Malware Analysis Report

2024-09-09 16:05

Sample ID 240614-jvb42s1end
Target a8a1da9817811d7048acfc5633d7f93b_JaffaCakes118
SHA256 11155ba150b01b5b24c0d6fca3fc91ee1eb5786011fb75cbae7ad2ff820f67b0
Tags
upx banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

11155ba150b01b5b24c0d6fca3fc91ee1eb5786011fb75cbae7ad2ff820f67b0

Threat Level: Likely malicious

The file a8a1da9817811d7048acfc5633d7f93b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx banker collection discovery evasion impact persistence credential_access

Patched UPX-packed file

Queries information about running processes on the device

Requests cell location

Queries information about the current nearby Wi-Fi networks

UPX packed file

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Reads information about phone network operator.

Queries information about active data network

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:59

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:58

Reported

2024-06-14 08:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

187s

Command Line

com.bgs.blzs

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.bgs.blzs

com.bgs.blzs:pushservice

/data/app/com.bgs.blzs-Ca8a1mwGCURBvsX7QgH5aA==/lib/x86//libweexjsb.so 46 47 1 /data/user/0/com.bgs.blzs/app_crash/crash_dump.log

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
US 1.1.1.1:53 restapi.amap.com udp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
CN 203.119.169.174:443 restapi.amap.com tcp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
CN 203.119.169.174:443 restapi.amap.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp

Files

/data/data/com.bgs.blzs/lib-main/dso_state

MD5 a638c061cd0a987c119e07b169b91ce4
SHA1 4a03575fd34d7f3517551baacddcbce249d676c9
SHA256 d887a7424d23397b6a40724ee3317b88bf8da155d0817279bd817db1305818f4
SHA512 af8a27ecbfe9090705f0ded891366428232b5d89af59e61f8c20182ab8c454c3c6f2e378e68c03a40b2ec92285a30a68b7e7e9d2e89c295996b3e88a84f3e7a3

/data/data/com.bgs.blzs/lib-main/dso_deps

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.bgs.blzs/lib-main/dso_manifest

MD5 34c1cfa96104b8645acc1ccce841c659
SHA1 6dafa60c2d5d1aa68569b14ea6aa4c2ec5628c3e
SHA256 68bdb8d69613689576be9871464e2b269a6a740ecc388cb235a64140d9fa030a
SHA512 afdc240bdcb8ee47a4e35fccc9594edb716c18defecfd404155b041aae113836aa9a100de036ab56c663c2355d29a93693d680e8a8a9f4f4cf2722554116c722

/data/data/com.bgs.blzs/lib-main/dso_state

MD5 def7783eadf8dd720691bbe596b732d7
SHA1 ee2639dac0c01ad84c0eb26a102ac6f4476a8d74
SHA256 f6693aa4b5ca6493de6e62f3f5af21ae576703c333864ee24fe3d3bd93f6ef67
SHA512 023a68c3e1b60833438dd8e7abdfb13cec18ac19db12b29c27f20e952c4b7177b741fd2e05c1f1693f265e3adc12f43963ce81c8a721b39eecc94b3dbf1606fa

/data/data/com.bgs.blzs/cache/weex/libs/weexjsb/x86/libweexjsb.so

MD5 5507ebec985f1ceec29e90ef15129934
SHA1 aa65901187678615a5dc9b8ab11cab09abae9988
SHA256 9a9824fa247724da36229b32c6a2db5bf7a6c837de08255e80cf9eba5843b796
SHA512 3a66ac864e5e8376ae1070ef839e970cc39ffdc452e56052ae56081cdb3a67b404e2e89efd7c021d8dce69e6c69c312d4b4a7ca7feb7c46e3f197f0b90091a9d

/storage/emulated/0/.imei.txt

MD5 fdd58a9799413a3e16c451a3a24eb286
SHA1 80fe3b1c1a3af0e8f79113bc75d225d2e3976235
SHA256 5b438f799142bf13889f6eb6f9abbbc92470dbbf0ca98cf5a533e10b11e7e85f
SHA512 d414b95349c3278fefde2b8d30dabd0450eeb01585eec481133e86b8fd5cfc772ede32bb7d8d8944911c49432ed165a4e5da0b3bd219454ea9846ebc958b483e

/data/data/com.bgs.blzs/shared_prefs_ext/test_app

MD5 ff05c7011d65efa34b8d6f09c6139ff8
SHA1 b9886404a50ab0ab0e39204d148431ad4da8b4d0
SHA256 ce4f1ab61822919d4c371ef3ca7cc983a5164102217460e3b44d2678856e8ae9
SHA512 170381fa9944f7b1f0f5495f9d17b35c3a7fe7ee094c2ae9150babb077001243fe77a8a082d218499fe823e8ffbbced59277ff92604b3e6cfc5602b302f6c036

/data/data/com.bgs.blzs/files/cnc3ejE6/eje3cnc

MD5 c4ae5f8ca549aa64a870545ff0130c67
SHA1 1cf3bd9cda61e63c0cec82509531c98e46b3fd70
SHA256 9906204007904206177b8f26f32a6c8dbdd1346433113d84596f1ce14b995e12
SHA512 2d06e777a380a3695dac4e52d3f5c0c51949b3de507ac6f46cf5e242a7cdea31513253eb31c648342bfc28514c8c6e800edecfb382dfc0b87f6aae389bcbd5c2

/storage/emulated/0/Android/data/com.bgs.blzs/apps/__UNI__F3F2312/temp/1718351966553

MD5 5257f836a24415a6a3a4853a1e818edc
SHA1 0d55f949e243553a709449ce03f339879d8db5f1
SHA256 976345ebdf3a5bb2df03a0839d6186dda6488784ef3bb7af2fd9690cff871284
SHA512 520bceafc2109220fcff9e325363c704ea93a9b793c78f033524ced1cd2d4ce72e3e035d3a8e9d2af9a17cf5b9bc2bf0e5139938ac54d8d57f70c4acb4076c59

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/journal

MD5 ea7e42f759cff2225dcc6a4abcc15d55
SHA1 33be6ac1ee48e744ded1cb075b0deb444f944d89
SHA256 0c087f5aab14398fea8b206711951e50728eaeea3834121d5a2615713516d4b6
SHA512 cbf7b58b137a1bbb49ce828784112d4f0c70ef80b09aa72c7a533db49a3b084fa36ea58716f364f11146bf976ccfbf1aa8bc1ce045813b4716c83971f59d6a3b

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/af898109ab611c08c97e112a35d586931d8a420f47a7b00632040b457024505c.0.tmp

MD5 f9ea722b2348e212ab0c356c2097442a
SHA1 d11db1661dd122eeed5d12a7a662663fdc88a599
SHA256 bd5e5ad29e1a041afb550f7c83b9b0bac7bafe5cf7064bf4d42f87d01eb94ecb
SHA512 bb19560a253cd13ed4781589623aa5cc47f1820a78a01589f7dac29ea079ad1a1fba9a8240c9833e35c67ea23e6192e09cf5697e31efc4be26025dee548d1b34

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/03f074e6d2b1da554aec8194fc2dd254acb303315cb5d605b02f4f25d83ff11a.0.tmp

MD5 8a28067a699a8e6a6426620eecd03fdd
SHA1 70a2124dc003f74f4906a2f0f632d51048e7471e
SHA256 a30a79f86529382ac350802b72dfb300bb260afd7c248809024dc142f5b75061
SHA512 4b586c9e25829ead8e1739a89488002932bf8609325b2d3c9390c40a45bd60892b9b4e9d748972f00c342c24a1b6d2ccb6eb91899a3894ef975f27d496949a91

/data/data/com.bgs.blzs/files/init_c1.pid

MD5 95bca51dd9a9064f3b245a3bcfe95635
SHA1 51fc3fdb1f461b58081fa4b2f41b97c37806c776
SHA256 d7a70ea9612526628d624028e7132ff0ca53614ff553a6bc49cfa37f05c2c6fa
SHA512 4f3d2f11248e1f8c017ac0a80e966ac0feea873915d3b64347d6b40132a1c3f285b10ea3914fa7c286de7dee68e99489e6b467a9d5c13da441bd8970caea0835

/data/data/com.bgs.blzs/databases/pushsdk.db-journal

MD5 6de153d032636cb3f8c61b75d0a318c2
SHA1 77ed3b40d95f4cefeb937f64d2c5d18c657e2303
SHA256 f385085ec6cc02ce890e5e9be731886606c4b10dcd56aa6364b637aadc6e0dd2
SHA512 0c0afa3f598315bbea7e06a2261604278cd8c426b92877aee194603144afd610c31a7fe48d18738442205f0f419839c7bc7da901b478a8d0de8afd68ff724323

/data/data/com.bgs.blzs/databases/pushsdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bgs.blzs/databases/pushg.db-journal

MD5 13d9135bbf70045e32867a5560ab4c75
SHA1 27b748ce6bdfb70c66329fb691b89ceed326e3ad
SHA256 5a1bb720a89fbe309628fcc0afec8ee331a6a41ec6a66797567670ae866392b6
SHA512 9431911bc925f0b1c560dc60dd72c4e1ead629bddb72a9c3987c876dc6e9bbd83315f1aa7a352237d712c5ee8e95dbdf58df3d4d832effb6d867d9b6c0d7d009

/data/data/com.bgs.blzs/databases/logdb.db-journal

MD5 207d48562e88f92df8f8c9c79b3798ff
SHA1 65345703a08db97bfc0b168a8a2532ffa3bf14f5
SHA256 8e0d965def466a792657b0e319018cccccc18e380e1da13575b1b24fe68c2211
SHA512 c9f5c4039a9a664f6288b24408cf7e86b242c55ed4cfe6626b7e63dc763f6c3da6307ad094f5d3d6d06002f14b4bd50df2c9fa2da7a6e4eeaeb6774406f01689

/data/data/com.bgs.blzs/databases/logdb.db

MD5 a7b5debf648af8527d38065f285c6754
SHA1 ad8513c878ca1483a2472c7f8dfc8a416418517e
SHA256 0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5
SHA512 c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

/data/data/com.bgs.blzs/databases/logdb.db-wal

MD5 8d36ba82ba36d40ff2ee0909ef67a659
SHA1 87a8394a0581a38697dc7f24fd7d90953d2bf9fd
SHA256 d9dc038dea13560934c9531c5cbf51a569385c020a259a0279befee638645c62
SHA512 2d2af923dc3c57ea72b8e7a675ac3f5fd4e48030daf5f878aa22ad8ff8f377e2f26a0e5c4bb0cbe00ba50cdde92381666f0247d62a9cd70f8cf0f053bb928aa8

/storage/emulated/0/amap/res/global.db

MD5 576486bb03b15817da994d50a359838a
SHA1 06874915fc0a1b999442c5bffddb0619db085dc6
SHA256 b6aff4a05d748ac6bea8b66a366806b18a43c67068ebf4174fd6d782b3919fc2
SHA512 04ffe1cfac818bfc6aab8b07c61af790f9c753da5ea092f28c8d13e0de7bde9d9c59b109ee98ab3c8d2e503b85602e4fd18cbd7e714f26cfec86ee4241ea4cfa

/data/data/com.bgs.blzs/databases/logdb.db-wal

MD5 42397ac70c2fdbff5278062a1c65289a
SHA1 874573a964ae28eb173baa0ed61860674a798d12
SHA256 d24fc852c4901601aef57efbaf0d91e457e6d3ee0b1fdbaa61a64001cc61aacf
SHA512 2947ee41e10316ee97a008350d2628d50a82d02c0f8b870351edf76c036d67348b21fd0db4cb237bffb967b5ff4969b6c2a1b864668ce987083bead7f9d5d340

/data/data/com.bgs.blzs/databases/logdb.db

MD5 be5671c81eff187a640eae8b1b07c320
SHA1 ab35edf013dbaaa267db3c871bfc2c18ba68ca2d
SHA256 4351472efff537a26a79e22f26d027596234d9d5245342161103a33215494a40
SHA512 24658194aa0804bd1057a7f449ad7693162054519746b6e326730f5c6d4539ee9c31307d74bb81dc3c42c526dee84e257799fa6bf4b98409d1ab27c24c730bb4

/storage/emulated/0/amap/res/__MACOSX/._global.db

MD5 cda569aa7958edb30ea2d6f940b13100
SHA1 670ddd1c8fabdaf1f32b98f1ca60e6068a3617dc
SHA256 6b7b785f1e7d967a363c9f95baaef6df1a60acc55d6f0d4d4225ba7c3fbc76e0
SHA512 3b49078122ef0cbdc692430ff95f8d340e23bf0a3052ec00a12eb10d8be9380b200bb2a3e2ecea6b8a53b38609ca608af094bb651edbc25580ec111fb8478c38

/data/data/com.bgs.blzs/files/a/k.store

MD5 5b48824add677736307dfe958570be21
SHA1 eac2d95f98a468d69f5cb75e7baf55bcc93874e0
SHA256 d978f92a9e6449d00049112ef4c6fec17dd953f6b2ea7ec3fd231447460b94d2
SHA512 dd3b9bb18547c1a4e7d0a4d02b24ee0078eea87aaf2981a9ddf16a302583e426c068a69f011cd9107b9af6553d7caad372f9dc37c43e15bfc79ae203c5cc1102

/data/data/com.bgs.blzs/files/a/e/journal

MD5 b1161dbbf6f0ad52756c89b345772755
SHA1 cbcce3f281dd417b9a4f19be6a372bef00b3f063
SHA256 8776ecdf5c30b314c2b6b75a49ba84102b7dc96cfcf484c54ed639ded784e0fe
SHA512 84360ce614452d3f10ca34c1a2a3fa584e68409abcfe2712b546ddb5f69f07ae6ce0e996e7eb07296897ba56ae5dd7bfc2f590ff2a0d4a509ada86393b4f8b5a

/data/data/com.bgs.blzs/files/a/e/4079106575260.0.tmp

MD5 02306133ac436395ed44bfaba5ba279b
SHA1 1d79061f7af3b50b489297b17ee3213693551599
SHA256 31128bbb1cab8016bf472150b9e46cbc7aab22e78fe974532496dfc89ad2bdf5
SHA512 bac47e541328a22b4fae9eebed7baeed60bac2a9b0b9fddd54d57aeac455d8dc941f1baed86618fc2c37cef86c21d28e6952261eb3505db445e2743c206bba21

/data/data/com.bgs.blzs/files/a/e/journal

MD5 307af7f833e8968fa61e34da3425db6e
SHA1 a56022b56f995d16fc293e8115024336ea7130e1
SHA256 216d957f90867ca27b20231caddef9f722453ebad5c17b324df412736ef68193
SHA512 a67822d24ea3f06239bf43324a04b9ccc3fa36300c0aa49422fcbd4e91dfb76d0cd9f1a68887a72810cb0d31e56ad9edee382c2e1664832a034c4c1bf16ed254

/data/data/com.bgs.blzs/files/a/e/8279151128330.0.tmp

MD5 f88fe42dfc44d1c0cda1c1a6fbd43ada
SHA1 334ae6d142718b1fb7e01989a639c8fdb15b565f
SHA256 feb59243ff448bb8ab4aeda5ad04dc728b1c83d45eb8382059f7d7de25653885
SHA512 d0dd92883541a27833e078ee1f0633e88fb11034f11e03d10971ef80d9b19bf971508488c169abe552e5e3ea954a72abb84337e0136d82deaa861c955647f404

/data/data/com.bgs.blzs/files/a/e/journal

MD5 0bd174a15888074b37110907687373e3
SHA1 59299789335ca2a42882632e9a3ac21910a7324a
SHA256 f33c50e57f71d64202d60ce415a70f192507c7b01866f3c71528a87aa1dfaf73
SHA512 26dfd49be5c561899033bfab8d5feac8373dc1caa9437dc9d22eb34a8163c18043c756cde624d825eb3b8217ab0ac541e86c4ce373d55997f805fcd82fe5cc4e

/data/data/com.bgs.blzs/files/a/e/379204213130.0.tmp

MD5 538962b29894cc908916080dafa8b29b
SHA1 1fecb9cae9cb23bf04370e501c070779497977af
SHA256 0890a1f8160b2cbb9b361fbea7e6c74ac4d4e61586a42600355e0ebdb21a6edc
SHA512 b2930f673c92d28f4021a7c0fe1246ae2a5140e2a1ff9be00b541ef0dee261f79e13028a1f6d445fce9e44348f4f3a24364bdb93f9cb16cc7c2935e074fa3514

/data/data/com.bgs.blzs/files/a/e/journal

MD5 b18a46fb5b7880e2365c4682efa879d1
SHA1 982221e51a83b30dceacb2d138331a2e517d19ac
SHA256 fea901a0a8c0ffad9c437b95ee0f621f16b2153f7e4d362958dda7e11ec39f17
SHA512 83d7c931fc1d5079f8d6fc7afa8d030a19c1b54a2d7b316379c30349e18d23dbe43105dad9b21cad9cf667b91c93a06828f4a47a55615fa5fa3426f8b2b630b7

/data/data/com.bgs.blzs/files/a/e/4979330651660.0.tmp

MD5 8de344e0f5031a1cd8d52035fce9898a
SHA1 5f47b12d7a5f7911fa35db10b169ab0eea3e339d
SHA256 a9a2e148409d0ae181d2891359500ec30ebce9d0c5db9081b66e3c6e7a89b641
SHA512 db1ef246a4556b0961b9470c11d703c5b33d3206b75e367834eceda2b690ea935fe46e3782688d28a8da51f6ca0bffdcaf89c9e76125864e87079a19657621c8

/data/data/com.bgs.blzs/files/a/e/journal

MD5 6f283910be667eec1806d0767e4474c8
SHA1 82de103dc19455c27c7cf58f6bb08b3e9865b947
SHA256 a88a00933dba7d42f51c3483cc0a55e9ba2fa091e2f9567b2afa0e860bebd0f5
SHA512 712c33e83e2066b893242d91fcb2177ae8a41b4ef7dbb312d86ce095ee9dee9321bcb644946a119f9cdf07faaafd002539af4c9f3dde6078e402b3afc4593eb6

/data/data/com.bgs.blzs/files/a/e/1579386719490.0.tmp

MD5 14e322c7a4fb4b1da10c37a9b4d9167f
SHA1 3bf043f5f54cc3f99f94dd7a8324f83d13d10718
SHA256 7ac4718b11d879661528ab26bb1ad0ec9eabb6d942dd714d2f455011bafa1ac2
SHA512 fc88f7840dc7098964e484ecc3e3e2f813371fae70b967df37e50c3dbdbdb2a0f18277b6e68fe482e2d7685f9b1099ae4b67f9cfc5cb81e7d1ce2bfdf75fbbba

/data/data/com.bgs.blzs/files/a/e/journal

MD5 f096e75b3efdfd5dd337f4e1ccf07183
SHA1 d14278511b0d2197f10cb306142f507770ec82f2
SHA256 8643c33ac1c99033a0a6545cdaffeab215a90be8cda7d0b6d2ef0e44b6d2ce44
SHA512 5717dc1e644482221f769f29bfd45603d7cedc063d177c5d6ee804cdac02e11a8b162c670e076613d3eb3c893849c272ab4127f3ed768f2b30df1357950d8f79

/data/data/com.bgs.blzs/files/a/e/5879450944360.0.tmp

MD5 f32a72ac9efdfebc1d893079703abf31
SHA1 7e1bee1cb4cbc4a9b3795cdc13b0331538b5caa4
SHA256 4c5b1f981ced14c0458c59a3dc33179599fcb1e168f29c262ab8c38dbcdfed0a
SHA512 0be5aef67cb2820470f716db0387d77966250ac35c3e6aa055fd590390dfccf7d0c8c28d9da9b5278e463616037cf3b495bd7278c2ead9057bbb759c7a28cb3f

/data/data/com.bgs.blzs/files/a/e/5679540324130.0.tmp

MD5 3149b024ce791ef6facd5a1fbc368cbd
SHA1 bf578d3d083b40a14df6e2eb415c915aa22c89a3
SHA256 62c0ccfc5740bf0243bea49b7eb3cd7e8b6c5c1c478b423a9f6360d47bc3b4f0
SHA512 df844a863a0bdc832a0204a0c97412ad7dbe20b0440bfc763efbc534d4510e9f3c2c801fe68253c0ee041c3ebb74c9f3de4da0234f9762b3c29d45e3d14c9fb6

/data/data/com.bgs.blzs/files/a/e/379616375610.0.tmp

MD5 37e58dbb732095ac7c98f1b1272af27b
SHA1 57ca06c9f5c7f8d01e89a4c245137abea49fcdbf
SHA256 a39dec6520bc06c5631b603fadac04cb067bc249cd02d170530b9712b2bc68c6
SHA512 e63f8e8897489e32f4a69cee6e97c4c43bd97bd2f593e1817be400ac2848f83f1932390ee78ccc85aced94f3fb67256a70426b3847bb2351c8342bf1becac608

/data/data/com.bgs.blzs/files/a/e/9499770329710.0.tmp

MD5 fcdc68d54f12e0277f632db9dd47389b
SHA1 2f8b9c9821b2f030e52b1b5aa9652d5d62064566
SHA256 3e043bfc68f7312f7819ff1aa64496a48dfb7b5c45cf42eb2ad6dfdafde34f69
SHA512 8af5bec5bad040715ddd815232d1457bba5b58998c04c90e04e87464da73f8dc4a01baa07679aa661169d839936bfe237fbd8deedf2ad85d21ddaa8a035f0538

/data/data/com.bgs.blzs/databases/logdb.db-wal

MD5 d606535408bfe20d326519ed848d44eb
SHA1 f8d886aa39924a53c7b45cfb144df91673fc7a65
SHA256 632a4c0bb006549248ac4e326ebaa8815378d278f0c03f6c96bf291fdb1c3708
SHA512 c655ddd11a87341a6a02f8e2af584b1c2db30bcd40c93109a340e54b07478b95ea36b5f3c21d4ec09867e0539be29212d1ed31db5e3c65abff5f45874b898e4e

/data/data/com.bgs.blzs/databases/logdb.db

MD5 f78edb647305b7e1f1cdae6232f18567
SHA1 a1896771b0470894678a607b38062badb06d8e04
SHA256 09352d667fd655b4a89e7c5bffc2a84e7f342e39ad7df825a8c8a8adeda7eebe
SHA512 14d0ba079c9b1a42040047d819a870a799660c3dfbbc4782c912dcb6363a7acad26e45d054ad70bac7644510e691d3ef5ce7c221367cee5c0e3bb9efd184a41b

/data/data/com.bgs.blzs/files/a/b/journal

MD5 0cf77f36c527abcba3e91da23011c1bf
SHA1 3bd240ceb6e24c9ceb3e2ac8cbaab6cec10cdfdf
SHA256 a6bb2d97757402adee9ec84cd2497f9e23a9408d3ac4f09f2d8fd23066cad0b6
SHA512 6e6e40d6ff7a2e539b81246e9176b4ee18937c9f7884592a91b7613f4eaa754c54c97dde39c6c7c81fbb6901231c3136a288c801bd3c654e58bf24a29112cca4

/data/data/com.bgs.blzs/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 5a775e19b373d50823f33fdc1a290cc4
SHA1 d802cc4f43ddf7eaf1d7339081ee81262dd0c9a1
SHA256 1fa74c7725e5fd77284b6f2631ca656c0a088ba0eb36f8b1a0156219e6eec500
SHA512 49ccac66fba986a57b995651d1733c7da07c52ea161f7773661fe098bda77c6a12feb43d17525150700f5669b2d71785c9d171b352c00c0fa2634b6e2240c370

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 07:58

Reported

2024-06-14 08:02

Platform

android-x64-20240611.1-en

Max time kernel

175s

Max time network

193s

Command Line

com.bgs.blzs

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.bgs.blzs/[email protected] N/A N/A
N/A /data/user/0/com.bgs.blzs/[email protected] N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.bgs.blzs

com.bgs.blzs:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.46:443 tcp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp

Files

/data/data/com.bgs.blzs/lib-main/dso_state

MD5 891066988f89b8d918007c5011c0f15a
SHA1 4efe5ae4ee6879a9ab9242931d8f0eac8b5f36aa
SHA256 5fdea7434ad4f487dc15b1c52a186d6fd8c17352799eb951d147981b5958c136
SHA512 33863f3b52a0db55ae692e4a0b9f4e201b8259eb63edeb09a5a01d0daf1b69f77a19e6950790a0690e422276b1b4d06603c3d4594f8287d597960a9a954d6540

/data/data/com.bgs.blzs/lib-main/dso_deps

MD5 33ad28c0a149f73f91e4a45e04405ec0
SHA1 85b811489b37129c158e2b343850257f4a049a08
SHA256 1aa1796be9b69530f85fa6ab5e89c0bc75225d4a20add37d6658b4874371ce5c
SHA512 5abd85b406591c024d827adbf351194da54378a1e06c9b707fadca402d5ed75c09ba3d6a23eb5528f99cc1732e9ad602c8b529e1d543583fef7766a641d57e41

/data/data/com.bgs.blzs/lib-main/dso_manifest

MD5 04113590814dd959aa044b0a669ceda5
SHA1 dd2a653a16801695e83480198af641b9c0394af7
SHA256 5c038a83b316fbffac4544d350401e8328446cdcec616e4ea4562c0d2a28afd1
SHA512 8272af7ebbe7e1d0008abe130ffe9465e50b2cebe81869b66ef0e6b02c2beaf8ab39f8ecad1ef7c4fc27f99347c43441d87b51d6463d48c98dc356e73a8dfab8

/data/data/com.bgs.blzs/lib-main/dso_state

MD5 ef5467ad598242d0c909eec6f6575a2a
SHA1 2e708b5520639a9d88ed31c1aa9d09f69bc24645
SHA256 a4bd0d2222a644b8dbd9935411da9bc5e11067c20a73ffd9d3380f15e15be08c
SHA512 4f1a1939aaccd4e11a82c113d58af13bc4e5f1ac36ff844f1899c77a00a5f1acf902148784ad0289e26021ceb1aed76607f3517dde52ac96ceb2ff41d27daa8e

/data/data/com.bgs.blzs/cache/weex/libs/weexjsb/x86/libweexjsb.so

MD5 4118f1d0b100806f81d5edbd393a4376
SHA1 1b95c7a46c6adc23decd60dd2c5f775cb207f48e
SHA256 85a8ffdcae834337567aeeb6e6035c4a19586fbc12154512e56c8b93997bf732
SHA512 a4ef9575fe8ace57e98c3aabd3593a49dabb53cb9150717222490505138650ae8c1c99029e420721c82877c8e0bf9d36448f8121882880dd40af398bb0efec67

/data/data/com.bgs.blzs/.00000000000/A3AEECD8.dex

MD5 0a11ed63bd34ebb0127804ca750cd08b
SHA1 13ed8b076a4d154c0dca3053ce4a536e3c730d3f
SHA256 7b7e6e6f8db1a103e87e5ead06bf764e075cb3911f1c4d03c2d8ad6009c054a5
SHA512 5d2503adbe43200a1925b3c13175d1004e62b08020b5bc5bff92111bcbe323966bff37a88e8480a181d761a6342289788afd18def6898c7c844b7da94ecf14c1

/data/data/com.bgs.blzs/.00000000000/A3AEECD8.dex

MD5 1b28678ad864dd402c80eeece708c6df
SHA1 54a366d8d52c569afd21c26192e1519d04da6cc1
SHA256 127a76356e7a84da426f8931c3b4cfd91552421a6a8c55c8b922819906ab97ca
SHA512 f7ed58ac54291ae99fcf93d6d8980dd48af4f3a3be8dd7e1d008170dff88a65ffda0faf9a5d47e679761b795327f26f6d0975868b0e3d1ea1318fbeffd470b29

/data/user/0/com.bgs.blzs/[email protected]

MD5 5061e4948844f7d366972ac8005e9f13
SHA1 a2b79a1c79afb095ddebf0f16a1f9db64482bcaf
SHA256 3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45
SHA512 223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

/data/data/com.bgs.blzs/files/.imei.txt

MD5 a22a0f449fca9d9b94870aca089b1441
SHA1 849954afba3b98b0dee87337a393196c5a352f5f
SHA256 f1c97a8987a01ccaf38f4e3c5af69a369c65109b7526d4997bb22cdc6d40a52f
SHA512 7ab5156b036632b2ecd33426f4ca5095bf41e25253b478ec4cb94d78e9e4eae104b8163fc9805db37cf5416daeb22ca69b7d46bcbc4fc860aef22fbd2ecb722e

/storage/emulated/0/.imei.txt

MD5 b7bbe568e1734339c88e431c9819f2e8
SHA1 abbbdb924f6658291b13cfdc19b7097334341151
SHA256 73fb123ed844f21acf401158ed6ad166afbe29c2e391eeb8a0c5256b918f0767
SHA512 e5f24c5849c20c7fd44cab0c9c27a4c58d475e579f6262cdff52e674bc26004ba629f558c8aeac4aeb1e2ab92879449ed2c9b14b1044b8d91e15552d3f8a115b

/data/data/com.bgs.blzs/shared_prefs_ext/test_app

MD5 ff05c7011d65efa34b8d6f09c6139ff8
SHA1 b9886404a50ab0ab0e39204d148431ad4da8b4d0
SHA256 ce4f1ab61822919d4c371ef3ca7cc983a5164102217460e3b44d2678856e8ae9
SHA512 170381fa9944f7b1f0f5495f9d17b35c3a7fe7ee094c2ae9150babb077001243fe77a8a082d218499fe823e8ffbbced59277ff92604b3e6cfc5602b302f6c036

/data/data/com.bgs.blzs/files/cnc3ejE6/eje3cnc

MD5 d92e355b2e45b4625d624fea2ad25549
SHA1 185a750ec509bf10f342d96f86461d64da4117d3
SHA256 7e522c30f185cb62980733f9431dd8cdcc42a2cf8e64898c8dd2165b6f06e4f0
SHA512 2062e7c8f901e8f73e5c6b588cb6a7ac15697b895b8c16125d97b9cfe8671fdf539930a6dffbe7994dcc011a4bb6f3460e741f6a425be90f32370a2dfd89a7a9

/storage/emulated/0/Android/data/com.bgs.blzs/apps/__UNI__F3F2312/temp/1718351964070

MD5 2e8483bfc6afec28a9308dcaf88fd67d
SHA1 bc00778aa7c74bf608eb5232d8be1881934c7f81
SHA256 5835045c442c190201e3e31aea55d546f6d38d7e1478c765feed271535274457
SHA512 35b6eb7e94ced96fb6dabcbcf97ffa6f84a956301c01a707850783b950255151b4ae608114e197a9d672374345e353ad417d7fd86f62c96b304c024ee36b76ec

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/journal

MD5 5ee2c90b716c912cd96df0d28b11f75c
SHA1 48111b407bfc86ff8d90a69de2a8b065b57bdee1
SHA256 f220ac37744f290233effa8e6f592ca14063bef086e433cda08a493398fb2538
SHA512 8a5ddb94cbf3d630f2ed5777646df0a0ebb8ce2feb62117d61fcac119d3b011030d7366726c7e24d174d7afc6186815438329f651f12dc46323a652311512e5b

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/af898109ab611c08c97e112a35d586931d8a420f47a7b00632040b457024505c.0.tmp

MD5 b2538e5882a4af720be6b9c70d92acf5
SHA1 c004e94856bf6085e06115fbd0eb85391e03cd82
SHA256 f8376acecfec33904fefd9078742868d4a30ee2cea1990f34a12e24fe40b6dfa
SHA512 1ca0f1c88b98860caddbfc7f492db3229c70a3e1d465e569a58dfd95c076baf4395cadbd6837acf9edbd7680749b34816bb93b47423ba4330abd81652b9d6f6b

/data/data/com.bgs.blzs/cache/image_manager_disk_cache/03f074e6d2b1da554aec8194fc2dd254acb303315cb5d605b02f4f25d83ff11a.0.tmp

MD5 af6fc80a5f43ed965335db8bbc8af4cf
SHA1 6cd2031f58993a6713ea28beb9279ee17eaca38e
SHA256 cb62aa8879e0ba488f345bb445b1f550a20e950f41ad83da8109f7141e481ed1
SHA512 2776a00cf5783091243dac9a3bc4d39a40993021007d3117f91015742cdbf02350ee92986b3554810b09b71ab251b2aa962c36bebb22caab86acf0f839a845ce

/storage/emulated/0/Android/data/com.bgs.blzs/logs/com.bgs.blzs/crash/crash_1718351965234_2024-06-14-07-59-25.log

MD5 2b2e31423b88e56f3b2f932c0d76a70c
SHA1 2637c6d4b8aa7082a8776ba85b673e071049769a
SHA256 af4ee04da64a93d717afd672a49e0f4fd3290905603728a8c9e63d26484fe357
SHA512 c530a5a5a8adbf0a520ed22d3e9d0278f1779d31678d1763cd3e498ff390b7a45e23c69ae3d0ac65eceab3f3febe343393487c17ad5f38a46b3a7b7ded806351

/data/data/com.bgs.blzs/files/init_c1.pid

MD5 2ce3873858c409f166b44174491ce2f5
SHA1 aa17eb611205c6c39683089c924b09d331da4330
SHA256 1ddf34022457295f17557b188ba8aed57b23d0b421fbe9d10f9662443bec0816
SHA512 6a7a3a61f36019b53ea69423462d55550dafc3c38bcadc501a5d7dade452d59a6b1e909957c686ec4aac6709ed889baa42648f12b3d1fab5969dc26fcaf8876e

/data/data/com.bgs.blzs/databases/pushsdk.db-journal

MD5 90375355980f3fb36a999445af1c37eb
SHA1 3e224f1ac34c4921e1ea792b378aa7848a47e470
SHA256 498dd8329ddd594070ace3a1c3ec55cdb01882e3866b30ceb4ec685758d4b87a
SHA512 565e25351490462113fbdc4abcf52d3a4847ae853fc85e4f22b18831a1846944853067824bcae4414b8410b5f2d67a7a3b07ebc9de3d645365fda4bfb36b4ab7

/data/data/com.bgs.blzs/databases/pushsdk.db

MD5 8997c41e8ca1634d2746a6440ac84579
SHA1 7632560dbc4a9b81ed0d14fbbcccf9dd4851f118
SHA256 63067332af0df76df9df1e12a7a2a231fc7d5ed8e6f7c24038b35ff5c86dfdea
SHA512 74604cd70d5e8234d7fdf7cd885b7cd1b820c86b65165256fe0ca5fc33021e11f939b6125979dcdb73c9700380c42ac5f3ea75285ff5c4fb4140ee9c5fd2f404

/data/data/com.bgs.blzs/databases/pushsdk.db-journal

MD5 ff7afb70ee235cba604c0015a691b69e
SHA1 00a3c8766146715b736cbf5f73786e1845175f76
SHA256 eb599aaf0b4da030fc511aad3536e7d0eea54269c2a55877a6a091009849e0fc
SHA512 2f9140f5172939b58bdcf7240256c61ab019afb7127e9ec7626eec2b00d289616f55beaa4e9189122fc164c393d3844c67d20e67a69e5485cf40383e64211f71

/data/data/com.bgs.blzs/databases/pushext.db-journal

MD5 3359a3c8b8f941245ae85a3a0610f68d
SHA1 ff301d5bc74b6d52a9a5d1203a1cef0c18ffee87
SHA256 665fdea4f2c9a653930399dd951c453f9817bc6a3865dfb7950503a59b2e10ab
SHA512 30afc53a5d0f431b120fbf12a372250b2254ad99cfabcd242a3aa54e733ccbb7981feb590064b4468c6d52f2a11c7ad7c7b6e767aeb68b07ad58a678b39d1d7d

/data/data/com.bgs.blzs/databases/pushg.db-journal

MD5 ada7a75e129b1b4453888ae6a3de0f8f
SHA1 52d005771b4c240a3f31736086efce163dd5a5e9
SHA256 725d7698b160497dd3355d6c431d8f4bdb3872902f317c61d6b4824e043bd930
SHA512 96feffe12fd6409e40c8f7da6066b1ceabc4bc94670deddd58f15adb8f881c786cea7053ffdc9a0f76ae5cff2dcbeb4a8fdbb5f38160d66c1cb6b1f4a941febf

/data/data/com.bgs.blzs/databases/pushext.db-journal

MD5 60b02bbaede6b8923c7d35af8541e2ab
SHA1 b87aae78d52af7555ef7abd8514874ed51bc0742
SHA256 e856a4b7df0bc238c92af7cb7fe06da5bbeba2a5d6d3237de899b1c9687b8f81
SHA512 3091fec398c33f6422333ad8eac4969b4417a37c832049ae7e62740c18605e775fc8d70c216d55ec8ecc603c09ca30cc00170b66fe78e5b21c97d7e908947dea

/storage/emulated/0/Android/data/pushSdk/defaultLog/2024-06-14.log.txt

MD5 74841916ab77399882d53de3c2bf6753
SHA1 b1500c2ce7743efb83ef2a907607039002fd837a
SHA256 4e678177705ba380616670c42ab8f2d3d0b55540eb3bb1e456a7bc194ace60a7
SHA512 13e1a7ae175df4d99bd59b2d876bc1fc916d0a7235afbe2bd3d116657fddd350e3c36a40a0b1a02450fa5c2a9ead8ff5060c031de7d51e751dcb84e5c9f9fcd9

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 07:58

Reported

2024-06-14 07:59

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 07:58

Reported

2024-06-14 07:59

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 07:58

Reported

2024-06-14 07:59

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A