Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-mgawlszgll
Target a92f72ee05d6b2c0d0ca6eb70d4791dd_JaffaCakes118
SHA256 045508cee87310bad4b66d9934354ca4d65f151dcb7e04a101ba7d43e82a0a03
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

045508cee87310bad4b66d9934354ca4d65f151dcb7e04a101ba7d43e82a0a03

Threat Level: Shows suspicious behavior

The file a92f72ee05d6b2c0d0ca6eb70d4791dd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries information about active data network

Queries information about the current Wi-Fi connection

Acquires the wake lock

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 10:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:29

Platform

android-x86-arm-20240611.1-en

Max time kernel

170s

Max time network

183s

Command Line

com.kaixin.android.vertical_3_etxhh

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.jar N/A N/A
N/A /data/user/0/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.kaixin.android.vertical_3_etxhh

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.kaixin.android.vertical_3_etxhh/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&

com.kaixin.android.vertical_3_etxhh:pushservice

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 stat.waqu.com udp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 appupdate.waqu.com udp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 waqu.com udp
US 1.1.1.1:53 www.waqu.com udp
US 1.1.1.1:53 oc.umeng.co udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 picstat.waqu.com udp
US 1.1.1.1:53 apiinit.amap.com udp
CN 106.11.43.113:80 apiinit.amap.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
CN 203.107.1.1:80 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 203.107.1.1:80 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
CN 203.107.1.1:80 tcp
US 1.1.1.1:53 trace-ldns.ksyun.com udp
CN 110.43.221.241:80 trace-ldns.ksyun.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 110.43.221.241:80 trace-ldns.ksyun.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.kaixin.android.vertical_3_etxhh/databases/sid_general_child.db-journal

MD5 1bef344d21d2ada75f739b5077798b03
SHA1 543330ac01d5bba177791a496dcbb7e87079b664
SHA256 f64bb14afd41b356416adb6a18b25d44b75a8ac17a36771d4f4bc4b386869e55
SHA512 608c803406c343ab68b115a2d789ce1c1a88dcd2d86e891cbe24a07710b28cc0a6265c91dea5a8e4071071673b2feb3c40cf5a89dfc1bcaef662d2c921c2e68e

/data/data/com.kaixin.android.vertical_3_etxhh/databases/sid_general_child.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.kaixin.android.vertical_3_etxhh/databases/sid_general_child.db-shm

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.kaixin.android.vertical_3_etxhh/databases/sid_general_child.db-wal

MD5 2141a7210ed9b89e3b1378b01eb432fb
SHA1 e3a15a563dc3cd7c70dc2d81c97a22ca5ccb562e
SHA256 4814e1888311226b8bd41e73040286f2a9582064cf41c0aa1fb61c7b83d1241d
SHA512 453d016439481a222371de5c48ff5b4bbd176d85430264154257a7338906c3548c62462749f5bc6a64561d561fb29741f0a8b00f3bceabdda73710bd46c28f11

/data/data/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.tmp.jar

MD5 fb699feda22fd2a52c12da0d2376f5de
SHA1 7069c7940a350bf852064dc2cf51f396d08d2a12
SHA256 d367c5304149d9be686626355490136ed4a225828fff99709a1c2be8b6750d14
SHA512 937364f2ab507489a90128ade741c599e291530bdfd9983d908c5bc21a2b9933d55e860cf6c34297eb8c4feb0b9e3899fd590e4a116bc296061289c5eb32c169

/storage/emulated/0/Android/data/com.kaixin.android.vertical_3_etxhh/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/.waqu/sid

MD5 748d9beeaa1899252a7365b780b95fb0
SHA1 2158cbe9044f2b138df0094615afe6616e526c9d
SHA256 59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8
SHA512 cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

/data/user/0/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.jar

MD5 9c859e81e45f7d6f6d3a8b8cdaa650a2
SHA1 c6798ed55e37020cef4b4c76c095f45bbc404438
SHA256 028f5514443840c54d4b832d439a70cd732c4740bf2bedc3a8ba567268225fbe
SHA512 f01429687a0a9e85be068b7553a5e0928f7d7b4b306c1ba5823e7151be4e30f1f6a69bdc9d9fa3c5d0d722d8b46dafbfd956783fe4e27d52204c9a29e3092ee3

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libarm.so

MD5 613b4c40fd43ce7cddc9790f1101cb82
SHA1 4d3366e6133904adc47a71f6efcbe520f24c80b8
SHA256 1c18442a6a441d8f9140182b7dd6e0a4bab6e64f50e12cdb9901b5e9850958cb
SHA512 2980c7188de9b86407d5fcac2a1081a45cb7122f82f14a22495546cf54aaa35964a782f7b1710eca5565b02b176d681d20fca336bb59a814854b358581e5dc13

/data/user/0/com.kaixin.android.vertical_3_etxhh/files/__pasys_remote_banner.jar

MD5 32b5f17d5b9556bb43313b15db803048
SHA1 4ebd1b47387b7b9a7fb05ce3f82d0d77c5c972f6
SHA256 89098c105efdd69006e896d6f1963e84b16e815d5d26ae950535a98e2c23feb3
SHA512 3603117ffa72991d7b560422ed4d168ff9513355d5dd6d29208119e77983d4f3c7ca8454da93e79e94ef677584010d98cbf7a5c8f7b8309a57a4e1b4ceb99bef

/data/data/com.kaixin.android.vertical_3_etxhh/files/umeng_it.cache

MD5 8c76ac26418385dabfb52aa5a1f59817
SHA1 586f0c0689b90ba6ff6bbfa9db18ced9faee4817
SHA256 1e714c54ef1ca770ec3201c4912102f80cc65b1134258e8ceaaa1227f54b42c4
SHA512 b80b1f002b6c8457988d5500b33ee44697823b0264fd8295986ad6a550041924a618644fdae9f6561fd9f51f7782300c9b0c514330cde80c6b12c7e95ff77837

/data/data/com.kaixin.android.vertical_3_etxhh/databases/pushsdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kaixin.android.vertical_3_etxhh/databases/pushsdk.db-wal

MD5 f6152d492a07fdc9a20a9b00d75ac2ed
SHA1 8ce58f8f8dd4ffc4370e8284419081335be12f04
SHA256 cece866b6c3e026edb99fd03b46baed8ed4b2818749e718bd050aba5cc3b1e51
SHA512 51f6d94405c97c464b3c28a6cf74e63a9eb39a41ab6575a536735ef8a506a2b245dc868f581efe27c2ebae0b7d03aa95f4bc1051c21f2f334f25444079b34276

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libffmpeg.so

MD5 defa6688066997d66338499b4c033259
SHA1 7bef75d59287a58761d437b8c0bd394b156d1824
SHA256 96ec1666372e53863ed3102e06890dfdd12ccca434bb530287480dfd292bbce0
SHA512 d781dee48fb7cb121666d72b4e1d3e3b6c0fe4f1401f305761cdb383339632c3114c0970549b01a423e6daa1dda7b64e50f4cb62ba3edccf46084d65448bb20b

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libOMX.11.so

MD5 aa3d82a2c654f97543103b104be850ae
SHA1 7b137d6e4adb2ee14b97d2561b0fbbdcaf20f10f
SHA256 0bb6fba61f80b014f46a631ddc813f88d4f8017cf65c1cb07a6f7da1bf83cf48
SHA512 0b3cb5f66d0be3db65b116ad297ff6bfdce33424012d488ebeb3cdbf8b1b4f58eb2814ab5d8e5a0b30a5958c3fd372c03d073b7315321ab268114de81ca17677

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libOMX.14.so

MD5 ca4d15ef49ba15846214f657815e712a
SHA1 cf67dcbd2d5a5d638ed0b69460b836e9bbd61c94
SHA256 35bcf2c933c5e45f90dc24f04f525f31a8bbfdb1d75810249ef1c62a9620212f
SHA512 a95976a15c1dbe0c12ba25dddab5160686b6da7a96831796fde387495500873618000d07e5f6796fa293bb0a263aab9112f119ac915674571b03c1daf7d9be9a

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libOMX.18.so

MD5 3b89ecc91c5f71b2c278dafec47477e8
SHA1 592ef6f28ae6aa14ebf1099f8b9dc8e04c89a867
SHA256 a8eea981087d85657c5712ada11b2541d05c1cf79bd5865c9e8a5a625d43dab3
SHA512 a8f67ef61c82f4aeda5010adedc7774bdf74660c269b1f399ca4a78ed13437ccb94dfd952151e985f724c7c1f407abc2644a48393a0fef582fbd35a6986ccfb4

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libOMX.9.so

MD5 267c4ced8a01cf215b0aa2e31c069c56
SHA1 5de3fcc476cb18a9801625afa69583269a66dc7b
SHA256 46eab165239195fb9cabfbf4369572d74f94705027bf4bfdc4b6b7d205f5a22f
SHA512 e91a42a404be51fba1d718bba5ce8a8b7111627605c3adaac18d6f0bec1879946471f77a672b72e9d8d055734453fbcfcc7a6089209701969f5a8ef0c42a54cd

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libstlport_shared.so

MD5 296f38e02f7955117f5f79841c2cb4de
SHA1 789b4a2657a80e25fb2bad88637426deacb175e2
SHA256 d5d10bc63b8dfabebb29c3085029f503b30f807bb9687b61a3ed238ff6dd72cc
SHA512 f4599550b955245e3079861b7b8cfe934d26570dd03169ed9d0d9e40fc0853501d885c37d333a46fde68c0e6c92b5b47f47d5f340087e28e73f822e831ffd9a5

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvao.0.so

MD5 310c30fa96402b931001e542d9bdafc3
SHA1 c35598588b591d4c6a522a5a49a230b16e1d0429
SHA256 e6b56dbbee9fc0b18e2dbb3e6c01c5a1d94b6654e6bce00089497068a80ff8e7
SHA512 5460f5b9a88141ed335f1276c191a91e923bd1376e1d54c831cb8b53b4a5fa3559e621320e46ee6541b626a6a9dc9586580977fe78df01633340107617d10b01

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvplayer.so

MD5 d2d0db1485ca6ce08b59bf31b65003cd
SHA1 b52e7e42631189af224e8662ea0d717aad8465f3
SHA256 5d6fd0321245b3a9706f9b28af5cc6c9d024e27a802aa2bdcdbfd92489a3a707
SHA512 d05bd50b2a660304a2f0ce95eae04ba3d8c56e374767cb3542b43274ec6df75acd375e461a8d1fae2ea3f77af1e547e959fca8e39f6e7eb00c9d9b8f841b9c7f

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvscanner.so

MD5 38e0ff0073aeacb7fb871ff27c270e2b
SHA1 0cf515a51f13f0d0a6bbfaf42c73f07f6d32a004
SHA256 483da59188452399bf359d21243df2abd131299f5b077457025c6467627411c1
SHA512 f5a75673badf0419528eff6fb8153cd4101e09a6c9f028f6a693ce738129caebd21ed3ca5ffa549ecd6b8e6d039f49220f6c5ab1e333942f5293763c31832d7a

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvvo.0.so

MD5 c8181a21ca54dfa8976ed36fb77cc6ea
SHA1 4ee133b8167ed6ea0fd0103a0958295bad7cbaf6
SHA256 8a74d0fea479c45755dd139391478dffb8554d5b0eb64b1fb03e6da9b0811358
SHA512 727e2289a6c8469d7de3198589d26e048c6bb3ceedec3f9cd4286a6adcd748710d11373cc97e287b6916060b2caa4faf797fe85441419d885918002d95594cf8

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvvo.7.so

MD5 c46c8e02e095a35879213d25196a621a
SHA1 c2cc9786e2fa5770265385b0c4a9a3d00a77e1dd
SHA256 fd38c406ee119ad7ec9ec9b1ffd7e461fd93c6586552e19076bdc0d15cca4250
SHA512 d9b025b2a361594be6ff8de56ffff30296c9c6ea395b733c634435076f59db4616bf7654667801a0d9708492fb5ddb34c266847d7835102271cbf724a6f30ac3

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvvo.8.so

MD5 aa19495ed8a8a41336c8256f892c80c9
SHA1 8893a81cf04b361fa0eb1471e2d6ba5bfba61e1b
SHA256 fcf03c0cef18b489ddfbe419e28112710abd5a33e9b9b980013a783c29c43216
SHA512 c7d72771ff2d13a0922ea4be0359d36260b620ac1382e042af9da26f5593fb0ec78ee62cbea45af131cace6c567ec2e3b9dded949d1285821a919aa51859630e

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvvo.9.so

MD5 617c051e208c97c82107a0060ff9c4fa
SHA1 07c8cb9f45d07bc08a6a6082f7d3cd4c125166cb
SHA256 7e605dbfbc08d5f8f1ec9a2f30b84639c65a71382b5ad00cb926919f0ee47796
SHA512 84adc60010613115a16262daef473d7ac8d24531976ebc18fdc36e0afa2437931bec7069b2f05e43c35a1e937e4ca2c1846e11eb39092aa6e33b843efb8b0d35

/data/data/com.kaixin.android.vertical_3_etxhh/libs/libvvo.j.so

MD5 994c6008630ba5357ad8eb3232bbcc31
SHA1 5039be4fcde015f3e1df5f1850a6c812c999fe8c
SHA256 5f75bc5cf5b7481f6920de937b531a18751fc01a622068a30a049f1ab790e1f9
SHA512 1d9cefcbf4407998e4d950a51be744f07c97e043d5ad2419aaffc09fb61fb36599b5687d8945226bde3c05b8136cceae2760f3fa2eab9998fd9445b8e9eaf594

/data/data/com.kaixin.android.vertical_3_etxhh/libs/.lock

MD5 a9a6653e48976138166de32772b1bf40
SHA1 84582c1dbe026475319df14c19967d1dd0bf751f
SHA256 6bcaea9882504292b2f6ea37a84b215463e71ab73b824ee90ecdc10c8dde71ed
SHA512 da79b500393269c29fb78461f75af01e8108ef0bf7f9dc6635b60d271b9bd16fe1215f6f72bb8d002d0f248712606cc360a3d68b1f8eab00521b760b20fa855c

/data/data/com.kaixin.android.vertical_3_etxhh/files/.imprint

MD5 a50c67aec45d8b545c2be67d1404def3
SHA1 790b72336e953da24265f07adad10d707d04fe49
SHA256 6447002bf8900cb4663d7d4314820d0e76d8dcd2d39b3f779d97ef7bc9aeea7f
SHA512 b2a6da84ab55d9ba78e430b84cbc3e28725a5c1dbabe0c46796fa11850535f518609121203be472fa5da07f4fa52fba7905efe88c4bba5cc7af2bf57479fcba9

/data/data/com.kaixin.android.vertical_3_etxhh/files/umeng_it.cache

MD5 a305c4ccdd9d62db7d4ad13e5bfbd6e8
SHA1 eb5b48fe8785fcc002826ba670a97c9cf9fc1f63
SHA256 630c5fce30ecc445079e662af73240d18874ed824a3ded85c02858bf95899698
SHA512 cc953533c2f3854e9fa7a48bfe476a3549452cdef689593f7ddad0ea406e212d69c66bba2d0461e2c5215cad11fd443780682a894e57bdf32145bcb02695719f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:25

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:25

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:26

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:26

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:26

Platform

android-x64-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-14 10:25

Reported

2024-06-14 10:25

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A