Malware Analysis Report

2024-09-09 12:58

Sample ID 240614-l3149awble
Target a91b5bfbc13dd12a1ebe449bd2c3e044_JaffaCakes118
SHA256 d09e419eaf126355af50685f1b892add4e1a553204600134d12a1461269bff93
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d09e419eaf126355af50685f1b892add4e1a553204600134d12a1461269bff93

Threat Level: Likely malicious

The file a91b5bfbc13dd12a1ebe449bd2c3e044_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 10:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 10:04

Reported

2024-06-14 10:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

173s

Max time network

186s

Command Line

com.huabian.android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.huabian.android

getprop ro.build.version.emui

com.huabian.android:pushservice

getprop ro.build.version.emui

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 i.tddmp.com udp
US 1.1.1.1:53 cloud.xdrig.com udp
CN 116.198.14.56:443 cloud.xdrig.com tcp
US 1.1.1.1:53 api.kantoutiao.com.cn udp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 116.196.71.30:80 i.tddmp.com tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 1.1.1.1:53 is.snssdk.com udp
US 163.181.154.233:443 is.snssdk.com tcp
US 163.181.154.237:443 is.snssdk.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
CN 116.198.14.56:443 cloud.xdrig.com tcp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 163.181.154.233:443 is.snssdk.com tcp
US 163.181.154.237:443 is.snssdk.com tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.237:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 av1.xdrig.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 116.198.14.20:443 av1.xdrig.com tcp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.237:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 163.181.154.235:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 1.1.1.1:53 pv.sohu.com udp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
GB 43.132.64.26:80 pv.sohu.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 116.198.14.61:443 cloud.xdrig.com tcp
US 1.1.1.1:53 bigdata.hapi123.net udp
CN 59.82.29.248:443 log.umsns.com tcp
CN 220.248.15.58:443 bigdata.hapi123.net tcp
CN 116.198.14.61:443 cloud.xdrig.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 116.198.14.17:443 av1.xdrig.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 59.82.112.112:443 log.umsns.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 116.198.14.43:443 cloud.xdrig.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 116.198.14.43:443 cloud.xdrig.com tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 116.198.14.14:443 av1.xdrig.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 me.xdrig.com udp
CN 116.198.14.175:443 me.xdrig.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp

Files

/data/data/com.huabian.android/files/TDAntiCheating_Switch_Value

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.huabian.android/databases/huabian.db-journal

MD5 26791ec4691fe5a8fed5d2d6a5ebc520
SHA1 0108aa8a2930bd27c1447b23fa5a2036cf3f9322
SHA256 8c3000400c44f8d38f43ed9b12f150c9507566db5f89dc227c023ddfb225e247
SHA512 905deaf771401f28d876e2bfe9ef073820b6c003eb1cd81db6a8ec5b06b31efe01ee012bf3888c775b11e6897a4863bbdc3c5f898c11ec75a91ad2f7cb3fb870

/data/data/com.huabian.android/databases/huabian.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.huabian.android/databases/huabian.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.huabian.android/databases/huabian.db-wal

MD5 63c655a90057b519f35b6a64b129f553
SHA1 e1cd5be081bacf910b9d14e77cf3db88adb68bce
SHA256 b9f3da7d0e1431de9f214c1bfd161e27e6d6ae3ba935b0335c54d7a11431b747
SHA512 b7804c9b63889f1575f0bc2918ca6488349c4be1119e9abd3f466d9d049537a8ece1162d126d08aabc33cb5118ac62449a94c68c05ed62c088c798a338d3bdde

/storage/emulated/0/.tcookieid

MD5 994c67cb98401a35832feba6c6ccb09c
SHA1 6d433780d5bcf16ef413b211c471008f7bfdcb66
SHA256 4dad2d21e17b8857ba6aaa90869d453bee40a689a0e14cd8cb6245ac677d9a73
SHA512 2fa64a4f7bb1a4b082975a7fe8dc86287b095b06dd3a0602757002102ad4b3652fb671f424a853ad74a3ebae9cdd86c1b699c849dacba601c6491cd8f8184686

/data/data/com.huabian.android/databases/downloader.db-journal

MD5 6c417c9da3d50adf84d38a3bb432e21d
SHA1 48dc8c7417a3c6b7153e773a3eb9bf9473b9f31e
SHA256 abcd777ec645c8df5363f7917c1485f5f081d397f0881dbf7742bfdc6b2d20db
SHA512 cfd3460e73a24e05b1cea94a09b38ede662f4799ed1a52bbf71008e21865aa2c3a4654e7ac1f5633ba5a8693ed81a42e85f7b7510c81e933a158fa7f9bb1d635

/data/data/com.huabian.android/databases/downloader.db-shm

MD5 3193016a323483b7f2f794235e45365b
SHA1 fa7addbf5162b3710b231f602c49eb9028c0935c
SHA256 7a10d292ae8a6207f331da128f7f30956f1f361cbd386d18c390cd041b9814b0
SHA512 1a797712277491ee39157ba4ae41a345e4c7f715c4d3bc8e9a9f3b39ba00764bf709c9372bab234ad3e7cf80ea5c6424ba46d67247b84ee82cb08df39c743957

/data/data/com.huabian.android/databases/downloader.db-wal

MD5 7f492c5a778954a7dde21c6547047f77
SHA1 a108a820e3b30296a8bac909364f36decfa0d383
SHA256 90d573ad99f814354ef72347219113c2112e5894bb356c6ec53f34318e6c652f
SHA512 c7544103ea7bb5de302bc2e6c59bdd45431fc447528bbf961bf0acaaaae0d9e507de541ed06f504d55120c946fcb26bf5d6da6e9313e12ec059b2adb40478b4a

/data/data/com.huabian.android/app_crashrecord/1004

MD5 dd253979942aa2a7ee89f1e372787439
SHA1 4f5b5344e3be0b4ef6f15b9a17f03afae0788c6b
SHA256 cb3491e9b5468bdf40a601b6a0f5e31dbc6345ee4e3131dabbd594b3059b8ab7
SHA512 fa1c7708d002a06db18b52e5ea99f5750f7fcdbc4fc3ef0e688c8aac3ee7738508115ae49d7d64ea2f41a91eb30f2859bccc7c09e9812c94b0f05a3a2c16bf60

/data/data/com.huabian.android/databases/bugly_db_-journal

MD5 b3ae4e65c5370ae8e603d33631477365
SHA1 1f1786e2d118e6483dd68131ab4ceba89accf465
SHA256 a0c6a604e618c9eb755da7b8a1bddf0968c125bb61dcd189e8ae3e94bf0dec3b
SHA512 7fffea3b048d6faf928c9f2c927222ba44c7f1a1d273210593b6bae5fab8cb619d55cf82b170a82c26d1e62d1ecc298b51afc1e1a01f913b21808bbee21daf53

/data/data/com.huabian.android/databases/bugly_db_

MD5 6a2ae5b5b9218051f0b6301611f21941
SHA1 0c56d61217fe9411b7192509400ae6277280c365
SHA256 125701088e468d6731b4980857cf79c24757b7dac0c17cf8024476ef3eee7d16
SHA512 edcc511d935c62935132fca1ff5b038b5546a91f8381e1a332c1a4ce52376322c7cb3a6102fdfb0b31b39f36363c063ebf925eeb0966c94c3cdab13ca7a4d37e

/data/data/com.huabian.android/databases/bugly_db_-shm

MD5 db2ab4bb2d1715595d82b0be028d0484
SHA1 cf41a7e14d0b737e5587dcf9b29638fad5386ceb
SHA256 421edcca0189922c6de5ad0d05dc28c8448e08839476fc9b398e78073edf9f5b
SHA512 8b1e24b497878291ba02d04c2812e29c0e66068efbcc5e1fc6d75d66b5c384940635266834a95eb46321f3d21a1a10f7d497875c9d3678f9985974fcf40d27cc

/data/data/com.huabian.android/databases/bugly_db_-wal

MD5 354baa3f9a61323239afc4841e41eeec
SHA1 ac0eef9d2f54ecfb80596d1f17f7681a658cee4a
SHA256 ee6602ad6ff0f5f6c75f934dbc9e7b67ef05ac8bbaa3a08045f7d4f8052e85a4
SHA512 ba4f590fada1c3be3c061bd5cf5b0ea64b20bd0dcf15fd7d6895a815727707a7c023605eeaaf8d22b5794d4bd9e69c66d63dca77b04f3d52c96de9e334b071be

/data/data/com.huabian.android/app_crashrecord/1004

MD5 3610043095edfae0fde800376f4f63b0
SHA1 c58f32ab313bc9c8b0a2a9d2ee7f445972973c8c
SHA256 b37b20aef8aedef7f952401b48d8d2da271ab65c8acbc1c6a296b244875ed088
SHA512 d9440d22eb1886705a8936d16585a9c0f439a04303a432818b61ec608aec9fb21785f2098fff0607c23a2f6ae1727c4103b350d82591d0c5bf470ac5d17555b7

/data/data/com.huabian.android/cache/VAdNetSdk/reqQueue/-5998622401067643521

MD5 8000d52e67ee34c4d87aca39b6384c66
SHA1 ca5b6b94bce68da6f55cdb77c5d5d4cc75fcf87c
SHA256 fc9abcf5b36d83d6e38045f9f4799782e5a771ced8eab338b6ba17fe735c4680
SHA512 6ab5aa7f0c20de8dcd884cea7bd73612c81f126fc44df4386826ec52426fead3ab480d0250607c2de727f4b5d799192d90ccbd79a6add74cfc8536921df1a0a0

/data/data/com.huabian.android/files/TDCloud_Control_Cache_Param1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p1

MD5 7e0a70ae17d048b2d889a81068d97dc6
SHA1 356abf46f96574d1415d74317156c4f27d9b2fe0
SHA256 106a8f87b023bfafa45947fd67ca67142b8699b5490d4039c6519c5855110d5f
SHA512 dc051ea1ab8139e7c4837739bf6a6daeca95ddb3b75331250bd6f06d8ec978b442d8d1d880770721df48effd28d0c74cfb0f8a32272be52a44c2f709546e5515

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p2

MD5 d001fa9b911588f15260b9d5b071610d
SHA1 9f8d3a193c53a4bb867285ef9ae010708a669f7e
SHA256 6b35217688ee91665d7773f865217b29e4f45814a3d943dfa012c8dc3ae328ee
SHA512 15c7360a6e29435a22ffdecae3af896eeefb645b712552d795ea58b904b83db62431ff0f6cebe5fcc92f40c783a06eb0a0c138bef6f61108f119f8b294bb4d44

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p3

MD5 bb396abde26b1daf11267c855925451e
SHA1 40e703d2d6bffd81beae49a3e7dcd4432e627222
SHA256 8c113d313d55a58b2b75bfea8c36093591d29c0c9468e447c32a297f1777eaae
SHA512 069b2a9fb3719f7b0654e4709847f25fb982e3567058d27ad8398d912407e8fd8af11f9a50758438e39aa1ff3a0cda262521d438d43727b8c45beef5c81ee7e0

/data/data/com.huabian.android/files/Archimedes_p5

MD5 2127cc8427919421972ac5b1c8263fc5
SHA1 0d8e05e093cebae3725811c6689400febcc35a9b
SHA256 1df86f5d80405b8e03e7dd383159b7ad61247f11b578312d7fb49d94a7fa3a11
SHA512 48a3fda406832a0cbc0a04b1759d5695fba21c9cf2a4a01f424225ac5a6b26488b9c99972731b887e3fe6f36096aa5242a05ac5504ee05c15f226dbaf3c07e1f

/data/data/com.huabian.android/files/mPBE/salt

MD5 a9053a943ad637ae7dd5a33552a501f6
SHA1 39c15fa2120cf52603dc64e8eef30bdead04a5c6
SHA256 5b430863619d5029bc368400a77ebf4d36ae9496634c033719350955f9f53de5
SHA512 cd2f437f1493d3bb6b5453a592eb4152d57cbe43c35986dba7edf558cedcf0f6572536a690a93c623bf383d565c76a8575a08502573c04a4d7ad332986036303

/data/data/com.huabian.android/files/mPBE/iv

MD5 2122aa1ad35e0e9fdf88a29a7f5feb2a
SHA1 97c5857062b07a98aa01a52670c9c2e7649cd23a
SHA256 395c7b6d8abc5860478b3539e60fd6dac3d6bb482e09cfb8a4af2977183ea4fb
SHA512 d34a17fb39bdfc3b3fc17e925c6a8c1c6737d020a40c8c4e9cb33af9f68153457e5746dd0d3b6ee6ae75b04113d0b425c8ac8de8b37ae56f7f329c5340edfdd6

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359483092_4176

MD5 e0f6b5f016477dd39a49faae3e8b8342
SHA1 8c8b9f2bd3e1d7556d0c40531c175a6637a115e2
SHA256 f5ffe45edce9be8b50d71493d547dd82306ca6bbbcd94024dfaab2db5e728026
SHA512 75e27cefaed03047ee9d96cda536dd145716cd6aca263010726000ec1517b29a90467f3a1466fe13f3a4772be71ada97af3be004d6a947668e79f751856101b0

/storage/emulated/0/libs/com.huabian.android.bin

MD5 b28e0f93d42b92943baa2ff2bb1b354f
SHA1 da465dd1d0bedc184cd27fcf8e09e71d5933e8c2
SHA256 8c6cd3fc7f7c2d4f3e6d9fced97267a494f6d15daf37001dc934a09efeaae9fd
SHA512 45535a68ff2b046ab65115ec2b2900e7b0eba1fdd05c4a8638f12eec563f55b789def0d327f4294a0e8b66616ab9be8024557cc7e9a7e18d94ba4a4ca366926f

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359483313_4176

MD5 c0246a50f196073a989f1028a2113516
SHA1 db31062a9a1d1729d62efb4a71cb5419a62707eb
SHA256 1f5611b608248d7e836352cadb1e00604b56fabff4d2fc3adbf9ebbe19d7b2b0
SHA512 aa1a29f7e93c1555e7dea60d838606495ae8fea9aa0b0d1cdf646b686f4b5022d7889bc1a21145f0bfe7570c56019bcb52983bcdbc0a67754763d061583c8596

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359483528_4176

MD5 ef8e3fea07f9bf78b919be7512dd710a
SHA1 e6c066271f9bd465872ae9b1691e51e336ed1c92
SHA256 35c8d5c0423ccaa445706c455450a24cfa63c02929bf5ddfc9c08c7c542e5f0c
SHA512 3c2e6992f1f28b84a4b46c70f10a8a72cb2e9ef62d3f712131c94cbb010945628f0903a2b2683313712ecc54f58b1ca412089d41875714e361bfcf82d7ff4017

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359483733_4176

MD5 0945cb9327b19a3f3bad9e0f1e3b870a
SHA1 5bc22771865761f4f22521fe2a19e45ef98079e6
SHA256 acfa223592c52ea09a24ef2cc1993e9c50d773a144660fe9e64243f4caae6ba2
SHA512 6ab314c033cb1561dc9d550f697f3152fa6a4b765676d7ccf0e1ed9bfd96f17fb35ffe38d06626bf3a5ddf28427ed6a4d1d4c6b27bf97099cba5a8b8f94277f2

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359484003_4176

MD5 d79208547c582858be8727b3ec3abcd8
SHA1 4c66dde863d92ad59e91d5d2a13a00735c9d383f
SHA256 4a8cf8240c281b809df1941b8296c0f89a03d10eca12fdb3086e7bbab8d352b9
SHA512 953c19c197845166e9e952beded7dbc7ed7227b6d1354da81b6a1dd16f4754352c4ef8b56cb05360c937d2710a55c29110de9b29d7ac20cd647aee834cb8776b

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359484188_4176

MD5 bf94a05c9c2e224656dcde88c837ec39
SHA1 a478324dd32b548aaf17cac5a5be24187d00ddd7
SHA256 0427c9183214501cdabe844f9ee713cf9e613db955fb91b8280ec1e15fdb448f
SHA512 01176c98488f2cf51852b0c511f7107b3cc858f4ff65e2336e72dce64f1f00882598e5e0e25bf3ac011070134306b722f66936df3abe3a61a11ef956d0f48b39

/storage/emulated/0/Android/data/com.huabian.android/cache/tt_tmpl_pkg/template/d185ca97786512f94a2b28524359ee94.tmp

MD5 c92f5fc7425dacf38483b7af63d74529
SHA1 886cd5ce9903e549c6085174d781864879a9b0d8
SHA256 ae27767b5485f608d86abec27b717fa1bb875cb02db529abdce3396ff2f7b5a6
SHA512 4a6d5af49cb4d7dca2d854a8f6fc61f4f4231f0dcac9f225fa08643d259fd90e5a4c3fa1a3138b98e9713a3fcc391109582463c86bc581ba932ff6564fbc243f

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359485439_4176

MD5 2c23f3c406c3d1e3d2c00d8a8f8ca62d
SHA1 428546bf931a7285963fa4a9f9f46fad57104c19
SHA256 195a06e8f3b7982b37841b411f38b6a670cb9df6c3b621e32ed7c6f024766e19
SHA512 364272d0e7b701d278b72061acdcd4c7a8c3c694eab9df7e9b0787126a11586ed69ca42a473372d81ef26af9fc671f80c9af7fdf6034fc0b1144953ed99a8cd7

/data/data/com.huabian.android/cache/VAdNetSdk/reqQueue/1021689741840853517

MD5 5b94f888cfc4f9c8e6ff3a6a93d47d76
SHA1 76bbf62cef88ddfbd9025b6b8058386d49a29b2c
SHA256 65e1490812233da1fd4afe8952bc64d26cfa38766bf58703510b4b064dd88e0f
SHA512 61b4878eccde646c586b44f165ce997b637e3f6938adbf170427b1ab51eefdf618ab235ef056dc2dca24a085590969b24924dd43a5947e1d0046d537c489253c

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359485910_4176

MD5 e164779680e2438b7817d8a017759416
SHA1 7c08a175e8d57c21a30d097f6de2a7c1b8175d00
SHA256 d02debaec7bb86aaf614c8ccc82b83142b1185b2b2908a49d5408ff96fff24a5
SHA512 317cd98651e45ace4aef4b85227ca1cce8e76f0a8bacfd7976820ed66aef1c1a77f6253c3b2958ef578a816826bf4631c1b09a6c245a472270c85957389528f8

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359486288_4176

MD5 5da7cd24015055e4713f3246c9784238
SHA1 ac690cb407066911d856d8c5952a1419529ada71
SHA256 e09955145f5ad0e6b4ac05fb03a6695dd536a6a8624333e43ceb82aa728f24f0
SHA512 170c2c77182a57b4314bc8e12bc31887b33c4ea27dd100eb9331e6084b7c7edc27f65dd77fdbabcde95da8f93806414dfba061b39ca7adec057bf5a215d39d8b

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359486843_4176

MD5 181468c267c7688b4bdf651b60a2ba20
SHA1 24b8e14b1eaa5f87a07f4fb8ad74ae5e90f768b9
SHA256 5c2c86e7c6e554de57c8d2639cf2d64ee1eab2c29d31239fbfe2ca6a14119322
SHA512 fb39e5943866f273a5eb82dcfbe8cf036c8346a3e1ce58910097acc9b99c0354cc95f24b08aa9c9f035e239183286cdc56f8e902d18a5d61cb31b7ae49b9d6fc

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p1

MD5 2b2ff1f6a35c4446499c37c679ec8019
SHA1 9bb798606ee64f1deb0fec14a85274a188065f16
SHA256 1bbfad70e0453a2e32c9c9f410d594e241281f12c8a0d819b76ad8e7266ada08
SHA512 4cfd6882a5d78cca651033550ef7cbd2da3834cea81b11366f438d940734c939e386bfdc00090054ef039652ec30a13fdb582e878735d8e37498dafd0f3844a6

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p2

MD5 9f546e22075ca25839e4ccfea0658443
SHA1 74f219978ae2437d69aa5863d86a3539cc241e7a
SHA256 9e678713813380a35fb542090c3d2c92aa69262b51dd7f668ad9dab7a019400d
SHA512 cf08c8fd91e7a6ae609cc600a27d3ca6f1ae030a953e7a048130d31631a67bc4d84e40c3fce3a3440005980b4444a967d136e9dc782d6208d12fab66847f6979

/data/data/com.huabian.android/files/_Ladder_Project/Archimedes_p3

MD5 e208adc736ee28918ba2d264203acb0a
SHA1 dd5a5357e99c78945c8647a13cdc970cf9c8c89b
SHA256 0c35a650f56cd5621e2d73f51d28325bff885be6fac693fd67894aa67d1bbd45
SHA512 ed01289d5965acb33e56eb5ac4a8dce63775130cc199f831188c90104c7dcf5ba138980a75155796da12222005b3e6b6ba3b8685d214cb123ac81d3cea55428e

/data/data/com.huabian.android/files/Archimedes_p4

MD5 c292fc751a1ae956eb5687a0c6b4e72e
SHA1 849d490f141d6d5dc7378464f29ae43b2723443a
SHA256 19f19e6ce7456304b3a50741428d6f59de1eb25744b228bce016a559ea810146
SHA512 879a1de3de1f163079bd4da7c3819f9aa4a8427ba056f43a224c0ea1c760559a2742103f5a2dc8f89bb577a4a098cb9abe5af72b0fedbf9f4a67ad73f86004c1

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359489212_4301

MD5 1fca8be5fbdc739c95055a6e77efd169
SHA1 d7f1ee256cf893bbb63213011e602c0dafea2ac4
SHA256 9d77bce9cbfbe298c7da05aa67fbd9451c5ef873cc50200ec1a1aaf8bcd9b5da
SHA512 44db3bae48920527ae655bdf74f0e70db8f64c862497630641b34590ffaab9d08b4d3cfc5ec6290ef80a438ac80d52a63ab489b0568793a4cabf5ff94dd3352c

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359489407_4301

MD5 69b0207de95ee425160db58d5d3acb1c
SHA1 988fcc0df3582b9a325c22f6e474cda2a08f5088
SHA256 3d238bd1796b157058ad711abc79abe132dec519a8b1189661a52905ee9cf207
SHA512 88eb22ecf176285734b09ad5c174776f2e14d2b3d17a9a6de1b3d99271822ec935489597cfc2642bde9a07cc26c104ebbf5c3476ea8af4c05714a550c70731c6

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359489573_4301

MD5 aa1f6f92366a8b4cf08838fc5e9a4a76
SHA1 8879522560ba248d1821bd100f251d755037b9af
SHA256 cfe02e9c01b5ff7c2d60b42702ba5bb300e5ed37b285a158ac229f60dcc9cb82
SHA512 893b2e56ee9325606509a849b94f7feb10b193e1a7bbf0c363bfe61d2d465cc8740a978851c4808bbea5fc9d8f070a5eedfeef5583351c8e44e224569087c43e

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359495602_4176

MD5 9d0ece3f5ed055ecfcdb77c77b661164
SHA1 91290d384500391b54925f9c819d2fbd79991c41
SHA256 8137ae41b5b49aeef84effe977b36ff93937edf96358608b79a4041c39d50c7e
SHA512 cd9a72b50aade35db1389f35c905c10a78fa1cefa7e5b3574f6a57267d0d388eb9de37f431393315204e943a6b57fb274adf17527e7f095d120214daa3ed2184

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359495992_4176

MD5 842fd2f5c09c241e85203f496dc42859
SHA1 6ec98d536cb3102aa4b25ed778693f8fb5dd7691
SHA256 c456373344b2cfb1c874f92fe7886b68002cdd79bc194f94a4b80c1c6220cc72
SHA512 81b3cba93422e5ceadb389aa98b91322dad1cf1bed81280f98beb433d0419b94a0e36fbfa0140b8a674bcd6b96a3f1b8f6fa70761f952a6df2e78638b64532b2

/data/data/com.huabian.android/files/tc_/tc_log.txt

MD5 231daf0cdb5e880473ad44efa8b75a35
SHA1 719ceff112031d8f3705c3b71854ee77c9b76184
SHA256 887252f96385eb8fa167f314ff9f95c24557acf432a450e1d92eec2055442178
SHA512 04960096e0f290c24093369899354961bb0fcd80fc200b9bc8baba54ccc845dcc7065fe7603121abe4157f795b939517443d013bf792b445bac08f085d0e06e7

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359535609_4176

MD5 f7cce7afdcd47f9943a89b61b80a5f02
SHA1 d0532af2f9d56b4b60359c6c96df1935ad027734
SHA256 175ee0ecd240359567aa072db621cf64cda2c21e854a808bbb816487fd3335a8
SHA512 221f67817f3c602664c999fbe7bec9b7edfafa0c9d4faafa083e1d01bef8a4958331d35d3d3aae6abaf546859114a9316347c31fa1405027f8914dec17b10a72

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359539100_4301

MD5 90705e3e3e2d5e7738a00af997f205d0
SHA1 b76483fe0b3d5ef4a238df56d916abb963791b5d
SHA256 9bd3c4ddbfcfd23d8c24cced0dfdba5e01b9c02ce037672206a00b88382cbe94
SHA512 afa592ea7807474587d417291c5308eee8f30d0eb85d3b83c35581cbd15873435277e48bf93a3f44306d0f0c7eecb1112d66827da119286bb8a04263f365eaa0

/data/data/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359541031_4176

MD5 0115e077c5de7228123f5c4ae6baaf2f
SHA1 0b0018f7f469c5b67f9cbe54b3ed723ec7115486
SHA256 b31b561e20d48c2cff64b1089e575bca7fa3a8a6d45ab32ec4d29c2c79ef4d22
SHA512 2506291b8c76222f9aaffaed67e51e7c18ed76ac21fa662dffdc0847f435659b7a86a06279c040b4bb7b301ed747403b66950401c2e53040be0d48482d328ca8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 10:04

Reported

2024-06-14 10:07

Platform

android-x64-arm64-20240611.1-en

Max time kernel

69s

Max time network

186s

Command Line

com.huabian.android

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.huabian.android

com.huabian.android:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 i.tddmp.com udp
US 1.1.1.1:53 cloud.xdrig.com udp
US 1.1.1.1:53 api.kantoutiao.com.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
CN 116.196.71.30:80 i.tddmp.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
CN 116.198.14.42:443 cloud.xdrig.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 1.1.1.1:53 sf3-ttcdn-tos.pstatp.com udp
US 1.1.1.1:53 is.snssdk.com udp
US 163.181.154.233:443 is.snssdk.com tcp
US 163.181.154.236:443 is.snssdk.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 116.198.14.42:443 cloud.xdrig.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 163.181.154.236:443 is.snssdk.com tcp
US 163.181.154.233:443 is.snssdk.com tcp
CN 116.198.14.42:443 cloud.xdrig.com tcp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 47.96.72.227:443 api.kantoutiao.com.cn tcp
US 1.1.1.1:53 sf3-fe-tos.pglstatp-toutiao.com udp
US 163.181.154.236:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.233:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 1.1.1.1:53 av1.xdrig.com udp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
US 163.181.154.234:443 sf3-fe-tos.pglstatp-toutiao.com tcp
CN 116.198.14.49:443 av1.xdrig.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 116.198.14.3:443 cloud.xdrig.com tcp
CN 116.198.14.3:443 cloud.xdrig.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 116.198.14.44:443 av1.xdrig.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
CN 116.198.14.27:443 cloud.xdrig.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 116.198.14.40:443 av1.xdrig.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/user/0/com.huabian.android/files/TDAntiCheating_Switch_Value

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/user/0/com.huabian.android/databases/huabian.db-journal

MD5 8270dad4a133782c03e50533d1dd9938
SHA1 db7a257d9175b7b09c2c5d46d8a2f165dabda430
SHA256 f517b6a8356c070651b30594a463a0f2aceb7b21ee78139e2db63b039c50ed6c
SHA512 57c6b2c259a24fc1ee64756bad0c95040997f6c6b342b69ad4494cf763c7949f3d5486e004f8a1e0829f75f04da06a94d324d906652916c4e401e1eabace7187

/data/user/0/com.huabian.android/databases/huabian.db

MD5 64136f1363e918d941e5e0af0db5d259
SHA1 3eb91555c5ae436ccb67a97e8226f9be33135c74
SHA256 09632676bead1cb5ec689e10a01995687de557cbad56d8823d75a93d55598202
SHA512 5875b78d3cf75ac39303be97f81a973ac12004562de42cb33a1a54445f9a190654c0f1d75fa7ca894ec0ae160631b5671dab8fe4506f8cf6bcc8614197dc8e2e

/data/user/0/com.huabian.android/databases/huabian.db-journal

MD5 7977a0317642ff30aea04a3843bba59b
SHA1 c460c3a660ac9c44919c80c494034db67ab56b44
SHA256 c43af95c55c2f5c29e6bfaed94ff14108ddf815f554ead87e83b21e4ba628f66
SHA512 17d340db292d906147c508b48b0b1c2975587d77481834806bcbfb4100405936207110fb241dc0c9600a7873d6eef20d4b8243104ce1815995aee0d7b0c7ea3e

/data/user/0/com.huabian.android/databases/huabian.db-journal

MD5 f1d5c4e3e361a281a88accf6929c864c
SHA1 7fdc15d25958658183187596d9e5caf3cc7aad8e
SHA256 df5c8f00a8afdab4956a5cff9effdff9dcf712494d284aceec8ac4b74088794f
SHA512 edc27a50f6ec4e3c3093bb27168e8ac7d1dedae8d2aae71a32004c84cfc7d9dfef40afe09b762fe7d9bd2da7e53360dd859f5cbe537f5c65d2a3c9eff2cf0ea8

/storage/emulated/0/.tcookieid

MD5 900811ce1164d3c7b2d2ace2c227a20a
SHA1 62daaff612061c8adbac7083493d36b7a806a1d0
SHA256 0ef67e258506182066ca328d4360e42bf014fc7746d53d04fd57ebcd6585df0e
SHA512 c6bd3e0466fcc9a30bba55a10761c4b29fadcaeef7b3f1c380ad35f34ac01cb2eeba01509e1026c6f5121f255b2067a3ecda0e5e18386a320526252ade35efd1

/data/user/0/com.huabian.android/databases/downloader.db-journal

MD5 f8bf2cf94b82af36499f1d5fbff94cb2
SHA1 709be26b11c33373e89239c983ea7890383a3c9c
SHA256 c85bcd504608d76b4b73ba8138606f94664eddbe9651c0c745dd3d00413b61ef
SHA512 68a317ef6fc86f7981e48562442c70be5fcf7933b6b69b880220c1e87be07a3443dbcd9167a1428548a71d5714b856375b2391ae23863cd5e5843abc99d99774

/data/user/0/com.huabian.android/databases/downloader.db

MD5 8073cb088785fcf134424799ce72ac12
SHA1 e3deb07b744dfb5a99698ca5ed03c8e05526b165
SHA256 a7be103c90c92406031d05f84705415db2a8d081362af527ce8012ad0706b35f
SHA512 9236f9dfb37159f15a393be1fcf73d0ed2ca920e93fa0e5323c2ab854f3f5d23ac813d684100a5376eab2b35b663d608f29e6299c715a9928c9c4f392e12b5f8

/data/user/0/com.huabian.android/databases/downloader.db-journal

MD5 e6cbbd3fb6d9c1a61434cc49ac856542
SHA1 4803aea50a15d1ceca77c1867f33b1f779d6fc39
SHA256 3e01cbff09abbda4d79b65bbb8c9dffdf1b32b2bcb45bab211d94a92ac0ad180
SHA512 7fc3881d05e089babb8dad44deecfbae556fa809587a3e0d79558beed53ce66345e261289e91fe63327dda66db34efc70f60c22af0250b82e7e1a859844633ee

/data/user/0/com.huabian.android/databases/downloader.db-journal

MD5 cc6b381750f57aeabd288e6057e49d89
SHA1 e674224cb1afbce0082963a685cd6afc3dc22e0e
SHA256 977de9727c94fd3244fa248b298d2f396745d5f0acaa5009740fffed6df76a94
SHA512 f1b8e7950e9bd328bb66cb7743c18970c4f439eb2fc1685db78f0eb6273160877a89b14387f1d64898f79a48ff67e69d15ae9b27930653bf0e68c6898da08f32

/data/user/0/com.huabian.android/app_crashrecord/1004

MD5 2d6b7ea1ba5b57c5cf090b08470a16ba
SHA1 60118ba8903fab50ea2fc5b9fa4caeac7b36c091
SHA256 4587d210b0f3e6299c109c593d03f03fb81b0d2e02d2ba6da87c07b2f7426113
SHA512 f1ac2e35aed402b5f0ff9518090a5677545d86884bf712bfec7c02b559176a53d40cba4d446c14fca79de09b972f7ab6932ea14e17841ff78c0f2c79efede8ed

/data/user/0/com.huabian.android/databases/bugly_db_-journal

MD5 dd69200f89aac0bad39a94023b9bd8b5
SHA1 baf7519ec1d4de704716d4612db723d3af40af3a
SHA256 559c8875aae332530efbe5e12574cf21b7bee1e3284df1840687ccf1aee90182
SHA512 41717bc1c14cd75803f5287ed0120c6d4980657b838066a1073114375ed619f6cdceda270bcf2cdd444d5ba3103add755a57170bcd9c9ff84151bdea1be2f320

/data/user/0/com.huabian.android/databases/bugly_db_

MD5 e72f535b9b46104562001e99328d3383
SHA1 3de1afbc2523217e1de8f34b46552d1110290a3b
SHA256 520b06be3966385062e2c2aeefa70d4d6e16709ad1a3b1189cf672b9035d1526
SHA512 c022053d10e3713f2ae61ed2ffcf4832cd233dff0eb4b90da2d58d9d6e411ae2084b072b2c5f2b06b4d37e57bf821be655695e9b0aab718de7c27a12ea5eef3b

/data/user/0/com.huabian.android/databases/bugly_db_-journal

MD5 3ce3717e15fb34c8d1c7bbbb7d9a8532
SHA1 d3156bbdb0e03cc783ef075beb501691765a17ab
SHA256 2e46f5c27c49fbe8f1e68937e156c23eb8ab73119ea92da23db8a44b44d65ad3
SHA512 44113074b45cab74315f592af8c1bc90b497d66f0ec94cbbefcfd681388e885849650d32ef2c90f123c8753106888d00bfca1846dcf6567ec67365d2e4528666

/data/user/0/com.huabian.android/databases/bugly_db_-journal

MD5 3dede1eb080baf00f2bda0fc2e6d4717
SHA1 6f9d6ea7d05329bc16d06cc600a5df9a16b018c6
SHA256 f4d708ac1ccf62916b0feb17463aecec43a209f3e6ec8d0389fe40750b919d32
SHA512 49f54a84ccd1101d4823bc36c7b65e042cd98e959325bbaa891b2b5ede38c8e22df70884f355263420ca52f31e2406c4b023e67d07b2e90502e7f18f6e69508c

/data/user/0/com.huabian.android/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.huabian.android/cache/VAdNetSdk/reqQueue/-5998622401067643521

MD5 5bfbf50d55120d05de587b70de35d00f
SHA1 2bc9f28ee625a5d6443057d1eb6b51c8c0bdc16c
SHA256 2316eb891cce195fb5ab9f4a9c2e8b801bfd9baf28d8a031b4aa1974fa6db951
SHA512 121144c53559198e6af1b777ec4a69281c3607efe52bf412e65f5794fc83edbb84289ea3f094729aa073b9a2e2ea2a3e94ed6cb1806529bd42bac01b65adbd66

/data/user/0/com.huabian.android/databases/bugly_db_-journal

MD5 6b06118eb050ed629d2e1da857a297d2
SHA1 dd4e9daa3287506f915c1249c285436d7c5298e1
SHA256 7316af8ff5f8131b2c8f83d874754c8b2d98902f716803f3363a0fbca66e6a68
SHA512 6edc9924fef82eb9797e0d8bdcab245684ab01f79b3723e8531e5c80f3a658e4b312c84fdd5ae7a616b19f00eda41d3ba834b1f38b0b586d1d3f2d1a95349372

/data/user/0/com.huabian.android/cache/VAdNetSdk/reqQueue/1021689741840853517

MD5 d577435a1df554291c99b5cc453a58d0
SHA1 e41cf5263c5dfb3fe8c73c11fe26ea07bd588bfb
SHA256 ae5c9b9f8af8a76c174a4cd7b67ec8f97e3289fe8b5ff226da4055ae9f888f89
SHA512 ddc92cc3f67ee867959fa6c3401b17f8670e2751139fd438f20cb1b34bcd9a226a2d436dce5d2fa5634a6ea9e170d7a684df12b1bd119da1034e488012174775

/storage/emulated/0/libs/com.huabian.android.bin

MD5 03500f89713926c852c87399595e8bec
SHA1 f8da4abebbdaa183b3e09c6e354aef0185c45583
SHA256 1cb97f169bfde2fa47827fbcfab60a8cbd7828e633a060e5445f2799559a8e7e
SHA512 42bdd02e05f1e449825641fade33af65f7b7fa99443b2bf2e3e5927bef80acf96113208379243e98bcd7cc11ec1de893585be2034264027be8aa3eb18983ca2d

/data/user/0/com.huabian.android/files/TDCloud_Control_Cache_Param1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359482251_4610

MD5 7efe12b16619b587d61ad25a64987cdb
SHA1 0d243d8c35b89080d3bf096466d5eb8635b1576a
SHA256 8fe1cbaeae6c5cf93e38a5640257a8e11a728705a6f208b4ecc46c7dae7f5df9
SHA512 dedf6caa86a57219cc3c1d299122a6369617349da1f6c7a7e2ed4c62894c222210bf01559aea6eb2cff2b7d4d4856ed0f8496e67018ae8d1bdd9ff9ca301bbe0

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359482346_4610

MD5 30625f345d3e26ed4bcafb2bce794b74
SHA1 62abdff57ff68b56c66ad0fdb3795ab8a1e84266
SHA256 337be77df271e995f2f7226374bfe2b16adb42f0d87f5d812b62214596f0a76e
SHA512 0c2d6cae9d5b8982eea7502446f27db86a9450e402e09ff7ff25c36624ee584a3dec756ad6f85d95c7cd6fb0b922bacd232527abcc2b1caaf5f7fc5247701c87

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database0SaaS/1718359482436_4610

MD5 c84cc641fc230a3e97b14d7fcad726fc
SHA1 c8e3acdd9a1965ac75ff11a32d7560f8989839f2
SHA256 1277814bfc9f9fe7308a2ec8800616b2c5f4c57c33e9cde7aaa9d9e8055f7e53
SHA512 840d37cc8d0f57f1102751f09e2f472d2a07328562b25ee322cbbf67d8572d0fa2e68db37460ae784c34a299d951f6cb83561f396cd519772f52583fa54c4e68

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359482557_4610

MD5 4da818ecda8dd6030cb9342cfb6e66ac
SHA1 e623cacd451b37baccdc4a8fee452957ebdf75ed
SHA256 b39d04ef346f3706334541ac3cb0437abf96b76e5db60973117bbd097e904de0
SHA512 1693afb6a9245614952cc460a506a021c96fc27757b3e00c3fce2bd965980119ba481407f4dc49410c7be4ccaf0803adfcdd53f0385c24b7bc2e9fe7aac37778

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359482875_4610

MD5 be5921a14e52f8da0d65febbf2aef6df
SHA1 0b33ad98ce74c38239c1116a86a3788b9d02df28
SHA256 19bb440648d1b51b006f07ccacb3e6bfe39ec12761a44be0125d618430d297db
SHA512 e5983e1b7db13785258efd2a4f5f380ca9e2b353cdb01290bc5fbf315f5977fd670035b6cbf5173b4ac001b41062dbad62788f3de952a9c38a0cf494e15310b3

/data/user/0/com.huabian.android/files/__database_reborn_January_one__/td_database2SaaS/1718359535678_4610

MD5 c86df955d265a8c7794acbed5345b16b
SHA1 6db3055281d9ca519ea160689f2352330ba17e1f
SHA256 50dcef6b9b58992d54cb5b039d8a072f685f4488b06ab3ea728703343373741b
SHA512 2ec0ef238e77968eff873436b6593b94f12cc71f3f5e3ec8b3568f09bda0befd25cee07ed616b220d1fdbad512d69752074383b8de68c084e089c0f4fea5be14

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 10:04

Reported

2024-06-14 10:04

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A