Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-lnsjkayeln
Target a90341fc8a223ac9a71762bb762e191d_JaffaCakes118
SHA256 42bb109ed9011f6c6cb0644b60dd69c13077b539e504755045a7b887e316ef2d
Tags
banker collection discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

42bb109ed9011f6c6cb0644b60dd69c13077b539e504755045a7b887e316ef2d

Threat Level: Likely malicious

The file a90341fc8a223ac9a71762bb762e191d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about running processes on the device

Queries information about active data network

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:41

Reported

2024-06-14 09:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

138s

Command Line

com.qingshu520.chat

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qingshu520.chat

com.qingshu520.chat:core

com.qingshu520.chat:cosine

com.qingshu520.chat:QALSERVICE

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 data.iapppay.com udp
US 1.1.1.1:53 chat.qingshu520.com udp
US 1.1.1.1:53 lbs.netease.im udp
IE 54.73.57.121:80 lbs.netease.im tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
KR 192.186.12.154:443 data.iapppay.com tcp
US 1.1.1.1:53 iapppay-data.iapppay.com udp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp

Files

/storage/emulated/0/chat/cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 68af2b7b993e49ec7613c75dd78e3502
SHA1 a17aa939402b67b325153bce19bd921cfe2b6c36
SHA256 20f0c66f30fbc114c09b7816d39dccd6ff34287a54f7b36a128110fc6167f344
SHA512 f7dbf7e3ed4457bc7159d641737389123fc2092dc50a7b64373f5c01f53d76cc03c833dbd5155d4a5c0342eee6f11b57133e246aea16f2800fa4e3e49e6bc19f

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 8c297de67d53abba7d52f6e9fefc2181
SHA1 43609b1798d531a374f80cfc0fc387585dd6ebe2
SHA256 c1735836299092c571cce879f2cdecce3134f7957e5b82e66adcca426cc25cb8
SHA512 08debcc2580aed671fde38393dcc2f4f0e6911e1961aa6e1a8687091cbaed302718a74b6492f7ffaa8281fa8a8ad927b88eb915d0ff738be6b4b29475acb9943

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 a17baceab9c6e36df772a044df99dfd2
SHA1 a032f31bee741e0af7031893e0c4bc252c5ffea8
SHA256 54fbe631906eefbc8b235abf2902ba9a20fdf75cf01e9c5fc30638f4de08b0c1
SHA512 a0d1fb3ed35aaf932f616f3ba13e26db6575f7fe836b1f1544657ddc9315772c1a62e5837624d94524dc26ae98f9ab6a8996bcf57d0636c3045a1cce19b9d6c0

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 da53073fb9326ef85fa4eba1274fcb10
SHA1 dc2e936fb592bd216be40b66a1a4c9643d2b951f
SHA256 9e38e4ed71ed3a9b6f50069615ecaa1419c7e979e161b2ba93c34850646312a4
SHA512 2a2fe629f3480d259832dcbbbcde6ab87517ec2e9ea97691ca4a0c9e63bf9bda05444442fbaa50ec05ddfe66ae993021b2de5077d5207220fca9098b4fe4dc9b

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 3dc807aeff86640e1bf6255841f8a224
SHA1 74f221154b05acb4b06ea53d59d71f43e459f9d7
SHA256 882577a73faf58782bfffe28e6a0bb860825801728fa83837522558282f1a7c7
SHA512 c876dd9cc400ec125751b6fdd289423cac9ffedffc1226532c2017c5285f8345bdc33dcaa4d1b733d09e1442fbf19189964c0f26348760561ae081f2ce2aca5a

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 59deeeab181394630d9ec618c6f53af0
SHA1 0bbbaae6abadfe681eb1a1b5bae8f55b0d6bc352
SHA256 906493c1bd2d4eaa2e7b9fddad5530db75f9199ee98d30ff9d15bec3a74fe88d
SHA512 54b1c6ac59ce88c6d050769a8a0b9296cd87c506900da58616e87f4e7e0a7840bd68c1eee11f95bd992fbc8415e13cd468ed9b80fd0a39dd6d843575e9f75a78

/data/data/com.qingshu520.chat/files/umeng_it.cache

MD5 197bfc896c2575b88b20971419b9b65c
SHA1 cd27a2e6bf898263631c09cebfc0f0ae88ee0915
SHA256 810f0133d38c3b7ad8bd5eced74ea16b0460b68d7f95e4971cb324418d57c3d1
SHA512 66ce99cd8fe23d8332b7de588d8252d59d21605a7b4a798fc16db001154cd4ddda73e9cfa16aaf9f84a67dbd5009f289c29a445f3fa70d5ff124bda09171a86b

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 67d626b2311e260e0ca63f49f69f84dc
SHA1 33b6f81ad257e689f55924ca7004870f840f92fd
SHA256 b089a2e7980662956d33aed4cb32551f55c5d7d6ed7255b7e6038761e77f6824
SHA512 2d3d4221c451d5b37421162cef6431dfd1bd4b69290b8bb16bd4b522b7d7219c724b1102805328beef3c56f141d263ec77e2fbdc2f25c34c47b5a9e83ecbdacd

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 4a9d1a7419870ccdc4b07897278dbc1c
SHA1 10d5f11fe80eb1eb11771331d86d3acabf9bdc77
SHA256 101c9424652ac17386f26e6da53050bc261e78e51b0f9be53f7300b41ba3de14
SHA512 cbf45e97f987c25e8fd31428d3898acaa43239898983db0ffbbcf495c9193c09a29a150082d4031d06fdd0ae7ce8e4ab9c9d8eb557519e81ad810e9459029855

/storage/emulated/0/Tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.log

MD5 90074cf6ad8d78ea361db5efde0acc1a
SHA1 09df402c515afee2fd5efc16aa48612f0b48edf8
SHA256 13ac74c02579ad1c1aa35f5cda7a8af22a4a026bc9abb3895a59ce6ba4ffaa08
SHA512 ccdb00cf125c06d46413ca681d53df492f7e2dbe08eaf30faad3ac0deb5237c0bbd0862371f534de8025e74b44a684170ec52514d0e0ee9255fe90c69207f7e5

/storage/emulated/0/iapppay/statistics/com.qingshu520.chat/statistics.log

MD5 509e8f78fdb152c4a081853afc04bc86
SHA1 e4f27c4c4e60dcd996752e7e8188a2197c9ff473
SHA256 1d2e7146ec2713b2308f2d181a01186e1179560ebdd2e4389075940e09898899
SHA512 b5037738da74d3124c1ae66419992f542fb227dffd8c203a6645741694d8ec15f76d620465ececee447d20e3e2138c279535774ae4b79ac0b833a2b7f985b0b6

/data/data/com.qingshu520.chat/files/tls_device.dat

MD5 a23595bc985197f5702a8ea191a6361d
SHA1 317fae4b6f960f09518c38ebc915d283d7b62d4f
SHA256 2d7a72e157226e994e7801164b787280c78dc8a5aac3d8e81f582914f19662d7
SHA512 7fe8f98e4cda4f0d8e02c3176d25b4c663fce616d07f224adb16655db6e1447472f41e68c99425ff9db01066c250fd7943447385cbc7664fb50706ba66e084f2

/data/data/com.qingshu520.chat/databases/tls_sdk.db-journal

MD5 3576baaef9f1bb28fde37bcbdd389409
SHA1 8706a15ab169d2daf63fd273f95700887f052958
SHA256 8cf38a4217f7303bedda6dd6427db91d6f34df9db31904059dc224f86b01b6e2
SHA512 d8d63a7cb316fcc93dd93bf0b751bd76a93caa40f7b3fc7c43beae51f271080ba52453163be7b6c63d130f4a1bde7041da3aa9b5681c56e51c7ffbd91fcef0e4

/data/data/com.qingshu520.chat/databases/tls_sdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/Tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.log

MD5 a0726a95a01190866884dd10e74d6609
SHA1 f897c878bdc290978f32d8eb28f8772ee5155fe6
SHA256 ea7932c51b742d0a8598219baa041db01c23566c0e542daa7efe49bc2e15d77b
SHA512 1fc954581046f80aef64771df067d867be5beea0494a701411f6eb5235e8287e4c26de148164f7ad8e04f7220e704b1261d3d2b56e907b08c28966bb74245ec1

/data/data/com.qingshu520.chat/databases/tls_sdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qingshu520.chat/databases/tls_sdk.db-wal

MD5 7e5296d06ebf4ca3ed424870d4b106ed
SHA1 a2ed59aea17e366ca8786468a269029cfc862fe6
SHA256 4953d1ecb1e72691151b4f13ab8397038bc8027dc659f3a4b870b1d92990d7aa
SHA512 a3fdeec21dbe0be3d6e953917de6906ddca68b0dda218a47e3cca12b7123f4278a45d65502870b881c64863b6494f349f9d798bdbb0009ee83ef832e94a8ac6f

/storage/emulated/0/Tencent/imsdklogs/com/qingshu520/chat/imsdk_20240614.log

MD5 856a3d642a60955cbd3e639188ee07d5
SHA1 f575fab64b40d4c0350ee31bc4b6b5c0e6292978
SHA256 f59c100bdb18d6d44375d006edff07af4ff6df703e45d2d94f210e41828d66c6
SHA512 9554ddb18bf8ce600f48f51de96c6bef97924edccf238492f36ad7cdf18a5a67c13b176c1075ed0a3b16c327591bb4d697abb694c5653f7aa30c77e6ccb5bdc9

/storage/emulated/0/Tencent/imsdklogs/com/qingshu520/chat/ilivesdk_20240614.log

MD5 0681c082859adac4a1f2df7e514a0d9a
SHA1 175e9eb411fcad3558d1b3b35abf7321339818dd
SHA256 25221ec51ae749245700ca404d401182d411826fc9a27437313614192c4efd16
SHA512 1ea8a4976537a6b9f3cdd38922bce863d4dbc8fe272054139a497215501c8c3f6e48728f486009a63e4ae242e38782f4646ec8d8669c16ff8f262ee9668fb358

/data/data/com.qingshu520.chat/files/.imprint

MD5 96ff701aaa34c34639b09b76332c4b44
SHA1 4898849b1c8cfb62d89784927eda7a3df00f2f0c
SHA256 8f89caf5124404c0a5e14d9cd7445ffdb8111c40617a56b3f288b63c2ca346ef
SHA512 d394088cf0b796e2e0cb5ea2f1158882d22be3b4ca31b168a6a301ab732d01ada09dbc096b4556149a78c626588d98028e33ff23cea558090c1da31e2ed1f07f

/data/data/com.qingshu520.chat/files/umeng_it.cache

MD5 2a6f0f95abb6dabf222d52f5f5b3e8fd
SHA1 de55cab861f5d180cbcb38a460194f6416bb4808
SHA256 a5e03c0c5e1889e7860154ac2824703c2f4f320e8896c7bac3d68c77bc912a7f
SHA512 70f36606db83f4d614a19dfb6cdc5daab3a8d5c7bd82879cdf2580553139c8054bf30f6c215e2481baf7c4443a380ecfc50b13715c40321514725c288dcda764

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 09:41

Reported

2024-06-14 09:44

Platform

android-x64-arm64-20240611.1-en

Max time kernel

175s

Max time network

159s

Command Line

com.qingshu520.chat

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qingshu520.chat

com.qingshu520.chat:core

com.qingshu520.chat:cosine

com.qingshu520.chat:QALSERVICE

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 data.iapppay.com udp
US 1.1.1.1:53 chat.qingshu520.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
KR 192.186.12.154:443 data.iapppay.com tcp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lbs.netease.im udp
US 1.1.1.1:53 alog.umeng.com udp
IE 54.73.57.121:80 lbs.netease.im tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 iapppay-data.iapppay.com udp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
KR 192.186.12.154:443 iapppay-data.iapppay.com tcp
SG 119.29.29.29:80 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 142.250.180.14:443 tcp

Files

/storage/emulated/0/chat/cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 2a24449f4044f851d78ace9c49bf4c04
SHA1 c1115730f071cb00a1d0e7d1b3fed33a7bb542f6
SHA256 2ea3baced3d756231a6951331852e7a20a13a43c770430820c4cb779d2e0a470
SHA512 59638f64dde3a02ca7181ad8048599649c7eec27d8e569b171ce2b687231ca7977a2adf22bf6b6eccda78f4fc383ded0ffbae612a069f4660915c637b73544e4

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 7b869832f9eabb7a93f0aa0f4a102cc9
SHA1 3d2586da83555d0c7f29cf3deb8c4c862c6cb2a9
SHA256 0616438382a6f2e97a40f2e2796f2f60b847caf201bf85383f3cf215fea74322
SHA512 c04d18dd68f2216c942c819195ab9b49d08a1e024842e613012278352db792e3214910bcd53818bf82606a8a5b42a0cee85956b73430d7cd91e22be56052e1b3

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 a49f44fc336d4f0f66f9c653ebf100b9
SHA1 1ba8a35891175644e17818bfdd0bb53eac2a106c
SHA256 5eac3cb9449a48e32942d4dce9f300d11d44cc249c31aacda91ffbc3c9671e35
SHA512 db0e0d78d1012fa4b8308308119f9808082a46924c380d3919b12e3c3de68432fb0b8e1d906fbbc20b063d796f8a7858f5420a41cb78c27282833276b04ce2df

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 94396e2187f583686dcc6237a4890125
SHA1 cb597ac4bcfb15a02f9d325864f06a1a4a29278a
SHA256 3ceecff32c3e36c23c8e3c946c8d448f515a89fb7ef0365c8dd35e072f2d67cc
SHA512 d4e4124702f5f1c3036e7a15094af5ed271b5dcc831d4507ed2228ead18d977126e29907101fc86956cd1f1776738002963459da3f21dc6598b82ea8180c44ab

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 8c8648870a8b33aaf29277b860f1df90
SHA1 d47aef094542b5dfc8e3c721c7b4fa720071643f
SHA256 ba6d994fa73492e5552e0f062aebb18a172f6d2e2a2202d0400ca4d391eff1ae
SHA512 fe1400aac43a1b5605c15b404c09797b028e99ac4e193c5a549a8c34f657d42a7147da4b985a71a80e0d26cb691b3e061fa781d7d618a368ec9b01709d766e68

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 a2b3c9a893df5e5e6615459638d4eb17
SHA1 385d2d91ad03a19370e4d17509beafb28e214e70
SHA256 b84980e08846d8b568e04f70634aadcab39fe5b144ecfd18250c19014cb859e9
SHA512 f586474f6fd9fe499b8401f6ea91ab87bc91d2fd4cea3e84c58aa5fe20e69b2da43d0b2b1de43b37e02069e98234f6f8e714cb6aa9143aea845825d377a7dac5

/data/user/0/com.qingshu520.chat/files/umeng_it.cache

MD5 b60a3141a5b23cd397da11e0c350dea8
SHA1 70fde100f31b97d647301a4f3d5fc305036caade
SHA256 c947264a0d96a41056617fe80e2b75f30effaab0fde84d501cffd5a2097ffa0f
SHA512 9426c3b0ffb29609608bc57ac568fd6df4438feacdf276472aef26b68324c939028a79ae771aaee8e2861ad5fba5434019e82bebf307ddd8f24bb5b55183c1ed

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 02f64b8918167bdf7d0ed7a11d100fea
SHA1 85be2bb6baae7727ba6b70860fb1e42f58a240ec
SHA256 1d6447431588336d36a0b8f53c9f22fbec2294a75816b4e2a2d4d7fbe7cd1b4a
SHA512 510b1fd55488c0dbe3a84f8a1a39671de259faf56f440667d92695f389d2b2ed8ad9b4dbf56cc4413de431e956b1c427e1d69303bdfe2773d4a2b192f69d95c8

/storage/emulated/0/chat/cache/nim/log/nim_sdk.log

MD5 c94a91a26213caef3cb3215ba987a341
SHA1 62605d80fc1409f278ea37dff60c640bcd9c5ab3
SHA256 86bcbd0c3560ce7a496612d42d79dab5d2907fa988fc7ef1ad489ed66c1e64f4
SHA512 9dba30e76de02e2eb1cde68a741fada5459fb3c463952401a97182a1048ebc8ca4b9c3cd7def60b87255cc7d8770f8450cea56b630e245e7ece078a5f872af22

/storage/emulated/0/tencent/qalsdklogs/com/qingshu520/chat/sdk/sdk.24.06.14.09.log

MD5 4b71d7520565719952dc54bc24d6b9b9
SHA1 c4e5d6d379f26b700081510cfa6fbc005494eab6
SHA256 a31096c85c317c173bae5590f8cd9df0b6702dfe001cdfc8258f18061a974da9
SHA512 4ce028e10bd4079c3e67649248224d349c036df748c6205a8d581ebe0ec84d3f6b52419bdddda46371d098d96eed5d2b10edcb9992a137f23acb4b3f11a3c7a1

/data/user/0/com.qingshu520.chat/files/tls_device.dat

MD5 ad51bb0d70b558fab59f7630890441f4
SHA1 07444491d092e63cf99c87d5d2708709a72c8bdc
SHA256 b917dab81b2b70a00f9b0a0a5c7db0f8a0dd7a13fe305fd52c1dcbf8a05f0a0e
SHA512 130390606f306626bbb32cfe6dec9025fd5cc6b0b525f0c1ddd6c1dd12cc78a1a70d3527cc71e92d47ae7cf669a2113e0557ac992acc3695c163e1f96dc5e30e

/storage/emulated/0/iapppay/statistics/com.qingshu520.chat/statistics.log

MD5 0b5301d3923f60091e258f967692d090
SHA1 8cc76117824f2f4833c3061ccbe4c5f7802215d5
SHA256 7017ccb5a65b39977ad030db252d9e10c478ba73019f9cde536f23c12998611e
SHA512 7a96d750cf5b076cea0752dc35be4e667d34aed4b0e884045cdd1de65eca47f9ddb27c66acd4040ee487189f062579a628b422d4703b51c05ffcd77c93777cc9

/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

MD5 2c47198ae672082cddedb20566bb5909
SHA1 3c5a846d9224f7c43f9e6f768ff7807d40328b60
SHA256 ebfa0937249897bc6e1f2ebf7afc27956425389cfcd9f368986cd1a5923b3188
SHA512 c4f38b4ec2f688c29f21c7e615195eab631863d74486830b830021e055e4345f5e0d87eda3559115905cf06b6de48c2180745cca764d8db39bb1ccc43174e40f

/data/user/0/com.qingshu520.chat/databases/tls_sdk.db

MD5 2e8d2b7e3b1a8758ee427d301314b7ef
SHA1 32bcf7c03fd4934e1224feaf2114df2ae56d0551
SHA256 67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d
SHA512 2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

MD5 1da490b64cfa112fb0492f83b0cea84f
SHA1 fc59581291a78c60df4736306eedb9ac0567fd10
SHA256 53a6dddc7f50f3c971da219639adc9c214240e94eb240b1574424bad2cd56552
SHA512 3088aa6f6755b991724bf331e4a9612efd8dc299a9f2b9ee2134f30f8aa3b852307a0ccf912aa5e1c56462fc7fc75f8aa384f4fe7cb92b52ca15a1337574b160

/data/user/0/com.qingshu520.chat/databases/tls_sdk.db-journal

MD5 4db5a45d43116165fbdd5a40fadafddb
SHA1 ba5d5819d1ae5f948e44300baa764b27972f863e
SHA256 124855524319c79957138e2bf51156fd6fc160a07c056c22bba991ad9893a5f8
SHA512 21a7a3946abbb956a03a2616e88c126b9c7ea671a2a34ce953646bb042915bdb5cfe779dc87aa9dfbc47176c81e358d5b608c9fc0457f8a75793a5fe2560bf04

/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/imsdk_20240614.log

MD5 37f913cbece197232e81b5be12525306
SHA1 b0dd576c0651587f62d6801ffb58fcfb6a6ca320
SHA256 896725c2967b82fe36e1a65a5b5506f4d4085f47ce42feafc94e9f79dc3cb09f
SHA512 588bfe4d1a2840f9e56d7fb82c54ba3efb2ded748871da55de1905910b4ade00c356104f563768fce86b2f4d196946caf80f3a3ad73ae8e3f150c5cfcb5958fb

/storage/emulated/0/tencent/imsdklogs/com/qingshu520/chat/ilivesdk_20240614.log

MD5 674f8723d4fffcb36800aac329476c0f
SHA1 d52d8566253a27dc7ed2fb82880823251e392f47
SHA256 d54bda6458144606e603804f7afe111b9c8105b6e3ac50e1ad69673b9a16f507
SHA512 d3287de6c2b80ec3bda08cfa71a43bedc99fcdfb9cb8f2070ed010157be6bd6f8656dd7be0206b5e06cb2feedc8c2767eda3d3c85b50ad7ab5772fd406848dc4

/data/user/0/com.qingshu520.chat/files/mobclick_agent_sealed_com.qingshu520.chat

MD5 9667bf2bc6327c9e956fdfe8d85ec5b4
SHA1 ddafba0ccbc44f187c1956a0ec8ff29a437f2229
SHA256 184c2abf9ce4dedc41efae065708e4cde0de0fe282333721af10eea7366e6410
SHA512 54f013e28708b37e83907673c27502b750fb917e51e11c5cf2a22f7a1024174ea5f308d266528cee4f8f118a93575e0f581aaa4f45ef2b321fa054656cf77426

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 09:41

Reported

2024-06-14 09:44

Platform

android-x86-arm-20240611.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 09:41

Reported

2024-06-14 09:44

Platform

android-x64-arm64-20240611.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

N/A