Malware Analysis Report

2024-09-09 16:05

Sample ID 240614-n8qa2stdnl
Target a994e4c19a2e2451d398fc985a6934f5_JaffaCakes118
SHA256 c0aac1a4c0ecf3ec94535cf835df60787b68cb44427d6cdb0880ab59fe49a630
Tags
collection credential_access discovery evasion execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c0aac1a4c0ecf3ec94535cf835df60787b68cb44427d6cdb0880ab59fe49a630

Threat Level: Shows suspicious behavior

The file a994e4c19a2e2451d398fc985a6934f5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Reads information about phone network operator.

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:04

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:04

Reported

2024-06-14 12:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

24s

Max time network

157s

Command Line

com.kingsoft

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.kingsoft

com.kingsoft:sync

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 abroad-dw-online.ksord.com udp
SG 119.29.29.29:80 119.29.29.29 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 0 udp
GB 142.250.187.206:443 android.apis.google.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 18.233.22.108:80 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 activity.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 service.iciba.com udp
US 1.1.1.1:53 event.ksosoft.com udp
US 1.1.1.1:53 counter.kingsoft.com udp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 pay2.iciba.com udp
US 1.1.1.1:53 vip.iciba.com udp
US 1.1.1.1:53 alog.umeng.com udp
SG 119.29.29.29:80 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 101.126.69.5:80 vip.iciba.com tcp
CN 119.3.210.249:80 pay2.iciba.com tcp
CN 119.3.210.249:80 pay2.iciba.com tcp
CN 119.3.210.249:80 pay2.iciba.com tcp
CN 119.3.210.249:80 pay2.iciba.com tcp
CN 119.3.210.249:80 pay2.iciba.com tcp
CN 101.126.4.125:80 vip.iciba.com tcp
NL 20.33.39.105:80 data.mistat.xiaomi.com tcp
CN 101.126.4.125:80 vip.iciba.com tcp
CN 139.9.135.197:80 pay2.iciba.com tcp
CN 139.9.135.197:80 pay2.iciba.com tcp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 dict-mobile.iciba.com udp
US 1.1.1.1:53 event.ksosoft.com udp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 101.126.69.5:80 dict-mobile.iciba.com tcp
CN 101.126.69.5:80 dict-mobile.iciba.com tcp
CN 101.126.69.5:80 dict-mobile.iciba.com tcp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 101.126.4.125:80 dict-mobile.iciba.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 101.126.69.5:80 dict-mobile.iciba.com tcp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 139.9.135.197:80 dict-mobile.iciba.com tcp
CN 101.126.4.125:80 dict-mobile.iciba.com tcp
CN 101.126.4.125:80 dict-mobile.iciba.com tcp
CN 119.3.210.249:80 dict-mobile.iciba.com tcp
CN 119.3.210.249:80 dict-mobile.iciba.com tcp
CN 119.3.210.249:80 dict-mobile.iciba.com tcp
CN 101.126.69.5:80 dict-mobile.iciba.com tcp
US 18.233.22.108:80 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 101.126.4.125:80 dict-mobile.iciba.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 18.233.22.108:80 tcp
CN 223.109.148.179:80 alog.umeng.com tcp

Files

/data/data/com.kingsoft/databases/powerword.db-journal

MD5 3206fedeb26d93b436523b4bc770cce0
SHA1 a42e990dec7bb5eed8c73fc3f03d06bd2d797ed8
SHA256 13f476c3a55a663a81173672bc56e3bed1e11f479ca87df36af6300f0e5c6e71
SHA512 32b2262c5d08a4063e4f6a48e0dd88d9c951411f55b7336b05acf92994023975cf37098ff2bc144cf715223187004e8f1fb9ae0f1186f8e9d299386f6c32a628

/data/data/com.kingsoft/databases/powerword.db

MD5 4d024d975aac9d7ef0897d9752a57608
SHA1 da9b04ce3d12c18085080ae2e9bc5d9a71552a94
SHA256 aa127739d2ed4b253283ad083b691ceffdf40123e665d30ad93258611769d502
SHA512 93c107d70c3c258c0a2343c20fe8678dcd9efff93ba5d07483fd1a53c7c952573099a133dc003d8492facb0870b6e783035c7201ba23300834e03ad8b3f3124a

/data/data/com.kingsoft/databases/powerword.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kingsoft/databases/powerword.db-wal

MD5 3a3bb9b93c3581c91221d155169fb3b8
SHA1 223f45e062292052f06daec38aeeed141b08f572
SHA256 1b93495669c2fdf6eed736b8d14429ad47564d1f5e57730175326d4475591ed4
SHA512 aec59de4365d30cc09975fefb133fef38369fde1b7b33f00bde8e5ccaa87dd251c597ff47560eba39c5a984f823eb18a035cba96175f1b0413d0f2634372e936

/data/data/com.kingsoft/databases/admob.db-journal

MD5 d402061b1013334d1cd9fcc210d879e1
SHA1 bf909c4c419ee40b15af9665a2d46134d26b24c2
SHA256 e2b06fd4cc32d3d47d7595c2fe06c0e69ea1f69f03a7e3036f2c90fa725a888b
SHA512 f44b52b889a8df41166129dc59ac122bf2fa99807b96534f0c54babe7a2c0b2e2b3357bfae5e67f22f3bb34df7cf059e8b2e76a3cb336a4c8e89226d9c304095

/data/data/com.kingsoft/databases/admob.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.kingsoft/databases/admob.db-shm

MD5 200434e62f0726af5838c616e48b14e9
SHA1 f7f63ef974018d65ad20b90efdd0459d1e17919b
SHA256 e45bb21170462fd70a18f8ae2525bc0cd6b851c067c278523530ef6a27cfd7a9
SHA512 d1e16ec486b5bf715d6b8cd6fd3cf1733db93f39d8343cd34cb8bf21f87608c81dcd519e7375af68c975450a623d07e61891733f4d7110be5f4ccc47a01a572a

/data/data/com.kingsoft/databases/admob.db-wal

MD5 c73991807bf905e1d23840ee8f60a4c0
SHA1 9b8105da9680ed7a3d9c2d8f1e0860197563baeb
SHA256 bb5fb644915a92c0efdefb57544759df128441c0d6514d54a8cd159041ac76b8
SHA512 3099bdca6b31b7d20cbcca6c9e5652fe7925a418082da0bf551fbb397272edaedff2b75f3328cfc50c0076c9a019d6c9afe5e343800130e717a9e2e12b80e055

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 ece8d72ce7f345723563404bf8f33d32
SHA1 b03945211b983c5f587e40af18c6d96992a8ceb5
SHA256 3958629f352c9b6dba855bbb1d359f26c7523d01178176acc5540c97f055d567
SHA512 446fe8c382bfeb6fc2c91cc51dbaae2fbd000f6d8a88163db28d8d09f7fe46e5015c4a6cdbfa7d15a8a31aca0b8e14e21603f6cb2997b5b470b67dbfa1565602

/storage/emulated/0/Android/data/com.kingsoft/cache/textdata/journal.tmp

MD5 d88654265437289828ef27a3d0b21067
SHA1 5ca0cd9f496d288ae9379b069045abc15afb08fa
SHA256 7da6f37af387edf1ff0df7e35afc0b0fe3ba65acc7cc1b93a5de1dbb27ff68d8
SHA512 b5936875eb28799df410bbc934d7cdb0603e24f63149df3714bca3aa35f93d386442981225e3932400196c21376e0c3cf453e78cbe5265f255f76001e6cbc742

/storage/emulated/0/Android/data/com.kingsoft/files/tbslog/tbslog.txt

MD5 c3719f45e5a16884c3168cd50796563a
SHA1 8be82b221d7ed8f28a365f054db51574eb723763
SHA256 ab42cdcaca4b2ec363a3d4ad75369041106bf8cab93c095101c60285e3bdebcf
SHA512 48f5ec9acac5ce7941c3cceb4d29d440a3a8c2e8d208a9a834252f8b28fb348298e4b3df718a3f1b2d9f4b68e6fa781495945235507c711728005fde43421dcd

/data/data/com.kingsoft/filescom.kingsoft/files/dmdata.xml

MD5 263084b7ffe4088bb026369acdae2806
SHA1 ef63c120e4d0f26af0cfdb9a626e0de479ea6f02
SHA256 e75656107d817b3c0c88773c08ffa6956ad9c684becec142b0841592427f0e11
SHA512 815cb8f02790d46bf822f2eb67556cca74707dd0a4d6c7e878f6f80ea9b530d4b67cd31949bc577ed851fdbbd58b414a5cef020e43e14c6586af90de813362f5

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 0f09cf34a41485a8393d53b7eed215b2
SHA1 a9d0b40c5f1841ce4c4f8f651118e67b70819744
SHA256 9ba03becafd3d883c12c378b1b48fd0dabf83d82338b797c36a0909fc76f99f8
SHA512 575c76c8d6e17d0c8767cc0807b7fc75ad0f9ee8f6dbe946015005928ddf7efe6b6b1a99358e5c507d1b1348c3108944dd3d3bcd098d5fda823fcb447fbca031

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 a1bbff46ce0dba0dd1e262366d8d38ec
SHA1 08a87bc0bf11ba8355dc807b9228a08f66d1540d
SHA256 85da140d233776440c0f29a8ba847a0986dc6557fff95c431d5312f1c2c542c0
SHA512 6b9a5d48e2382bed11986f03fea8606172c54eeb1454fa7e7465e9d03a9791ea7b5ce5c529302421ee4eca5b68f67c66240ffbfd146917e04453fbd0f3029e7e

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 2dd037e955bddc1d2edfff496abfa7c0
SHA1 5d389c59a8e827a54a9a1e73efdb846cf2cb39c5
SHA256 b3513c7469f3c1fcf2f0458498cec54a2b5ccd0fc04688ffe33d697b4214cfde
SHA512 7497f3945147b9941567f45d70a4efc974e8bd6de6274dc8804ffc090c0457cafddd76b63a0ae4a91f4b2e9628f2647317b57ff467c9bd8d492c20a06260369e

/data/data/com.kingsoft/databases/mistat.db

MD5 3c258359f1e11ccdc85b8c75424fb5e8
SHA1 7824df627a8e97143952605864237205037321d9
SHA256 2f58a75eda622e68235d2f7591bbf058e042f8fd56b6552ca890c644b5faca6c
SHA512 21c181dbf1b8722fc5d1ca0a79688c110accbb624f7f9dd7bc1c5373561fbf5a662bc244367cc8d0ff37ded4c7c0d14af766976f943a91f4642cc6a4c90fec67

/data/data/com.kingsoft/databases/mistat.db-wal

MD5 4baf4732e640d36866a7c01cacf9d613
SHA1 196c353bdaff0d708bd6f5fb0bce5ce84424577a
SHA256 e784c73db3fc7e606b7428fad380aa3a18857c16bbf1e0260e2b30688bcacab5
SHA512 90f49ecc700b4dfcd0223450f463520778c2e93b8b5a9d0c8a4dc874f1ee556f9d5d46d7fe12123b014058afa6f6fb4b22b5ad14a9971568af7193e35b13e889

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 da42aa16086a07636e6df175fa85d6b8
SHA1 7c3d56a7d5189c95b991469ebce412ddafe894b0
SHA256 fb4c431c3d688573bcaf3fe54a93a80fd19767a6abefd6bb26493f2a4dbcac97
SHA512 777480d534c5648a2033582f50bdc112e7ebaf53509e575abdd60d06c1b452d173e37181e1c35077d1b8c95be71c2c1e0cb097403b11c51a10a0c6e3301bc387

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 0814bdb28cc90c198d8d55c9b625d1d8
SHA1 f9bf555f1a9af23d31a3a3ec5d2cc65bd485046e
SHA256 53229becb4cf97205ded7a4b5b2278449f274c0712660666ec513218ff138b07
SHA512 3721548b6e68813be595e814d7acbb4a2890bc07602494bf2f1a111b2453f274ded1dcb7ce5c606c99c57696706168e5ca6ddd5291d7e1e3cd150daa9e2baf6b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 12:04

Reported

2024-06-14 12:07

Platform

android-x64-20240611.1-en

Max time kernel

23s

Max time network

192s

Command Line

com.kingsoft

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.kingsoft

com.kingsoft:sync

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 abroad-dw-online.ksord.com udp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 0 udp
SG 119.29.29.29:80 119.29.29.29 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 18.233.22.108:80 tcp
US 1.1.1.1:53 data.mistat.xiaomi.com udp
NL 20.33.39.105:80 data.mistat.xiaomi.com tcp
SG 119.29.29.29:80 tcp
NL 20.33.39.105:80 data.mistat.xiaomi.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 18.233.22.108:80 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.14:443 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 18.233.22.108:80 tcp

Files

/data/data/com.kingsoft/databases/powerword.db-journal

MD5 09feb405cf8f4d0e4a8c50da7683b81e
SHA1 d82cb4e69b40fe170c0ccb0076fe50ac8ed4db94
SHA256 d19c3412baa4ae717af900fe650c03eeafa7d87cce73b5032bdf18a4e0955a17
SHA512 c45c921cf6019bab043ff2dc076f8745334c100941a0aec7cae5196bbf2c7cfc7714da332b6d50f6ce043b1ba9386c765ce4460f44304f83b41f6b30ee6f5d57

/data/data/com.kingsoft/databases/powerword.db

MD5 27d3acc0cdf862eefd06fde94a1e9ebf
SHA1 22d195bb6541ff64878fb48668b733dc621c281c
SHA256 b0e61304cbabfb53836e82a384249fe96049e383900e672e577cd0dd7b19be8d
SHA512 936405523adc7a92974b773c206e4b344492ab7f8d348eea0047f12b94be0c154d2751401a49c0b4b21c3dc92a1b602de2395c4b788e5ef0e31988e1c2350e88

/data/data/com.kingsoft/databases/powerword.db-journal

MD5 d8afbd7b023429654ef145baad5d1798
SHA1 6b67e4d1b9a03f1144cd4fe56f6d12db1ab94bde
SHA256 93e69294dc40f81dec8e29834b92f30ede8012ed4bc397cc46baf268770712fa
SHA512 1a37230ef32ba687f97c4d3ae512314d4470f59af6c1e79914416108de113c5994cea874ac36f90a9d639429970d605e05eeb0210f71d2acd9a322a28b5ce607

/data/data/com.kingsoft/databases/powerword.db-journal

MD5 af4b7bfdee1d13ce5ad8f6e28be5af55
SHA1 87160ef0ca84f25a0f6617041dc48f4d051ceda5
SHA256 c90ac60aa986cef4ab5f75fd7e7fb7fbd2bf56d95d56e6d7ec663525bee3c4a2
SHA512 25645bd15e2432612e93abf2687ae34625875134b3bf7b38291d2a89ae94585b16e83ef69ff954582afd775dd7739e4219e7e182140d44d375ab7b59d0a5f89b

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 7dddc74ca96d730facb4934ee6cb3e4d
SHA1 dc8ad38912dbde0d71b4bc8842f964aa0a724ae1
SHA256 9478d23542b54a6e79c5e369bc17fb32b709fc55d6ab849efd89601a4bc3d1da
SHA512 edf2832a7fa148d64046f7f22cf30a27182e1214a5d20473da10fb9857a5f8edf0523e3f1112adbe923b1b62bb0b8e27a327426b1058d490499a39e14cb0fced

/storage/emulated/0/Android/data/com.kingsoft/files/tbslog/tbslog.txt

MD5 fe7f8b2eca212a07693161cb0854a353
SHA1 04c673b5ebecf085e926705ace0165a72a275133
SHA256 2c3b293ee4057e7b91c0ea8d912c54b09d05698b573cf5cf963b6fd2d1cfdfdb
SHA512 fcaf6fd53a079d4048f397db555fe0234a907048f06a5c7ebb0b3d3fd14af9a31d05457b1d6ae2a471024c2822564ac419c44dcf13ed2bf4994e75ea77bd2704

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 8f9a6d77708ef82772bd2ae60dce9b6e
SHA1 b2a2b9ccc728bedf87c7721765f75f1ed20e4e14
SHA256 4bdc332d013a617c597f7bfab3883c22480f9d7673dfcb18977c863380813e20
SHA512 06aeca445994d5baa88d5111bc8f2a6ecc04fbef49b0cb5e5ff1b7c45f0934f28ffba2fe2ac874941b894192cbd5df6b33683d019084438891e9162a21d0159d

/data/data/com.kingsoft/databases/powerword.db-journal

MD5 7394f2f7850e3c58c8b4decb2b58960c
SHA1 91b90ce5cf46857e8a7ed4c2cc11ccbff812db9a
SHA256 2496df32a62a85e6ef752cc245bdd66124fbc6317c32ec922034e9813427ef42
SHA512 dd36a2da8493c84c02562bfa548d9b8bd05ff49cf18f9d5137420e34b09ac53f083112133e9e0e26acf85b1ba7d6ab8bc5acc1f42fa09ff8a29dfe49f561bcb1

/data/data/com.kingsoft/databases/powerword.db

MD5 08fa76e7d384e4c32b35cb9038af14b0
SHA1 dd80612ed8fdc449efe2b0f2eaf34dc457e8177a
SHA256 583e5c1b45896c436d4f6ae8adaa66a3106e584c8c18c962cd7fff6c3bf61e68
SHA512 c5971e5f6857db50abc6fb32ec2de9615cf66fc520773682204ee1c902056d96629b740395a386a06b18f801fd71493849cb913741ff224658f08080be63b056

/data/data/com.kingsoft/databases/powerword.db-shm

MD5 d3a2e2724ee736319a6aa1c6e520233f
SHA1 3ef532c76b66aa3992d804e859ed4b5a82f8f846
SHA256 6a8d1d1037824cb077df45f6ecbfe17ef8ff781ef521cde6caf9d419e9849932
SHA512 009059729d709b1efa7112dee36f80559994754bbde7ff100621f312dc604c4d36f57425e84267bbfc1f5bc02fe342dbb8e4e69cffe065a4adfc7788ee5b3612

/data/data/com.kingsoft/databases/admob.db-journal

MD5 47a391b2ccfdece83a6f08a74fed2f3d
SHA1 478ab564dc90da51c11f6fc0be4ae47fa29bf0a8
SHA256 6e9ad4fd5455e5ef47d713577a5fdb873f9b20339614e0442a308c39081f9a98
SHA512 ec9f30031597ab4c8787a55b8deb55eb0ffb4ab74aef2ab1fa98eb12949c8aab5e7897268555ef57176616f28b873757a732feb29a67ab95bb4231ddc738f556

/data/data/com.kingsoft/databases/admob.db

MD5 f664bd9d44e3cd02820051f12f03f4f3
SHA1 df973446e3f726de390409db7e6f53f991d26597
SHA256 cde117ef30c0ad65d3438c8f872ae3320c8bd5609099bada8d6c5e55be2c7528
SHA512 5e198735a7c8a3528ae2a89879f76fda800e8b861a0069738821c61c89a1cb31b7ae3c23ddedfaca76c729fec89851347f2f091f38e2d0e68ffc59d9dd36f479

/data/data/com.kingsoft/databases/admob.db-journal

MD5 263084b7ffe4088bb026369acdae2806
SHA1 ef63c120e4d0f26af0cfdb9a626e0de479ea6f02
SHA256 e75656107d817b3c0c88773c08ffa6956ad9c684becec142b0841592427f0e11
SHA512 815cb8f02790d46bf822f2eb67556cca74707dd0a4d6c7e878f6f80ea9b530d4b67cd31949bc577ed851fdbbd58b414a5cef020e43e14c6586af90de813362f5

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 f27b69724eea0b8c8996419fce1ac5b6
SHA1 bf289f631e0a5c9303d17a8cbf572b6db05ba88f
SHA256 a9f7af7cfd3f00086612fab46c3b1d42eb64ea393a7a1dc338f36563880a79ec
SHA512 73d86c068fd7ee010bbd6b840db5da08394e2f112db01e567559d74da311b01e2dd8221c2a695255d294c3121a362b81e698dfd9a8ce5f2754ad53ae7fdf16b5

/data/data/com.kingsoft/databases/admob.db-journal

MD5 174a49aa5bec245643b39246ce73dded
SHA1 c13772b966d715bc6b4143bab03eab7a20dccdc5
SHA256 117901fdce7b14ace63b3044f97d721c49b61ca67f6672dd3296d0c4712f3826
SHA512 e2ed2e18b58ca6beb095a2cb1547e0d2ea821f628848a1d08f587fe88d06d750a7f87a49dd1485a2221dde1e125647522ae2fd12a8c0086d2805618767423384

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 71386dc264ffc8da3a0ffd35a128f1b7
SHA1 60786406a15705f2908c7f93eae623e9c4bd603f
SHA256 763bc893fbf167bf4475f38e9a7e7a317018db6e44c0b317e3c1c6c96ba088d8
SHA512 771e191fca9148c3d012ebac0889a1493f8a809d01a8cd7ad659e2d0ca5659308e69e5fc203edb88735482385676aac7b7c0975c0644df72ff7afa2cf845a1f7

/storage/emulated/0/Android/data/com.kingsoft/cache/textdata/journal.tmp

MD5 d88654265437289828ef27a3d0b21067
SHA1 5ca0cd9f496d288ae9379b069045abc15afb08fa
SHA256 7da6f37af387edf1ff0df7e35afc0b0fe3ba65acc7cc1b93a5de1dbb27ff68d8
SHA512 b5936875eb28799df410bbc934d7cdb0603e24f63149df3714bca3aa35f93d386442981225e3932400196c21376e0c3cf453e78cbe5265f255f76001e6cbc742

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 ddc96187a422e847b58d93ced4fa7e7f
SHA1 217d6305264d69d74b519084b2ccc356569b3726
SHA256 24d7a029f9ac16707598aa4a3dcc840622c83c03836cd9a532840fa4edd5c239
SHA512 a12011a7fb77a25ed119384585ebcbda12aa520115fd8ebc9f29c48b075fd694da04e4fa8b2f1bccc2d9c4b3766f245cf9dbe470da2c891b0690f8d00d753e6b

/data/data/com.kingsoft/databases/mistat.db

MD5 6912cf3b74564497f5a20f062a900877
SHA1 c245d078e3004fb803aa019d905df55cbda35ae9
SHA256 9c5ef3363ce0151882afcd154c8cbf289d89bfafd79dbd839bbaa9f648e56552
SHA512 1f3bf05700a0ba2df9a3a9254ecfa5757fda21525b8c5e8daeadbf2a156898d756e2e4a83ef43a4a8cd71ef9f6e965b4a5a149f6207c6c3223360e9bf3159acc

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 0a77796b5093508a7bb9317ec9ef3ae9
SHA1 498c97ed8b3bc816f74fccd29a6bea2c822aa9ce
SHA256 997b8462fdfb16402bc01a4a1044fcf37db585293f4e76d3c889c0446088e95d
SHA512 63f82c77b5213fa5432200a272b35dec80f16411dd6cd712427763eb932bb582f95dc2ff4be0b0e84312878a3b8e5512fc3f1c0e07dde0e80bb9f54726061d4c

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 72c3468ab205c6b025a4cb185128c4df
SHA1 bdeec4a624037f26222e582df0829c347e478410
SHA256 3e12d95d7de067341f5261276a65d911609a1ec532e6a50d990f356a577f7eee
SHA512 ecc093ded4ea7de2bcf34bc01ca6a12917558acad7e1c42d8b9fd023c83c6eddf692435f8e62475ec8d618f99e0ac8bde6ee8443d282b6155f555cb8e1d863c3

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 bf20b947e0d76fe6169d7b60ba7525bf
SHA1 7bc6e3bbc971cfce849d0964a8930bf3c473a9e2
SHA256 11a5c5a48a22f639b936a7ff5c7f89b462e623bf3e16930c70620a311b128146
SHA512 867e9f98646cb8bb4b8c95451e70ab61113da5108a267d0c4388759c330b12bd5b5f8c72b1e6a90aa55b75c9f5df6e38e285036acf353467d5f493acf8b2b8ef

/data/data/com.kingsoft/databases/admob.db-journal

MD5 9cf743310eeb1e24e51bc5ac9a58ba53
SHA1 022876418cb57748d959258c7049c8970a6a9739
SHA256 1bf51a2bc6de84c59a8248efc42b5dc868f2a104a8fa18cdce2fdf10916f6932
SHA512 c379afe2f5b0a2056e1888c98b1f10e304bfefa9bea7c961d270bc516d6645f52cf2077a5ca2eb6ae7348be0054738b1b7796a4df6599d129cdea10a99fb0d76

/data/data/com.kingsoft/app_tbs/core_private/download_upload

MD5 a3523ade83fd2ec559a9d432575b4467
SHA1 ad6355013e4bd066de7a3fecf4f6852470fc9aa3
SHA256 6fca4571ac3db98528575a8a141a8f0b40efab03990ab8e421144fa034ff464c
SHA512 cf342e52084e2b8671e0c00215a91eb8aebc0af6986d6f4769d7d2b23d660df8ccb88a3285f191e5ed873cb0093b9f219171cab828612e1443c0ab4b33847a71

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 8944bd18ed184f62b415bf7c2b75853c
SHA1 3e88d2253a9fadb63a16c84031c73485eadefb64
SHA256 e0edba1b3d7c2f7cb964e85ceb849ae5a1a3c45896fe243f4c131bfe334cfaa3
SHA512 9e2a10954752794cb01cb1405f572237c89e9af96bea56dc6ea3e6fa5635e46ff6f60b69793a3d8c3d33b4b76e6acfe70eedf4e606cb8bcc87b8f29d745ff2a8

/data/data/com.kingsoft/databases/mistat.db-journal

MD5 379724fc659dd1d5a74b609fa8c6afa0
SHA1 c2202df8327ef321c38622450a2da27bbfb1f45d
SHA256 055379c4a4a15d5119b9d409280f2cc29ccf0f1d30a0ef95f1f8eb7320c563a9
SHA512 757bcd6ba5aead2c26798ed1a9f0dfc4d02d51abe16f3e872513c3dc6943e8464056074cbff3689219cfc410db8882d40cc3c4de8e434157f7654df16d2ec2db

/data/data/com.kingsoft/databases/KSOStat.db-journal

MD5 90a9166b3329d3113877e8a049b1f8d4
SHA1 544c03d7022cefb10d0e3e3f418e439b6f9ef533
SHA256 c8991cf5d794a3f080cbb45396ade88cf4dd02dd9b31d461bb208ac66e38e1a5
SHA512 942a255c6717a8152e771f57b6638eb713bb9b5bbd3cd49694444d9dc7c236fd67c4e5768ae4262f95ba3601d2b454a17f8fbceee5f4ba91d7adfdebe72e15c2

/data/data/com.kingsoft/databases/KSOStat.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/com.kingsoft/databases/mistat.db

MD5 5e4fd8521783e2815243cc83ec49b4d1
SHA1 fd8f272d905b5b12b944711e83192df9386bc37b
SHA256 6f6d4d819ea4f5fd6074ac72dfa6f7ee1e3762c8b039db48ac6b304ffcc81e28
SHA512 67d0eee253f0b2baa28a42b545a020215c75e14aef010d5dad3d4d851e5040aba49a124adec779393653d59cfb96c1fb2befb12db9f905164fbee528792edaae

/data/data/com.kingsoft/databases/KSOStat.db-journal

MD5 5edd08c9ec7a429cd89fee8120e51de9
SHA1 48ea99ba77c12be544add044fa43ca8008697b2a
SHA256 de22023c7f0c36f4cdc74e49656152edffb5e9239290fb3422aba05f31a80541
SHA512 882cbfb38415255c49cd09b425e557cc56901efec91d93af938ca18ca6d20f8a2bb56b7cfc436c104381c231fc3990f127d85e589e9c8beba54549b8b1e16028

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 12:04

Reported

2024-06-14 12:04

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A