Analysis Overview
SHA256
4a4a78e80799e5b011ee41759581945cb70e9d10a4777c67eaa56e194fb0a0a3
Threat Level: Shows suspicious behavior
The file a80fd0638c4e0acbf3de6d886571d449_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 04:53
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Processes
com.rexsee.wangxiaoguang.DaBianChaoRen
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/.UpBrowser/app/com.rexsee.wangxiaoguang.DaBianChaoRen/com.rexsee.wangxiaoguang.DaBianChaoRen.png
| MD5 | be2873355b0026ef15df72fc2fc21e30 |
| SHA1 | 18cf219c4abc8f74faf74e3db3dfa2d1d077f132 |
| SHA256 | 29f7873949dba84ab51d2c63650887e1006b2aa66d2325dbb380377a4594446f |
| SHA512 | a9597f81ec41a7d6eb1365271f45cdf130956616b634825fed1b58576b97229fc5b99377ca09f688d517bca3d97763c2b8f5b8da14f79129a1076e58b816243b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x64-20240611.1-en
Max time kernel
8s
Max time network
132s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Processes
com.rexsee.wangxiaoguang.DaBianChaoRen
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/storage/emulated/0/.UpBrowser/app/com.rexsee.wangxiaoguang.DaBianChaoRen/com.rexsee.wangxiaoguang.DaBianChaoRen.png
| MD5 | be2873355b0026ef15df72fc2fc21e30 |
| SHA1 | 18cf219c4abc8f74faf74e3db3dfa2d1d077f132 |
| SHA256 | 29f7873949dba84ab51d2c63650887e1006b2aa66d2325dbb380377a4594446f |
| SHA512 | a9597f81ec41a7d6eb1365271f45cdf130956616b634825fed1b58576b97229fc5b99377ca09f688d517bca3d97763c2b8f5b8da14f79129a1076e58b816243b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
137s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Processes
com.rexsee.wangxiaoguang.DaBianChaoRen
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/storage/emulated/0/.UpBrowser/app/com.rexsee.wangxiaoguang.DaBianChaoRen/com.rexsee.wangxiaoguang.DaBianChaoRen.png
| MD5 | be2873355b0026ef15df72fc2fc21e30 |
| SHA1 | 18cf219c4abc8f74faf74e3db3dfa2d1d077f132 |
| SHA256 | 29f7873949dba84ab51d2c63650887e1006b2aa66d2325dbb380377a4594446f |
| SHA512 | a9597f81ec41a7d6eb1365271f45cdf130956616b634825fed1b58576b97229fc5b99377ca09f688d517bca3d97763c2b8f5b8da14f79129a1076e58b816243b |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
165s
Max time network
139s
Command Line
Signatures
Processes
rexsee.up
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.rexsee.com | udp |
| CN | 59.110.27.139:80 | www.rexsee.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/rexsee.up/databases/application.db-journal
| MD5 | 904c40ef94e337d88ad21641beb69ed5 |
| SHA1 | f99a75326b5ebe36da4d8744dd6c8a9092d73e77 |
| SHA256 | 11b464b3a9c6086e4edda5398fe26ca78d35755925e015a3e5b26cd68895a841 |
| SHA512 | 4baa7ba004dcf5e8ec6b400a62993513a5fc58b29559f1625208febcb7c30f381a775228f6183f15b1e7ba8f43220598aa1e90d92e9afb6de0c95d3d0c6bf4c3 |
/data/data/rexsee.up/databases/application.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/rexsee.up/databases/application.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/rexsee.up/databases/application.db-wal
| MD5 | 8087c5d0a9c4b3ca6c9381042de766a1 |
| SHA1 | 186a0b027a390e6a325d2702e90d28b71e42f091 |
| SHA256 | 161b0ab37be87a37e9c748c54a4c94b4ded6db6be91afa17e1e276799b2ea760 |
| SHA512 | e3976910f35e51a2e6da2cffe1c2c37949eea18e8754f76938d7503c6482c997df0f1b7b933e710fd4d2e9f7c03f0e0bb9b7e8663fe5a5c8739954c4a6121edb |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | ae4afbd8aa7f74bd720f8b1fece8861a |
| SHA1 | cf9f107b7f3776f4915c7d73d11d235b6bf2512b |
| SHA256 | 78c1e71af5a1014958c8fb5551564a242a1e9384e3560577741524bbf7b46c70 |
| SHA512 | 14a55d73e483b3dcf7dadaf6779df0d842fbe1f1964a0e6b8a9de24a4d33bbd9f44ac0aeef0f295bbaad264e2eede9846da107c52c7ae21ba57104cc67b485c8 |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | fe01b445fa8adf2856cc146e3a79488e |
| SHA1 | af9d14c6458473151aa495b5950c6bd13a752831 |
| SHA256 | b5aa0dcc975d5142924f32f51eb230e7aad5aa9d17a5b004b415740841a9e76b |
| SHA512 | 97edffb29fb0c39d2cab313e23017b262711d097d4d7ae441efe36bedf88644bad65dc9a62f6bc726cb38a93ab7ee2b2ca8fa77d37443f8ac5534581fc7918f0 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x64-20240611.1-en
Max time kernel
138s
Max time network
151s
Command Line
Signatures
Processes
rexsee.up
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.rexsee.com | udp |
| CN | 59.110.27.139:80 | www.rexsee.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/rexsee.up/databases/application.db-journal
| MD5 | f1dae240dbdfdb096c095a12716d3779 |
| SHA1 | f859c5c158be90bbb71193393e242e17a3a54a10 |
| SHA256 | 2c9be9989c26a49ab093b06af9c9be7de8e5fff5b16b9e5087a912f2c7c1a246 |
| SHA512 | b4b55b77595eef7cd47009bfd6f1fd476303addfcd08b1fb81c73b8acef1c99f583e0615c258088966ff753d3118ebdd2d582cfdeeae9f8f9a375b67d842c857 |
/data/data/rexsee.up/databases/application.db
| MD5 | e4172056924278dd25a7436a47e68a8e |
| SHA1 | 9372e3fc8e117b0d26908ea88fa7f7eff295fa94 |
| SHA256 | 7488e6d5652eb46c37d1bdd880fe65acb1a1fb903a165f9ec13271016c75ecd5 |
| SHA512 | 8460f0df2e75b689a03784432338832499c8dbd2383bf84e3a46d9b20e2c078b70a73ae2c36787b620cc759fdcd5284bbc452a7d5e77deb7a0e773343f440935 |
/data/data/rexsee.up/databases/application.db-journal
| MD5 | 5643ec327d0942ef8cbff227aa1b0ebb |
| SHA1 | 73244e8e6a44b1855a1819c202ad451715baeabe |
| SHA256 | 8ec6e455717bc704f149d1e65ae5fdcadb082a5f1567ad329d1bd93f2890b54e |
| SHA512 | b9286c7f514ece331f852ee42358d03ca9aef50867ab77d273c7d405650599a98f4d6fc634cf8d2b6bf4a1eac9fac7e1e27339717469798b0da414c7104a89e9 |
/data/data/rexsee.up/databases/application.db-journal
| MD5 | e738e744e23b2a81f133e29b7bfdc135 |
| SHA1 | 015a58e717fe54386f793b8cc512c8477af0cd29 |
| SHA256 | 9c8c9715564a141ef15a42a5a818d47c40a2b9b6fa97dda74bdad4015dd18933 |
| SHA512 | 07cee32790b4e19c11a4a817df8193e2789b86b087dfe26385629219a44b4dde855fa0eb453328de16a24854a4268010d2f1c10b1cf40f1647683bb8e796c07b |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | ae4afbd8aa7f74bd720f8b1fece8861a |
| SHA1 | cf9f107b7f3776f4915c7d73d11d235b6bf2512b |
| SHA256 | 78c1e71af5a1014958c8fb5551564a242a1e9384e3560577741524bbf7b46c70 |
| SHA512 | 14a55d73e483b3dcf7dadaf6779df0d842fbe1f1964a0e6b8a9de24a4d33bbd9f44ac0aeef0f295bbaad264e2eede9846da107c52c7ae21ba57104cc67b485c8 |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | 261f3c22328f9e10025214d52a7bc1c3 |
| SHA1 | 32c577c3601ad55ab84563c4c843846fd3430381 |
| SHA256 | c8b4a65bccdf341464bfdb40b27069d50863c663dec414f8e2cd2319147e1811 |
| SHA512 | 6e18f47e7f3e4c0bbb114db0532c3a7ef598b1884e7c46ad584a772910cf4ff33b3301fbc9462cd74f433b58831449fd48eb89f30b2767b3b600ce014dd05412 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-14 04:53
Reported
2024-06-14 04:56
Platform
android-x64-arm64-20240611.1-en
Max time kernel
135s
Max time network
166s
Command Line
Signatures
Processes
rexsee.up
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | www.rexsee.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| CN | 59.110.27.139:80 | www.rexsee.com | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.213.2:443 | tcp | |
| GB | 172.217.169.10:443 | tcp |
Files
/data/user/0/rexsee.up/databases/application.db-journal
| MD5 | 10d5e95916a7ce504b3ba789aa68b148 |
| SHA1 | bdab95838ff2f7eadc88523ecbd7ffe4bf1122dd |
| SHA256 | 890a082192f3df83ebeb38a2921527e0b019b78534d5a88c1515b3423f5389f1 |
| SHA512 | 7b1d7a1e07546e0d8976ce9d37e96ab030a21cd55d2fef36b2acc11e8d381601a2d408cbf4a52e27beb2d48a178d80f73edd067878766308c676b7fc49657f47 |
/data/user/0/rexsee.up/databases/application.db
| MD5 | b247e8d5c7da0552b3f6e0507fbcfce7 |
| SHA1 | 073cc8b8f2eaf2843ac5efd9c92ff892b8a725da |
| SHA256 | fe04c465bd7fc1668e4d8b113d0c3d1e8eef4df69f0be8d80c71f66aef80069d |
| SHA512 | a8e710953834cc02a87b4a47326bd263ed13c6e37a0f1c338024b8f7c0ca50633f122eb383198c2eeb2dfcda739ac9d8e714697849843b066af77e25af432e22 |
/data/user/0/rexsee.up/databases/application.db-journal
| MD5 | d6ba1df4bbaf76976513fedaff3f82fa |
| SHA1 | 089d4c23546944b2c6677a11f1d7b6e5b32c9d82 |
| SHA256 | 79edc73b4967421d51fe4799ae7f53f0e610597e5719d4fb3a41a7e2200b57e1 |
| SHA512 | b009ebe662ba83deb55e76f77c5ef7cb61c0945b52b012ebb59bcef657c7e320a551afd3cb6b9ac1bb52f880ee17fced9fa6a64a55962e17387c10a7b1b69fc0 |
/data/user/0/rexsee.up/databases/application.db-journal
| MD5 | f7f939a2ec1427776a662456a70eb853 |
| SHA1 | 4b018e760a55a15f2ff499359f596d3223eaf8ac |
| SHA256 | 387576f010f3d7333a9e5966d75cdef0a176526c4f9fd172c38c988e7f498fbc |
| SHA512 | 4f1ad7a919cbccb6ac03c2b63182c96f64112f19087efad8e7fcfbe9868164c0f5c8faad2370fae10c39a800ee611a706ddfc649dfb92d40f3deedfe70d69067 |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | b3a6a8afd1718744d9f7786a8c193d71 |
| SHA1 | b03cb22cddbf9702745200582048e23b1ce7c6dd |
| SHA256 | 00e2fe5fd7c21b965b6db8792f13ab0b236668c7101afe6f82f9cfb4d1c8fff0 |
| SHA512 | 2b0d6e11409676d259cbecd3def6e58bd54e6a4047c8779629e58eee7c008ce645d26b584a7e346930a3df81b001b4da58419dff48ded8af002ce4e256c283ce |
/storage/emulated/0/.UpBrowser/null/log/20240614.txt
| MD5 | cdec3abe40be7d216bb45e559476c3d9 |
| SHA1 | db61faf3c1023d6ada3d631f8e1cb3b55109d2af |
| SHA256 | 5f5b60dd0257faa6e61147cc43ef0e448575ec9f6b41e21748d67453ec54e1b2 |
| SHA512 | 08be47ebe7c537cffe9dcee612f7723c9471d0f9dffb00ddc679d1d0f9a8a1edc0e36ff694e42071b305f68ab62ad0a82f450480a581bef22b7008bcd6646afa |