Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-pbx53azfje
Target a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118
SHA256 d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3
Tags
collection discovery persistence evasion impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3

Threat Level: Likely malicious

The file a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery persistence evasion impact

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 12:09

Reported

2024-06-14 12:13

Platform

android-x64-20240611.1-en

Max time kernel

7s

Max time network

132s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:09

Reported

2024-06-14 12:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

153s

Max time network

137s

Command Line

com.dili360

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dili360

com.dili360:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 apicng.dili360.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 user.dili360.com udp
CN 39.106.249.230:80 apicng.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
CN 123.57.174.224:80 user.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp

Files

/data/data/com.dili360/databases/bugly_db_-journal

MD5 0f7fb92dba6e101b67e2ba2580a9e5e1
SHA1 d01495605a95acfad6cdf6a8e7513dd7820c4987
SHA256 24e826421b26c455d54085fdb502552c04a3b85a53ae0e31b345c34f2ece9826
SHA512 17d327ec970f4032f09cf589b4fbd6d35930b4595f231e0c172da89d57d3a8d00792a8aecad7d4b1071214205de59ceccc9b27e53d1a354766916c06b4377906

/data/data/com.dili360/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dili360/databases/bugly_db_-shm

MD5 7d2ab2dcc3f45b2e20557b2914460fa2
SHA1 0f5ba77c170609c64bb93d6680397bda6649041f
SHA256 87391321d677fcf3b09658914091886f0910b364bfd9e23f25586e4212708f0f
SHA512 17328557c4be9c019305b40afde8bb8f077bf45db901ecbc85e24b49734337a026376406e70e66096256f7062625d0cc82cb3afb132aa2c615a27092db0bb579

/data/data/com.dili360/databases/bugly_db_-wal

MD5 9270f1f6cdc20bab6dd9d064cffb8b42
SHA1 58faae0522fff914339441d1fcc443044977d395
SHA256 474032c36594d2b6d2dfd2bbb333d16bcca8c3919f74daa8cd4bd7abed1c192a
SHA512 2adb17ee34635905d4160f6d3a6d3e0e106c048906c6313c6a4f798fe3192d073e207aea655c64c02e5b8fbc16de03f0f70d70e9e0cf4c2994020eb07dc6f92a

/storage/emulated/0/okhttp/journal.tmp

MD5 3350993d3acb259fd776de3dac4cb777
SHA1 190da179c53d28ff37d254d35f3e22119ed6535d
SHA256 f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56
SHA512 2dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2

/data/data/com.dili360/files/ofld/ofl_location.db-journal

MD5 165b0d3bf8000e036590c198f83516c6
SHA1 18462bfacc2bde260c94aed5464bdacac6f465d0
SHA256 42fbc0114a5f05475036f0abbcf1016557fc676b451530a4597930cd91550df6
SHA512 2387bf8392674352d77afa3a1b3c1602a02c748171b72b110fca81b4e394ad805ddb05138f63002fea431a1cab38703180b9467a06d346f3fcfa34561b32ce7c

/data/data/com.dili360/files/ofld/ofl_location.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dili360/files/ofld/ofl_location.db-wal

MD5 2da6ca4d57e0c56205ac27ce0371bbe7
SHA1 890e9562697a48194bc6eeb89893713fca738097
SHA256 a54199e1a789416cb6d03dd5c6b62d9f8bba86ec3fbef5d7a13e95bfac23657f
SHA512 1faa3d201f05516833ed0a735803694cff4529f0cfdda2ae46225a3f39dde65c1960d529eddfbc86b0de8c779101adfad6cf16f63f5219f48024c3b67cdcacf0

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 28620a61fd7d109c80ff5199e6a9e909
SHA1 f5fe4869fdc4bb563ca92b422b503b28e7d6bdee
SHA256 8af9a0203f088cef3bcfa8915097187b8e220c77ab76807020fa2dfbc913ad07
SHA512 f5aa3e73975fb4a64e1479f1de9e219261078f4be2ff6dc95a66c387f4109a6ffa08720a4cae5aff28f246f2ee0f18fd1df7e7aae7d08249d02a1e5038611a22

/data/data/com.dili360/files/ofld/ofl_statistics.db-wal

MD5 5ae54844da772b78a9ab5c02ceaea65f
SHA1 c077325a9e9363ad72a64de2151d2f855641ad04
SHA256 68ac9cdcb46b9922459da8f1371a03f55ff474ace3d726447d8e95d274cbc500
SHA512 bdd5527368cd06abf8dbf93a781a536e4d70c59238e68b928332428e201d018b933eecc7ed8476d45c4414c8928ba8bc0069349bf3a76e1eae3aed30a811d5d6

/data/data/com.dili360/files/lldt/firll.dat

MD5 5e3a40aae5d8e7c026940c043cab5e7c
SHA1 97b7a8ff215a8edcd7f6a8dccddd4e2dfbe4ca7b
SHA256 805f61f877578059b178f089c7b9772b445d7377b51fa92a5ffe0c6f731a6239
SHA512 1a8968be141abcdfaf767c9dc078360bc3b5db6a15cbb67c09d32cb5fd8d581ad5fffd175ffedba82133076b055ed85a7c4ff6f1d808442ebbc86008763e49aa

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 65605d3c68d287ac4e9f84995b655150
SHA1 076dbc6af020a8fa9b19bdbec5777eee790bcb2e
SHA256 2f3c922a96d45c0c781393eebb59da5d2e20556b92576901e1893e8187388b97
SHA512 390331e90eb93c2260031377c7c4806704e07268f0daad349d63d8f98e2bf388b6ce72a10682e7ff40ea945f02ff2ad92476ab02dc1067e665bf18fa23279cd3

/data/data/com.dili360/files/ofld/ofl.config

MD5 e3eb2e0bce0e957a69a62695e1513d11
SHA1 2308bf79b2d017f6e13044f7707ee2707fcd74d8
SHA256 1c369826b2cd98ccc73e3773a9a84a00ae4aed264ca97aa9ed1f1c1b34e20650
SHA512 147242ba5cb744485833737d556aee66cb2efe9dc95cfb5b312a3381c70b97b2cce968ffef782b621740cd6e60f2139b1d012a141c98387be443b632d1fbe431

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat

MD5 30cefaf2f69bd6e49d8b81a2576dd3f5
SHA1 12787dc265d882d2689264746045afcec2c2ef28
SHA256 7994e39ba427515f17c91d7a6d38378f901dddcd6c4e9ea06e05d59b72f13a7f
SHA512 d9b385438d47899b74dac28cc07162ea8764474e45eb2185f568175e81945b08d2c308f97b53a9193715d36a82a59ed9b0de45fc58710f0aae0b3b6238e5d4ef

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat

MD5 43571bc0bf8ef49266ff3831bdd9306b
SHA1 a7045398371521c3ce9d241552101e0fd69bbd2f
SHA256 f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e
SHA512 b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 12:09

Reported

2024-06-14 12:13

Platform

android-x64-20240611.1-en

Max time kernel

143s

Max time network

150s

Command Line

com.dili360

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dili360

com.dili360:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 rqd.uu.qq.com udp
US 1.1.1.1:53 apicng.dili360.com udp
HK 43.135.106.42:80 rqd.uu.qq.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
US 1.1.1.1:53 user.dili360.com udp
CN 123.57.174.224:80 user.dili360.com tcp
CN 39.106.249.230:80 apicng.dili360.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 13.37.206.148:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
N/A 10.0.0.172:80 tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.dili360/databases/bugly_db_-journal

MD5 d73330ac6139356c8515e5c3af46ec4a
SHA1 779387ec9bbf2f14a0c4d4a51be6172c58e3ff84
SHA256 891f7e5f8f1df2de0f5c159c550b8fd15f1d7bdf4117eb84dadab28ce35ad642
SHA512 8702c595fbfc68f460b27c0bc08035d1fc4591f83096604886fb38561f7ba7c6a80ba9b1b4ede8f5988a592b0a3ccd1ebef3adc6904b023ec2de8e6886b825d5

/data/data/com.dili360/databases/bugly_db_

MD5 6a2511513412bafdc6692b82c5e6d4c3
SHA1 368ea2d04d2c6eb01e74fa7bb6112d948eb651b5
SHA256 2f0daa85cfefef4f81a19a3ca3b362641c89d6d87da79b67a6b278347690b433
SHA512 992c836554350693b70ce3270ad0774ca095d5bd12552f8d63cea922e48e75df50ceb6179e4fa61aa0ecd6909afce7c3e46feebbf0fa2798278de4f94e5545d0

/data/data/com.dili360/databases/bugly_db_-journal

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/data/data/com.dili360/databases/bugly_db_-journal

MD5 1b3aa51acc7605465c1482506591b1b5
SHA1 f1ade66cf5495ee8128b61a3952570ebd784b9ab
SHA256 d9eecef1089f351079f9253dd72855bbb645011a0d4bad68c30bc758534ea1d8
SHA512 5b4eddceb93615c148aa0cc34ac0cbdcdbf406db716cbf0c51ffdeda29e1774992d55fc02d3d278e433dd646e059f9da0306f5bdb02aa2308f548ddaa971c505

/data/data/com.dili360/databases/bugly_db_-journal

MD5 6d45217fd9883d9128819004a1a7a3c4
SHA1 1d7f5931d0bede60263ec1f5c9d615a3475e8e95
SHA256 7fc5e2190d087aa6fcd28264ebd2616178f82669c9adbf75fc79fecef7552a21
SHA512 5b1cab005a44d180cb6ad8f66cba0611ca2b81e29625a475da812ee46d7214ac6e19b93a4a1b7059d11c7f5dde78dfa442f67ca121b5d602068d6a2ce6f074a9

/storage/emulated/0/okhttp/journal.tmp

MD5 aa28e5d1c38e71a47d5f59ed34a56167
SHA1 8a516b426bd776191b7fa1a2c466020f4ac3ac8c
SHA256 67ebf32137b2edb9018b4dc3732e77cbdf2a95fdf9ba81d786ddf815b78599cc
SHA512 d1a559f9031832ebd8b7679e1ffba592edb2ba048c8fad7f60a28a3f39cf4b7bd651cb93d1269ca0ec13351fd89d1c4445dfabd12a431e0b13c25ccdc97abe93

/data/data/com.dili360/databases/bugly_db_-journal

MD5 b2c9394fd89c4e532fcac22f36992bdf
SHA1 5b05b07e35ee8f553d451559c2e1670ec2880c19
SHA256 19ef29ca7bc6b301204d1721c7bb586e6bb12d8e45f591ca3c0387efe0b5e227
SHA512 38f88460eb0e704b2c83a8dff6c86ff7c1038bda236910b0d19ae55e9c9dd0c9eafac0ed8fa4918c685c7aa23953b4e71d569a6ff26fe6703f95d331bdc94174

/data/data/com.dili360/databases/bugly_db_-journal

MD5 cd7fe5fd05a2d91a036ec1f187615c27
SHA1 22649051dc4f0ca3f750f629f9d878d531c6ed1e
SHA256 5ec213a9c0ce2cc0a7ea6f6e45e761dc7e9acfef9a22b88bf380e088fc2e3763
SHA512 820c5577bfdd1b1d7f1f1a633e88fb6f32d722630e6cfb02237336981ba3d4724bd9b16ad8184341ee5e85d4f3cf1bf0d79ab9025ecbc1af579832e0f60cb66f

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 98fd0f74f01bf92df4369347614138b4
SHA1 0b49c184ee0cdf7afd0ca0010d39b33f4fea9e2b
SHA256 a8dca20e912aff98f64ecb71e66b16931e879af006167f4d7a29bdc40a96570e
SHA512 80c4a26f1ca969684d3dea0e4e5df6e6b68387208f6ac904ee9bd5e7d0fc36bbac7d967314a28d8b344e3cb86d0854ff27c69a29c312dc6f8c082ac544106114

/data/data/com.dili360/files/ofld/ofl_location.db

MD5 49eefa442e55be8652c7c3c5f28d912e
SHA1 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA256 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512 b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

/data/data/com.dili360/files/ofld/ofl_location.db-journal

MD5 790001615028dc5a6f8b48c3c0b54f45
SHA1 584893d6cca8c8370f29b9d5ecde54eeb6bfcc52
SHA256 8738d071e013bb94feaed8bc3386168fa1c0b2d5f1a86c72247857c8805211ac
SHA512 5588518ecee70a9d05d91d5401b8029cc3eb33a64670213bb560b4365d6b92d38a8abb814b432cb934ee18453f90c3737192f36e783a3c52c61aede85901a30b

/data/data/com.dili360/files/ofld/ofl_location.db-journal

MD5 c982b824555ccc20cfd3ace40087b101
SHA1 0046f8e1f00e116a1844187c8c5ac924da6a7d03
SHA256 7189661f78fde622e91ab89c48853fa2471fdbc003c2900b3e52f530181b4d13
SHA512 40b58d021e238e446431a59336824884ee75427d45e16da38b83dac9034ddd9bf54b807e3f5a282f15efdaf355229fc97b355990cd4d45f4c8cf918a96be1c19

/data/data/com.dili360/files/ofld/ofl_location.db-journal

MD5 72d667e168e6e1e2d33cb7b0659246a0
SHA1 d5f53f8b9ab36145e723439d390927da41b3b9b9
SHA256 87673e3c46dfcab21b44d6cb873d09d833125229528ab8957f835f618a6056ab
SHA512 8ef983be466756ccfca94dfa11c9c8e4ce6e4bb3460fec6f33707a685206e3dfaa4c808e2a7da49b5c7380acd55f8e7a39640e5527f12aa203ba681866ecc427

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 9b39bbf9c4abd8d9988a8a1ea5a1a889
SHA1 ece05698aeae94d53a32efb8ff743aaa5fa604ea
SHA256 07e868072bc5e4da34603981d5a7aa4dfa2527ae1018aeb6bf21125c100b6718
SHA512 e6cc9477a7e0bb34339c00cbb9b19b6aa4fab604ce08df135594c41da1e97d74b3003a6bbe0094a0d8358b8ae8c5b770da7f9594a0d155bd2f911df6b60b5e77

/data/data/com.dili360/files/ofld/ofl_statistics.db

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 d96724ce235d8cbde6b4eb272f6c0af9
SHA1 2b0c7069eb85dcb2f6ff3d6278ea1884e9d70654
SHA256 10741a2ca9e2bac6a700abded23a816d3bbf3c6e12c5a121dff4e9d5491dc57c
SHA512 3ad6b1945f65094c233a18b2e92c3b51d1f7c872fe4286a04dace8c1137c860c14324f01c679aa833ad9f1feb83636f82f8cc3ab7ba34fcc9827a648c2a43969

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 9583ca9deddeb89533e8ebf3ea4e6ceb
SHA1 bb678d8ce6a127c1323000ab3f692c040490c4f2
SHA256 0324d805dc2219b2cac5c62b715e7d440243e32c81a7f8bca3f87ae470570134
SHA512 8b2e3da1c51409de77fbb7455b358c07df6a12d27fce0b9c80eb8905005f6a19dbadeaaa13278b5e1660fe6c7c7d3f22942da7b5fc76347a6248e08e50c83546

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 e005fa83b90202463e98708789c56d6c
SHA1 94ddb2dcd8e4e88ac1d8d2e5d624287e33ccb193
SHA256 9833de519f0b77daa7273281cb2710f3c59f722701a49e481d95b5c7d53f4413
SHA512 8a136ab43492fb861c6554faa17de062a498781c62433734869c00bea99605e5e1bd566db39c678f3fd12ea0542fb94d0147938455b46829fb779918016229ec

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 cc1438b9e4418794d67e7e4a906cb8d8
SHA1 0fbd757685e45dbbce4ee6371a21aa046ee95f33
SHA256 ef42ffc1113ec15a266d8bacc6dbfc07dc0f674925bc25baa7eecd844d6736e4
SHA512 a514cfeefc5e9c8570d192233c80f7edf1154e993b713a72fbff591df5ddf4fe90ff3ea4ff5ff7ce74e4f270b1504be857c15886be8575ce14f669e76f37dd9b

/data/data/com.dili360/files/ofld/ofl_statistics.db-journal

MD5 559699579a899238745c23a535629e59
SHA1 6799f57fe407d21ce90f7f4ee6329c3ac4a073dc
SHA256 83ce4806cbfc243c83ef04ab92c812c738cafa1217db3b5d9fe39b09c834962c
SHA512 45959172dfc6a710a42e7409fb8fefa0dbb42bc0f0a055d7deb4b90d1578294814d80fc88aa3fdea307eae373c7bc3bdbe303bde703479e6c635c7caaa919dbf

/data/data/com.dili360/files/lldt/firll.dat

MD5 f88ef7f8a8c43639731a713bc7384bb0
SHA1 6fe41001c279655322b549e9803516b544b0bccd
SHA256 9e2a6d64543beb9e7c444bb8e1e7b95d0817bf1279d4d2320588f1cae620945e
SHA512 d07e0856df9d25b7b85f6e0a87017453639421f5ef85403bf83bdabf2ffed44d1789a445b75152c1ebabd039c7228d9e03e45554843e38c9d3d4a8d4a35d1679

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 f19773303c01aba46f9cd1bff87e996e
SHA1 ef81b86f36c8dab5b2838aacbc5906a9b0b9aa6a
SHA256 b581f8065e40da01a911caebe3c27f4bfa92e31b30a82b795af0ac3fcf09ef42
SHA512 7e669886c1213b63c153b1517262f60aec11976e22cb78dec5072fc9554d3da3a091a8f0215582a99c34e0a33bb6130608e49da96c6e04a62ef3b111839e3d78

/data/data/com.dili360/files/ofld/ofl.config

MD5 1e896eca8db2c5f71976c9f1b18bf064
SHA1 ba0d8e8c9494be42cf7e19c5b05b5984c0206545
SHA256 0d38aa23e95c8d86bea878cb97f6ec1876652f73eb1592c7b25ec99f694944d7
SHA512 cabf1450c98ee12fc3c2c026b20c3b79ce7e37a18ddbec14132c40d9e9a24cbc9a1db404777f51d98c95deaf4b9854e67bf19ed2f98dc09011581cb6d81c04f7

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat

MD5 90951e32f1b34bfe38a17c83970e4b92
SHA1 812ab34dca49a999a453910172d8158dbe9e36bc
SHA256 f865e003835fba6d6a7470a83d8893a0a319df7f71734814176d1dfd30a088db
SHA512 53f35ca3b3c8f935342ab8d96cc0a64cf4f4e38a13f33126475de5b829e7a136af598ad12dbcad3ef4a3a413770beb5fdd391fb285497f0f922ade85cf189791

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat

MD5 43571bc0bf8ef49266ff3831bdd9306b
SHA1 a7045398371521c3ce9d241552101e0fd69bbd2f
SHA256 f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e
SHA512 b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 12:09

Reported

2024-06-14 12:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

149s

Command Line

com.unionpay.uppay

Signatures

N/A

Processes

com.unionpay.uppay

mount

mount

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A