dfe8bf2f877e502e
SHA1 d85f7cebc615c5c6232511a30d9fcadb15f95276
SHA256 368388e582990c0c0262f022e4663abf7b11e99ec50f021d562b0782a49df670
SHA512 4aaf6155bc57544561834f3f3b0ebb874e0795ce8cde104cb4cd492d45ddaafd96b9ad14da38fa0f1a30122deaf472c4560c8322e6be5dd8848e667912d30458

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.store.report_pid

MD5 f8b8492bc6d9ceb5244cdb9b618c60f8
SHA1 849911aad88efb57a304b2e734d39f46f20495c8
SHA256 a5701776dc913a50d526b7be4c6c503fd4094bb1ba922a165d8cf71cb6d27af8
SHA512 894091b6bdbd5868ba4b112aad026640748b50ae68f3c40e0264d23e61fc9a1fd6e5f81a181a142e91641193ee99460d185220b1d320c0fc4da5f0fc7400ae66

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ri

MD5 ca1ce83a6051422fa6a95d0f0487fab0
SHA1 a2d4624bbe5a141e5e2669994a569cab8b885c9f
SHA256 2b7ea366e9b020c26403a1b1cc4c6b30e15282d2a8615b149eee899758b3edd8
SHA512 10faad6fa572881d452f8f774dea4f42afa18703636705f7fc68d40ac0fbc84c5170e3fbbaef724a903d836966af8192ebad7c766aec70a0c326e24d0067cc96

/data/data/com.wanyue.quvideo/databases/MessageStore.db-journal

MD5 869c7ca131d71e1d5c3d1b5c8a824f00
SHA1 34a5cb2f3a5d3029f22c05df3909a7c5b0f4427b
SHA256 df960dafcc9a338f293a10459b064710cf2a180271b7e1cf7bd17dbf8aae8df9
SHA512 33247dd1b06989597156d93247f759aec1be5e26b6e5e686e0ad45524a7485c8d930a41f86270d1721205d0ca712cee32b6d69ef4299f6a497e29d3b2f6a8e8b

/data/data/com.wanyue.quvideo/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wanyue.quvideo/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wanyue.quvideo/databases/MessageStore.db-wal

MD5 13202043f7a87ff1d94b0322fd7313cd
SHA1 2a0f4a8dae29e4862b49710a123d7e390843a4df
SHA256 b98d466caa1d1589069a03e0ca5bad8eec0b566c6a3e3b8ed477a62926b78f83
SHA512 e29bb92d9ef91dc4c3b130e5ab5cc6e11d85bde0a319a7a28212355277d2883a44297bec297ef2ba25ab0289ebdcdf41aab68c66250fa56f20e5a428eb64faff

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.pk.h

MD5 d69320d3f349343d66815fcca7ee93ef
SHA1 fd56e77867c2ba301351ef1fe9dcd4a3c0b96e9c
SHA256 36d40e692da2362eb5e322a4182d834edbfceb4d807ed83e72cafcb4d1c57d23
SHA512 b65786ac2712ce9358d95ebee72acd948be027c1bd926e4f59254fd3933d4b33043560812a49bdea722edd89deecec0c7f33d21b61e96dc035e6364d2311838d

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.pk

MD5 e3668798c840d6780f76907896671963
SHA1 4735581bae5c1331409a88678af5ea06fd7873ab
SHA256 2a45f34411616080dd55cd6aa524427f90ef8c34e0d986a31c8b003f21922b1f
SHA512 1fa3f7da93cf1c044a82d443ec75be28bf18412eae8e43c44aedae9b87d8ca36fe5d34f86767055ff16f49ed5d7983282de39a2b6cd9f2f5a661a8dd914543bb

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db-journal

MD5 7f1a233f33293f179f5d93e4f3e2301f
SHA1 ad729bdef8b3877d081692a443dca54409398a99
SHA256 22bef6771aeaf440d1c7f201d77d30fe044ebf9a515b5c89bcb52e0c3a979902
SHA512 274f6cb0e50ee917b463cb306c8e517acc9212ffcdf2ea2ad993bcd4610ef8e2f123ac543a22a6084a9fb004e0c9a40a2b92cd113c9cc4a46029fcd013258b7c

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ac

MD5 a5e55d0861180c1342e6b085c99a7bfa
SHA1 c34f4a1df1940c2f1ee485161f246ea27b41e243
SHA256 d20a1a871df7d3e85e2bf074530f1cb45905a4f61b552da6dcc2c3050cdc3f4d
SHA512 ba7c777a666186e8181ebfb25eaf9be22c286dd70a3dd659c6323360e67da94497e70c31c6fc4e34b24177cf5903c462a6956486b96ebca25dd8209446c7d657

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ic

MD5 0169e325f38bfece2868d9239f4df15d
SHA1 0bbf39c49bac55c49a75bd73245e70d98d27c02c
SHA256 867fcff8eac29bd85b48c92bea9e1939769dee2289be9ee52d69accd34e4bec1
SHA512 82afe8ef5eed5417d68d7f25ea8714d97d5c44127794cba7d970a4f276798cd23b19703b4d24965fbf7b729b7b70fa282f39d4e3efb32efbe6a1f7f79501ae46

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db-wal

MD5 c4b698d93704c9fdc0b32b3a87152c33
SHA1 897c54829c80dd50124fed7eb5db5a6808be277d
SHA256 4caf2da7071eae40fecf428e8d3022da528de637a33e700b53a0ab99b5fa0014
SHA512 777cd7005753ef31b47fa35d509915f4db1c441b2bed68f6dbd0b271cee0d8fd53b6ae438060eb502132a7eed474621f9001ae9276fde2317b36705037a0d744

/data/data/com.wanyue.quvideo/databases/download_file.db-journal

MD5 584f184807c9cb5d0c544386ff1fc5f4
SHA1 0084083f7a139b6b9941383dd78b6f8f5ff91fe2
SHA256 ca5a048459689f8ef1c162358fafe184c51624a6276c7a707390bb4f2d605538
SHA512 a93978b67ab43257f851eb9534c1dff60f78d065059d0afa2cb8df5582a86b00c248f7a9d1a904114440d10bdf9a4e1f1ea820f7781e543325a3ac62c9e517e4

/data/data/com.wanyue.quvideo/databases/download_file.db-wal

MD5 6445b2e8f98b94cff84d7a58cd604f6a
SHA1 5112d462ce74f61603ab95335ef85975f08ba2f7
SHA256 399955e9a51cbc1f987adb20b4b5f2f552cbf30d11de506b974a34d0d7c0e1a2
SHA512 048865c35b68dff48dd032d7294904b894109145e312237d50e375a66e33df983939fd7bdcfd8cec1886dd11a3db8c6f829aea59787123a3e01421df2218439d

/data/data/com.wanyue.quvideo/databases/accs.db-journal

MD5 9cf6494cc02fcdfba30a963cdb0efd53
SHA1 bea3c1345b53c4525f88bab4e2932bf9ae214edc
SHA256 f97d9fd26112eafeb150a68c8e2fc78636592268f4c6c620790bcf9a2493655f
SHA512 16b4954e89b7ee4c8d124441cfed177e5026cdf936698084252cf00b7931aaee8a2578ad7b5dec79df5316ecb33c43a275f9708ea740e9906303ff711a7f94e1

/data/data/com.wanyue.quvideo/databases/accs.db-wal

MD5 8c34dc6b76e46e6725bcfc73364b91c6
SHA1 a0ea1e1bbee13b3b15aef8716fa1e1f123be2bd5
SHA256 a0c4bddb6480451928e65b28040df57e414d957b3a0f69088f1ef58ca941900f
SHA512 3a5a239a5ee190151fc4238873f664d5f3e67e20ea467c68006757e961d21a004e046554c7031dcaf50ec68d8ce3b539526de52ffe46d01152811e4534992c2d

/data/data/com.wanyue.quvideo/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.wanyue.quvideo/cache/image_manager_disk_cache/journal

MD5 e5f33e636be686fd0564a8fab53962f3
SHA1 32d55ba7c4c814b2857352e9917030c7c357624b
SHA256 66d700b947e1f342955e3eb228b2dd8b4035cd05dc52a91baea9c7fcf5898e59
SHA512 5bcb01af04292aa4511dc0a42424ad652b64f27d84150dd7d5636396718f5abed4530b95270d09cf40bcbe6249fd7bb2aeab9bd6f3a5832e02c77fdd695c508c

/data/data/com.wanyue.quvideo/cache/image_manager_disk_cache/fe2ecde57a59b50cd2c8d94a79de4e275881822f4225237bda4c9c3efecb013f.0.tmp

MD5 eb3ac1216ab25a3b4e32a60303ebd3e3
SHA1 869edd7608d5a74bc2a96d1705f0331c3369fef0
SHA256 1ca4d64d79c888f3ffd444654dab2c320d152bbb240a2d5094a61a5658a9a91b
SHA512 25aa1dc6c15a132f7dcf07aeaf0656905662e08f83c5804a47db6f21163e61d53af904fb98fe16a10432055bc2178d9912ebeadd874e741135fbf894533b7bac

/data/data/com.wanyue.quvideo/files/umeng_it.cache

MD5 1628bea3321b59e6c57a33def9b07689
SHA1 fa7f5852fb98494b3e14ced458c64889ce5d03ee
SHA256 8f8413e04412a9e6c8170e5e6f0cc83e4883c39a6b654530876d26a3331309ed
SHA512 f1ca304f7a5bb9912f98ee7b8a65e6cb9a07128a0f39be3fa28f90d29df93d81132ed6f501337bf0a4f7660a5afd45c0c8c2680b624ad959e885f55762d4d5c0

/data/data/com.wanyue.quvideo/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzQwNDI4Mzgx

MD5 5660acb47a02d96491fd884ecddeeaaf
SHA1 3f1a7bef9af98e49ec8613a084c8ea388d28e2da
SHA256 d0b89bb0c3926222af840988e2e948cf86352f78bdff97366659bd5429e2ba9c
SHA512 87eab6414b6d83d229024e3670523f483f1569f65f43b81423ee3c25c6e24a6c1de90652918faab591e995a091f7c41e6d5bf596fd8f3117e85a2b85fa2d6133

/data/data/com.wanyue.quvideo/files/.umeng/exchangeIdentity.json

MD5 db97d5664b6b1f8a66f1a87394622be7
SHA1 b5b1ecbfcca6f10887e6c9885a5b43830a037312
SHA256 d255b0f21077a57f3fdf8d0e8fd306b1588d1c69e6bd672bb1f816e262845644
SHA512 ab71c55bb76146f45638b795bf6ec7fe95a1bdc94e4dbb0f158858ce8c1a2f5ba583510762413a159c15d3ce00533231c5228f82c9a1bc6e484d2ea942c02b31

/data/data/com.wanyue.quvideo/files/exid.dat

MD5 765da994999a344bec27732445f3117d
SHA1 2e7c57d59f7d876801c1332ddd9df31b37e3d175
SHA256 587c0098b3a4691e64441a9e455673b8db7f442fd40053bd3934aa5a57f6737a
SHA512 7385a6abc58387c6cd3c6c7891145733ff34e68da75c5c0fa0c08c23fbe8569ae34dec85db9d3bbbe7d0c37694d0b7283fd718e1efa9ba0f7e7da46c071214ed

/data/data/com.wanyue.quvideo/files/.envelope/i==1.2.0&&1.0.0_1718340432654_envelope.log

MD5 dd98934e6003b1894ef2f51bbd017d20
SHA1 c7eb93cb8eaddcda2fb2c12165611605a5dc2549
SHA256 c0f24bee10540e0fa02d43139d6147455774bcd06faffc11764712a297c0057d
SHA512 90db3074b90f336118b9d42252bc57b3bb9334f56ea9f8f515e9a0dcb0d3cbb568e6ec1e7d588d6754c27d606b519b9aaeaadf838c5b82ea440c52691bb030c1

/data/data/com.wanyue.quvideo/databases/ua.db-journal

MD5 e2001d0603ccf8b5cafc881e2c38115c
SHA1 c4075bfdd9eeb2a81a9f33f8f56b0e8fca0c9dec
SHA256 7aa44e255b8f51b008c9f12cd4d2e5c485bf56fb2229b5e36b4a5f1f1f9ed6ee
SHA512 742d17929f8793de6197495fde22c15ed4d9761655de18cc5c75ada195bbcbb54cba732ccc3d8e342b518d3764ce3ac3cd799b977836c08b9956d7aa95d71bee

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 a2c8ea957c4597e5db4c0a0d8e0c5ed9
SHA1 60e20b2855a3cf0725332849c7717c6d98875e1e
SHA256 c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866
SHA512 780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 78b945be7fd8a82789a06cc76b28d306
SHA1 e6950dc3f7b68833eb054e5f6372acacecfadfbb
SHA256 58bd3d5180b08ad63447d124a532d4e8dfeec5e43b9459a1efd70e7833365d9d
SHA512 32a445787c325595b00306e03f1e4d324e124b6a0a8318a49372f567e85344390edfb0ef2c1e2460c8dbafb36964c1a7560c22633aed11b4f4a4833dd35ba494

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 50a1f75cf86a1d23841e73761286e8fe
SHA1 8818b14c55693f9aeb99c38bec1a0409be7df62e
SHA256 fa33d81e2a7c528283daf90753b9e2f3aaa59fb115adc3f023d7fc91f2832bd1
SHA512 925e8105d7a4ea9d027a825bd49be8ec4c9333c96e048b4c1a6dc19dffd69492426b35d8ad4e11c1e996de4ac2790f3e7ecfdbb94b4861ca699031f22083dd6d

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 b4371bab5e723af13b1d8ecb3b9c003f
SHA1 054e2a1b715490b22670e3524f8a3ff3753f5c04
SHA256 cb426aa234ee8f440a605f5e1153191a9ae8a213af465a2495dfd61cdf607555
SHA512 40f096b2fe4727cb7485d5c946822b622094bec1be38a18ccab992551f2b4e69d543c9f2736a8d5380e0cf223c088326953a106fb27b399ce8cefcc85c331f89

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 c2babc0d8017985815eba93b44f5382e
SHA1 feed485ad790a7e08487d3153798b34467b60aef
SHA256 22a938578b1d51d5b544b1c7f6337631f4664de4133d2ed73eb2fc3025442b2c
SHA512 3dac6850f1571cc32afa86b5ff33cb2c965bbb81051a609e52082b12ddff3c2d9261139c96c122e82f2cc68a456d834ff4f5b9b64f7096a72ddbe729e8c04fa9

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 ad4434574fb243da53b5aa4c863c26da
SHA1 33cccb7a5780eee5e9abe2ce60152329816e651e
SHA256 cc0a71e6c4f8030a38d9bc0a4224fbebf640debecd1f9f8a38a8abb6b5aa977d
SHA512 455a61f92a2df7b2205acd7bc4a7c663c96d8276dcc55527de05ab4103de52df53bdb5d144a24098e3e3c8783417dff3b1baf337fafbff6c755a7bb44c95e02b

/data/data/com.wanyue.quvideo/files/.envelope/t==8.1.4&&1.0.0_1718340434826_envelope.log

MD5 288c76c4308ea269a4e71c859b50ad08
SHA1 cf227db510a5f6564f66ab037bd47ee3f5775a5f
SHA256 5fa702b86c617e860cc3e86a6165b06111e772a98144bd45d06224a1de1a6ff1
SHA512 ef8adbb89d8bcdfc63c6de10ebed1ed551c78f7bcb8c85d9a0d8cd9809962606b192c0972335c0b90ed62d2505ff95d0e0509c31f188a97b389022e8c380c045

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 aab4efc09d16acb13140fe0c18d19119
SHA1 ea3b1cc1a00d4079cae37e485897b96a6f1f7d48
SHA256 f83db76227d51dcfbf65794bbb74d53987bf5990c06051c45c28e86b642dfbd1
SHA512 0435f662cacfa645436fd61aa745d90d20e93863b524b13e36cf41adb4e8f68ccc206f1c02ab87089acb0392ac821813044c25a1586ac37716167c983fdc5194

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 c1f7fcbf094289e74fbc53889d4ad505
SHA1 6213ae638fadf0dcbebc501b2434c75d99fe4dd6
SHA256 2d14eb88f2340e8dbfc9c49f2bdf1aa4c3e899cf25a14775ef11be8ce0fc448e
SHA512 fbd7f15644dfe828818ca2b02c104db43d2dc82c178c4f34a513feab7fd457edcaef1defb48b91625f3b2a5ecb0c924f4b4b75b7043592e0414f14c67d2b9a8e

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 106cc03d1d9ce6b3f480c4013c69c1e9
SHA1 f5c055278615e396093cd3b823bd4b0ae8db549f
SHA256 cb1409955d9280428cebb23f032bf599c3f40f06dbe9ad3b0d6a62294a73994b
SHA512 153ebc109cf9c8004a92bf2f3886f558ac180d1a1b65a0666dc0612f5047fea21f446a67c7b19c8483a0b88712be11715754c8e868975898136eac13be948fa6

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 449473fd33f2d8363439139e7651ee82
SHA1 73c87e53e1b74a6186e7b3882ec58a31707d0339
SHA256 c93f0377de07fc45b4167a38b072d2d34f48811aa9cbb172913c2e0adf58cbed
SHA512 dfb930a92846a3eea016fc91ca932d737e7f2d292aa0ddda746fe8f55fcecef86058aa09bc2ef954c29df8a2f164f4a0d9e82a908230ed3b513cc4f5d3f491ab

/storage/emulated/0/趣视铃/crash/06-14 04-47-24.txt

MD5 1b74fb33f0200a3e83003922be321792
SHA1 4c739a741fbceb13acd4773e304d7ae5a568ed23
SHA256 4b109b9be8daf9f978a3681eee0aea98d80db6ac1f2e6f481a14f39329510dc2
SHA512 d77cec3e0e523cd3f5d02e3e37786b6ff2221d3a9b20e93bce4de9766c9c751c54c90f69c7cd44a148eb2e4232e8d614bb8e519cda36486fec96a0cc69bf73b8

/data/data/com.wanyue.quvideo/databases/ua.db-wal

MD5 af958ffe8085c30b677fecada9a5c767
SHA1 b44c9933ca28dd42030a763eb7d3b7085dc5242f
SHA256 48ea2aaea20ad4086528bb68471a8ab379a685b28a55fa2d3172764b8a9fcf5b
SHA512 3a7e399a91603a409e76d02139f10797b8f66a3b194aafd11ccf6ed2776db024919e7230ba2cd05e704e6f16a25a1c56d62b2d148d55909faddad906c4b108d9

/data/data/com.wanyue.quvideo/databases/ua.db

MD5 250df77d235260a490967bc300d5cc53
SHA1 6e4c5548f112f9b1506ffdcaab5ea38485459a5e
SHA256 3d970c912a5c42f45a059517d004a6ba45bc1b327cb7efd0ed77b7744ea58b1b
SHA512 4a84e2f818898421afb9bb10ddda93e150f5e1deee80d11e0e7b7968ce75c81f908bcbc0b634a187b06ab32ed05a5f510f56eb59b51c9d283d4e3de1148e43c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:46

Reported

2024-06-14 04:50

Platform

android-x64-20240611.1-en

Max time kernel

9s

Max time network

129s

Command Line

com.wanyue.quvideo

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wanyue.quvideo/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wanyue.quvideo/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.wanyue.quvideo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 video.wyuetec.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp

Files

/data/data/com.wanyue.quvideo/.jiagu/libjiagu.so

MD5 de685970891708f6edfd18f03c6557ba
SHA1 ac50f88327652a72df73d43e9260faf169283c34
SHA256 b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e
SHA512 cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

/data/data/com.wanyue.quvideo/.jiagu/classes.dex

MD5 fe162e97cefd49c1a21b6e2e7d36a3b7
SHA1 c41dca7d62ae5267546c0634df136b5d6357925b
SHA256 7cf644d6a643c637f61455b2ba27f38087fce57e190aedf2ca5cb0eb18c27371
SHA512 eddad1d8a9d486010538d1d531047ade183934fcca229d7a18d0298336faa3364934064e7b593b134ceb204d89465e4d69de89f679c27d7cf31ccb5153ef4493

/data/data/com.wanyue.quvideo/.jiagu/classes.dex!classes2.dex

MD5 3e05d3e26c75c97c85ff30e4e87567df
SHA1 6eea5f528755bb667e4f256a7b9393c8b730d4dc
SHA256 0495c351fb246394985eb278c25cabe5d8bfd990251844059ebea8faf16afd3f
SHA512 b102258f9162a8bcf4bbbe9a4aa3ac740d42d5e52d35562f4e49eba4d4b892aea1b9646956a5567bf692b9ff655413b748429c4f49f233bf593c115c08ebbc00

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ri

MD5 7c2d38b7b773b8700ea42db0c2cc8824
SHA1 ac9f2cd1864d0f5e62d55a2cc761aea52e7ee78c
SHA256 64078e19bc30fc3eb69f6978ceb32ee6d2953c0646e2c58f27523ca98706a892
SHA512 e47a2ec33977311189dbbeb1fc165338b971899f8c9fa82f8fe36422dc99b9d7087fc72326c80a7c7029e761b88e5cfd8bd70556c60d876ff1eda8c6396c1cc8

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ri

MD5 90da0ee5f1caa8fa883d47651e21306f
SHA1 5f93f63f6855667a444c05a19feef3ccc02fa0cd
SHA256 be4a20d3e8ef5789778aeee8375331df318870487dc4cfa18fa5ccbb5f0ca4d9
SHA512 ae476865dc53771cc1c1ad0ea3e48054ce510434a7109e2428d6454ea649627a3e6abf7e54fa2d56974a5c9d306473e22f34963f7346c31ec8adb2dbdcd9a7cf

/data/data/com.wanyue.quvideo/files/.jiagu.lock

MD5 1faa09e05c5b75dccad84b3bc48a7364
SHA1 3ba6965d743cb71bd9ddb03c8ecdcd535fc4c8d8
SHA256 ab0d31aed630cd6f5f0fc218856f70281b7d7e970e98e51ed922e0fda1797cf2
SHA512 bb07f0285d20920a20f93aa9a4a85dccaa4fa08bb927c70d3d8110c5b7a73f149fbd4d62e16c10624d3d4d8957b7104ef7752398aa2ed048d9c6238cc2e9c2a8

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.rd

MD5 b4c5cabfa749271ea90b840032904732
SHA1 12f7578a14281ad67d561419bf12aff17c76b44a
SHA256 405bba3d3e89d0a68073ea7de7bff757adac3eeafefdd253c199ad357fb66d8a
SHA512 b6f969505daa38f9ed72c810d84a14d8e2a3d8c8a88fa3d5e7cafac264457577bba1ec8b836d9b0db6fa828923b1d6c219333713f6cdf3eedf575fc888ca581b

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.store.report_pid

MD5 f8b8492bc6d9ceb5244cdb9b618c60f8
SHA1 849911aad88efb57a304b2e734d39f46f20495c8
SHA256 a5701776dc913a50d526b7be4c6c503fd4094bb1ba922a165d8cf71cb6d27af8
SHA512 894091b6bdbd5868ba4b112aad026640748b50ae68f3c40e0264d23e61fc9a1fd6e5f81a181a142e91641193ee99460d185220b1d320c0fc4da5f0fc7400ae66

/data/data/com.wanyue.quvideo/databases/MessageStore.db-journal

MD5 a3e24f2e98a7c7a7ff9badf708e8fdd8
SHA1 cd50432d13645b6929eaf09433db31d60f6f4cfd
SHA256 0151b07c9b464ca72b4c96dc9f8bd4ae07a72787e84d0eb7ee99bad8a10b4f3f
SHA512 3c38d83e2eee254a2341b1b064f4f31362aaf73513acf35550472abae46c82cd32135a275f6677049ebb5d4a588b9461293f2ecf19107d76667071fa1dfd2679

/data/data/com.wanyue.quvideo/databases/MessageStore.db

MD5 e1367cb3cb565105403e8c94dfbe4b0b
SHA1 4bce0e98819b5bf0261edb4839244aa856eb89b0
SHA256 2fd9f675c1e77cfbda02861101721b2b0e63b10925af64b2e702dff07bbf2a7b
SHA512 d373768e5956b2a18b644cd8c02602ea92c77da893df5c1d2a415e27a00a41f64b2e77c34884786b7baa4a3aff240c19fdb5a800129f86fef6ffbd381cad03cf

/data/data/com.wanyue.quvideo/databases/MessageStore.db-journal

MD5 b346515d8afade9fd29280614b536732
SHA1 1d19a8c90ae58bd696413661459fd1ee77efbce8
SHA256 03dbcdae6ef922445ed99e5a2e44fc4e2e9f6d62050bf331b5f2ed2b36222a38
SHA512 81d2f79bccf20a687bd7207d0ac181404c3358da0d8a72e053bc95679134d9744ff984079c42010956657d2a86cf444c4f2f651e0f2cdeb9e6f92e4de018b543

/data/data/com.wanyue.quvideo/databases/MessageStore.db-journal

MD5 6b8fe594586372ee505f449cb36effc1
SHA1 d12b1fb66d380dbad612403ed7e7f5fe93fbecba
SHA256 6c5176a6741c6d93728761fcc035658de21018cea4189eecd795900c37febf1d
SHA512 13924672e1431b7b30f4299f8a7951f2404a5180874f6190607e5494d11da491e8b3dbab3dfdac603062a0ea6821141fd6b74f189e7faafc2aa07a7456c891bf

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.pk.h

MD5 7d2df20e6e2cdab921e590781d041c17
SHA1 f3f5b3a202976cc0db218092fd12a9b070a0c3e1
SHA256 266c014fc64f0e60e63329611b53f825bbba62622df29180d8c0a45220478cce
SHA512 4fbae52ea15b9d8a307c9bb80ee943b171f5d2e10af9acb4169ba59188d1bf2706901d34d1aa1ebf2352c1b92e7d2bc99e88e22cc50eb32732a792198f7f7f86

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db-journal

MD5 f0c4c711d71c0bb1be00bdb23ece7352
SHA1 f962e0f70288d7cfbd3b922008b65ac4a3e251f7
SHA256 01fb902393666b6ebbc8364a7c2c91195bb6cb4205d14716a84bbd331c7dd7fd
SHA512 1cf6b57f72081c98a1d65db8dbc3999dccd52bc87bc8791779ab5db8c70c10dcb8302951ccc3188dfe0de49d351f8f0a4f5e8d5221fc0ca2e0fbe0d22fd30f14

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.pk

MD5 e3668798c840d6780f76907896671963
SHA1 4735581bae5c1331409a88678af5ea06fd7873ab
SHA256 2a45f34411616080dd55cd6aa524427f90ef8c34e0d986a31c8b003f21922b1f
SHA512 1fa3f7da93cf1c044a82d443ec75be28bf18412eae8e43c44aedae9b87d8ca36fe5d34f86767055ff16f49ed5d7983282de39a2b6cd9f2f5a661a8dd914543bb

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db-journal

MD5 3403d8ff421afc19bcfcf1ecfaa05113
SHA1 892401180b92e488cd593a79007fd000d3226131
SHA256 e47715d1e78870d92e106e12e55d5a820322e1ccc4155b963e79fec486107c3a
SHA512 4a2071bc5831350d063361d4ed0350e709602cedea9fed40de294bba6fdcd3daa68f1c080eeead775d2b71a0cbd30978db0df910075be4d462a0e04323db8f5e

/data/data/com.wanyue.quvideo/databases/MsgLogStore.db-journal

MD5 2e9503d0e13375e47414ce1d6fc2df77
SHA1 63959624d30c76284e043813d1f06522b2789252
SHA256 86486c3eab1605d49eb7557517a7f440dd864d8ae151a4790c1031bc864c25fa
SHA512 280ad6dd0175e51ea516787790a823d6b361c9dfe8ea9653065e8791251d0983de5e3eff5c6fb659a1d80d90570fe7efb9fd0d8eba1cbcd1b359fca2bb9df64b

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ac

MD5 a5e55d0861180c1342e6b085c99a7bfa
SHA1 c34f4a1df1940c2f1ee485161f246ea27b41e243
SHA256 d20a1a871df7d3e85e2bf074530f1cb45905a4f61b552da6dcc2c3050cdc3f4d
SHA512 ba7c777a666186e8181ebfb25eaf9be22c286dd70a3dd659c6323360e67da94497e70c31c6fc4e34b24177cf5903c462a6956486b96ebca25dd8209446c7d657

/data/data/com.wanyue.quvideo/files/.jglogs/.jg.ic

MD5 0169e325f38bfece2868d9239f4df15d
SHA1 0bbf39c49bac55c49a75bd73245e70d98d27c02c
SHA256 867fcff8eac29bd85b48c92bea9e1939769dee2289be9ee52d69accd34e4bec1
SHA512 82afe8ef5eed5417d68d7f25ea8714d97d5c44127794cba7d970a4f276798cd23b19703b4d24965fbf7b729b7b70fa282f39d4e3efb32efbe6a1f7f79501ae46

/data/data/com.wanyue.quvideo/databases/MessageStore.db-journal

MD5 7739cff224dc2bceef147731267272f5
SHA1 8b2e236d8a93ad169f0867d3adab54b3484f12f8
SHA256 47e0b5c5a3917b734420c249d4e7b2af13049433c18d397fb959174243967e73
SHA512 d261d75f11514ae283d1aab45df21410d5d9222f5ec32257439f542487a0775fa3de34bf6915b575bba68ce910bc713113ec42cdc7c92ee64d071d72c723fdf5

/data/data/com.wanyue.quvideo/databases/download_file.db-journal

MD5 13fcbbdd71cf8f0907992186c8dbd03e
SHA1 254460602667444a944436b044a8f9bdffdb961a
SHA256 987c8efe109b96c928a332ebc018c63f303643730739345ccbd75b8f05230288
SHA512 2defa54ca8232d86c0db3b950430ad26d4c1cf6c0d7c00347c7fac8f0ee85f332bbe7c09d1c7ea9db1d81bb5a97d181f43f3e44ccb3815d98f6a09bd6c267559