Malware Analysis Report

2024-09-09 12:58

Sample ID 240614-kdkkjawdnq
Target a8bcd3113c7d95dcdfa680410641083f_JaffaCakes118
SHA256 9a611d9cd9d7e92b675715d9c92bde40fb00e7478b0cc929416c21619b4d20b3
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9a611d9cd9d7e92b675715d9c92bde40fb00e7478b0cc929416c21619b4d20b3

Threat Level: Likely malicious

The file a8bcd3113c7d95dcdfa680410641083f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Reads information about phone network operator.

Acquires the wake lock

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:29

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:29

Reported

2024-06-14 08:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

184s

Command Line

com.rjb777.rongjinbao

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rjb777.rongjinbao

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.rjb777.rongjinbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.rjb777.rongjinbao:pushcore

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

com.rjb777.rongjinbao:pushservice

sh -c ps

ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.47.161:80 hmma.baidu.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.9.210:19000 sis.jpush.io udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 1.94.9.210:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 113.31.17.108:19000 udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
CN 1.94.137.47:7000 im64.jpush.cn tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 113.31.17.106:7000 tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 1.94.9.210:19000 easytomessage.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.rjb777.rongjinbao/.jiagu/libjiagu.so

MD5 2c1a490890ff15348d2fc3815b2cfb3d
SHA1 922e1e5539c40ad5bed578a9cea9f076df02eaee
SHA256 4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da
SHA512 3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

/data/data/com.rjb777.rongjinbao/.jiagu/classes.dex

MD5 537c76e4f18b0a59fe0eed8341a2cdce
SHA1 24e87eabbc77a22c4b8e1a51a275e546538c26dd
SHA256 fc9383f0afc530901c3f105bada3f6bc5c21fdd423b81cc863b5d332e04f5e02
SHA512 7a32022dd55afd4bbfa335ff96450e2b489358efb61164c88ab8efe14e55690519c8b06d6bfd1a11a7424a4bc0dc777eda6db7aa10784c1e6fdbfb4c5906e229

/data/data/com.rjb777.rongjinbao/.jiagu/classes.dex!classes2.dex

MD5 e8439b7c5b9effd767e6322b03695c93
SHA1 8b5603c00f4ed0776051972c3f22b85d47c70065
SHA256 198f38f9a1048f24d523ed6d3bd24f45388cd3a8d675df922d6fbec26a84041d
SHA512 070c29281d4ddffe53b0979c834d7ab092eb5f87ee2fd78f72f704ebf9d2c91e431421e1cda79eddf95e8d95e31f7a4ebdb73732eefd18a3e2db7655ed1ac4ac

/data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex

MD5 6a4691c4d97fd146c77f9696663ce51f
SHA1 a8a4e3aea6c4f3d525b748eda519102a467497d1
SHA256 61d51746598b7af070723a3470fa3d3db18c7523d57d762c19101b47528b6d90
SHA512 e5e3eddd26222747b874b0a232acb4331829279977a136a013052639c491804f534e642ee4b26cc036b4dca35bd408d755ee7b6c106f40c0bbaeb6cad7d03304

/data/data/com.rjb777.rongjinbao/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.ri

MD5 01d42da39000ffdf1b767ea4e93d6b55
SHA1 e54359225562119df99b1848312d84ea4550fada
SHA256 a4c839b940e0d682fb7a7535fe0c7f05dee431630dbd521f72fb3871e804b9bd
SHA512 278e8c049d6b80813f66a573c6344cd6c8390acb7e8f4e600b3804220316f6db8d39890318df971a6f50c61540f67770f77b5c25201ed134cc0bca764f96c313

/data/data/com.rjb777.rongjinbao/files/.jiagu.lock

MD5 236ca13f0ef86b91952684e4fd87599d
SHA1 df494bd4b2bbb2d3e810b3a2aaa27ef7a2c19202
SHA256 53f7d6edd3f9b35e363cd587a9d5eae95b9e9cb019046533e4b1aea487b6c3cc
SHA512 cea8fa91cc92d1366b62a386d5106ed2c28f80c4335d8b1381548709f3fd4e6030093708ce176a0362a81a297fa2c2a4509c0a6dda7018a3c86f0323d0b6dd69

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.rd

MD5 d75297eae6966aab63f9c8291e4120c2
SHA1 10b4387dbc575044b39c937481e9d1cc34ce7b14
SHA256 b310150aeca6a1995445f4137a7f05b0f7c4cf589dd53334854aeeaed4332db3
SHA512 6048dcff781464b0bb54e4ace3fd57217242eb675a2203686f16f98707e13ef6ba8df1d09997f4561c34a4c8320a38f087ac15752965723fba6ec35298da75ad

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.store

MD5 448e391c59eef34ee1defbe4dee4c41f
SHA1 df1f890987371d7d8e6963c68b787856e42bc146
SHA256 55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512 ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.ac

MD5 0cccfd51c9d83b59315d70cb7bf7bb23
SHA1 e5ea0666dfc3b65b66dd44db433ae72db1799a38
SHA256 50b8cce0a4379e2b0fd60b69cba7a6444dd841f18c6df6d31516817ab12cba60
SHA512 5dc365a8d0da3ceb432bc325410aefaa08396b76fe6aeac9abb931a6d5b4f76035cedca5d3f45001e1db0e1b5a3de00263b45ce4813611bb10b58dbdd0375606

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.ic

MD5 b9488bbefaa03c9307a7e06e734df246
SHA1 5b7b6b062e928f2066300ce0d96d60910c754443
SHA256 c663102e6497012089f65d60389723e3090696451f9ac02c84e0d927a042cded
SHA512 73444a55a186d6c283ede830a49ef225b106f6122ebc6e30078468d3ad4414685e49338bd0002f40ae7e6775f38cdbbc90e3e6e979e6b974b3d18d6d6f7f574c

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.di

MD5 2b1ce588f138a9540dfd52781ea4bdc3
SHA1 09cc5093083be349a2cc8d94b47a532076c96d11
SHA256 5476c314b09afda9887e3fa437c4842c99b877746cf20f7217c4f36cb2b6c587
SHA512 a77f866c1891699bf54fc1270de6df702a005fe2b7173f9433f4451225247d9ede1654a4a2ba19707c18faa4ac4da786d9ce0047504e822f9ae334bf950688d7

/storage/emulated/0/360/.iddata

MD5 86903f69e181b2f0a38b834cd37069f9
SHA1 f04e7caeed54ab58a61b2a9cd5c92b60ef44326d
SHA256 fef68920ee60deb3327f4191d475ad29b302f5c806a2610789e634b4695fb8c4
SHA512 9949c33b616c4b67f3fdfd6e420eddcd922f9e5eff65950eed95cc4086ae60d27ac3084d1f397ae72d7592954d8d52efc8d30fda2c14545baeb27aeac35092cd

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.rjb777.rongjinbao/databases/tencent_analysis.db-journal

MD5 02bee55c35227e0c7567344f6178232a
SHA1 fdc7df2fb4bcddb6e4f7e1705616ac05c55133ba
SHA256 33babcf434932a41d5b4ba0a5eddfc9d4233083421f1016088b369770962f34b
SHA512 7a5f4f169197db79138dc437695e4b86aae5f2274e540121c039a34d41e7f0febe09fcc2d63571895d810ffdf9f59668e277bdc7f2f1dbd9b28bad7e98eb481d

/data/data/com.rjb777.rongjinbao/databases/tencent_analysis.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.rjb777.rongjinbao/databases/tencent_analysis.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rjb777.rongjinbao/databases/tencent_analysis.db-wal

MD5 c9beb13177bd2f6d203aad6bfbc3d499
SHA1 58634b53c993ae323eff1c58910f03a032191504
SHA256 66631bd17a596d9f0eec1afa1b54f227c40480e09c98d7d5ae4bda7e35550976
SHA512 074cb14c0f5c99c5327c74df68f8ffa66b42fc76e20b775be577306d0c3a512cdc59a084aa9166f58bedb4384b9dce03657b1e8c02a1a595fc1860c11e2dcc76

/storage/emulated/0/data/.push_deviceid

MD5 85261b37a53acf28abc9abc39ef1f926
SHA1 5ad940b91c5d8cdd3870c3d533f78e5c936a9755
SHA256 c3badd36f2a61228ea1c89719522c1ec73fa28f76f29fb1842f721869f08ef5e
SHA512 10e28f2aa5d21ab0e9b61173b3008fb32619594643f11b9ba11b3d5983c2f67e7b73f28c841c832ab25c91e3f70d8902877ef94dfd72cedbd0aee8d37f89527f

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 1e2d25229e35ec2fccae8f9f0393c807
SHA1 87bb9d6e418a7ccba47e9eb1700777ba6f1aecd0
SHA256 47cc85a3799bcb639e73f7cf29d0decc3dd2b6ba062da18504c623f2f78c5fda
SHA512 87e1d2de49fd8642886711a2a550b34f7ecf3708cfb11600c0557b32bfe50a300ecf51499991bda42ac22ba24c25f002e3da7a4ea85342ea11fe3de38c162f71

/data/data/com.rjb777.rongjinbao/databases/cc/cc.db-journal

MD5 d5b5ab2c0110af622cf513da4d59b204
SHA1 563f24fe8dc249c9ea1679ac20c365616a39f902
SHA256 274b733b26069b2b321f5716ec99445d070dbde2cdcf4f28f0753beea046f81a
SHA512 4cf732d312fe92da1a9c96a7f469ed3afe978e81ed34b345569fe146fe57682941567b4a3ffcdbe6b239ee8b2a3731ce5f71370e19ea7fbdfc434c099bf7fb00

/data/data/com.rjb777.rongjinbao/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/storage/emulated/0/backups/system/.confd-journal

MD5 b7f542beb4ea6219e61f2713fc5cf86f
SHA1 7329d856f4812f8f2c993c0241f680e64e759027
SHA256 74dc2baeeb53aa747e60ea8b836b6d9666c6cb73471fd747bd416d7598830cab
SHA512 871ae2f828bbb931a43194f2b4d32cbbcd069ffcddc0dd75e4f1dc27be2138927e1d514df3d89a2bd72060524bf525a011256dd17ec9cb4a5130684fb17b54c1

/storage/emulated/0/backups/system/.confd

MD5 495dd31c5989554abb17c71c71e3a21f
SHA1 5a6ee4f6b5ec93b67b3cddbac9c6a913b49404bb
SHA256 8854b78b1e098e088342da13de98f20c05cb322005690cbde46a260911bcdfe1
SHA512 3f1ea08f3966e353039408b345d54d9e8971ccb283c48660a373b2894707973147c189874db06ca3375a3fc4998b2ed8fe201b8edf39f6712820b7d266e3ae6b

/data/data/com.rjb777.rongjinbao/databases/cc/cc.db-wal

MD5 8f1abc9fdf10e39e71283b9ec5d938cd
SHA1 3437d2730f60c1c33a7a02ed9427a4eeb15bb356
SHA256 81a51973f17739b79efbb8158be6058bf725096c069163ae24bd8b3339f21734
SHA512 48aabe018587ae17df2096c9a5ccae5c64a50c659cc3c7b687509a196c484e7a316870e4b565b552c0d0b1dcbfbff33f2c7e0db27327560b0249021c06e9048b

/storage/emulated/0/backups/system/.confd-wal

MD5 17fa864533773836317867f79d400a78
SHA1 ec98ae4714e630520880d58edcfa1df1aa0fec2b
SHA256 71a2f3a8384c8e04cdb5f4baf885468f154fc5f24a90f92df73be76356c8bf05
SHA512 e25557b572db3f8bf955b053dd0a349d2398c1906eb0a150a78f2bd462c185edc377994af6cdf9562fc42e38a10f951d4b8431c246b0dfe715a70fe3f2609012

/data/data/com.rjb777.rongjinbao/databases/.ua/ua.db-journal

MD5 2c04ea0637ed25e35a9ef7278f0e970b
SHA1 3c4c52f86d474914a0bd01299a3d979f9408545a
SHA256 fb0c54514ee347a7b8f174fd1743c29e7e9ab41fc0faa5bdf8da3ba648288eaa
SHA512 b857d8119ccde3e289eaee144758802e16625cc3311fc66e8e16acbbb554ee047279fcdfd6a0cbeadc9ed98e358eb92138daf937345940a5a7d7496c51d3a5eb

/data/data/com.rjb777.rongjinbao/databases/.ua/ua.db

MD5 8ebcda9d7edaa5efd9f43c7e9eb9645c
SHA1 2bccc2fb38dda0ae847db8631e615a7e7feca621
SHA256 5cf4880d422dab8b057f1e0f6b7b2226d65587e3613f3515e5e0eeb64b496fd7
SHA512 66b490479d840a96d82ab36fe7b35387468ceb5b4f7330640cb0231f16a4a763d8c4f9da8ad62791360c6191e6762d2b29e4c4dd9c5eba3efeb5eb01a055d61a

/data/data/com.rjb777.rongjinbao/databases/.ua/ua.db-wal

MD5 0a408852b283d6df82055f206207afb3
SHA1 64b32e3d0cbe13a0f6d4a5fc834f7e18726dc9d8
SHA256 15181fe0cd01227cb36a2998d2270c34b8414cbd3d34474afad6890ef0b1a0b0
SHA512 26cd7bf3e66f69dda6a3fc9854942f52f39dd76dd98566143ae8a863cd1e2af221714ac1935f60e62757d566c58cd0e7977f7bb85c5eceaf4c522f901546c6d5

/storage/emulated/0/backups/system/.config

MD5 a14ecfc29e8c4694975d394c04e9fbfa
SHA1 906e973615ad3e48ef3da8a07af26280a414e7dd
SHA256 ad5487f018fc8cbb9372b57d112efa37ed867e2311ff7195dedc96cf1dee8d25
SHA512 b84230737fdebb478c4c87a15ef33c958e0567c78c680c08f2d0405ee13f063066d06792b431209def019cded61db061b4bed61eb416888a2e82f3e40b403850

/data/data/com.rjb777.rongjinbao/files/__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/data/com.rjb777.rongjinbao/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/storage/emulated/0/backups/system/.confd-wal

MD5 103435376252e80746717424d98f8890
SHA1 2de0f74a6736834281b0ec265bb2b508224beba6
SHA256 58fc1341b6d02393c062bc30d96b3fc435e7e2e47aeff5dbc8ae399b3088cc4f
SHA512 cf9273a073518a561b7c60bf0088f2ce1355671781bdbbbd2d7d8fb16f15cde5ac3b6db1d92b1025a734cfb1dc02081951a0cf39c41a30dc683e6a4550b4651e

/storage/emulated/0/backups/system/.confd

MD5 17a10febc13f1fbb64169cef2862f842
SHA1 ba2f1e775b464ab6ef3fa8112b43ee45105ae20d
SHA256 0b330f620393c59b3fb71ea0e651b6e79d8614c228ad6e61e1ab01e83728cc97
SHA512 dee50df43691256842457faa716fbf7af9459b9c7bdd87b513ca7bb23ff3265e4c4e540b898a29330fc812a28b12f0e2d949e0855fadc6a0e727c0061fc2cdb8

/storage/emulated/0/backups/system/.config

MD5 10f537e1df71e1227e2ef84ba5ae11f2
SHA1 e1e48e4663f84aa413922c4d44e58c0ec326ca43
SHA256 3535b3f81f7ce834d919e6ac136e3c09e355d3aeee39fc95d01d2a4c707fa973
SHA512 4dbc27b92e9f26354fae4ea68349af23e4dd8847ce7b615952dc4a633c9bbd582aa88f57d9fd7523ec46fba6af8dded78777ac058f4e472a503cd7baa9fbf222

/data/data/com.rjb777.rongjinbao/files/umeng_it.cache

MD5 942721475e977dda0c1d75b8922194bc
SHA1 e26e43c9ae3187dcff0f64203bac241fd0da955f
SHA256 4483267b73edce128d822848fc29bf8fdaa9a0b162ebd8ba205b2ce193998c85
SHA512 78482f2083beffc192155c6adc9669c1fb6b27beae0df33204a7bd5fd84f310d19f3519fae1b95b24b18dbecce9b5241d2d6618b0ec56f29bf61c14ea17a5ce6

/data/data/com.rjb777.rongjinbao/files/.umeng/exchangeIdentity.json

MD5 3c815c6fab3b8d80601c12c5dff1ea4b
SHA1 f5fedfad0e324f0ad9d40a31aca557ce38d32854
SHA256 1b1b03439b50ad11dfba974eb39da4bed71e837bdab4e4ddaa3a737a130129cb
SHA512 7bc35e103552b3edb1816cc8985e3e34ffb70611fbf46ad48360b2bf244ca4b78c9c1a36690d18cb871592325fef38370e013b6bc4dd4d5a8a006ec9e0e17081

/data/data/com.rjb777.rongjinbao/files/exid.dat

MD5 eb6840e86bad33c83586d0f396f8406b
SHA1 bdcf7994ce5c12c9e7dc43fcf79b1535fef566b8
SHA256 c41823db2d8fd1714dff82c110cbcf64783f6e5d4caa6233f1cb49035e8c4b8d
SHA512 25e26ed3b40ce176a25844737738d9cf0f589de78507f44bb77945d3860450da6508c6f0db6ad11920df6eac1a20516d6448eb6e3597d86e67e61237e7a0d2f1

/data/data/com.rjb777.rongjinbao/databases/.ua/ua.db-wal

MD5 df4019aab081971de9b7bc781be58831
SHA1 8b431e0cae03ca8c94f46ba0d72a0cab969e0d91
SHA256 66a2c501019fe9c8e30a77c270813c97c53411586cc371046f70e092fc3fd236
SHA512 41b4d0074a1b88cbc275ca1c4c15ceb0405377eff22cb4dfd656125f2a0d86481fab9e092aa3df5f40489fad6dfb53b206a63edcf5f90fca4c94b9f9090446c0

/data/data/com.rjb777.rongjinbao/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.rjb777.rongjinbao/databases/cc/cc.db-wal

MD5 a1c73837b9cf6f9e4ee9c4c65eb086e5
SHA1 3216512b0cf8fb055723ef2098bdecba7c4a1c85
SHA256 3687d839abfc9e4d654b0128405ac6a775b7e453a9cba6dce21a2d65e8d67ada
SHA512 c454d52151d2ddaf910b7fe8a07e83f32e76383ab54a248ac611e18e8b9e512d7b3ede107a010aba78ae982414cfcfb1b7ec65117df62475178a0d8dbf56e916

/data/data/com.rjb777.rongjinbao/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.rjb777.rongjinbao/databases/pushsdk.db-journal

MD5 8888b0d01bb1d8e21f5a8132568dc734
SHA1 7e00976e4e2933623bc155f23670fe28e065d3ac
SHA256 e86728fa909ba55e60d92d59c4994d1b2e4794b10dd556fb4039f74f3527ae92
SHA512 271332f1fe07a02e1e73dd87e291d1ae42648c96823f170072227b0cd9faf638a5d8cb75ea4e0e64fbf4d499ce2c986887fd0e1237e9da471467cd2968bc1108

/data/data/com.rjb777.rongjinbao/databases/pushsdk.db-wal

MD5 2e5e4f2d7352b8b83c22d0ad87640c43
SHA1 d6a141e9a3e8b451673c2acb97df7b2d098f45fd
SHA256 7c07cf3e497feb4efed6d33e77892741afaf2fdf744f6abd17b114e28a54be1f
SHA512 4d1899d5a9cf4717d3dd6b6c3c31333b451428c4607d6f3699d977f2f2991f2bdc14723fa6d1206c485b3e7acf209afeccb20c87113330e51e0039aea2694bc8

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.di

MD5 e34c1a8ecbce84ca7fe6cfbc1903223d
SHA1 a3f6e7197146f1d534c4d70a7dd2f6bd62777133
SHA256 170d4daf51669b791575d244c8c9a4b601b67fb2ddff5243134fff7548428164
SHA512 babb1a8b74645fcea5595447141c42e830fb57106daf2ba501031f82390d7032080764cb3782bc2152a197fcb80be54ad4c8715cc7aae6bd1b8b5b14badd8ffc

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.store

MD5 7b9483a1f2ac30a1a779304a669bcd4f
SHA1 2a5a44b5eb25411d8fba866d32499607fdfdf746
SHA256 ee39168f36af9e6934955f0b481cf098919f7e39c5633e0c7fbd4234d97fad3a
SHA512 8fc3740059b75b6cfd8a0d0984e8276cc026a5d9f3fbd6b63b6d79292440c79842f119ccbf8d42be5b2fc3bf0f76c4971b9c58b3530714856517d1f67adc4052

/data/data/com.rjb777.rongjinbao/files/.jglogs/.jg.ac

MD5 2f7f01cf36e900c5b4f14ddc84793c45
SHA1 62b86c112292e7d27420b4d5d406cba57331b198
SHA256 7476c356aa90cba3e5bf94cfeac91a50d6df2dde319cad8e2d91d95c3e195479
SHA512 644276bd3131ca74780f2e11f1e4bdc278ccb83658488ee7225c72ef68f4299ba668448822195e51abab08555dc84f1178493d98f4e2a0f89076f8d11d662500

/data/data/com.rjb777.rongjinbao/files/.imprint

MD5 ee38851389306e808d80864e77200f44
SHA1 21b14a2ecd3a2f098b17f2973af3c5bd4852dd5a
SHA256 4f64f3cf049ac19bd5ce27db782a19d3e4589758dcaa79e812c87822a4653200
SHA512 69bba40192f1a8fe56ebe6470dd693ca16a8aa5635538cc45978dbbd52ede3e873a5ca0c3c7a03af6ec6056f59563fc00129d212baecf91734627450691228d9

/data/data/com.rjb777.rongjinbao/files/umeng_it.cache

MD5 21e97d9c1a41e278d0d5503d345c7a0f
SHA1 fc7ca8a465c885266f357397e6ed2ff5a2cb430a
SHA256 1ba69d8fb729725f99ea33122aa047a7da947c75601c53590ecfb459a199fcd9
SHA512 855bf8f5ef4602d4a7f188c0003556701526dbfde34167cf44ce8bac389819374009e19209fde28682963e22951675ee7ec6259895e5fe79a8c1b2da9b7b7146

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 08:29

Reported

2024-06-14 08:29

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 08:29

Reported

2024-06-14 08:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

148s

Command Line

com.allinpay.appayassistex

Signatures

N/A

Processes

com.allinpay.appayassistex

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A