Malware Analysis Report

2024-09-09 12:58

Sample ID 240614-nt3b3ayhje
Target a97de98f9aa5a99315210d708434d0fd_JaffaCakes118
SHA256 4494e65662b78006d923a46ea75e8ea4d119f45e9fe4fd74ff29b3bbc2fc9fdd
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4494e65662b78006d923a46ea75e8ea4d119f45e9fe4fd74ff29b3bbc2fc9fdd

Threat Level: Shows suspicious behavior

The file a97de98f9aa5a99315210d708434d0fd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 11:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 11:42

Reported

2024-06-14 11:45

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

187s

Command Line

com.dengtadoctor.bj114

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.dengtadoctor.bj114/mix.dex N/A N/A
N/A /data/data/com.dengtadoctor.bj114/mix.dex N/A N/A
N/A /data/data/com.dengtadoctor.bj114/mix.dex N/A N/A
N/A /data/data/com.dengtadoctor.bj114/mix.dex N/A N/A
N/A /data/data/com.dengtadoctor.bj114/mix.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dengtadoctor.bj114

sh -c getprop ro.yunos.version

getprop ro.yunos.version

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dengtadoctor.bj114/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.dengtadoctor.bj114/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

ls /sys/class/thermal

com.dengtadoctor.bj114:multiprocess

/system/bin/sh -c getprop ro.board.platform

/system/bin/sh -c getprop ro.miui.ui.version.name

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.miui.ui.version.name

getprop ro.yunos.version

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

getprop ro.miui.ui.version.name

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 log.umsns.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.47.161:443 hmma.baidu.com tcp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 123.60.79.150:19000 udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.71.183.120:7000 im64.jpush.cn tcp
CN 124.71.183.120:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 124.71.183.120:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 124.71.183.120:7005 im64.jpush.cn tcp
CN 124.71.183.120:7007 im64.jpush.cn tcp
CN 124.71.183.120:7008 im64.jpush.cn tcp
CN 124.71.183.120:7004 im64.jpush.cn tcp
CN 124.71.183.120:7006 im64.jpush.cn tcp
CN 124.71.183.120:7009 im64.jpush.cn tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 _psis._udp.jpush.cn tcp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 easytomessage.com udp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 123.60.79.150:19000 udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 tcp
CN 124.71.183.120:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 124.71.183.120:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 124.71.183.120:7000 im64.jpush.cn tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 124.71.183.120:7008 im64.jpush.cn tcp
CN 124.71.183.120:7004 im64.jpush.cn tcp
CN 124.71.183.120:7006 im64.jpush.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 124.71.183.120:7009 im64.jpush.cn tcp
CN 124.71.183.120:7005 im64.jpush.cn tcp
CN 124.71.183.120:7007 im64.jpush.cn tcp

Files

/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 65ff893164dde0046ed79257b7e057de
SHA1 fcd9300190eac9fc095ee21a09d142ebea727b14
SHA256 c4d008248a9f879c5cfef2aeda45931c94e945022385d1e2f7f29a16a2ad1f06
SHA512 751bddfb2ee852fd23e3167a666a08afc024b682ab2da83bdd44d44d6827229bd301d758b7d87a98764f6083a5e09065dc3840c6541456877e469c6fc5b8a2cb

/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-wal

MD5 20d8e8299297cafdb77d39792a1c4ae2
SHA1 386d49024fd4adef677331ff2584b7ba247c50bc
SHA256 21b101fc49cdb81665fe4325ab213aa6772cbbd2b670893a560d50b5345c70aa
SHA512 04c42c62a8b9846239d005ac7ad66ea9f1385ed5f26367e0c11e511ace6a5fba6b014301df01fa379bfe0a4d0c58cbfef3afd461f0494f00a0416f8bc7097aa8

/data/data/com.dengtadoctor.bj114/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.dengtadoctor.bj114/files/libcuid.so

MD5 bae69091a51fa6cb42b0c31ae07bef10
SHA1 391e8c09c93cd7a9350a3952c400f47de41e26ed
SHA256 c87ce3011855ef3f896295810ec5ba6d010a53e5ebacd7144a870d8e3f7eb0fb
SHA512 c935d58582ddebcfee58eb587d4a3868fe40271494add43635a518a5f4c10b80344d651bda82e610ef8b09784b1012366a049d954df48220618dc3c0267202bb

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 d5215843444fa370fcf4397d28be9292
SHA1 20080faca1da5079deea7f69a5220a939bbb9da3
SHA256 8085314c7412b753ea7632b5064078e3a80ae1032074808a0a0683e6c40da271
SHA512 2292a82f8af41aaa088ebf72448a85d24357e04695fbef72193990a3338229e78ac1da393006fd0b90482cf0b289a8971d934c5f59f8ba20c5ca8224e7eb19a8

/storage/emulated/0/data/.push_deviceid

MD5 5941c7a42bea265f96d3914507f874df
SHA1 9e8d573c106e6176d6f768ea3fb1424643f518ef
SHA256 5b286c92aee862ece0f761c1c81777ab3df5620895887fd989486bf284162b5d
SHA512 db5af07b0ff79abb5ddef4d09d89078e8f3b69c6ac444a999588751ecc5c564d53e6e56ee98bc5bf61fa34f6b1df82e27e61fbd56ad434bc2b3ac8a357d7203a

/storage/emulated/0/backups/system/.confd-journal

MD5 00d5b51d5969af50baa47708f357201c
SHA1 02e39e21eb5840179f0ef7a3852dd2d2a77cd8a3
SHA256 a84a1877bb7cefeef0a062ae080ddabae45bf10594eef0d55a788e9e7ea54ca1
SHA512 09f861546e931148d0b690709440072abae0f382996cf4e06bc90d4935ab1e8abae5134e341a971a9fdf418d0df973e5a30ba8775d0c3331905d239dc2ae7c0c

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-wal

MD5 80f3a27c248045115c2e52a5430191c4
SHA1 81c1d478a7e7fe38e631cb57c0b28068fcc9e832
SHA256 1c8607e91ac62e0273c23bea9fd2645a7b8f799d721fb6e0b95cb32619cf5bdd
SHA512 7828b900c89f321871b14290316c4ba9035e6f3cc011e38eaa5ccacc9a8e1e308585e8434d7fbea94fbc5ecef92c77de0f79ae72b471e9782839a2b1e5331eb1

/storage/emulated/0/backups/system/.timestamp

MD5 2dc247fa1dfdb02ab2e0d3143ecd00ea
SHA1 c3f058fe9371c1d425ee516bba2cb87eb644cf49
SHA256 ef5f569dcbb418a9521167e1caba64c4891704c2bc25cf1d30b1e19840dd57f7
SHA512 0ba5a6af9442735766c1b58f63d84a16b69afe011ee8dba4cddc056ba3fa5892b19999af87f71d5e931662201490e9c83047914941412925429b2666c3185d24

/storage/emulated/0/backups/system/.confd-wal

MD5 a22e1ea07ac04063e394861cf96b39f2
SHA1 22380b45faf2e3a812a31b9bf8082701f63b4e7c
SHA256 d8ab57f12a3182c5afb3fe97739c0088ee333ab80d6ca220a89528351b009c1b
SHA512 0f08212e8c007411973430a77e699ac459bb3e73541d851b6f3ce3a95afef0400915c4fa929dd0ce80987d2424a5469646a8e7e17fffe2429c34c38857a97d66

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/storage/emulated/0/backups/system/.confd-wal

MD5 dba5e50cf18f864573f09775a0ef59f7
SHA1 6346675e1865de9dc66f57c097d7084f7fec356c
SHA256 40f7904c8b3b7a755e88dc6a371954db309ad8de87ff2422de4120e5ea4fdc67
SHA512 54270b3ee5194daa095f91e9492d1e356667ad09a288bf79fc64fcd0cd8cdb5352421fdcf3665332659d428086886adf91c68339bffde561456bd35ecc916367

/storage/emulated/0/backups/system/.confd

MD5 fd53eb4e05605a31b7b0614ca3ab9981
SHA1 e5e27d1dcdce2da5957bcd6b6fa1f4957b1b2af6
SHA256 7bb7eefc88ed8ed3d3848155c214f6e663a91ab957372b129a378697c1ede39e
SHA512 981a29e3f9e585f97568e157cb2237771d0f77d6770a6f383dd36d287cc90cec4c13e9484d05baaefb46fedd4e307707cbe349988a3164aa91b7fd170181bfa1

/storage/emulated/0/backups/system/.timestamp

MD5 9f3f6f2a24f2a6ba854219098d2e32ce
SHA1 917cf1fe543e4b85a627946a3cb76d46f2bb8848
SHA256 a848846533781b0e56b906577c8716ecc6b70b357d0d36548571102c1277900d
SHA512 ef2ce02d54e507f60e91431d74d21c9c1228b6fcc30183b914baf06ef4bbe093e4c913854dfaa3458c7ee6e93de22391072759d0bdbca6da8a8413221f5e543f

/storage/emulated/0/backups/system/.confd-wal

MD5 011a1af1260c774a647ca8bcc3bfb8d9
SHA1 e0dd7527863cb64e6e8cb0481fbf9dd8c6213734
SHA256 c6c55c58ba7a517d16d7417b3a3bfe11109de02fc8748809f671c3177fd87a41
SHA512 4397bf521112b95751cf177cf060c3dd9dc055385a578cf976dd1206b59142f5b0552f133ba1cfbbc2d0a3acfe8dfca58c1dc4f23cf3517089118a2a0901ca50

/storage/emulated/0/backups/system/.confd

MD5 b8e8f88fc5ea9ea95db64c4e5adc1fd5
SHA1 9d7ff0813ea5f76174f448db86d5566a0effd513
SHA256 96a8e6face561050aa672eb2667d3aed339272ea009d998241dfb3f098c8f4d5
SHA512 b224d4cafa0b70125c39ad83f83514cb3f31c90fea2d4a6c6cc4af039ced5a0d73f33936850524806a6ca560d0a17ccb38258f30bf9a666188ec9affd0b52375

/storage/emulated/0/backups/system/.timestamp

MD5 6a27375f01526080f8d6f4796cb4f105
SHA1 fd3eb37a24ffa1c7510e2679ca94d432bfafc81e
SHA256 9c0b91d9c9388a5a7917eac36a084d3737ca75162c9471527c42fc10e788107d
SHA512 434501aaa55d2ed9653d577ea044c2a5fe7eec29c7ac6a907a5981c53ab64adfdc961df309f638b421044fb85e959a771d1828b6804bda47915b20acd8db54e3

/storage/emulated/0/backups/system/.timestamp

MD5 47bf2433ed891512b8508bc0ac694eff
SHA1 29f1a6b9513d7deb1409d72750592101413324c7
SHA256 04e3726f98768e26c3ca37a3efe4c5b3e01dddab8d09806ea5286794256d37e5
SHA512 9fb535ccac228120d85fe5b55938ec8d35992a6dd5874797ad6aab139994a4605cd42f2473d14e507e93c18e1d89918e83be2b0a31800fd636ac9b25436820ed

/storage/emulated/0/backups/system/.confd-wal

MD5 da64d408088d5510a956b469ad2bbd21
SHA1 2c48c7500aa48c50e36cf31c87557e94f67b9b21
SHA256 364b97fc408c7f404c4fefd8c58abf03fd3119c4a60c8a6b1b446f5f3188121c
SHA512 cbba2cc5490b4be158888f5e0e70e4616bee0706f8888d0818c2e99087c9931b65d470e08456f905dcf4a55655bc526c34299e617deff9651de90128c6bfaaa2

/storage/emulated/0/backups/system/.confd

MD5 3cf0b2cca44766a777344a7db75b25e4
SHA1 7fc401b85dc45a618793038f1a4b48d7096e8474
SHA256 74065d4179a3aab04328718e0e04089e93d2b4b28bc6ea3c1abb046a9d687fd7
SHA512 6f5dcc38a698f9dca903a544d857f294a9ee3d865d45a1799d68098f8a30ea7a6d3803e1b3ba03768efae07bc19669c5ba6cac403fc64fde8dc8c6004cdc9348

/storage/emulated/0/backups/system/.timestamp

MD5 02a2c5e214dd24160a1589951d155f68
SHA1 35c8001ae8ffdb9bfd0c7b9a3d49b0efd32b014b
SHA256 8a511d119644ce2e82708a03c01f90741dca6d7de825c13f900e06cd3f4ee0cf
SHA512 86e630956f1ad749720e7c318d3471417dbd5578572f20e65f805de5bceba62df336817f218a348c1d5374212c4b5cacf9423f82fb6684de90d9b530b7ed8852

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 11:42

Reported

2024-06-14 11:45

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

10s

Max time network

171s

Command Line

com.dengtadoctor.bj114

Signatures

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dengtadoctor.bj114

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
BE 142.250.110.188:5228 tcp
GB 172.217.169.68:443 udp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
BE 66.102.1.188:5228 mtalk.google.com tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.180.3:443 tcp
US 172.64.41.3:443 udp
US 34.104.35.123:80 tcp
GB 142.250.180.3:443 udp
GB 172.217.169.68:443 udp
GB 216.58.212.227:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 dea04d18f13553a6477a2faf359c6791
SHA1 c12fd99f0ad0704b712d63e36c9970985740fce9
SHA256 fb9045169f036a4543167b4cc8629b0e2896e94dda005bd3f792de8254ed4315
SHA512 84e9acd1558d9700cfad6199cf804cdcfc32cf70105f8004e41c9c746a3ed8852bddaef00af3559a74fc63a8eef4a080b2adc93c2bdadfc25cb6b2faf0772065

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu

MD5 72428c9da4aa448b9dfcedb82beb338d
SHA1 cb7a85df56199455a435d99399ffa2efe3b9baa4
SHA256 b3ead65f84250798470933607ad80e6093fa8e8900a03f2184113567fbca70cb
SHA512 9882163eeb49e195dd05703d955757ad818410ef57f304a15cdc7183de70207c5fb183dc894ee1a5b7d805ff34249b643b86b3eb36fdf5ef4df0d8d4aa710851

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 efdf4d8b0428f7da78a8cbbebbc4d527
SHA1 571070be96fbd568ed553f514ceb8467d008178f
SHA256 7ed7cb67dbb86470254864fe77fa5f353ad787f67050b52aa1b235342fcb89ff
SHA512 2198225703af67bda0bd698b5c6a3adde06e5d5d311505148b50238998643efef136d5f991a43fa307193a583892c3f971bf70068470674cff37ef2151a819da

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 949c302c9f2cb9b337372a5ff0ddfad1
SHA1 47e0971c37944d1e770770e8561bfbdfde1f9631
SHA256 73951b2a3383fe24505c0ec73b9edbc7fad9cc81c256e8de3be5692cd20b2632
SHA512 d210bbe8b61de19a3d1763ef5c7500cab116e3fe7a5e7ebd03b97774daeb52ec854dab20aa6faa769ac157afb1b6f6771e52dea187dbe7ae948d84a0c5b9d88d

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 4abec800291fa16f823024e29650a143
SHA1 26002f806f0e011e9b5c4cfe7530b0709d2c197d
SHA256 9db7efa94e829e4b00831a798ae3b41b7108abd513d48de7ca0fa1b05e881235
SHA512 c4cd983e0378ba60e6af29f24e18588643dde587f64ade50357ecc6316616f1344088bf3978d259d38cdc75bb82dd7534e955b2fa607f4220618dd9c447e010f

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 5c9068cd337b956d35cf717b2e734746
SHA1 065749c748e8c1de0957f94b011d81284c4a2097
SHA256 c794a52e80566917bba3670e588eecb97b83a84755c3d723cc8196a5c80e139f
SHA512 6bd93bd738476c843e581b698ec76e464a8f5587a2fc355d1779dbf232d0e3594c638c6b9d227de6349fe1455db745d449d9585ed9c62b0191cb03772dc0423f

/data/user/0/com.dengtadoctor.bj114/databases/bugly_db_legu-journal

MD5 8c69708f78db73fa74f453f42d3afaa6
SHA1 f74deec5fedb3443356d90962ff8f89270294a8d
SHA256 925e7185fb6f430060835c6f8aff5424adfd4643ecf514a2782067abcd017d40
SHA512 bb73a6f18912dbbed01b5da0943cbe1483c88d9c5f1037bac04701393f0bf7f4ac600bfa57f09505b37e5629baefd92543b91b78d6c7c9b1531b83454f02c954