Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-ndtpzsycjf
Target a96372027e7a9ad5fed9ec1adf6273c8_JaffaCakes118
SHA256 e447087204ebf1aa1ac0714bca1de943407ff6b8c43eaeaded8cf3c36bce8941
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e447087204ebf1aa1ac0714bca1de943407ff6b8c43eaeaded8cf3c36bce8941

Threat Level: Shows suspicious behavior

The file a96372027e7a9ad5fed9ec1adf6273c8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 11:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:18

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:21

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

186s

Command Line

com.shoujiduoduo.ringtone

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar N/A N/A
N/A /data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar N/A N/A
N/A /data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A
N/A /data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.shoujiduoduo.ringtone

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar --output-vdex-fd=50 --oat-fd=52 --oat-location=/data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/oat/x86/duomobad_0_1_2.jpg.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=118 --oat-fd=119 --oat-location=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&

com.shoujiduoduo.ringtone:pushservice

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ring.djduoduo.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
US 1.1.1.1:53 cdnringbd.shoujiduoduo.com udp
CN 58.254.180.65:80 cdnringbd.shoujiduoduo.com tcp
US 1.1.1.1:53 oc.umeng.com udp
US 1.1.1.1:53 log.djduoduo.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
CN 116.62.216.222:80 log.djduoduo.com tcp
CN 116.213.204.28:80 tcp
CN 47.94.153.122:80 tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 58.254.180.65:80 cdnringbd.shoujiduoduo.com tcp
US 1.1.1.1:53 mobads-logs.baidu.com udp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 47.94.19.247:80 ring.djduoduo.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 58.254.180.65:80 cdnringbd.shoujiduoduo.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
US 1.1.1.1:53 cdnringuc.shoujiduoduo.com udp
CN 117.121.41.242:80 tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 182.61.200.100:443 mobads-logs.baidu.com tcp
CN 116.213.204.28:80 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 47.94.153.122:80 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 59.82.60.44:80 log.umsns.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 59.82.31.160:80 log.umsns.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar

MD5 1cc9d11f7c5fcc53fe4e738b7642be7e
SHA1 ff5a7262a9b195459ee7bf998a2dcdf06c2e88ee
SHA256 c7dc157a166a713eae207cd25c92b9cbedf1ebe40728922936f9d9b167ce357f
SHA512 cb5f7934ce1cc93e3f924693e029b4a9da41ec2d9a44c20357603534ff557380e03e3755943f89bf3c6d21a9470208783c80019992e5cdb21d93a2c44c6f4d14

/data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar

MD5 9e7c5f5c55ad2c7f4cc623009f22c60d
SHA1 394b49fecbeb937310625ffb7bd8d7929e1a3886
SHA256 abc85a5d598a236a84f39950949d58bf3b74d6466a600cd84a7195b83d4333b9
SHA512 fbc1e7b8bd5d2a5758892b5489f31edb9cf02ae0e12dc8195421faf6afe46a1856e027e6b83319534b5c421a0502ffadbef8c39d5f9b03f45aeedd12ff587f19

/data/user/0/com.shoujiduoduo.ringtone/app_duo_jar/duomobad_0_1_2.jpg.jar

MD5 65cefdd83eaca39107c65b54c11b6a80
SHA1 4b61128464cbbc4d917adc0b8fe4bd4a3a249919
SHA256 fba73de2b9baffacb0d552cbcd24a1affe343d899030790c194ea47f0c58c67d
SHA512 97fb63e230f7af2e0af123adb6271beab5938468a6e590e50e44e07936f5020473054f2c649349539ea8f71572214454ffcba66c5e190d9455724d8874dbc1ab

/data/data/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 dc571ad42deb292ba3d099f1528e8a78
SHA1 cd10190b47a2e2859c62a0b2adb73256b38803a9
SHA256 6b063c36d76fa709dcfe122d45d02f12a15b465519be221cc170945b58135afd
SHA512 cce773f137f4fd4988db97ea4d23e56c39343f2d65af303c8617030af33df7528642c407bdcbed225e1992c67237a5fe8fbd8806a3fc1c0a9da888c1ec071c9c

/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

MD5 6ff3605ec70c63a9d590f22074574470
SHA1 d5803bfa38eb2c0bae3d126e9aa8181e8255251e
SHA256 a81977f8f0f5f7f0eac2730946f8c36ce263edc8659e3e7ca2b4f5fe008b8052
SHA512 f51ed85f7d1c4edce32f3130e4c07aec9399ad8dc15cb34f9af9a4d9bb954e3642570ebbcb2250c855dc8313160417f68f9d8030fe0fe777a976480ca66ff453

/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 f9130e2504cb74541f8b58f9860b9d38
SHA1 b876148f3919a3c16edca925db34c7a5f0c86f00
SHA256 a40a9d53457e275ed4db85f115feb859a18191dfb14c76696cc8bc64595a75e8
SHA512 9f27133edcf1c9a3a474a112b5d7d248bf95930194ccd658c5be24112ab1be198d9c74575b4a785d6c3b17987ae41b517da8695545add019f90e3822a23edaa3

/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/update_lc

MD5 41bd2262f893325edaefbd1bbab4537c
SHA1 c25221d899e5464429e354d0042d2291cdd5177f
SHA256 c5c041820625b9ce0544b3cae7d9e171324060f8a0db5a485bccfa433db54cc2
SHA512 ba107dfe2af0472d35f1c6e28a0e500e59a54a2be010ef69c4e86cb0b2f4614786a64e6c4f59d028eaaa07b9e4342118e5d7632c8d76ace590b3bf1982687451

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db-journal

MD5 15738b6ab543a6bc9e1ad64e705fbab5
SHA1 a026f1986b2f5a71362c761f0749ae86304fae74
SHA256 e982f0e6a70edf2a3f516476ee99cd4204d396d3af30197213ffa7552d0fba2b
SHA512 811897bfd23205528fad672749b89b61490d03acab0f4fe986a3bcc2aae65987b06f09193ebf226bb3a8ae6b6de5625fdedf16f987b0ec5be40ee6f126cee2c1

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db

MD5 cd203d8dc4c2270c6d8ab6636728d929
SHA1 f7bb957d6920032b37f983271e13db3713ea7c95
SHA256 90f23a182d115bc8da2efb6423cac17185bc9b90e7aa708a6efd0788412a42b2
SHA512 6000a396dc135e79b13e37a09fcb83acf5bd8002bfcd41003e4a8c8acb3610b8fa3b1f9258ee61b98165ae5209ca508afdd3b842331df474b28a3e47c7e8d923

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db-wal

MD5 69a6a62f15d626b0d4158ce1f5679bb1
SHA1 1e3e69e6590f8aaf1a8a86996c0cd3dea4fbaccf
SHA256 c0aade26d6f01c47350e4681a0d60b7879e95a1e5e215033502288414711c3fa
SHA512 575dff8009bf2ec402d32dd7cd3ef529662e27df1e65263203ef1be9a340df054dc66575fbab9fcc3310f0b42f36b5787cedf26f1484a6113ad2de1610172bd4

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-journal

MD5 a27207ba63b60d8b8f735410e0f34972
SHA1 96f5f4dfdb04cea8968b61fd8d16142167e44b79
SHA256 92aea5119a3515c5849a3636e53b1a885718587a7c5f46944534b37b5e00c2df
SHA512 bb6be31e9897a784a07d4c39b4f1292ebbc9feb025577f6022dd2661317ec4a413715cbc5fe9c0a9b82542cd448d3794f87b74cda01b6a275667aca5ef7d7b9b

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db

MD5 e1dd0d6d6d8ff860fca8d67d4b3be46e
SHA1 f3138b5e64efd40b227ee371f26006249b414be7
SHA256 ed3f2a032ca7a495327c0f342272886d8e39bb2b5b0a0707497a0bca397544b6
SHA512 80299512c291903da86cb133aff5260420b30eeb579f6cafa1b81feecd9487ada3a4f58641d424a12c8b4c62e782273c7417ea6d19910ae3fa8702a8f327a996

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 284fe9858eb66b9edb7b01b0ee081229
SHA1 fa13667565042a81f53e496a27328bbf88ae9981
SHA256 3956bd62db7ef95b91b597a7d24d2318cd6f7cda048cd1c15113faee6c96f53d
SHA512 811f21ca36b9a86b22853ab662267ac92bff978e5a351e3baf47e2ca45532d483c2361813631b13980a3ba13181844a5ec9332a5c1385f8c2ccf5e4bec0e78a0

/data/data/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar

MD5 42743cd25c9e512e5e10c910987acaaa
SHA1 4636f14dd07e4c7a0f331de24f5773fe53f753c8
SHA256 7fd095f1f1ace3d5d991983c6e546e8e140b7d5e9e05f1fbd09428a200fff75d
SHA512 f47093757326da5f67e944035ebdefe04f3fa180639e08aa34768d0024aded7e9c99bb5b60b9b8447b972baad75943a67f449cba9b73bc6734f0edbb204c9132

/data/data/com.shoujiduoduo.ringtone/files/umeng_it.cache

MD5 de652c74d3821737ed05c108e674c53d
SHA1 34d0330dbe3d92f9aba4e66cacbf5fe429db725d
SHA256 c6a1488e5507b9c12839932fdae61678f64b8eef94108546fd980958d44ecee2
SHA512 d37c6ee4c1065a58b1c0091ffefdca510ab4fff6de099cb2622ec35e55763367f73459da85dd78258fa039b6bd79fc00906ae13fac5a984115c03cf655ce8090

/data/data/com.shoujiduoduo.ringtone/files/.umeng/exchangeIdentity.json

MD5 67f0789de327a1a7a62ebbe32974ba28
SHA1 fad12140199d206dc32687f223510bb3b664a0ab
SHA256 61f540603766d9131f31528edd538cf3bfc08e11c9841451b7c023c779403449
SHA512 2bafee1158c859499caf17a004128618bfa8584dff115bba937819ac699ae4a8213206e0f88440f437eaf978330fb5cd2d24cda2473efc8972a625656e2e1253

/data/data/com.shoujiduoduo.ringtone/files/exid.dat

MD5 ffaa06b9f842146baefb67edb1e72b54
SHA1 fa363fd33c6734e598d9fa1ca42cd99384bbf09a
SHA256 2997dfa7998bf784c45a4bbbba354d211ee7b1981531056d9884f6226ebc3eb3
SHA512 d3469e200b5a5dffe83371aa74258f41ec83e5be512ebedbc0a9ea36160c9e8a7a7a88f88a115d32b95e6a2c70b6f4bafeb503c04fb837a79b3166174855726d

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 8ef716692e3734ed2014aac362b5063e
SHA1 8c206a2b936f23c52366dbd80aa71e0f580b09f6
SHA256 f00a5097dafe636b6435b6a14c7456046338e9c2679281430f8c252c5f960f84
SHA512 dcb901fb7e80a53c36a115ef185f3c5840f787230e7bd112ff611e2686d84055c316683234b1aef39cd0cf1ece4afabfcf3bc9a9c579f614191f4006ab048d79

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db-wal

MD5 d411fa935a214e8f343cabaf25fe190a
SHA1 bec2fc56d4bdd5e7e357e86d3b993b03defd8fc0
SHA256 16f266e8c7b95a57380a9f0812783970e9a4e5b456e92f254033ab7ab14b97e5
SHA512 8f749039b3242f8ddad31276fee0b410cc089c657581e4ab5b132d25a878da42182fdf3eda2a32b59a7b70ae7c39b8482cb05d7677e72e00f64ae5fd49a1bfdb

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.shoujiduoduo.ringtone/files/.imprint

MD5 d02e6e7c0904e9637436100085537e03
SHA1 0fae02887b952e474a8c01eee9005a98cf79cef4
SHA256 35d316600970f54b04cde2fd5a58a6f7b31fd004b3f2d031c86eb792a514da4c
SHA512 8fdb3a167b56e510978cf08f14715ae6944b34f7f7ac805f4ad0be860ee1cf365921d61b8b125645515b0d129739a8f2b1fa935953bfa0336b5682665f5eb183

/data/data/com.shoujiduoduo.ringtone/files/umeng_it.cache

MD5 f52750049416b7af84338e1e71a792b2
SHA1 a4717497398fcb65a7c01f576d2c68fb251fdae1
SHA256 8da16730a02ad38a9f4447314cd7b8ca99e2376ce327a26ed4cc4598ad13a205
SHA512 aea96834e727f07abfa272cfea0c3cd5055594779c356668b4af529691b63c49ff84286e2b11568e076d2477478638a79aaf3aaecc644b42859cb0fff25e6d68

/data/data/com.shoujiduoduo.ringtone/files/.umeng/exchangeIdentity.json

MD5 684cf2566edeb3e5ae214c216edc7591
SHA1 991f43cb00a5f93a2ba1ddcd1dea08cd5bf5dfdc
SHA256 4a9f9dd21b998ae8f904be74ad4b6dde63a08a2398f88889c0e3379722d936e7
SHA512 bcf4a903c87f10ccaa28beec9df8ae701c9ebce2ce57efd62717aca41382988acb45e409f0a9f5b7119a1681a4bdd57b6caeb4962cbf9bb1df5cdd62950189d9

/data/data/com.shoujiduoduo.ringtone/files/exid.dat

MD5 e05f61b0e181225c75cf33bb270add25
SHA1 83448f1b007d6f5b651c08c5b64416d610ebdc88
SHA256 6338df977b52a9a7daed3781e154f66c9c9bc4a091f6d76074a6b5518684b8e6
SHA512 d08a0841c1a353e59acb135d6bd47ffbe5d40e9fc51f81750debd69d3104752911126db0a6d9d0cbbb245e7774341f8f8010bffb41f061a90945b7ee2e19031d

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 8bbc0f836e1049db692e237ea12e570c
SHA1 2e82d5a1316adabdd6734c93f168c38ee16311ea
SHA256 d561aff80c2db2411c4489009632d891fe0a9df636f3a41f36c6652c9e699a1d
SHA512 d31613ca719de89455286a4f546dbb29939ec97bf2f6bad5afbffab0b3f5c99b314c20431f8418941b3be23c6f367ec3a57035f83914906c5046d1d7a94bec2b

/data/data/com.shoujiduoduo.ringtone/databases/cc/cc.db-wal

MD5 a1471f2d8be16da140ef6de6df849600
SHA1 92265f2758e5253d77a56a731eedcd514e45a739
SHA256 9e19eb2b46f825c963d8d4fc90504cf2bc5edb786dc64dc16c57e5032ec5b49f
SHA512 877cbaf40694f95431b9058a40bec58ddd962fbb174a13f32a259d5e4757481fbe0a445be7a85c6fa9f2db0fee4328cdcc4b05fcdd9b548f427bb63d74df89b6

/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

MD5 680d50c43c438ed6da39d960a40b0dc3
SHA1 40e31be4a67f2cd83fb831bc696e5d2c440634e9
SHA256 d683c77460cc6796a51c4ceb201df423b7df7e23db22f7d7574b7f0ee66931ed
SHA512 040957233e82e0c38f96a4d8990ab6e29671ee4ba6e7e102f1aa669cea9ff586f9af3c5a7cd1e589091d7af89249c6259086378a0f1d43914acc7ccd71afd390

/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

MD5 b5bba4f47d4c686312ffd09e653db47d
SHA1 5b3d1cd6b6a255c92c79a7099bc9776db03066d3
SHA256 48ee66c6030f061e8cd560fd204f24682c982684fdcf62fc203e9b0b40c62370
SHA512 f226d9e96185d2d3b190a63d0531e138e2d9e5755249cbef3b82d23c04c367380b6ad2474abf3e9d66248e355b1b90cb7c57075da5381db81bf38c7536064847

/data/data/com.shoujiduoduo.ringtone/databases/GDTSDK.db-journal

MD5 821cf12c805b56e1e4eee2f2f59d3683
SHA1 dcff12ec0086028b7311bad80a78ec186548bfc4
SHA256 4b762df61ea5cca5587f711ed4aaf05edbbdcc0d7b9e98b17b2d81757f53e0ef
SHA512 3ede1687a93c025d03774770d33e4edf43cd07343b7519ba9ffa7e7cdbf75789c35e7353fdff6da07d1891289d8af757540e5000026e4848b41d7dc72e23864b

/data/data/com.shoujiduoduo.ringtone/databases/GDTSDK.db

MD5 755d1d1b0599d7be973031b5a9ed3373
SHA1 3b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA256 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512 afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

/data/data/com.shoujiduoduo.ringtone/databases/GDTSDK.db-wal

MD5 bd13f94d10b1688634f12389cbea2b7a
SHA1 c6e02a95587fbe7583e2d9199750c08f90a4d8f4
SHA256 b6c31c0367ab021bb6851a0925e3805af171ea8d364710aceef08c9299c24aa9
SHA512 008cc658f2e1ac797e89b17242c1b70dcbb3feb1f069c844a6a3e067d3f006d435bf08a66db245bbca89745afee7073865b40c1d3b76c3a94aea0798b10487a3

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 0b1e62678dbd974de7ebc2b58aa3397c
SHA1 2eb29c90097b683b1ced7cb9e4047cee037a1e7c
SHA256 d0cccd9c3faa8c4d275e53d942c721936459f49b6f1af17a71af079c84b86131
SHA512 292f50d04de979f5048c3c00ba8cb2547bc7a57d52830c889220d8f47413e6674f0bd5a2e969fe4875e446b64b11ea800d0cab780dee073969b3c35ebe802fed

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db

MD5 528360f9cb3ace102488671e22d8a977
SHA1 eea8dd829288ced813937472095eeada546949e6
SHA256 97ad1cec441ba3e2c294210cd1a165aa73baffe210dca41cc63eae849873be12
SHA512 70b45c823d8d51bc1e3babe72797d4b900c0363bb290eef910aab0ce64ff65ceaabc9655c93a56c0ff4ccd69f76c539b15cc551293598185dc8969d5542d02b8

/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-journal

MD5 350bc1de2081d101a3991a499ebbae73
SHA1 4f3aebdbd752b83285b911f110b8bc1e7fbc60f9
SHA256 2b6c9de0720813fc34cea66ec454d4482f6b5f93e80bebdc6bc0c4c9a152d645
SHA512 e4e80c0da56fbaaa31ec488977f49b9c5e7a0a124b48dd1a9ec20600dbbca77e9fadf1c2e7778ec3af9a7dadee76f9143e634dd040e11a7010a3d613ff670a56

/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database

MD5 ae4add71c3a15983462228d26713c3b5
SHA1 21cc2f444d177c8a4e0f6d4b1252f07114ea50d3
SHA256 8f4849fdfa6d79310869f9102bad9a6fe2a3b026a092dbe8de59b3ba9807673f
SHA512 8c9c080c56be6d7e6e36886664deb63f08f2916c1a07bbc9e6dfd0a19c1ee9889c26cd4529b0ccd7e559cac0516f4a7315837f50824b56d4bd6e180c370319ca

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 51c90504111039efac4f91eecd8652b9
SHA1 afd0ba6de7bec731c232ba07c91e7e4c1e580b83
SHA256 814e8e9f09f326a1614e2f946ad3425280b7d3583fad8c598da96eaf5602c8db
SHA512 428a706290c10f66be6f94e31a41638cd0f48121a21b54c92a813e31cfcbf4377d76baba965363bebb3902255c634c395d2ad7cbb18f78b6c6377ebe11289ee4

/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-wal

MD5 974bc91e0b2f5a0aa7ba4c259f7fe4fb
SHA1 4276d45fa771338df787cc7c0fc422c556d5ef00
SHA256 4da73d1f103d1717c6891640b52c204f55a57eddd686daaa8e60cbd1924b38db
SHA512 50a83f3eeff7e48a9b3a1a2e0c1d26400410dd39ff47abf34a7f6aa410decbca0ec2a47e24d09bdca42d53ff3e9f4085b127b4fc1aa84b2e556c60fe1e90f7db

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db

MD5 e6a9854c62af76e0e42e9673682d60b6
SHA1 aa31efcee2d6a8201f897096c91efc16ea80d7bc
SHA256 930a05c46ec4b16ea04d1d3714e244b0f1ea5b7dcd14c795f9e559274206a571
SHA512 58d01e76776a36345146fe7efe883a5b2de4d7c882ae6410ba5e035ba595979ce350b4af66b3fd1cb31d0722af8593877ef9a2e5daf213e6771d05348ed527fc

/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-wal

MD5 64aa594fed61f619dd07f383d7e1ae79
SHA1 357ce38696dac4632a3f9fe3e7ee11c28b963699
SHA256 416f6d967f45982cb19dbe1f6f8f70bb490cdd8020f1b32258b8118325896b60
SHA512 5bd86ad6cdafb61fabfbf4a8c6856a83d8a4f9a9c0ba037fbac01cd6ee69f7f2ae0021a0ddc71024711f588dc944dfd249027e7c07a5cb9c03910d8a5f7936c4

/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database

MD5 e829ad625a3ba53dadce6d2877281816
SHA1 1ca19fe41ad97b58123060dcc98ed92576ebd6ef
SHA256 37203ba5debc1206d57c1fc4f1e77b24aec663dccc2f9e3ed821d6ce19767587
SHA512 2dd87664e61eab148e33c1ecff85766c102829ace51f48f87b7cd849ae10ba21203a0841c91a423292d44f64d0b629a0ee5eb28629cefd2acec3de9f817cf6ff

/data/data/com.shoujiduoduo.ringtone/files/init_c1.pid

MD5 7f8df065fc745cf44b3cc94a710d9819
SHA1 dd9615d39fe6853e140a8a4951204621e64688a9
SHA256 9198c3bbbca3dcf81130a490568437f930c1bf85a3c1cab3dfadb7600e5b052a
SHA512 aebbd0806ab15e4b9767b1573b85d5a80c02c074e99270655b0ed000c007e5e571dadd914017c02f7dfdd9c4233607cf6d04985fb936969bd63c124626663878

/data/data/com.shoujiduoduo.ringtone/databases/pushsdk.db-journal

MD5 d8c2344ee03aa19fcaf3d1cb7d450a03
SHA1 0b91f4f6d1b6e538db9818579003b09b307240b9
SHA256 4201fe8e8c6f9f7378d6bdce4cbee5330538ad231b321f52abcd2d4a871f4b5e
SHA512 7cf2b1b12886763b67b26c4262d281dc06e74bc75a86cd8b2552a1a3f2098396e1898c7a6c05ec0c5cf6553fa6dcdcc7df49a83c0171e51eadabc7f06ee8d5e2

/data/data/com.shoujiduoduo.ringtone/databases/pushsdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.shoujiduoduo.ringtone/databases/pushsdk.db-wal

MD5 c7ff5293fb45943569e5f677d2ac6bc4
SHA1 9e36d8bea79e18fecf1e422dd0cbd70473a02ffe
SHA256 cfddac641b4e9593c82e3ef15cf25d39e778ec71c02cc87cb79b8f2fafc127ca
SHA512 963b5925c6302c15839c0e4b1da1a7320fe024d8ff2654a88c040743fd667d123fb73f98a2068713b5ef39c31f2d65d24164cca28542a04c481fb23e493bcb88

/data/data/com.shoujiduoduo.ringtone/app_duo_jar/oat/duomobad_0_1_2.jpg.jar.cur.prof

MD5 363734e42e6a673936ea5dcb7c7ca8e5
SHA1 d91c6897e543360e4eb4d7c897f2cb9e3ce174c6
SHA256 f081cb60322dbe09b1a2b0ff914699896d5ce1ec40963eb047ca611f9613ace3
SHA512 066084a38d93009f45628fabff44bb02a65d25034033c249331ab384dc6f4046ed2efb0dae023db16b7430c00d55ac3518505322d295ae0f64ae3f55957609ee

/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

MD5 fa6152086d4ce17e0fed84b7db1dfac5
SHA1 1f6cd3486b62e90ab868c0d1dab7e1554fe99676
SHA256 e2de9b9519c31f3aa038ae0d450a00e52f0dca581b939f0e597fde0b848c4968
SHA512 233b69f6fed343bb1b20c8da4cbc59b7208e76bb16e067fa0ac547437d19b0d14506cfb1e6a49572f405e0cd48cd423691357919136fdf48fb1098ce9804bf05

/data/data/com.shoujiduoduo.ringtone/files/.um/um_cache_1718364013221.env

MD5 d78b5b4719a37b7500665f7cf2e7874b
SHA1 70e0217eab6cdee46be23d73d856a13c1624d58d
SHA256 5a93bef6d4dbe63bd115d77754a04c30e0d28598475c5f37c99d51bc7d7bd634
SHA512 9e94c5780d01bd02148493bf9ab7d22aa4e2eb0faf8cf728560c1c032599f7e0a4a965e2bcd455aa75af4e87fd3c367fb0e760d8303d635fa8dacc0fdc1acc71

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db-wal

MD5 c18dd7d27fc3bb143de21d5cef8b4180
SHA1 4e594a50e2c0e47b02841e830d1fca7b959143b7
SHA256 0b101e349f3f4629cf70ef53b2680e3f26f74d1f5f76c9033d41bff3eb16fdc7
SHA512 38d36a91c8ce467e6b98648e947c9ad71ecbcb54f06b9f1ae4a6fb9325ba7c7aff315f951f2b83e7dc2ba6d4d457045c1554e2d9e4498bd3a0d57dd9d93a9810

/data/data/com.shoujiduoduo.ringtone/databases/.ua/ua.db

MD5 ce8801307ad8076ca68dfc660a6ceb77
SHA1 cb021398097d3abe9433abfb0823b259baf5e541
SHA256 e48fe5800db1e282e95192980355fe3aa05bee0b452c76dcd14f7c9e94ee0e27
SHA512 9de3c1c94ba597ad5e82ff33ca4f075fc5e156fbe9b782b7ead8da04aadfd1292663f04095716b936f81787e851f90aad9f26ebd050a8194dad535ec06f0bee8

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.35:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-14 11:17

Reported

2024-06-14 11:17

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A