Analysis Overview
SHA256
d22c40f830dec01000adcee6ac1c3de3c72c93044a0dded38b69bf90a7bb0ab3
Threat Level: Likely malicious
The file a99b2c219ff6cbfb39b0932590a44f4f_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Requests cell location
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 12:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-14 12:09
Reported
2024-06-14 12:13
Platform
android-x64-20240611.1-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Processes
com.unionpay.uppay
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 12:09
Reported
2024-06-14 12:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
153s
Max time network
137s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.dili360
com.dili360:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | apicng.dili360.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | user.dili360.com | udp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| CN | 123.57.174.224:80 | user.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| FR | 15.188.116.26:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
Files
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | 0f7fb92dba6e101b67e2ba2580a9e5e1 |
| SHA1 | d01495605a95acfad6cdf6a8e7513dd7820c4987 |
| SHA256 | 24e826421b26c455d54085fdb502552c04a3b85a53ae0e31b345c34f2ece9826 |
| SHA512 | 17d327ec970f4032f09cf589b4fbd6d35930b4595f231e0c172da89d57d3a8d00792a8aecad7d4b1071214205de59ceccc9b27e53d1a354766916c06b4377906 |
/data/data/com.dili360/databases/bugly_db_
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.dili360/databases/bugly_db_-shm
| MD5 | 7d2ab2dcc3f45b2e20557b2914460fa2 |
| SHA1 | 0f5ba77c170609c64bb93d6680397bda6649041f |
| SHA256 | 87391321d677fcf3b09658914091886f0910b364bfd9e23f25586e4212708f0f |
| SHA512 | 17328557c4be9c019305b40afde8bb8f077bf45db901ecbc85e24b49734337a026376406e70e66096256f7062625d0cc82cb3afb132aa2c615a27092db0bb579 |
/data/data/com.dili360/databases/bugly_db_-wal
| MD5 | 9270f1f6cdc20bab6dd9d064cffb8b42 |
| SHA1 | 58faae0522fff914339441d1fcc443044977d395 |
| SHA256 | 474032c36594d2b6d2dfd2bbb333d16bcca8c3919f74daa8cd4bd7abed1c192a |
| SHA512 | 2adb17ee34635905d4160f6d3a6d3e0e106c048906c6313c6a4f798fe3192d073e207aea655c64c02e5b8fbc16de03f0f70d70e9e0cf4c2994020eb07dc6f92a |
/storage/emulated/0/okhttp/journal.tmp
| MD5 | 3350993d3acb259fd776de3dac4cb777 |
| SHA1 | 190da179c53d28ff37d254d35f3e22119ed6535d |
| SHA256 | f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56 |
| SHA512 | 2dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2 |
/data/data/com.dili360/files/ofld/ofl_location.db-journal
| MD5 | 165b0d3bf8000e036590c198f83516c6 |
| SHA1 | 18462bfacc2bde260c94aed5464bdacac6f465d0 |
| SHA256 | 42fbc0114a5f05475036f0abbcf1016557fc676b451530a4597930cd91550df6 |
| SHA512 | 2387bf8392674352d77afa3a1b3c1602a02c748171b72b110fca81b4e394ad805ddb05138f63002fea431a1cab38703180b9467a06d346f3fcfa34561b32ce7c |
/data/data/com.dili360/files/ofld/ofl_location.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.dili360/files/ofld/ofl_location.db-wal
| MD5 | 2da6ca4d57e0c56205ac27ce0371bbe7 |
| SHA1 | 890e9562697a48194bc6eeb89893713fca738097 |
| SHA256 | a54199e1a789416cb6d03dd5c6b62d9f8bba86ec3fbef5d7a13e95bfac23657f |
| SHA512 | 1faa3d201f05516833ed0a735803694cff4529f0cfdda2ae46225a3f39dde65c1960d529eddfbc86b0de8c779101adfad6cf16f63f5219f48024c3b67cdcacf0 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | 28620a61fd7d109c80ff5199e6a9e909 |
| SHA1 | f5fe4869fdc4bb563ca92b422b503b28e7d6bdee |
| SHA256 | 8af9a0203f088cef3bcfa8915097187b8e220c77ab76807020fa2dfbc913ad07 |
| SHA512 | f5aa3e73975fb4a64e1479f1de9e219261078f4be2ff6dc95a66c387f4109a6ffa08720a4cae5aff28f246f2ee0f18fd1df7e7aae7d08249d02a1e5038611a22 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-wal
| MD5 | 5ae54844da772b78a9ab5c02ceaea65f |
| SHA1 | c077325a9e9363ad72a64de2151d2f855641ad04 |
| SHA256 | 68ac9cdcb46b9922459da8f1371a03f55ff474ace3d726447d8e95d274cbc500 |
| SHA512 | bdd5527368cd06abf8dbf93a781a536e4d70c59238e68b928332428e201d018b933eecc7ed8476d45c4414c8928ba8bc0069349bf3a76e1eae3aed30a811d5d6 |
/data/data/com.dili360/files/lldt/firll.dat
| MD5 | 5e3a40aae5d8e7c026940c043cab5e7c |
| SHA1 | 97b7a8ff215a8edcd7f6a8dccddd4e2dfbe4ca7b |
| SHA256 | 805f61f877578059b178f089c7b9772b445d7377b51fa92a5ffe0c6f731a6239 |
| SHA512 | 1a8968be141abcdfaf767c9dc078360bc3b5db6a15cbb67c09d32cb5fd8d581ad5fffd175ffedba82133076b055ed85a7c4ff6f1d808442ebbc86008763e49aa |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | 65605d3c68d287ac4e9f84995b655150 |
| SHA1 | 076dbc6af020a8fa9b19bdbec5777eee790bcb2e |
| SHA256 | 2f3c922a96d45c0c781393eebb59da5d2e20556b92576901e1893e8187388b97 |
| SHA512 | 390331e90eb93c2260031377c7c4806704e07268f0daad349d63d8f98e2bf388b6ce72a10682e7ff40ea945f02ff2ad92476ab02dc1067e665bf18fa23279cd3 |
/data/data/com.dili360/files/ofld/ofl.config
| MD5 | e3eb2e0bce0e957a69a62695e1513d11 |
| SHA1 | 2308bf79b2d017f6e13044f7707ee2707fcd74d8 |
| SHA256 | 1c369826b2cd98ccc73e3773a9a84a00ae4aed264ca97aa9ed1f1c1b34e20650 |
| SHA512 | 147242ba5cb744485833737d556aee66cb2efe9dc95cfb5b312a3381c70b97b2cce968ffef782b621740cd6e60f2139b1d012a141c98387be443b632d1fbe431 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
| MD5 | 30cefaf2f69bd6e49d8b81a2576dd3f5 |
| SHA1 | 12787dc265d882d2689264746045afcec2c2ef28 |
| SHA256 | 7994e39ba427515f17c91d7a6d38378f901dddcd6c4e9ea06e05d59b72f13a7f |
| SHA512 | d9b385438d47899b74dac28cc07162ea8764474e45eb2185f568175e81945b08d2c308f97b53a9193715d36a82a59ed9b0de45fc58710f0aae0b3b6238e5d4ef |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
| MD5 | 8d80bc8ea90e9cac010d3ddf97bda5f5 |
| SHA1 | f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07 |
| SHA256 | f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93 |
| SHA512 | 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
| MD5 | 43571bc0bf8ef49266ff3831bdd9306b |
| SHA1 | a7045398371521c3ce9d241552101e0fd69bbd2f |
| SHA256 | f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e |
| SHA512 | b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 12:09
Reported
2024-06-14 12:13
Platform
android-x64-20240611.1-en
Max time kernel
143s
Max time network
150s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.dili360
com.dili360:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | rqd.uu.qq.com | udp |
| US | 1.1.1.1:53 | apicng.dili360.com | udp |
| HK | 43.135.106.42:80 | rqd.uu.qq.com | tcp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| US | 1.1.1.1:53 | user.dili360.com | udp |
| CN | 123.57.174.224:80 | user.dili360.com | tcp |
| CN | 39.106.249.230:80 | apicng.dili360.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 13.37.206.148:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | d73330ac6139356c8515e5c3af46ec4a |
| SHA1 | 779387ec9bbf2f14a0c4d4a51be6172c58e3ff84 |
| SHA256 | 891f7e5f8f1df2de0f5c159c550b8fd15f1d7bdf4117eb84dadab28ce35ad642 |
| SHA512 | 8702c595fbfc68f460b27c0bc08035d1fc4591f83096604886fb38561f7ba7c6a80ba9b1b4ede8f5988a592b0a3ccd1ebef3adc6904b023ec2de8e6886b825d5 |
/data/data/com.dili360/databases/bugly_db_
| MD5 | 6a2511513412bafdc6692b82c5e6d4c3 |
| SHA1 | 368ea2d04d2c6eb01e74fa7bb6112d948eb651b5 |
| SHA256 | 2f0daa85cfefef4f81a19a3ca3b362641c89d6d87da79b67a6b278347690b433 |
| SHA512 | 992c836554350693b70ce3270ad0774ca095d5bd12552f8d63cea922e48e75df50ceb6179e4fa61aa0ecd6909afce7c3e46feebbf0fa2798278de4f94e5545d0 |
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | 2cd47ada17ad7a4e3d5e2717cb2762c6 |
| SHA1 | 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5 |
| SHA256 | 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279 |
| SHA512 | c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae |
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | 1b3aa51acc7605465c1482506591b1b5 |
| SHA1 | f1ade66cf5495ee8128b61a3952570ebd784b9ab |
| SHA256 | d9eecef1089f351079f9253dd72855bbb645011a0d4bad68c30bc758534ea1d8 |
| SHA512 | 5b4eddceb93615c148aa0cc34ac0cbdcdbf406db716cbf0c51ffdeda29e1774992d55fc02d3d278e433dd646e059f9da0306f5bdb02aa2308f548ddaa971c505 |
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | 6d45217fd9883d9128819004a1a7a3c4 |
| SHA1 | 1d7f5931d0bede60263ec1f5c9d615a3475e8e95 |
| SHA256 | 7fc5e2190d087aa6fcd28264ebd2616178f82669c9adbf75fc79fecef7552a21 |
| SHA512 | 5b1cab005a44d180cb6ad8f66cba0611ca2b81e29625a475da812ee46d7214ac6e19b93a4a1b7059d11c7f5dde78dfa442f67ca121b5d602068d6a2ce6f074a9 |
/storage/emulated/0/okhttp/journal.tmp
| MD5 | aa28e5d1c38e71a47d5f59ed34a56167 |
| SHA1 | 8a516b426bd776191b7fa1a2c466020f4ac3ac8c |
| SHA256 | 67ebf32137b2edb9018b4dc3732e77cbdf2a95fdf9ba81d786ddf815b78599cc |
| SHA512 | d1a559f9031832ebd8b7679e1ffba592edb2ba048c8fad7f60a28a3f39cf4b7bd651cb93d1269ca0ec13351fd89d1c4445dfabd12a431e0b13c25ccdc97abe93 |
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | b2c9394fd89c4e532fcac22f36992bdf |
| SHA1 | 5b05b07e35ee8f553d451559c2e1670ec2880c19 |
| SHA256 | 19ef29ca7bc6b301204d1721c7bb586e6bb12d8e45f591ca3c0387efe0b5e227 |
| SHA512 | 38f88460eb0e704b2c83a8dff6c86ff7c1038bda236910b0d19ae55e9c9dd0c9eafac0ed8fa4918c685c7aa23953b4e71d569a6ff26fe6703f95d331bdc94174 |
/data/data/com.dili360/databases/bugly_db_-journal
| MD5 | cd7fe5fd05a2d91a036ec1f187615c27 |
| SHA1 | 22649051dc4f0ca3f750f629f9d878d531c6ed1e |
| SHA256 | 5ec213a9c0ce2cc0a7ea6f6e45e761dc7e9acfef9a22b88bf380e088fc2e3763 |
| SHA512 | 820c5577bfdd1b1d7f1f1a633e88fb6f32d722630e6cfb02237336981ba3d4724bd9b16ad8184341ee5e85d4f3cf1bf0d79ab9025ecbc1af579832e0f60cb66f |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 98fd0f74f01bf92df4369347614138b4 |
| SHA1 | 0b49c184ee0cdf7afd0ca0010d39b33f4fea9e2b |
| SHA256 | a8dca20e912aff98f64ecb71e66b16931e879af006167f4d7a29bdc40a96570e |
| SHA512 | 80c4a26f1ca969684d3dea0e4e5df6e6b68387208f6ac904ee9bd5e7d0fc36bbac7d967314a28d8b344e3cb86d0854ff27c69a29c312dc6f8c082ac544106114 |
/data/data/com.dili360/files/ofld/ofl_location.db
| MD5 | 49eefa442e55be8652c7c3c5f28d912e |
| SHA1 | 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9 |
| SHA256 | 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7 |
| SHA512 | b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7 |
/data/data/com.dili360/files/ofld/ofl_location.db-journal
| MD5 | 790001615028dc5a6f8b48c3c0b54f45 |
| SHA1 | 584893d6cca8c8370f29b9d5ecde54eeb6bfcc52 |
| SHA256 | 8738d071e013bb94feaed8bc3386168fa1c0b2d5f1a86c72247857c8805211ac |
| SHA512 | 5588518ecee70a9d05d91d5401b8029cc3eb33a64670213bb560b4365d6b92d38a8abb814b432cb934ee18453f90c3737192f36e783a3c52c61aede85901a30b |
/data/data/com.dili360/files/ofld/ofl_location.db-journal
| MD5 | c982b824555ccc20cfd3ace40087b101 |
| SHA1 | 0046f8e1f00e116a1844187c8c5ac924da6a7d03 |
| SHA256 | 7189661f78fde622e91ab89c48853fa2471fdbc003c2900b3e52f530181b4d13 |
| SHA512 | 40b58d021e238e446431a59336824884ee75427d45e16da38b83dac9034ddd9bf54b807e3f5a282f15efdaf355229fc97b355990cd4d45f4c8cf918a96be1c19 |
/data/data/com.dili360/files/ofld/ofl_location.db-journal
| MD5 | 72d667e168e6e1e2d33cb7b0659246a0 |
| SHA1 | d5f53f8b9ab36145e723439d390927da41b3b9b9 |
| SHA256 | 87673e3c46dfcab21b44d6cb873d09d833125229528ab8957f835f618a6056ab |
| SHA512 | 8ef983be466756ccfca94dfa11c9c8e4ce6e4bb3460fec6f33707a685206e3dfaa4c808e2a7da49b5c7380acd55f8e7a39640e5527f12aa203ba681866ecc427 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | 9b39bbf9c4abd8d9988a8a1ea5a1a889 |
| SHA1 | ece05698aeae94d53a32efb8ff743aaa5fa604ea |
| SHA256 | 07e868072bc5e4da34603981d5a7aa4dfa2527ae1018aeb6bf21125c100b6718 |
| SHA512 | e6cc9477a7e0bb34339c00cbb9b19b6aa4fab604ce08df135594c41da1e97d74b3003a6bbe0094a0d8358b8ae8c5b770da7f9594a0d155bd2f911df6b60b5e77 |
/data/data/com.dili360/files/ofld/ofl_statistics.db
| MD5 | 744ba4d6f58e22f8f82d56a50e4b5373 |
| SHA1 | 535e389f9b7f2e0d14e550fdd00011dfc255e0b6 |
| SHA256 | 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592 |
| SHA512 | e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | d96724ce235d8cbde6b4eb272f6c0af9 |
| SHA1 | 2b0c7069eb85dcb2f6ff3d6278ea1884e9d70654 |
| SHA256 | 10741a2ca9e2bac6a700abded23a816d3bbf3c6e12c5a121dff4e9d5491dc57c |
| SHA512 | 3ad6b1945f65094c233a18b2e92c3b51d1f7c872fe4286a04dace8c1137c860c14324f01c679aa833ad9f1feb83636f82f8cc3ab7ba34fcc9827a648c2a43969 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | 9583ca9deddeb89533e8ebf3ea4e6ceb |
| SHA1 | bb678d8ce6a127c1323000ab3f692c040490c4f2 |
| SHA256 | 0324d805dc2219b2cac5c62b715e7d440243e32c81a7f8bca3f87ae470570134 |
| SHA512 | 8b2e3da1c51409de77fbb7455b358c07df6a12d27fce0b9c80eb8905005f6a19dbadeaaa13278b5e1660fe6c7c7d3f22942da7b5fc76347a6248e08e50c83546 |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | e005fa83b90202463e98708789c56d6c |
| SHA1 | 94ddb2dcd8e4e88ac1d8d2e5d624287e33ccb193 |
| SHA256 | 9833de519f0b77daa7273281cb2710f3c59f722701a49e481d95b5c7d53f4413 |
| SHA512 | 8a136ab43492fb861c6554faa17de062a498781c62433734869c00bea99605e5e1bd566db39c678f3fd12ea0542fb94d0147938455b46829fb779918016229ec |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | cc1438b9e4418794d67e7e4a906cb8d8 |
| SHA1 | 0fbd757685e45dbbce4ee6371a21aa046ee95f33 |
| SHA256 | ef42ffc1113ec15a266d8bacc6dbfc07dc0f674925bc25baa7eecd844d6736e4 |
| SHA512 | a514cfeefc5e9c8570d192233c80f7edf1154e993b713a72fbff591df5ddf4fe90ff3ea4ff5ff7ce74e4f270b1504be857c15886be8575ce14f669e76f37dd9b |
/data/data/com.dili360/files/ofld/ofl_statistics.db-journal
| MD5 | 559699579a899238745c23a535629e59 |
| SHA1 | 6799f57fe407d21ce90f7f4ee6329c3ac4a073dc |
| SHA256 | 83ce4806cbfc243c83ef04ab92c812c738cafa1217db3b5d9fe39b09c834962c |
| SHA512 | 45959172dfc6a710a42e7409fb8fefa0dbb42bc0f0a055d7deb4b90d1578294814d80fc88aa3fdea307eae373c7bc3bdbe303bde703479e6c635c7caaa919dbf |
/data/data/com.dili360/files/lldt/firll.dat
| MD5 | f88ef7f8a8c43639731a713bc7384bb0 |
| SHA1 | 6fe41001c279655322b549e9803516b544b0bccd |
| SHA256 | 9e2a6d64543beb9e7c444bb8e1e7b95d0817bf1279d4d2320588f1cae620945e |
| SHA512 | d07e0856df9d25b7b85f6e0a87017453639421f5ef85403bf83bdabf2ffed44d1789a445b75152c1ebabd039c7228d9e03e45554843e38c9d3d4a8d4a35d1679 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | f19773303c01aba46f9cd1bff87e996e |
| SHA1 | ef81b86f36c8dab5b2838aacbc5906a9b0b9aa6a |
| SHA256 | b581f8065e40da01a911caebe3c27f4bfa92e31b30a82b795af0ac3fcf09ef42 |
| SHA512 | 7e669886c1213b63c153b1517262f60aec11976e22cb78dec5072fc9554d3da3a091a8f0215582a99c34e0a33bb6130608e49da96c6e04a62ef3b111839e3d78 |
/data/data/com.dili360/files/ofld/ofl.config
| MD5 | 1e896eca8db2c5f71976c9f1b18bf064 |
| SHA1 | ba0d8e8c9494be42cf7e19c5b05b5984c0206545 |
| SHA256 | 0d38aa23e95c8d86bea878cb97f6ec1876652f73eb1592c7b25ec99f694944d7 |
| SHA512 | cabf1450c98ee12fc3c2c026b20c3b79ce7e37a18ddbec14132c40d9e9a24cbc9a1db404777f51d98c95deaf4b9854e67bf19ed2f98dc09011581cb6d81c04f7 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/llg.dat
| MD5 | 90951e32f1b34bfe38a17c83970e4b92 |
| SHA1 | 812ab34dca49a999a453910172d8158dbe9e36bc |
| SHA256 | f865e003835fba6d6a7470a83d8893a0a319df7f71734814176d1dfd30a088db |
| SHA512 | 53f35ca3b3c8f935342ab8d96cc0a64cf4f4e38a13f33126475de5b829e7a136af598ad12dbcad3ef4a3a413770beb5fdd391fb285497f0f922ade85cf189791 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
| MD5 | 8d80bc8ea90e9cac010d3ddf97bda5f5 |
| SHA1 | f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07 |
| SHA256 | f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93 |
| SHA512 | 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7 |
/storage/emulated/0/Android/data/com.dili360/files/baidu/tempdata/conlts.dat
| MD5 | 43571bc0bf8ef49266ff3831bdd9306b |
| SHA1 | a7045398371521c3ce9d241552101e0fd69bbd2f |
| SHA256 | f0e2d580dbadafc392ae6375f80eb6354e910f45454c7741437bc9231004517e |
| SHA512 | b3b712c525008208fe1fd7141a6ef158cba899a5b31a1e80693bee9a2640d505d8611e5883b33afb24e8cc5a9e0dc7ef4c57ae047308deacd6d83f9bd2bf59c9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 12:09
Reported
2024-06-14 12:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
149s
Command Line
Signatures
Processes
com.unionpay.uppay
mount
mount
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |