Malware Analysis Report

2024-09-09 15:56

Sample ID 240614-h71shazdrb
Target a8814ccd9838fff24511a67db3285f6f_JaffaCakes118
SHA256 a49331e419c70643364f3f6419ca171b91dbd2b7a8d4023fae620ff8d09fa2fd
Tags
collection discovery evasion persistence banker credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a49331e419c70643364f3f6419ca171b91dbd2b7a8d4023fae620ff8d09fa2fd

Threat Level: Likely malicious

The file a8814ccd9838fff24511a67db3285f6f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion persistence banker credential_access impact

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Requests cell location

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:23

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:26

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

176s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 b890ab57a1495b109d612a7e2d63d180
SHA1 9af4229ca640695734df76e42b560ca459dfd4e2
SHA256 adf9a3a0cbbc4207bb90dc4d1d46dd168235c25cd59454c45537aa2f901869e0
SHA512 ff0b004c4bd535abba69ed13e913686613f1a11bd4097ee51f250b7652c115b58b8dbd4f956b2255c3b31e574f90c32c24c36d3a6a3d7d30afa3dea980dc7ce6

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 3c850ffec5bdd850f123077ca210a411
SHA1 1c1ae4678b8a3b65640f047cb1bd72bc70d66f97
SHA256 516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e
SHA512 aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 1137abee2555df45715c3172945b67e4
SHA1 76c4c6654d5abee527dcff6ad0919c28c55cd31a
SHA256 dafda0d1ab524bccc873160e2a2c96da98979d6cd7f4b72fc6e43862809e8d50
SHA512 148d4afd2f0fff60dd6252d533094697541ea003c19280fb2bcf74f8c84462fd333f869caa46cb5219342e976fc1ae8e73d0d26ce2ce329f84986f957579e395

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 3e6255300c9b33bea93bd84cb04f22b1
SHA1 72dd3e3d874ef20059e11c5befd2a61862bddd91
SHA256 e15fed1d39315b9c152ff058a7e3e3f39d533c17ea185ee47890c47dcd045002
SHA512 825d72e3534cf3761e24fed2ba76c04ff9ed61881d2048e60a9c8001137c5d318e1b73f6ae27c5aa6213546b54d303a237200cbc0dfa318d8ae2026991768608

/data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 8ac0f6e404323d80b3aa5d7132125463
SHA1 547b41a4d04b4448a57a26ce9a4a612743153523
SHA256 1cc33691b0bd133bf03839ada68ee4edb4e9ab3e06621e4473a4a9fc34169a0c
SHA512 50b539515417a0013b1d02d19d58721c6f0613d5009ee5d879f57454c650691cd995d9ce11c293ec95426821fcdc0f91b5a49481eb27d5e30968b87939547566

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/oat/__xadsdk__remote__final__builtin__.jar.cur.prof

MD5 7d300ce4a503a91a0da57807cf3ec5a7
SHA1 9446281b0d2729b655ba5b408799fee665b41557
SHA256 aa321640fac6e585621a916218c2e8b77f29444142002adc60bba257eb4ed0ce
SHA512 3009237fc0e8a280e3492d6a52062c660655d0803d839364ddc5383494f67c13c9f4fa525ac8fbdf32808645886f52154efc62fc9af7d3220c1fe626a8254544

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x86-arm-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-arm64-20240611.1-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:26

Platform

android-x64-arm64-20240611.1-en

Max time kernel

177s

Max time network

189s

Command Line

com.muzhiwan.market

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.d N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.muzhiwan.market

com.muzhiwan.market:mult

com.muzhiwan.market:mzwlogservice

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 apiv6.muzhiwan.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
CN 1.92.70.140:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 1.94.119.240:19000 sis.jpush.io udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 113.31.17.106:7000 tcp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.92.70.140:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 1.94.119.240:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp

Files

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 7bc525aa5cfd71cd4d2ad570fd72a906
SHA1 b411e1b345b5e9e4a0e4f603b46277278981e921
SHA256 14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00
SHA512 5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

/data/user/0/com.muzhiwan.market/databases/notes-db

MD5 b7ae69e37a108d17e0ddffe65f93c366
SHA1 918abcf997e5bcf2630767d213d75c4d6857ff9b
SHA256 ddbbdfe580ccd820fefefb814ecb050efe134731aa6560eb803171ff497c73d7
SHA512 19a5f278ea743bb61b402abfd5b806656be873de3caabcc3519eea6d2481abc2a6f205c102fedacadea615755e107a623313aa9b896234d4ddb06a9d6c16ba56

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 b916ded70eec29aeeadbdfef073269fc
SHA1 2e2dbd56f030e721f7ed38fea83e3c454a3b16a2
SHA256 5bb4a14f4c03d5b953da538b4907edf31f273a89b94b4fa11cff2c193cb24bbf
SHA512 607a3e930306d40e2b71d4d3cca77f4178f2856d4da439d00536fbabde759efcd0f587c9908f06dcad873effa4a1461216439af311b77ecd0dd39079d8406431

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 37091f6ceb115c7819eef75945856c14
SHA1 a0d83b85dfe9f8cc75ad59b5dd8c8875b523d787
SHA256 c9f272b3ecf7e667347cb75b61367c4cabb264a1ecb9f61e1fd13c4ed34714b2
SHA512 1b96965b6d016fef4b9c10549419a59cc4055c20035f8539b34993ae2419407cd6f25dbcdb785cb5ad7eecb0486cc3460f189e5a9d02daeb5265406c1ba6f996

/storage/emulated/0/data/.systemid

MD5 6540ef6a00974869bc23cbd4d4f7609f
SHA1 917b697157233fa84542041ed4c41a2804854b26
SHA256 9047ae77654abac4347b98d18f90b2d45b66dabdf5fe6d586af66a843055b35d
SHA512 7b4a040e014b1eea92426482c7152575cb3d1ec8a7aa6f23454fa065229102c0b96fb941fd1c3fde4adabf1b18dc7882deed766de9c78ca9ce3406520d3115e3

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.muzhiwan.market/data/mzw.g

MD5 c04d422c5a4bf58a127bbf2bf014965c
SHA1 3b1f3f4ad21fe0febe567e5a56996a7e61658cf9
SHA256 7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978
SHA512 6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

/data/data/com.muzhiwan.market/data/mzw.d

MD5 b2a8fd2dba92c8f75869f79c70d441da
SHA1 faaf88b3c3653fc205a3a125ccb77fbc87b76215
SHA256 2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02
SHA512 a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

/data/user/0/com.muzhiwan.market/files/install_file_dir

MD5 a09ec250f84f4417b6ed98615552c669
SHA1 18f292042e86b464d33dd72d99f34547a8bfd6a9
SHA256 2da45ce16e8ba4b4326f0b34c1de5a9f1b10c91c2a42b212688cb7d6784d2e5f
SHA512 238ce921635d02d7af87bede401cc261499542b8aea7c885e90f2cd4f5790710944c78f4e988d3cb20d024b3e5eb783f1b41821ada51c7d7167aad44b283d8c0

/data/user/0/com.muzhiwan.market/databases/download-journal

MD5 d992fd6e1d9e0f8abb87afe9c33cbd34
SHA1 88b0e35e049a9b3a818887f5171a893067ff75b2
SHA256 f4555c9e37eab3e4a8a272b3622a2cab5bbc300ab91929dfaca502f160aae40b
SHA512 cbadcfda157587daffa919c0d66724b8c39b44c0130bae8ad8dfbaded999cc624797404ba7d8f5a5638ac325235d1691738f345fd53b4be2c033c30001362b05

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 e65188742e10046597a4c648d045699b
SHA1 37b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256 d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA512 3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

/data/user/0/com.muzhiwan.market/databases/download

MD5 b8390048bd31b299472e248b8a7b7afb
SHA1 711d6e64e28199649b22692ef48291974eb78ce6
SHA256 8007d95e9f9cea362d7e6c352267afaba8f8c0dc4b31395e1d49b8f2d28006f2
SHA512 812d1fa18385aa792e0befd8f0d99ebaa251103c6016eb3ee1ee4349000fdd2c9fb6e04b6c6f4fd6da2e6c525f4cd4e70834f2e450622adb151a37630a527767

/data/user/0/com.muzhiwan.market/files/umeng_it.cache

MD5 73ef8171bb2f859272df8fa160ac017a
SHA1 86b63380868269582d5698360c8606c383dabfe0
SHA256 b7a40dcf023c9adef1888d3ef576e716c676dc38b6b65c9ef502a65e0a30fa40
SHA512 3dbef9fd918593321a6c7af4de9175a0063214e43858d63a9864ccc815c20f6236d0f0be0274857eaa2f4572ad632e63f0e7bf4afe6089728c42325092abc8dd

/data/user/0/com.muzhiwan.market/databases/download-journal

MD5 e31f1cc832bddd87c3e53fd34e87531e
SHA1 ff88f308a15da80cbbb5551195c1209069b3b662
SHA256 fd78daed67036371bfe47f59d173b65cd03a3c3b0ba58ff31366e89ffced29ca
SHA512 3591226dd17897c1884013f6cd1ab231bf5a561df2fe6e197d96229495599c98fa9ffb22e3f4ab057815e8c237b537ade7de1ea76fbdf575c38fcaffb0a1635b

/data/user/0/com.muzhiwan.market/databases/download-journal

MD5 00d832687381e01101e88eaff784fd4b
SHA1 941b854b485184d8721cb7159fe8cd67a54032e4
SHA256 b30affca8d13c15aac249171398e6056e2b294f6207774e165ee9c7da385be00
SHA512 3ea2307af4c5926d03217620b89e8804544dc3f15d5a801695f71b5bd6e629a5522772b59e0345690064c344186a719fad57dd2d6b7510339565d2ca19bd64b1

/data/user/0/com.muzhiwan.market/files/install_file_dir-journal

MD5 d305dc6a6e1b2bde0a225387297573d8
SHA1 fa26199c191972eab02d119b208cd519e058a955
SHA256 bec01e81ef860e0b3ba10a1b25b464ec0f774b2c449bd1964145b5d231443e7e
SHA512 ebc19246298be22f73e880bd3fc69f747059624c71fe0ca86b1ef129261fb1969adf2f66e1e2601c4b12e96715ad57da2fcdd983f6480109c203d78e4267f4b3

/data/user/0/com.muzhiwan.market/files/install_file_dir-journal

MD5 87747fd1490a024db71e30b44d071515
SHA1 7aaada351a28e2ccc670256cc752d14339bc0615
SHA256 d08d0617f7df3f3421a7bffee224b0e5ed8689c3ce5a63a3b9d0eed9495f29aa
SHA512 3bc563ebb8792a3885cd7d223e823a9f063d0cb8a3a29fc0059b2a4c3c02a8dc79aabb72c1c1b5ac8e9cd29585b865f07c2f09e4c594667c41b31728328f57e3

/data/data/com.muzhiwan.market/data/mzw.d

MD5 b29b924ea036a89d3fe128ad672b44d7
SHA1 de946ed8fa199708a925c144f816a60ce4679d50
SHA256 d9c6e60caf46fbde6806d9a435bf1cf9e75cd079e6ffdf15c7646455d1fc68e6
SHA512 f8706d824ef68815b8ca5cdc01138fbe63afe6c9832cc757d94633c4b140809fe0a5018b7bf825c630870abd35e710ddc521ba1aabae8ef3d8223037537b739f

/data/user/0/com.muzhiwan.market/files/.umeng/exchangeIdentity.json

MD5 004fe4091edf87ce0c6d57c58a373deb
SHA1 52a44d5e5361cc443fb16ee502e573179e56c10a
SHA256 8e49c25dea982520e573079767d5a5921cb0427db4bc673291fbada0d8435e70
SHA512 14faae5c0b4440d4f8d51afdc2bcf3f8705b4c13e4f37b47fe7221b62b39bc4d6ae836cd6f130291998bcb55d242ec0b742e0687a084b93e1da3a61041e3f61f

/storage/emulated/0/data/.push_deviceid

MD5 18d66f630e964f2c8b92f5e9b81a3a83
SHA1 e83bd3a2bfa6164662675f5eb23a3c22432fe72a
SHA256 aa30ca487110b3debbbdc45f538df27da667ae4d5351b1fd6e045db835ffa753
SHA512 585638b4f9c0063bd507a67d46370aeaf1c3700e9d2f978760f8bab51361c1d5489c19f07569d8a490285a7005e32b8442a4e5ffc827d3dc98a42192a7c6e573

/data/user/0/com.muzhiwan.market/files/jpush_stat_cache.json

MD5 5c5b3be6f97d5c6b555069825c6c38f0
SHA1 a4273ede17d86862cffbf193f0ab5665167e4500
SHA256 dd53ba75e07809b1633eef7d6daf754c38c9e48295924ee372476b2382864f5a
SHA512 2d35f88cf7a612111e1512cba78d7182b694afc8c3308048032ba08ad5ed8910830d0876f38bc0e635174bdfc943a94533ce1ad463f1dfd3dfc9ac263164d9e1

/data/user/0/com.muzhiwan.market/files/.um/um_cache_1718349895612.env

MD5 7d4bc0225d727d1bbe673456aedbbd94
SHA1 f3c7c7a48103ca6e4c0eec438759f4bc998966bc
SHA256 f2bfa31ae7da87d821874f8496ccd5afa2de9a78db0031c3f892faeaffd213aa
SHA512 91958fdf44a7bab99f5d323b7c0de885539b4e108a9f94f212617194fc95073b1d4f082043195775324a9b4790a324b45f509429a674a5774dc5676b7bd181d0

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x86-arm-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:26

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

179s

Command Line

com.dbgj.stacore

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 459a35e9159dd85e9e1aabeec874830e
SHA1 ff98ddcd8c980d2aff154984ec04b4e5c9aa8a76
SHA256 5edac547d56b18ddb2a4e4d6d8f368cea35f6793add71af3381a3894df32e3ec
SHA512 ef93f81e206e6fcb9583a6ed0153fe546e1cb10624b80495edec0ac247c286631efae42f0aa1bd9476b05e8c86e217894bd6ee46a91e8dec33925f897d7c34df

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 ce26fbf803de3bfe168e668ef8a9a39d
SHA1 2620f24b0c7a6975a441bd6dfc1cd97982f38b63
SHA256 3d7ba159f3625590a4d399e83ff8c15b30713bb7ecbd75fe1f8889459cbaeecd
SHA512 21e0e428f63fda518f2f455d2d19076329c0682998bd5c9d349a28aeee7d097283ff21cd627818551ad5287d6cbf069ce76fdd588b1c1a6a965c7ca23653a08d

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 3c850ffec5bdd850f123077ca210a411
SHA1 1c1ae4678b8a3b65640f047cb1bd72bc70d66f97
SHA256 516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e
SHA512 aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-arm64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-arm64-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x86-arm-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-arm64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:26

Platform

android-x86-arm-20240611.1-en

Max time kernel

20s

Max time network

159s

Command Line

com.muzhiwan.market

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.muzhiwan.market

com.muzhiwan.market:mult

com.muzhiwan.market:mzwlogservice

getprop ro.board.platform

sh

su

sh

su

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=49 --oat-fd=61 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 apiv6.muzhiwan.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 23.225.90.93:80 apiv6.muzhiwan.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.muzhiwan.market/databases/notes-db-journal

MD5 c8e99f2d0e3ddf61b9aa8206e39650b4
SHA1 4c2801b9e6a9d382f1ce72e874663b2529b3c31e
SHA256 8c865e0c9032d485e3a8bce399170b6dbc9965c8855b668f43b929336411e1c7
SHA512 a3027bd4c328a05edccca03f731032eb086e6e97f103e4e89c35c1f23d36bef56b6d4877f7398855b013c892faeee73aa358940d4c1fb813822010f9f4f4c6ec

/data/data/com.muzhiwan.market/databases/notes-db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.muzhiwan.market/databases/notes-db-shm

MD5 43cabe6ff77bbdd04224e0cd9e776f8e
SHA1 c45f26220707f42a3a02d3915f82e775bdad9352
SHA256 bdd2cf9b9e5dcc988da4210c7af4e11e158b35394135ece9d6b587ff34079148
SHA512 18decf6885c9191a3d141b470c6e8d5176ea8fa2388f5a11641a9dee3bdb4a6e11ffc41be2d305ff074def103451f5945bfa02c342899c7bf02dcc6f36744edc

/data/data/com.muzhiwan.market/databases/notes-db-wal

MD5 1500605e7cbeb41516ba21f6ac58c94d
SHA1 470060803486513cff11d2039aa0c18b1fd23eb6
SHA256 701c0850382af917be9fa09f959f6802f66dd4ae7f23b09e08d7fd8cc78e082c
SHA512 ebcb8cfa9e317388ee430377ba1aa6edcaaa4c4430a9b86c524ef829f2c9838a1de0b3e5f28f9614185d68f5bf2dfbb0119d4208fcfc66fe68ac2da7a975cbc4

/storage/emulated/0/data/.systemid

MD5 7bc525aa5cfd71cd4d2ad570fd72a906
SHA1 b411e1b345b5e9e4a0e4f603b46277278981e921
SHA256 14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00
SHA512 5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

/storage/emulated/0/data/.systemmac

MD5 8d789fd59be365c94cc20900b826c0d9
SHA1 a7b436f374066126c210d70ee245d0c82f5b9df2
SHA256 e3a169b7878e215798e23ba7b886bf6364a6476942f0104dbcd2fab6a59c7750
SHA512 f220140085d383cf61975cd48f870437e2c6c30cd45f685f373c14419cf3a0d8a822750651db79f10568a4247b6d017d64c959b5a4c78c67a38236d7c6f1c6dd

/data/data/com.muzhiwan.market/data/mzw.g

MD5 b2371d8d54b7f546277566fa1e650faa
SHA1 6d67805df7cedc3ee0e88d5d9fbdd3d646e557a3
SHA256 aef316a30a5ebfeba719b2d91b2c05aa7d412ec4eb2797b24c88ac8fc1aabb34
SHA512 2f9a16b440652da40755ba347d395b29a77e42461c4c71d43dc1a3e24cae85524329401e113424bdc968b86c7f266caaf5545cf0a238cb0526ce08314014d1ca

/data/data/com.muzhiwan.market/data/mzw.d

MD5 b2a8fd2dba92c8f75869f79c70d441da
SHA1 faaf88b3c3653fc205a3a125ccb77fbc87b76215
SHA256 2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02
SHA512 a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 85d09558a30b56872ec4df7909292387
SHA1 799259262e84952063d2013b843285d4b9865c5e
SHA256 abffa567da8045874417654e8a98ef889f729455aa0e48b11a89b95e386e0ef8
SHA512 3a97ecb531586f8b4d85877a2bfd5878c0b63c99ca12a6adb06d143fc676f67a5ee060e25a730c36eaa9693ab15048782f1810e818f5fd8005c60dd9465fe755

/data/data/com.muzhiwan.market/files/install_file_dir

MD5 72a239b77072f4a325001408279d8756
SHA1 779ff775879ecb0b2f0778ff8311de79b67eadd7
SHA256 17adadfbe797cc54277c3236e9a84568c102dfc63c54ed64d073d02b6424e885
SHA512 9087ecc8d32faf66d91b1f10cddcc7c8cd7d28d28de9014f08413cad8904683d3b81cd75b25892f5342ff4b8f013fb46edf97bde91648ac1dd48d44db7584c7c

/data/data/com.muzhiwan.market/files/install_file_dir-journal

MD5 652bbaadf45a6bda1cc7f80336af8542
SHA1 1e10da3785ab32ffa638a84d8f6b7a95c98af464
SHA256 0d5438a9d7bc34db5770882f0002e215280c1c5185c1e00cf477f526ee425b2f
SHA512 0ed283ab88cc1607f0c867cf351003def4b2e62295d7246af74f16d8f6c398a107779f2660d5a2f7aceaf4b40425b02bd8ae99d7438aefac86dfbb9243dda1e3

/data/data/com.muzhiwan.market/files/install_file_dir-wal

MD5 cc2eefc1076b8bbb1969e6bd73531cf7
SHA1 deee6199ffeca356c42c513f99c4d697058b9a3c
SHA256 77c11d88dc7cae57744b2678bf155171e441185811036bcc329f36f35baa8b5e
SHA512 7e6da3f51de72ce2a22827a00eb7d2bd05f39bb5ba53de1cd086db412e2570df6410dfd919180d7b01bc83740be4006c65eea6e2bb7f9e46e77aacce68b8d57d

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 e65188742e10046597a4c648d045699b
SHA1 37b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256 d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA512 3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 d1a020921eff5f91e5900a64bc558eeb
SHA1 f03fec1fb79a3b528aced885a8e95fb0a7eb01ef
SHA256 de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6
SHA512 17f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:26

Platform

android-x86-arm-20240611.1-en

Max time kernel

9s

Max time network

164s

Command Line

com.code.stumpy.loco

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.code.stumpy.loco/files/stares/updates/sta.jar N/A N/A
N/A /data/user/0/com.code.stumpy.loco/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Processes

com.code.stumpy.loco

getprop ro.board.platform

getprop ro.mediatek.platform

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.code.stumpy.loco/files/stares/updates/sta.jar --output-vdex-fd=62 --oat-fd=66 --oat-location=/data/user/0/com.code.stumpy.loco/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 8207959afb63601968e5d75452d3bb0f
SHA1 e97df2a533bfd388e372ae08a5f023bfb248a29d
SHA256 204f8f5589aa70ec11d13d14568b510e017159e21311f10eb3ef67a34fb01c40
SHA512 d454fb86e9ca8fbd5639065d70d38df9f63b51886ac85c77f3d6fcb7d44090f9c20c28bad74242996cc9eb8334df2b7ad04206662e8cf3f8e93f892a2d6cdb96

/data/data/com.code.stumpy.loco/files/stares/updates/sta.jar

MD5 7219500f857b0c418b074759ba44301e
SHA1 07f557bc3d839260caf921852618ac762fef262d
SHA256 d8c32e40ba04065dd62cae8495eb47d1c251a6bc830778f80eb06ae07f04563f
SHA512 6086cfbeb32e3ded98d89c0f0bc01fac10e6036874e1c8e0ecb41864e62b00df5a32f9a3aa7bf126f6b8f1393db48abaf94ce528cf0686a3946b139bc50c8a68

/data/user/0/com.code.stumpy.loco/files/stares/updates/sta.jar

MD5 63425c66f0f75213b749622795186076
SHA1 0246e8104a8e5f97ecc2a30ca48b60cb8c10abff
SHA256 12279787d7df147ab2112cfa402f93edcb205334f8d08b0ebcf49c19f7ee1507
SHA512 28530981b932cef52175db72fa68aeb0d44d852e7aebc13d9b848d6313109d7ece366369eddda264a4ca08b46814b3f966271367ad0205a91d7d67a29862756f

/data/user/0/com.code.stumpy.loco/files/stares/updates/sta.jar

MD5 1895ebc4a529cfdff88439d2140f1c41
SHA1 3db0c02c9734c4e212e1c491a92006281e904034
SHA256 c2d2e925a001babc6f5d2a274e1f88664be2a888e8fb689bec2e635f8022cbc8
SHA512 61412d92c5077933c63f50adaa0059343ea4d4056598847a69d8d815e9828a7ecb964856c7d3972f2baa813b0b2f979129adf3b2402901c50e55e43811ac0df3

/data/data/com.code.stumpy.loco/app_plugin_lib/libabcdefgh.so

MD5 042246eb7c48a8cda97de99465e6a177
SHA1 f71816c4a80fbb7b63bfd6425d98db513aecb00a
SHA256 9a712cb778e9d43f8f4ea9fa2b9f4b8cc29daf74984d04f0c938dff21c118342
SHA512 2d201619998113c5d2990c92c28c973d557872bc4bbde153b5fca39bfe0b799ef0e9bf8c29d1304847f8e6691d55649d04c6a82fe8f03e621c9e8da50c50faa8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-14 07:23

Reported

2024-06-14 07:23

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A