Malware Analysis Report

2024-09-09 16:01

Sample ID 240615-ggh94atfrr
Target ad0c55cb117c947d6f07fa4c0e20e187_JaffaCakes118
SHA256 caff1ef7db1aace2c053e041b94ffe1cf9d2c8635442eade4c6fd8e40ffc3fa6
Tags
discovery evasion impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

caff1ef7db1aace2c053e041b94ffe1cf9d2c8635442eade4c6fd8e40ffc3fa6

Threat Level: Shows suspicious behavior

The file ad0c55cb117c947d6f07fa4c0e20e187_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 05:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 05:46

Reported

2024-06-15 05:46

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 05:46

Reported

2024-06-15 05:49

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

187s

Command Line

utan.android.utanBaby

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

utan.android.utanBaby

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 dev.voicecloud.cn udp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 utanbaby.wx.m.jaeapp.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 58.215.49.35:80 m.yuying.utan.com tcp
US 1.1.1.1:53 m.utanbaby.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 172.217.169.10:443 tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
US 1.1.1.1:53 m.utanbaby.com udp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.utanbaby.com udp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:1028 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
CN 114.118.65.98:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
US 1.1.1.1:53 dev.voicecloud.cn udp
CN 121.37.220.137:1028 dev.voicecloud.cn tcp
CN 121.37.220.137:80 dev.voicecloud.cn tcp
CN 121.37.220.137:1028 dev.voicecloud.cn tcp
CN 121.37.220.137:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 121.37.220.137:1028 dev.voicecloud.cn tcp
CN 121.37.220.137:1028 dev.voicecloud.cn tcp
CN 121.37.220.137:80 dev.voicecloud.cn tcp
CN 121.37.220.137:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 121.37.220.137:1028 dev.voicecloud.cn tcp
CN 121.37.220.137:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.utanbaby.com udp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp

Files

/data/data/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar

MD5 928a6a05b730bcd02cc351d14659c20a
SHA1 0b6d81fcfb914408a1ccd450d121d7d644173467
SHA256 93a7c0114615c82d1c24e8067bd89a4d46c00693256a507137597eb34fe7be26
SHA512 ac5fb7f12c49db179e3ff3777bce3bdc209d94aac39486a2ea1d0b0b930ef388024ff0cbb708b87f4c2eb50a135d83260be03273423aa55d7d5c1ce5f0e625e5

/data/data/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.key

MD5 97f0f4b0f838653fb4f92152a62ef045
SHA1 402f1248656264a9f3578c8c529a2cae5f22f63b
SHA256 386d2ad18320f24b9b647a20bee68fc833867bd292656f2e79a93f0915590504
SHA512 d4d32a359dafd5e9fe26a250306322d71c43de74708159713b3f7cfb04304662b0555e48d7dee6882cd4a7d329508ba83756ba7d23c22134feeac8f51412104b

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar

MD5 06668bb6db75530052316ff93d8ed7c6
SHA1 55fa23910b5959262d954a081ef8b751573ed96c
SHA256 36fa8a0ba5d6f1a52ec833c524ea719e2cfb8260663819492c22e781b24b3b8f
SHA512 0604ceace7dc62f86bcae9d1dd9976d8c60b7c17411dd602c388f3848dafb4b7574a54088fb28c4d1d3a257b782f945b0acc626d26218dd02d32ef83cf1d8945

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar

MD5 c2a3947c92153fbe9fc4583f6685b8d7
SHA1 7a25e331acb63fd836d7c057ab790193fa27ca53
SHA256 3e2b54189f95559a122946f7dc9156fd04c2a277868909e05e7a5cde83b0559d
SHA512 54af12f3b448cea6a1a9e4e780133bc1ecfb1ff91eb77fe0b784e26539ae7c085c80ec5a3b34bb6a7945719ef541f4f6444b6dd10018dd56671936a323f6b3f6

/data/data/utan.android.utanBaby/databases/account_db-journal

MD5 4f6dd94c62afcec724a7392872ec7a08
SHA1 c8f637f2ea9bb6462f15e3e3f1ccd8ecfa1942fe
SHA256 181acf41c4f7bf508a770ddcf693e8b2456eea11f5f435ecdee297f4b1d3d3e9
SHA512 4ccb11632951498225b35cbe332e669b2435f1b383584010159182706635814beeaa556330e1ce07cec139ebf0588d712fc86164047b62c9e3f9024c3acf7ba4

/data/data/utan.android.utanBaby/databases/account_db

MD5 43e3362f3a6587f4adeb1fb366e368b6
SHA1 ea0b876af2d867f8c39414ec01049ba1d354b4bc
SHA256 1daf6e16ad9cd75605dc9e9ffbecaadc2b0673e601856ffafae3aeb835c27525
SHA512 38f70077b24843cf04412f97c9c1297fa98ffb9aea1e11088c0ede88af66f3e02ebe8d7578f06597956230de7d0f41d5ec273326be0458b99cc7c5d79add6594

/data/data/utan.android.utanBaby/databases/account_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/utan.android.utanBaby/databases/account_db-wal

MD5 c32f7637617be27939c8c29b05ce88cf
SHA1 2afdfffa2c358032a7174b6e57475e07b983424b
SHA256 37d3a7dff7f0d5cd8e10f8a25ad67e6c662eb20a65db8d7e242b5e9af16d6ca7
SHA512 a305ad39117c189b3068e479f1b691eaf9d320cce17da8c117fd51332acacd2b29fd4ee554f6503be2e31c4b3c0a478b84b887fe559d21352158c207d4767030

/data/data/utan.android.utanBaby/files/umeng_it.cache

MD5 acff539d98640084e31b808283a90c60
SHA1 5c30efb0fe9af6612ce008465c0c158002bdd55d
SHA256 6710328708a55d7b718badc7ebe2899b97817420aac16b9f0775078acfe91ddd
SHA512 2ada230d85fa8019715655b31961e38c28fc5283792ce0872b0af47392b24be26ee061a207386dfca333cae926257cd55300f8f081a44c04da6be57434d4d98e

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.1.1.107.db-journal

MD5 76fc02986af710fbf3e728d5a3f4b4db
SHA1 becf8c7e2c5171b7c9b514676e13b17c24bc3a8d
SHA256 237f9afcef1b896ea0e4054728d0d7002807902a5fc88adfe7bfbf22881e47af
SHA512 959768c768582c9e8f9eacace3e560249155f811c94ff4d6a7f27f6292bf4b2134648a00c2d8817b9449940edc27613c7e6e3fd277d402d85d77e50a2e7593ac

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.1.1.107.db-wal

MD5 5151338c2bcd35083ad917f28f37deba
SHA1 a528409fb06860fbf1719f0cfe879a86265ba6e0
SHA256 b22b35ed5e1bbe3257b6f478c958f1570e2cbef88df0207665c7e494521ae5dd
SHA512 f07cbcaba83fba8e65c4d67e55a40ecf1ee5dcc633de47c1f9fc33809958b29f6d840ab585be368f443cedab46d969b27947bffe59b47e7e8e3a4c44b8d83081

/data/data/utan.android.utanBaby/app_push_lib_v3_120/oat/plugin-deploy.jar.cur.prof

MD5 1d094b14a61f9c23cf45024a0eb00f3c
SHA1 ae00d9a3dcd580bc90ad79ad5556fa291d050c31
SHA256 c3c1bf683af998bd6599eb5d8d7e02b766c309b039e8019f34d3ada17cc83ff8
SHA512 d8c3bd74fe23a1f656f11041bdcb8dfbf8c61e9beb3285586d429846d12375ed5038ca8af5c817aeec44394f76d0af9c2c896c41eead448ce026a265b4f7b406

/data/data/utan.android.utanBaby/files/mobclick_agent_sealed_utan.android.utanBaby

MD5 654a32c297dd1dfca55690aa354f5ec0
SHA1 bc1152686230f4b718360bd86a15075ccc10a855
SHA256 f1b639af854e932126598bb72e4690e6c93dbf9f7dc36775c2506168f9a24aeb
SHA512 8af2703794b6071be71638f79a5c299f8d1c04b2667dd5d3e76423cf92bba341150fef0f290ccdb724ca4d05d40c9d411e3d59d98279aff72a10154b647a928f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 05:46

Reported

2024-06-15 05:49

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

utan.android.utanBaby

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A
N/A /data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

utan.android.utanBaby

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

utan.android.utanBaby:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 dev.voicecloud.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 utanbaby.wx.m.jaeapp.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
GB 216.58.213.14:443 tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:1028 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
CN 114.118.65.76:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
US 1.1.1.1:53 a.utanbaby.com udp
US 1.1.1.1:53 m.utanbaby.com udp
US 1.1.1.1:53 dev.voicecloud.cn udp
CN 114.118.65.92:1028 dev.voicecloud.cn tcp
CN 114.118.65.92:1028 dev.voicecloud.cn tcp
CN 114.118.65.92:80 dev.voicecloud.cn tcp
CN 114.118.65.92:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 114.118.65.92:1028 dev.voicecloud.cn tcp
CN 114.118.65.92:80 dev.voicecloud.cn tcp
CN 114.118.65.92:1028 dev.voicecloud.cn tcp
CN 114.118.65.92:80 dev.voicecloud.cn tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
CN 114.118.65.92:1028 dev.voicecloud.cn tcp
CN 114.118.65.92:80 dev.voicecloud.cn tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
US 1.1.1.1:53 m.utanbaby.com udp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp
CN 112.124.141.156:80 utanbaby.wx.m.jaeapp.com tcp
US 1.1.1.1:53 m.yuying.utan.com udp
CN 58.215.49.35:80 m.yuying.utan.com tcp

Files

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar

MD5 f316e25c4f6d06eb6e68b8ae578d83d0
SHA1 88df0270959376eeeec74e60ba8ca78fdaf26afb
SHA256 ea42e318c45dfcc5889dc96a3061a3f47aa897ba04f09eecf09e0966927334fb
SHA512 f71080ac5ef8cb495bbe81badfd4dfba9c7e62e4e32dfc1141dabd055c908da3f3d4f6e0c81c9087287d29b3e560f96c11e64d860895d458f2c56f8b58750274

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.key

MD5 39f1c24d42679fb6e39a44da5eaa6cc7
SHA1 7f99e25b24b4e127f432548c1c41d063ea88d622
SHA256 51f49005dbe9114f10fee4509eb87e04085eb972512b40d9d67958b2283400e3
SHA512 86f251aabb8c872c9f229c735fd8aa7d490a12abf8d8d8d33999bf26da96428329dcd491186843296a60bd10f1f8bf6fb0d6be3737180ccf8b736e309d1f976f

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/plugin-deploy.jar

MD5 06668bb6db75530052316ff93d8ed7c6
SHA1 55fa23910b5959262d954a081ef8b751573ed96c
SHA256 36fa8a0ba5d6f1a52ec833c524ea719e2cfb8260663819492c22e781b24b3b8f
SHA512 0604ceace7dc62f86bcae9d1dd9976d8c60b7c17411dd602c388f3848dafb4b7574a54088fb28c4d1d3a257b782f945b0acc626d26218dd02d32ef83cf1d8945

/data/user/0/utan.android.utanBaby/databases/account_db-journal

MD5 3da2c82a0f6d1f133f3ad4a177b15ea1
SHA1 0202ee92fa0c534050b5ce7d92de499e1c368b58
SHA256 966dbf29bccebfc2b743efa4e09dca76dddc15dc7bff48d88ab3491e6ca197ec
SHA512 701ce6622a5fbcf70486c79809d941f2574206ed66a8b46f455ee543940b9988e19702dd8f876e0c7e8728203cf842486983d6ddb498311e5f68a1a4c6cba9a7

/data/user/0/utan.android.utanBaby/databases/account_db

MD5 8ffab31c1ab5dbf28ae245a051a893a8
SHA1 18aa031c9bed0aecd0edbd8bedb7e342dc802785
SHA256 70270593fcf64bc01bb0313bb884ddca8896e5615c9e157e34922e4b15a276d6
SHA512 158dfd0a4cabfe0350947c484992d41a05d6ae204d5eba4df8554c42a3139c7990eff7433e16957a5798da6e292850848a3f86b881bd3f41a7d185a89b0951b1

/data/user/0/utan.android.utanBaby/databases/account_db-journal

MD5 e619bc4448b7728cba745c552d8b2cb0
SHA1 a9344095ae0295e899e121752680a025d88847ae
SHA256 9b9b4c54b15ba6ecd7ac4fc05f77ccf190ec0b0717572d2a5b0a0d1ce866f3b9
SHA512 0a11d867af15674867f1ac05bef64eab5d4b16ff9211e8a56d59e288f4873bef2f66ce499bdd092923ee91ca38b95dbc9456ac9d709b29d27e052f2b38205567

/data/user/0/utan.android.utanBaby/databases/account_db-journal

MD5 21aadb80cb0e8e0c00e7cc9eceba7e90
SHA1 badcd435ca2d544c568a8a731db4d9586428cdcf
SHA256 3a1f5eb9339b97cfdeaf86c6f2c5be3fbfbd3b7219e93d2e2531bec934f302a8
SHA512 08e1994d94d63e667b3a64cb82b4b330432c866d9a66e6983d1c8661410b1ba5472b9b12153861710cb2efa967b6de446be3e75b42fc0c226e791a7a7e67ba86

/data/user/0/utan.android.utanBaby/files/umeng_it.cache

MD5 1c030eac19a53f4c52f02f20bfac9b0a
SHA1 72ab6dbd103a48cd60b290b3ee2ea75a5f0a4cf6
SHA256 c85a410b73e2b7fecf8dee9f30f592ebfce08859eb378aafecca49db4e3ea724
SHA512 f73128542a27bb1ce1c322076e390604d96850d013c58ac624a7d87972145093d42ff1d16bb2db6387e167874db7d0dc08badb7025c7bece98cbecdc7c51cabe

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.1.1.107.db-journal

MD5 74913cae3e46245ae5350b5d7b257f70
SHA1 4d0f2817d2d7f626fb40c199f2cec190bd0081d3
SHA256 1754f4fa33473282a186c0794935f94092c73204aa6a914ab86819b6b4add2b1
SHA512 6de6c8a16eeb16531b9075691892dc813696a052ae56c2e3fb6867846f0e366d4f3fe9d09ae1a15236ec7ec27321e40d47915eea8610d38c96b1c423199388a9

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_4.1.1.107.db-journal

MD5 19b4fd5e252f07d2a651ba51263e6916
SHA1 7e48acf1a099cfe490542561850c4ffdeb2fe3f4
SHA256 80b6453f4925eb51289de7698f87666bc9cf456e0dd0f45469be083361af06da
SHA512 a03a1c3b5847037537dedde2208099c1cdddbd39865588f92df376a982db099b3e8e104b3ab6913ed4bd50afdb5b0945efa524476aa88e018772b81909feb0ec

/data/user/0/utan.android.utanBaby/app_push_lib_v3_120/oat/plugin-deploy.jar.cur.prof

MD5 a620e04e9b1a47c1df29e0ba150304e1
SHA1 35c61e590060048fecdc0013f641d5077d81ee39
SHA256 795b7befe87aa62f86d2764818adbcd9ffa6e21f5cc31129166c48e2cfe9aa9c
SHA512 3dc1824caf18eec58502e87153368cf90d8f913ecdb6378aac28f6379c07b58224a23f8e1b5d0ed7ac7a64912796598a734e6c0b8f9f08d0b9824cc3c50d55b4

/data/user/0/utan.android.utanBaby/files/mobclick_agent_sealed_utan.android.utanBaby

MD5 1642029f6af421b3203bf423fa0aa95b
SHA1 97e067a0d13a029887f421364ae58aa51b3a7814
SHA256 85cf9db0c87cec9e69d216c75eb8ef15060fb77bef08798dee3510522dc67d4d
SHA512 b062a8e3aca441e282701f6026dff582d771ee24bf406524b9e936c8d9c0b4f98ad4c8b1c85586fdf82f0b27aa751956c848b6a270d0db9bfe22f6c886565b00

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 05:46

Reported

2024-06-15 05:46

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 05:46

Reported

2024-06-15 05:46

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A