Malware Analysis Report

2024-10-19 11:48

Sample ID 240615-gjaezatglr
Target ad0ed4ca724a9483cf7764a4f4cb38ba_JaffaCakes118
SHA256 706c359d5d0e14e93ace20e7527df73553148d5bfd570dd1b3be3504e2bc3e8e
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

706c359d5d0e14e93ace20e7527df73553148d5bfd570dd1b3be3504e2bc3e8e

Threat Level: Shows suspicious behavior

The file ad0ed4ca724a9483cf7764a4f4cb38ba_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Requests cell location

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 05:49

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-arm64-20240611.1-en

Max time network

157s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 66.102.1.188:5228 tcp
GB 142.250.179.238:443 tcp
GB 172.217.169.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.178.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.212.225:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

160s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

112s

Max time network

186s

Command Line

com.brid.zdkj.mi

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.brid.zdkj.mi/app_mimo/mimo_asset.apk N/A N/A
N/A /data/user/0/com.brid.zdkj.mi/app_analytics/analytics.apk N/A N/A
N/A /data/user/0/com.brid.zdkj.mi/app_analytics/analytics.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.brid.zdkj.mi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cloud.xdrig.com udp
US 1.1.1.1:53 i.tddmp.com udp
CN 116.196.71.30:80 i.tddmp.com tcp
CN 116.198.14.56:443 cloud.xdrig.com tcp
US 1.1.1.1:53 sdkconfig.ad.xiaomi.com udp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
NL 20.33.39.99:443 sdkconfig.ad.xiaomi.com tcp
US 1.1.1.1:53 f2.market.xiaomi.com udp
US 1.1.1.1:53 f3.market.xiaomi.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 99.86.114.108:443 f2.market.xiaomi.com tcp
US 152.199.21.175:443 f3.market.xiaomi.com tcp
US 1.1.1.1:53 sdkconfig.ad.intl.xiaomi.com udp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
NL 20.33.39.105:443 sdkconfig.ad.intl.xiaomi.com tcp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 1.1.1.1:53 diagnosis.ad.intl.xiaomi.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 community.73776.com udp
CN 106.3.149.26:80 community.73776.com tcp
US 1.1.1.1:53 gv1.xdrig.com udp
CN 116.198.14.65:443 gv1.xdrig.com tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
CN 116.198.14.47:443 cloud.xdrig.com tcp
US 1.1.1.1:53 restapi.amap.com udp
CN 59.82.132.217:443 restapi.amap.com tcp
CN 116.198.14.127:443 gv1.xdrig.com tcp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.99:80 tcp
BE 74.125.206.188:5228 tcp
GB 216.58.212.238:443 tcp
GB 172.217.169.34:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.227:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.179.234:443 mdh-pa.googleapis.com tcp

Files

/storage/emulated/0/.tcookieid

MD5 c3ceca23df7ef585ffbb3e6026aa1c03
SHA1 1ea89a4898646d695df83a21e4ad68333f336bef
SHA256 7b544f336d1baa2dcbfee2a7fd9bb0c429a42c5c1f770e3017cf8c79db140829
SHA512 0c603ba5a15fda1de20eb1f7c8bcebe23e8be98799f3ddb8caa7e78c6487cb9ef8d799af30d168a856023a9071dd15815a7d3626d72c412136f387408a2883ae

/data/data/com.brid.zdkj.mi/app_mimo/mimo_asset.apk

MD5 f93ca7ab46f61a8ef654beccb8e07827
SHA1 a9ffdb3b6c255c9df32db015e5ba2d2197b10f55
SHA256 4e4b25e8490b2d5878a1dccc5114b3a47c038c49cd0c33ccfd476c2b1c96d212
SHA512 b4da9758353323a9d0a3e1453921c094a26a06a7d049436007c40dc466771c925375c59b5668defeeed107ffe7ac9b802f120f72c70b38bc57ebf3dd2e8d5d05

/data/user/0/com.brid.zdkj.mi/app_mimo/mimo_asset.apk

MD5 170a4a43e423789d75e9d991aa7801ea
SHA1 d23db3d81a78bb6cf5a74f6119930639cf2e1728
SHA256 cf7a6f80b699c4bc97ff3810614459806c2361f61d7cb6df31b641919834e4cb
SHA512 a7286b4ec99cc3cb74bcc2e313d642be9cd558795dec4dc973e850c9fd6e78eb091d96d798f003625f4beed959ab0e7a0d15634188bb3c5712f67b5d92af960b

/data/data/com.brid.zdkj.mi/files/__zad_uuid__

MD5 09e0f5871e9073b1730720f95ce99306
SHA1 28c0dfc825efc0801bc61daed3089f4eb1ab4a6b
SHA256 24449f1bd892ebb828f985e4f7d1cbcce8081e0a200f2ceff885c9e5c49d737b
SHA512 3374cf45507829f50124bfde3103dbc1df65f55a2204ab2700fa877c7e38f9fa8fc5d001fdc84a1bf6a2e27574a8464e116c17d007b7e53d38171fb5a3f8f629

/data/data/com.brid.zdkj.mi/databases/logdb.db-journal

MD5 8e5376bca00d7b587c310e2533dc9532
SHA1 d9db9ff2197be96b401bd4aa7e32626acc4878a1
SHA256 9ba189a1ea3561128a18ac6b0dd8a81d8e0b08e623bd2015bc345f359c295b67
SHA512 88f0b8e32f818559cf6c3906d956805348ef96b64aa342da5caa807c768c225de89ef99ae6e93da907d51d0a59e8b2de5242b5ee753c13595fe1da2113e088d1

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 a7b5debf648af8527d38065f285c6754
SHA1 ad8513c878ca1483a2472c7f8dfc8a416418517e
SHA256 0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5
SHA512 c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

/data/data/com.brid.zdkj.mi/databases/logdb.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 d808a0815e6a08dfefecd20d326fd050
SHA1 1f577762aa684b1245e6d736b3af96954a5695ec
SHA256 1f44aee0495a99301aa5f2ae590f3c9f5ee76545b40331a8ac0cfc5c7a3f37e6
SHA512 a5d423a0897a3da2effe64684e4b0adf907e20ce2b9348a5af71cf01248ed8395f0d1637c499c70c859921275fe4f1b5e244a058a402dd0f81f5dbf8c0991f25

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 174d7ad5b3c830ddc69eadf969f22e0b
SHA1 f188cc76ed236bac40194e014fd8a98535b0fbaf
SHA256 162b7a19dc784b686b6505bdefe32c7a2c64ed66e01bb15d065a451e6907fef6
SHA512 62880d4748a01620dec9fa357998b901e05b4ddf0bdeb34ad8da924e25ddcc4a53a65c6371712c9b185e7e0c635ca769c6b21f69a78c4139ad303330de39ad74

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 e7d255916984067a0c39533d2e7f0d02
SHA1 5b0a0aa4ffee47a2633ec93bd3a09c283423990c
SHA256 7dfb75f8997946b3a554773a6bc9723d3637e4928d051b76b69e17fe0fea1c8f
SHA512 468d405d8158c35ae82b2dfd9f57542a1932adecc29adda1004eb2208ca6e1296065bdac362fbe8b12c58aabbcacd644f1cf61f66e072c48780ab1d6b58a2595

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 e8dbf8e00154c76221eec24117a2d61e
SHA1 5bb9b1593fb8a41d414ed200920347b30bc41e75
SHA256 829bc2dbd98ee2cea2c5d45c4142f557340a24897572961895e1423c949b7602
SHA512 8e70bdef3c632ebd1b00e525c63099e758413abc22056280a67acc3bcdab3600d15faee66d87a991fd9938027dd12ac93d0cea3c0b8b3d37df34045a8785f301

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 60e918a66670488ae5e111bdcbcfa95d
SHA1 ee81e2f5ad9a7301adfce5999095370e532a43d9
SHA256 0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313
SHA512 1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

/data/data/com.brid.zdkj.mi/app_analytics/analytics.apk.tmp

MD5 771fec16708ba01a54092a540fb0c2e5
SHA1 0692bedf423d86056187fbd9a399111d7988265a
SHA256 0d3a196df1b7c5d0a7c0e522fb72527a4463872d68e58d339f0e90606336a745
SHA512 f2f799a838c4fa869ce350361172ed5f925b8b94b25019913c899feb4ecd671fffd8cb5a9eebd63722a28d537223622bbb83c65675ba425bad2cb0b8c3823445

/data/user/0/com.brid.zdkj.mi/app_analytics/analytics.apk

MD5 0ac8e0f35a5c78b20da7e3b50fadaf93
SHA1 1be28eadb0fbd40483b22947b85b4be2156c735a
SHA256 79a2d70e007be422b7f23db1bf2e3e4414155e37f316e5d4c8ea113368b9b17d
SHA512 53dac74b8fcfe64ba781509348e5a3443a718e25a9b3935e3e34f2ca720b4afc411dc09e40bd3bf94e21512cf23cfa2b0fd7e9b0dca871669ebcae8d8ca6c914

/data/data/com.brid.zdkj.mi/databases/analytics.db-journal

MD5 d124c046db9b4791db1fd28520afcf33
SHA1 4674a8a1ea4841c1d277f26401aabab2ee95c8a1
SHA256 1cc12e115f94b1b8cef7c51f3ff8850d68d71f1a7e1f261a0707ae00159638d6
SHA512 be5ae94ff35b2e13441e669bfb4a97f2e36ed51fa6c31c93acd0208ef2959b0fbc73223176f186f3ad327f090ea14332532f2f7f14b08413928868789a629c0c

/data/data/com.brid.zdkj.mi/databases/analytics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.brid.zdkj.mi/databases/analytics.db-wal

MD5 a8a98af7f0d7c0be1b7bb8fcac74a860
SHA1 8b93e3f8836c4b2bb992d6885b3750c4bb1f7a14
SHA256 66d834c27855422d72eef8b266b41ebeb3e69a988ebdc56e6abd6e0e655687af
SHA512 df0cb4f2ea80932bd9741fa8daef849c17005ec27d36640a003025b409797ada101ab7ac2012aaef52c21544e81cdf545dd1eac4b5c0192381519586cdc5d55d

/data/data/com.brid.zdkj.mi/databases/analyticsv2.db-journal

MD5 9b56e000cded3f78d865bf54065eefad
SHA1 5114736580f078973b8f995bbf6ee2a4fbae1a6d
SHA256 f4482aa8a4346f0cfed5f61cb17c5f6f848cc3d3763dee33aac46ade2f190968
SHA512 23fbe42e6bbd079315aa3f46360d288bc485ce9ca8ce5175dbd0df15af0335c9b784e893f7c2770f617e196e62dff612569a3f1dea6cd8faaa43d466c116f0bc

/data/data/com.brid.zdkj.mi/databases/analyticsv2.db-wal

MD5 303b6819467463bb3e7eefc6abdf634a
SHA1 6e98e090dc048407f7b81d7a6a90d09f013e475d
SHA256 61cfc0b6c71c2e3c32bed000d9f31fdf180f7aa2c9a2164b8bd1ae61cc95dd89
SHA512 d3cde6ffe6e87a957044e675b46ae23a39b9cd8523da1ffc75f5507d2a52fd3512735a17a3be34d2b80f1f1058736e5ad96abf2f0049abec926c28d3e3f0d9dc

/data/data/com.brid.zdkj.mi/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 094a6c5f7b12533d721adf4c9bedf54a
SHA1 77ece77d42b3bae307ea9cf89087347e23c93d2d
SHA256 612ae3b4bb93b7de75dad1a2ef825d1c1a5835f1788b927bcb753ad13c2420d1
SHA512 35e0fc8d53d1e3701937175ec411f87bdc5043de4dc32aa6cc9a52115bdbf453d749d0972a8700a787b1db20ad32293134b31bbc1c4756043f796583ea56fe5e

/data/data/com.brid.zdkj.mi/files/54db829f09424caad69f7fb9350fa48d/policy.cache

MD5 607a3023f809b5933e39c271362262bc
SHA1 36c304da670f12e1563bfb979806323403785aa4
SHA256 00b5670acd0e3a1444fb27be5811f4cbf1e72d918d0d5ba6976f1176caa98432
SHA512 4f136106d178485f6977f1b03be32d84b4b5374a8aa46c697ff6833d61ac715695a52a74b42dd8a8f8436b6ae88191855d36d1cb5bf961d87616b5b3546894f4

/data/data/com.brid.zdkj.mi/databases/requests.db-journal

MD5 a3d454b14d82688dbdeef58280212395
SHA1 4fb8393cbc870b31cf967e04e13bd7280d338a67
SHA256 d34d477379b1ab60bbb9f41de191abf2aeab4a82df97962757d0ee92ffbb9e3a
SHA512 ac2b7c53f9ea950bf51ce0388007790de5f8d096c54035584dcf8281d04a9820aeb3d461c8784e3647ad00d97b17650a95e21e1d9ce5f5b3f3ea17a76a3e19eb

/data/data/com.brid.zdkj.mi/databases/requests.db-wal

MD5 5e3bd47e17d4bb01629be8b7d8b54e12
SHA1 5eca9884b10bfc55bd1b1ea0222f437dc3b25a61
SHA256 16d4ea51548f4601ec5de2916ee164f4e714b8143b1d64404029867a73211101
SHA512 6ecec8e3be5377ecfe5a8f535c896f494a0641445e6cb2f8a5e80b1414b74b2828cfd75aeb670e09fdc1510960dcf5bd03f93ee8a0e23d0023cd6fa6ac9bb235

/data/data/com.brid.zdkj.mi/files/a194a0a7214f6cbda0672045c51505d1/policy.cache

MD5 04ecedd182ec514d1a60d8d2ac199148
SHA1 3cc41071881e11ef4a5e8500ba83eb91e0502aed
SHA256 690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf
SHA512 27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

/data/data/com.brid.zdkj.mi/files/TDCloud_Control_Cache_Param3

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.brid.zdkj.mi/files/_Ladder_Project/Archimedes_p1

MD5 4ab6a2a7f33273084b688e2bacc4189a
SHA1 b50166718a63b22da16d401098b88d0df630d7a2
SHA256 53dfe179217c9b66fcfe139dcf78084d7b5b3371a80073c87c8fa83d04768e58
SHA512 ecb7741084ffa2659a3a1704b4b6a040077c849fc45dce3d316e68d0e0157c1dc961d8844898a55f22f3864f78df332172cdffe0c6b7a966e574a0b049e58fbe

/data/data/com.brid.zdkj.mi/files/_Ladder_Project/Archimedes_p2

MD5 ddb9e12b0a361874760dfde837c33a38
SHA1 e5a42e928dd6b184ded787275e8675f437f6dd44
SHA256 b3a7bde2e6486eda45918e76317ecd6bcd85666450bae22e7a99e641044af2d3
SHA512 160bf40e326f4a0d83b3cf03924701957a4d73a515568ba122b37d5b74c605dd5153b981dd1250d649badfdd7c7d0f2e3f76e9e32978917de33bd769f45d82e6

/data/data/com.brid.zdkj.mi/files/_Ladder_Project/Archimedes_p3

MD5 f383fba37d454b5e7966b1f0f968261f
SHA1 7d90cbc118fd24402728f3b0a29266b125b72448
SHA256 65b7f584b8aa80703357aa498c85c0bd4eaf58b015eb2a6e93fa67d1ca34b919
SHA512 12a61636269fa35a63901f4e36c54e5ba114e2ff752f97dd765ed47c65f5d4a8257ee4d4288452d1eea83c507f64de6f776b815e13de34fa81d14ae03699cdaf

/data/data/com.brid.zdkj.mi/files/Archimedes_p4

MD5 ff4c7feee4eeadcd510213e0e7862f8c
SHA1 228d2c03a89f40f362eea02fe016126c3234cb53
SHA256 e063cf1412704348cb5792c2c727c1354edb942bd900f78eca7b5355aa1e3790
SHA512 c3bc07f720f4451d82c687eb8af4ab810c17627bb63b4978c56f63b580995a8b38189da1485cbee1b4cb885a3bfabe71a7c487bf0c6a84445c9d03a6f747e5af

/data/data/com.brid.zdkj.mi/files/Archimedes_p5

MD5 81974c902fff750a5bc005d80de8220b
SHA1 bb77388b9431cb7fe15c0b13f339c0d44e462eeb
SHA256 bca0f7a30bc14e22ebb46af2d6538f30bbb0a187305289f4084a5ebacefed5e9
SHA512 c5c1a9d353c6af13bcf1256e85e84c5569023de636dee4b54434d227d50dec159be9e612def39e4b981c2d96b4cfefcc83d101c761ce1e8f5ee0b6f0c0f04339

/data/data/com.brid.zdkj.mi/files/mPBE/salt

MD5 10cae6370627e0c00d0a46393647c260
SHA1 198f70ae04427e3d56d0b5596f8e0b8b96ad1621
SHA256 671f8660b1596b3ace0f39b7ad619a56efd8b7d32c4a7e0aef00378932a6e1d3
SHA512 629ab70027944be1f122d7f1ace699b5e54cdb95de47b8491190ab76113854ccce574fc9aecd6967b0e520a9da162e722da83d327fd49e9318dc9150343b51ca

/data/data/com.brid.zdkj.mi/files/mPBE/iv

MD5 243af6e4b1000542151cbcecdd604976
SHA1 a1b7dd8bfa5e28c053e50b079f8dbc3bf49c4652
SHA256 8323f9f91a16ee731735e5550e9d450232f34c6c8db425c7d339e95583f706f9
SHA512 94cab1b5a902ea7f5fddc0d423296893f396959fe168c432f65e2bdc0d71842caf185ff602099af504ab4237e0c2151ab6a6eac3f1aba250bc3287aef107181d

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430608534_4174

MD5 4be73945ba19c23ef707bc0610810e97
SHA1 50193bebe6b023512e0de7c70a5e4f2635341cbb
SHA256 33c9114e8ec3009987788626ec55f4a634c576acfa6521babf4346455978bdd7
SHA512 7772da7bea05ef8e684da0a55db22267ce737691c345fd49012282dc23b1d10ae79fc421754bb0626f3ba9a2d0a415c02f4c6fcb2212589096ada2bbe1fc0c1d

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430608696_4174

MD5 2ace7bfbf0848e56df38d2de693c5faa
SHA1 09794d3f2297b8f67b099f585851fb2c6ffb5594
SHA256 4500e4b041c8c8314b7e6b4f3e3b855fb7e68f72c0324696dcbad084fafcf22f
SHA512 75ed89ca8ad740ffa15062e8285ef8ed71ca5fe8ad04102c907a47ca387eea8b63430f1af6cfcc51771ae0d18c3090aef803708bdb7496d21bdef0eff84063ea

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430608823_4174

MD5 090b6585ddef686f263dab688ec563c6
SHA1 5486c6deb8e46ca3d6d29f501c1902151e235b6c
SHA256 0f98e58d092cab52d7ed8e8dba5ef702d3f637c915f8cb406de546e6b95825d2
SHA512 8e8d934d225584a34ccc72302b670a0cf751949a64533acde7a2f3bff781b44df1793fd65634b05fbdaf838db18331c2be50a040025abb03853ca97a54868540

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430608963_4174

MD5 0cd5880c3d8bb3fe2cde9bf67b251c7a
SHA1 b2b3aaa974356a43b491d2a279f21403b668e87e
SHA256 763e93a816d6e981626fca474a6b6d388fbcd8bbb342db5fdf62d1b06d4d4c98
SHA512 e2e23c292376c46939efc5a0f5bc0222e38f2d493720a962daad7c29cc3f75b874e7e3bdf7834ea194cee179ce4ac1dd9de7b078226cf4b2c699b4291407bfbb

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430609151_4174

MD5 558e1afc147a9196687b4eaf68ad0056
SHA1 13ea1a700f0b21e4fe999d07e7ec660b356a4157
SHA256 0df6098a53a07520de7f73e20258fcfb8d63cfa6b4d6c3c40635d58ecde61309
SHA512 0f77b7d89e230de0c246b2a3f9342345ea299feb5af27e5fc7927e5a194581769c0999b819e399116891fe928304b14245aab535d8c63f95eadb464f9de2378a

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430609424_4174

MD5 f4bb60b8f701c541e69bdc8e8c17ab53
SHA1 04892dc9e4c8b7d56b34ac01a945517206417821
SHA256 e25a55bb0c6461ef577d2033040c107526cfef7e4d1ef5b699447543d2637e83
SHA512 99702e3cadd52dbb6b9665de3c9d1ea901bc0fb24d626bac00978795fae90efafd30ff1aca0116892a49b99dfbbeb73c1d670990d059d5107ca46be0069b1a0c

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database3SaaS/1718430609661_4174

MD5 b1c73e34bd22c7be43c7e6218f58d6c0
SHA1 b6fb8d74db60af42e7d167c141c1c94189ef539a
SHA256 9e6638bc32c46ca553c4bb6ecd3cde27264bc2d3e045a1aab8aadd818cc53f06
SHA512 b4356edd5983ea77313b3fce783aeca08a28d7d41a68324a96eaaa5d678e1975d60cdcc2cea8057b2dcdb719602fa55914ddf1ccdfd8059b7101c48fcfacf52b

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430609983_4174

MD5 ff2e3619e4e2525d4765b161724b9ea6
SHA1 54aca5798afc0d8b3c75031c82fcc39d998a83f2
SHA256 c8563f0c6b4e5ae12d9cb413d7c1f1c310d44cb8e37375520cbb3ac4bcb50925
SHA512 e3f9e4bb078942cf929d85f3a4c4fa5070ceb0c70c900e6e247b2a95be030210dbc6a96cdeaa1b3429cfc5e8948a69a643db159e6ccfe3957961100131a346d8

/data/data/com.brid.zdkj.mi/databases/reportServiceDB.db-journal

MD5 c6efaf0216b69499a8d883917299106e
SHA1 73069c20953299c99bcdcef9ea4aa4c26486ea2c
SHA256 4ed2383b05215239dff89d9c5c9cd30c6b38b878c29801287bbe663c7a007663
SHA512 2b84b57f7d573f0ba00ff3a0dfbfb7d25585e21fba7e412d0a758fe03269f0a84d9bfdad0bb8292318db568503bfd05f0bb8aeffc6fb87c1d277b3155aeac016

/data/data/com.brid.zdkj.mi/databases/reportServiceDB.db-wal

MD5 5ab11bf53eb8eb9262d19ceadf52623d
SHA1 8a0b622a815a1a81f4950013fba8953b05f3747f
SHA256 a469df23f4c68a813ad267220319c3b11cd065f7b19eaaa77d36927c80403470
SHA512 164c766be8daf59eab3c58673d8bef7d225da9ae6ff3353e8200cd9e89590bed5dc333bfa5ce03d78d148222cff862372096e7662a1266db1a68225f0a8c2f34

/data/data/com.brid.zdkj.mi/databases/analytics.db-wal

MD5 8d7af7ac6b51df24e67fc66aa9574003
SHA1 9ccb9fdfead46081295de0f1ff898e9397f41491
SHA256 a27688d51a458c21629173ebe9cfb14b8b2911684215fae4b697facb4981871f
SHA512 50df48ceef761375209be093efa765000f60dd961b494023996cb86e56278ec3cf1f25cbb13d2d4e522d5b33be9a517d7738b66d456058664c049f26c9513133

/data/data/com.brid.zdkj.mi/files/a/b/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 adf74c6eeb18424ae96792f31795a85e
SHA1 2a1791759434831de0bde90fb1016ae02fb44875
SHA256 9dfe39523699289bddc58b5d35346e131916607ca6cba18336133700429c065a
SHA512 e39604cf92527f820533f60fb94ec3bce2a75d5192e9009bf1218b6a570fe53c791a0d23860ffe33517431d00d7e98763f9c930992b68ef430a9d7f72ec0a5ec

/data/data/com.brid.zdkj.mi/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

MD5 a5b74cd950a3fc8211cd1f75f8c76888
SHA1 5215121a2b52d4ff92f5eafb595b23f98eaca4be
SHA256 ede89da9ff9a2be4072fff6557629b50404d617e5441e1dc21e2d2d53569b932
SHA512 bbd08057dcdcb48f68d28d7b4ba75e5f312d37859c9e9edf43907d0892169749a7aed835e8bca3dbcbc9c592ab263bb3e33c489a58aa91757098c67b91e50275

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 8cdc0ea330096ca6b4f1d15ae858f03d
SHA1 69bcfa25a8951a85688a7647c8b42e1ae940ae14
SHA256 2a07fd56951e1c56917734e53def987ea495819578a1bb2dba03bd86982491be
SHA512 98adb3d8df74dc9b12eaa6e8871b20a29f50e54fe80d6a0008e8f675ab99df9034a8d68adcc9146fef2334823e6a65b56bcc6e491b13bdcff4217b8fbaaa770c

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 ea8985a75b326163e0c57f365935a741
SHA1 65ffcd52aacf9bcdb776149626cfaa9c9556f147
SHA256 b096245a8bdabebe026ddc838db0b4f9eac5f0219101066b318c024aa3a50421
SHA512 a8a6489f1825e71a73d4d96d27d0759b410b78684c190511b2b98ed4741b18cc6d03412ac994bddadb862c5dbc433a2e7ac34419ee50d2b0179933a72866943c

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 f854ee43e675eb02b015dc153eb50e3d
SHA1 223e88ee27918153215206c5c51c6b25978842c9
SHA256 487f3dd629efc4d2b9d610e378b11117a66bcd8d31192ea30e615d5d3b7632f5
SHA512 375981a46c6bfb48287d46f6e083419270a9f01a7c624298349606b2995da723af0e33637d800179b3e873c620e3d71eb43599a9ff5bbbc580924d3fa92077f3

/data/data/com.brid.zdkj.mi/files/a/b/f533337ed12cb4e7c792a32f24bee6cf.0.tmp

MD5 aececf71af7387d800a481c8884f4c0a
SHA1 11e6e12a727b6ca4ab6832a9d2524ae966394066
SHA256 0eac94b97321128c78ef6beee67c70d6b15c7564de1cb6063e77e15df03cc3ad
SHA512 1b5e460434ecd2f4cf64194600213d74e8b9d83cbcaf42af918eaf46cd90bcad5bf695e5adea3a1ad72f416671991c920f372e1943d5e950100836aa5fdef202

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 2eae7520c9f1fc8fb82ef603527e7634
SHA1 8761c653f0e460f34e2e072990b17688c483009e
SHA256 c0573820914b10f9ee29ccdc0e83316185422777428c605b99981a83355cc6b3
SHA512 332457e9977e6689d09b27e1518cf32647c05cf81a966215e25265243c1c414ae1bab46e3869c32fb265bceb77129ba565ca592c88d74718558bd2e3ef383781

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 5e53c0d3768eeca8f031d0ec81606645
SHA1 b20088af219586fd84f089be88bae8feb564f028
SHA256 191dce4acf3e329d166e052aa99973641a2fe1c4527f4c45cf778c8431104da2
SHA512 6658f8670ebe658687e1375238ca012967ce28bb16b912ee13e923ccc45db7280d5bc2fd4a553ead63cfd465adeee61406606f8bf599de564ba229743d970e3f

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 b4e5df3232017f5cd435cce6d67d9829
SHA1 54efbb305cc17b422f7b8a302e1139db358e62d9
SHA256 a7103dc8b0f25f5f7d0b6a052c6e7cb5c4254e826b35eb852669f30d63c2335d
SHA512 d77699f939b130260475d1deb50069fbd43435e83ddf85036f49bed3ccfb9353d0907377265eedcdc754ac96225a16ceaacab3920b387b1d2aa38c2f9c3226f5

/data/data/com.brid.zdkj.mi/files/a/b/95f52b29dd00cff48e643bf76ba01465.0.tmp

MD5 84161fe043f50e1a08f6d574960566ec
SHA1 73d60c1c2eec25e1a33ff30466f7d29d399cde40
SHA256 f2731be10007e45f934a7d06115049deed680226baea3b307b78e4ce49893ffb
SHA512 01caef50e4f924cd02a287e20fdbe3b7dd2be561d19513e611e9650607a429cfed6bbf2532870f927c0bd046afb930d9e1ecfd038e37eb62b0ca56dadfa20118

/data/data/com.brid.zdkj.mi/databases/logdb.db-wal

MD5 87afc167d39a7b43db2954f976baa8f2
SHA1 6c49c36e39b7857ead4612e8acfa7c0e2286a15c
SHA256 b942f5876d5ac90bed188231cbddd7930b35757199c221e3253de2aeaa3c9458
SHA512 32bcfb509945107a3fccbdb7245002aad6a1bb5a924d02247f661d4efa3f00fa8ea008e6f6a1006f4d6ea4e16c5f3f2694fb5f0f286b7846b4ac19d47b6faf96

/data/data/com.brid.zdkj.mi/databases/logdb.db

MD5 1527e56b0b39cb9094fcaf5d4cd0485f
SHA1 c811396bff151ec08888c284ae6d8ab69cf31135
SHA256 47159bf775de978f096414aa1786cae7e6d9b3768a40b6ff38356597c2d4b916
SHA512 ec34434ae52c46f773f5ab7a1f1a2657de1b099dc3706ace0462e5f1f63159d0a1214c815be3bf136b61afe4d531808a8ea6c651f7ad0045ace543ebe87b8132

/data/data/com.brid.zdkj.mi/app_analytics/oat/analytics.apk.cur.prof

MD5 05e3bfe4dfbb8f63c40d6aee40fa8401
SHA1 319f352fbbd33f8d6a2626c9d05bcebc90398213
SHA256 1e8b76f0f317d3dec8f3b918bd803b4c94f5c8b4b2e20e6791663bedf4233e46
SHA512 3b2dc08d25d7a21df2724f2f99242cdf8700b61ed7cd73ffeffd686684c0d06ece76677775c268a9256ed3b1ac3f06235f20d70ac7c1c3c0da3115f60bb1461c

/data/data/com.brid.zdkj.mi/app_mimo/oat/mimo_asset.apk.cur.prof

MD5 aaf3779c06acf8f29cdd74695beb9e7d
SHA1 aed4e4b561d220898d716f26c3a77198b228f08f
SHA256 1b13535df17fa668cc2f6e78929779b8049e55dc0060a9282544f9154c47c36c
SHA512 b7af3b373af090b4b23da0233618eea730b17e3f0792a93eef9aa18f6366373101a962ebcbd4633e9b110840c7e7d82b80e6586d9db0a6601ff09977272b8d66

/data/data/com.brid.zdkj.mi/files/__database_reborn_January_one__/td_database2SaaS/1718430658169_4174

MD5 04292b0606ebc2aeb112ae6cb1bdfd77
SHA1 433d2eeb51386bcae0b2fb011d7a751a539af103
SHA256 137e1f4ce05a17c6bc7b0c1453a498468731e0cfed1b944b57b545b274fbc4fe
SHA512 2b6f3708029cafb610d715e7cdef7ca8759f6aa90f52d95c5a9bff3f43f696f0d855b7862874dbde91a13ac3eb53c2ad79839e6d02a95a0d65ea94da7ebc5a0f

/data/data/com.brid.zdkj.mi/databases/hmdb-journal

MD5 7c0c37b83c8a7dc385d551c1f99aea72
SHA1 68176e28a6629171638619763bdcacb3a10c6570
SHA256 943caf80bc4bb999cc8aed61b5b06ca55e22b9b830c9928572cf8fb244a2eeb9
SHA512 185de47489f96f153e2a8753a4f4a1cf22a9fc753b32b1404a85e8a5dffb61cb8149cb998c2daf4321aad68aea5c6b96490516e5728d6c5ff2a1eb6ba511e34a

/data/data/com.brid.zdkj.mi/databases/hmdb

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.brid.zdkj.mi/databases/hmdb-wal

MD5 9e6b88f62fdf05c7a79503a1494ab5ec
SHA1 2e091982be3a59755db92876ca3a69a8ce8cd313
SHA256 82d99df0084285ceb18ded34dfc7d69fbee6174657b6319489c73a2f1ca399be
SHA512 e7e2683a1c7ab1764ce0d49d5054ae87f3ed12d089ccc36c7ee2096b87a506c50ab5f56c5743d2ab6a1aa17bc510d757eab711f49640c6c23b8aaf7563a6cb57

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 5e35c852bb1cd4d3321c28193e135856
SHA1 27b0569d4b298eeacb67d0399428c0eae5490b79
SHA256 54fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364
SHA512 3ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

MD5 ec551fb424a344fc08e0555712f2ad4c
SHA1 933c54fde6b34da8e831d734995b696f673bbb3a
SHA256 c51db24c88c91a615fd94b30829c716cc0d2b8395e90eca605efe77908f4053e
SHA512 cf9eb7c45641b6cf9a172689512a2ee010100cbb97809a917e67d5ff4d1913b3ebd5f8c052602dfee8a560403212c960f8a6f8c09cb53e2d61b2e9db4a7b39be

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

MD5 731fba9d21f23915576ea5dc2ea3ffb8
SHA1 d1fdbc209db8b71d1b4e5341e75b8cc88647146a
SHA256 87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab
SHA512 b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 1db06b1fd93077aa630a9e4814a7c457
SHA1 f4f42973e67b1f5671477fe09f984b4823e683d0
SHA256 7a2f2a541d0a37a297e3aa5a28d4048179c62aeaefaf97c6501082428e8ba9c2
SHA512 6ec0f30c8e434ed0856f5f27221d22a6df6a65f9a3365d1b0dd0ca7857a24fcbcefed72f8f595eeec7a112b480e643431b3f126533f0f58cf72ec12d92c705fd

/data/data/com.brid.zdkj.mi/files/a/b/302ba74a656c04e34a61632854136ab2.0.tmp

MD5 6b7908504f94258451f9f761a91a9c2b
SHA1 01b17b6a35d3b9b46f8f9ef7c573252f1761637d
SHA256 fd9eb5a0e65c4819e839fc273b9adfb9eae2aecccd11a658d8293222dad926c9
SHA512 5b28f4100e82df1b0e67ee0489b60c228ee01a4aaf8dfdd037d85f1646d53f34be542f83e36e60e29b3ca6b7ac960e9da515e5d87e162866acca15bc72ae16c4

/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal

MD5 83529557800aa878382ddb819ec267f4
SHA1 d720d0b17998e5be189dd92fc19dae68fdc1836b
SHA256 36a41ce50d420dc11cdb4b56761e83b0bd80bd77384682cfc3b4ab53672bbece
SHA512 1272b98046fcc52bc649bce6bb820a088290f5ff56e67742f1533097df67d3d5364a4377d43d22ce6a5ec24fbf667e27b9212b63ba0936bd128aedf6dcc2b452

/data/data/com.brid.zdkj.mi/files/a/b/journal

MD5 bb2bb3c7f69b521ab3d6ecc2484f2aa0
SHA1 78aeec28c6eebd2bc0bcc8cd1de7000da39895ec
SHA256 3e2738baad8ab6a1034a9c9368466a53cd5c85f9a0a8ae67f50f51227365c320
SHA512 038fae485921cfa125db8b3c968aa60dfb77dfaf35553a01d9c03130e7a3eafbdf637f06c4c29d524e38b49eff02774aabd0e99844fcfa084391d53b9fc98b87

/data/data/com.brid.zdkj.mi/files/a/b/c9ff5364ac8ef8a2803ef4181a8dffdc.0.tmp

MD5 4e64e897512f8f2d83e2fa3c2e96b7ce
SHA1 3ac1d98d401b6090e5324079d1c3a733ea6f24d4
SHA256 8b709701ff9e35b6ab8e23a43c44f8435ae477c4466a3fbc5dae1ac852984dfd
SHA512 69ef8be07fd8dba52c23953f37e55a76e7bf8b86f7d86259a56bac98f4dd257f483ac867144b39a8d3c01e594f29f41c1365c864ad13d7b0a38d4a1421b5e417

/data/data/com.brid.zdkj.mi/files/a/b/007b49ef3d069fe798facab5b169613a.0.tmp

MD5 78280755a574760868042fbd92110819
SHA1 54aa3cf95143b2ffb8207a2ce1395d4ddc43767c
SHA256 2d96ce79a8ac2085e79fd10438068985aba99424ed585eebe1d87c03f518e691
SHA512 eb4eaa371aa590b541d7c8b9d56dad6f50db7aaaf0c05a1c9661a43d0b9d2276945098abcdceeb167059e35e67c1e947de34ef1c044abb721e25c916eff6c79d

/data/data/com.brid.zdkj.mi/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp

MD5 c8653cae2a37627d670eca12e571f5f6
SHA1 89cad518a3827393912ffb46ef2f583cbaeecef5
SHA256 3bfb817d2af52fd4b10f31f22b92c14621a5dd00a36a019077ecc5f2caa07299
SHA512 c242f2fc21a7e85e628be1eb7b282836bf1248fc4cefce163bee895fa6b31bcd4b383a1584a921d22228eecf7064a097f314ca30b3fa74dff509762c4efd1b56

/data/data/com.brid.zdkj.mi/files/a/b/a9019c6b0ee62337782ffefd864f7d5d.0.tmp

MD5 1e95d21a00d9ef211288f93e5f41d04b
SHA1 f285a6778cc8799f8c4d12b5168fd4705fe1a064
SHA256 c749d11ab3717b43bb1ef4e9d95ba6808e17f25eaef03c52c19c200f839cadcb
SHA512 dfb948cdadd5e25faf127b122e8f21d0aa537ac9b705067dcb283853915bb0c24b26e00c8cd92ba8fc1c180b0f2721c696ee2173a94a98f23a6631dd18a63b59

/data/data/com.brid.zdkj.mi/files/a/b/8c7fd458a3352d68fc752a3193251a90.0.tmp

MD5 b5e25f1c0bc3289876c8caa6e92230d0
SHA1 53932a1f14bb1a4af340cbfa30843e4e2f1c0407
SHA256 544ecea53b67947a77926b85e4c3a25bb869fa45181110b40aa3060c896fe133
SHA512 524751bc8051afab868a2e83018a14608206b1c570eb75fe8c39206d1b208035718b95ac13dbccaabef44cd9d2a365bab66a902926915825e1075399e09a35db

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x86-arm-20240611.1-en

Max time kernel

123s

Max time network

173s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 d2cb58283cca389abff475485b8e5fa0
SHA1 51b92fb4dbf549d0b964724d14b621ceae196710
SHA256 97a6d4b106f7f66aafb9b81b9edfecf6a0d9637b14128f44e6472e75c77c9862
SHA512 3a0a9d652d640e22d19c7af3995db270871c12276979a5567cfd3856a9ffef2a6205becb6316dfce65d660eb9e07ebbab6f5653074c4dd13cf20ff03b48dd630

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-wal

MD5 ef4bf107d39eee61e0b2c54dc6f08235
SHA1 2f7ca74694e13faad9b7d1ccf6b0bcf447cd9201
SHA256 2506c6a89fb6e4d2391c3badb3fe53c0c27ed28ce362a0c59bc204bafdd5d463
SHA512 c947d3bff5302cdb6e79ad6b88daf39a2cb0ec532a8e5eefae8febd9429efc40844eabed2f6437a58929294971b108f29d90c36a5e3a094aa23eba26d9eac800

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 cb34bd9d7963e04442eb3106ae438b3f
SHA1 0c5430c5710b90d9fdc7cf81dcc1b3122c240bf9
SHA256 0d2a10081073c40c3d26aeae88289bb965c84d4aa3878e05e840ca50517a5777
SHA512 1f69fb2fa5ae757766ddbaae369bcf702a40bba66e49dcb32961af6df3266d8bf50f1a7e7abe176633430a9c7acd0e52a14d6cac91588f590149575893abf2af

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-wal

MD5 155cd35fa2434b069abe44771ae4bdd6
SHA1 bfa07ff764d7d5e24cf4ae3bbcf002bebce5a2a4
SHA256 3b724a926691ef950a8104e5da34f8cedc63261db45a747bb51e214b073df901
SHA512 5d95d2f7611921f4f62317a7a7f1cd4cbf451dcc0f1051ac4d8954e77107bad222b2123aacbde905fcdb46b346b3e2bfb32235d905ce54ec89aef4a24b5ccd34

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 5d14e5134ea3a70e448b40e0287557ef
SHA1 7d4a9be31aa0219f714ee8ba5864d61427d6249d
SHA256 3239f0721aaa0f46d7a00da6ab61ed50668e0a8d77ac92606a181c5df21e131a
SHA512 11d8b3376cc9608e1ae36b76a28592ce8765f16798abaf086c6ba3a3c1610002a7744a1d3b5629fd1813238494ff8b8738b4d90e8260ee7e7f6900365891d941

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 7b9a143f9e80a71196341029340c3512
SHA1 37cc5a02906e0ad6ebcd2dd89cadb96b4d355fd5
SHA256 abc728737e83b6f5469526d718c7fa9f71bd034ea9f1ef4d0a384cd5ec4c08de
SHA512 60580f51690a786d515b95b1e0c276ecdfcc5e575b53e2bbca1d1e9a8e8bb41eda515efbbfff60428cd7317c49fe0eb6b4854d27d7f9eb9a705b9547291a8416

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 76f325795ed1acdc1ab9b0b3a6824117
SHA1 96a68c6d7d1a221c9b3e9fc6573f65216f857c04
SHA256 82647ce6600fc1683b16569f0ae32f9883d3a5bd81be6b5dc73f7b5ced797659
SHA512 5e62fd4df8e096a6741aecf37088edc4d1c18c4fe06ba2a5ba81e3156e2e3fb7f65308ca05d66468942bc6c46ffc511a8d264b4042c6e63bf3b532ec3e75cdaa

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 e4065e7f6258de8ca1c2d57127e95cfa
SHA1 2e43e22f2013981b1372b90a56f8e522d923bb74
SHA256 0ad4baa0f867d0e7154c5c25d8ca3900addca9a136f435a133c770b845f1eeb0
SHA512 957cfbdeec2fa0076de2bd32283129e0454cf7125dabeea24f66f915d018fa050720ee5f5b3b577c27bee28301f434268ece1bc4ae569acd3af678b757094a61

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-wal

MD5 7827d6353a3f7188b2eebfabe1e1ff38
SHA1 5aac8ece4b7c09a11f4074ec842336cb7a0267d1
SHA256 e3217dd7c8b03362a3d45962fc139fd549bef3ffd5f5c5e3906a463867e4032d
SHA512 5345ed77310c785a44a40137a09989ac1bcc3706cd45c060ca8cc24e438c3bb4abb402a6660a6b839eeb3514af9aa9d1ecce22bfd36df19aebde1163e9392749

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-arm64-20240611.1-en

Max time kernel

123s

Max time network

139s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 84573e06abad8f16dcbd7b93af2a6632
SHA1 cab3b8a72ef9fa0d42cb1630568e23e798ae5434
SHA256 f41871bb74b367a7b81175c9fa2f257fa3b0fd889700e8a283c63cc37d87b721
SHA512 a87673a9bc7ffdec890304af35507cd28357d4bf4a83233b05d569fe433003e61cbdb2cdf83153bfdf45f8005c5a70685d41bc90cbcde3664041100335adcb19

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 9f65b262cbe83b21bcf92e9d67f603b5
SHA1 432b425584d27300c979221d87d05185e452d7ae
SHA256 554ee22f7dac402863003b53cd5cab48c7857b1fc1e8897674ac1b4f8f6d9bf7
SHA512 1a387b771213d44d4743c1194791d24c42e8ffe48ca5eb5a1fbfcfc429842426f9fce194b45b39eaf5f0fd4517654631e5d7e191f8ac989eee6286de2c994649

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 c531ec764ee157856dedde9642615832
SHA1 405a7f5c01e4a6871f9d0846bcd14affe1fa8855
SHA256 69e64e8adc0c34052294bfad09824754ca5ecaa71beac7437edece1e584d37b3
SHA512 1ad7bd1436ac47f02cf502f6ccbbafca1f4753067a45160e5494fd3c1add13d22c044681b3eacd484fec52f15d2e6a3e4555cc52ddf4bb40c5e84293abb0b8b4

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 53c3e93cc78d6a4ca0fc383e0a023f19
SHA1 5a8fcc31206d69385952d72216cb817a24e01554
SHA256 3e17fcdaadde7a319013c81258fa9ae9267555c5a688333a0bbbd8a3dc70c3a4
SHA512 7e95fc1160e50057870585962942e41b2b058c975f7401c9ad5466b081f247da779c224420fcc5753a5fd4a41dc878b45f10a17dbf4ba91b6da3fd14c5be4b2d

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 23c9b8acd6173747d06875fc2478947a
SHA1 3526b850f6c2dfe7a872e3dd86f48bad7928ce48
SHA256 90b6b198f5b75402e2a6d82fa9c98c7a3c0c246a5e17b77765c0063bd46e29d9
SHA512 12fcb4be1199074f9274bfeebdab030d962578175e59dee0da8426ee189b1ea4a2f6392d97e193a4d7554374af4910adda9366a4c55df8cf7e856f4df08953d3

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db

MD5 875e0ff3a59a87b9ffec5c3d97bd04b2
SHA1 0c0223987aefd2a3e3db2cdf9a2bdafc2c820282
SHA256 c72c1935c5aea58c0cc8cef80f33b1a0d4d2e8d9c6b72607a442419e87c106f2
SHA512 1b4d4d31c3355975181db99e441428caa63ffcac5648a3315e7f051c7bf468c0c750f014f23894e482ca3b5c234124029a021e15e646f4b33e8bca95d97f01f4

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 d8cd2df0ceb0db5fd1f7a450100f5f33
SHA1 6ba76fb4859b6047a1692da28e52584966b4bf67
SHA256 acb24524b72967d28c269d753980323567d1ac5a9758b778eb885830776a73d1
SHA512 7bfeddfefcde9b94c3878890a3b4e5c5465bd3be507d021f74359f78031dd475ab64671ff3ad02b1a5d93e2b546202e23ef7d41dd0042e6f119dbae67b6d6511

/data/user/0/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 40a80cf324c7a8f008f3d03a99f12dca
SHA1 830a20c9c42f2c7c3a316daceeec3a5aa42c5383
SHA256 8a5dd27dfdec54fbaed1172509018c74a77b104321dd7d787691beaf8fe13206
SHA512 f271d46e12915e15199813288fe007c0fcbc85498c160a923584442ab399b5d8b45a3172e20987abc186997c79dc54211c5e735216f316ddd5d596f921a57635

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 da57875c9afeb24c859c5ae36f248b9c
SHA1 52f3d38fca1a6aa1fa2fec36fc27b79c3ba5beb3
SHA256 7e75920a7c5ef17a096ae3ef4fa6b048252000d0dd54cc7997c45c00b6099b5e
SHA512 4bd60dd4a24df9a7d0b388b52b2730fac3616b79fb36f0e232af014f40bde01dc7d8f20076156eb04cf934416e0e0b8f6ca7bf25d3df73c7430fd07c9c6fa0dc

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 23fb564610c4ce610afd1b7bdee8e770
SHA1 dfb8ba316c6a09adee0d5831a6d2799f42ee4c7a
SHA256 925c414142dd7b2853560f1c9e02231c3a8d7b1abe56e5cc7b2110a3988c1d29
SHA512 3576eff757e376901af7f6738b7897ac8def571e29cd5af070f3af1b61c0bed2f2a4f04cabc0b1d3bf7dce8035480b7c271ee6d464315ef3c1f9010e3f048186

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db

MD5 a1cc69abfc62b18f6672daa99ee951b1
SHA1 269056c4eadb5a999550f1c8397bb5aa43b90241
SHA256 d67fc13e1ed71b8f91e3d40dc3df2c3f5dd89920778a1b9d74b611696f315d99
SHA512 3cfd8a72906c303b1276f3a8285a74f1597f6b77a18d8f1fd6beaca4487a0a48e6566041f59e8b431f6962e5769e899795579afce58ff7b40dd8a6099ec6bd11

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 d9e4b017db32f66432e8f2456e68cb32
SHA1 a3893ee6fe24a87f41a9c1baeb4c59acb6fe5175
SHA256 a79322cfb0e20970888b02f263fda2187d9471f8b69a3b6cf45354122a4f2104
SHA512 26569f2dc8b93f58bdb98f915e9edb9fba3a48f3aa73c2f9af723fa4b9b1244ee24ee6b0c94d3eb280c6c89547007314a8edefefced7670041db0bd3e8f8423f

/data/user/0/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 1cf6e7b11e95b9f3efa6bbd7825cb04d
SHA1 d14a2a6ebcd8d4d8caa4baa451ad5e4b02d8873d
SHA256 3b76d491d08e792bd7e5cb57456b0ee15abc5752fca94a3c015ac945597b467a
SHA512 ed037202f59479ba9bbaff0e4811ec5340f21c5264251caa44da3b445b1dec311e38b281262c70f4d8528b81af311a13f3a7fa496b9097281e9f7fb7ae35b0a8

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 9aa66287c330e48c5d41c36190864dac
SHA1 971d24c12722a44aba7df34d021477d274738e85
SHA256 3fae2e16005cf6002d9621e42fedef78c0bdf44f67931a156e838cd0207b8e8a
SHA512 01adb22e587b75165891d537988c40ed603ab977d5d12beaa52cb5f86120982c022787467c5f776a0081367c8ed5c62f4837c3ca4dc414f45134f9969a322ec5

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 596e11218bfabb7e932b4803c1508dd7
SHA1 d23a761d168d9595ccac98280ed4391781517c9a
SHA256 408b8c568f796a86d9fe6ee5ef99ff1a0d2dbdcebad74b66c8c174603fffb4d2
SHA512 486aa7de6092f166eba512953329dfa71b6e5956e839d8efa4397dd3e0dfe7330973ccc1efc802e5d91990ff25f1d1e3487978bd656a524f1c3cb3ae2123822b

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x86-arm-20240611.1-en

Max time network

152s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-20240611.1-en

Max time network

160s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

135s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-20240611.1-en

Max time kernel

123s

Max time network

134s

Command Line

com.xiaomi.gamecenter.sdk.service

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.xiaomi.gamecenter.sdk.service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.xiaomi.gamecenter.sdk.service/files/xiaomi.cfg

MD5 340611b379e362128c71623c5e8da1b4
SHA1 0673cee3ec93948c5474f182f9bc0bf0dbc0076e
SHA256 ecbb19ea2633933cda78f7ff1d954581fb582f04a4ef3104c28b20c9afe65f69
SHA512 7f6aa02295b963c4f3b1f93118e5a5230d163b54faafd0efb2ce3d5a8af9f1d8327f612013332388a6e10fb851496e147e300acc4f8d79389ffbb04ca2dd7555

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 9b9d95f297adbfc64d43dae344b68fa8
SHA1 555e53cd8fb8d1df1c6ba77d567de987a5c6eefc
SHA256 3cfc9e8067f5aa3fc5f38884dd75ea9f69b9f25f2ed0bdd99848afc567dc79a0
SHA512 9e148dc40ff302444164d2cf753c410459b4b8c8cc6645692fa76d6f9dcba0150477999e0429e860272c09b9b1fcbde1c0952d3bc86e70c9dc047748ba1b301f

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db

MD5 8b98fcfb48ddf707159c829ddbdc3c5b
SHA1 eaefb36a0e09a623e75ded3b959dc9afd1065e47
SHA256 59f8fabfb23252ca1bfaa126ae9d337192e6c105a60ede20fe5f567782899628
SHA512 7fb2801d83961e0d0fad96da6fa3b1c8713945544778e1235b68afd60697c7d3940f6542cf7556a56c41f8dd5e40a90c3cd9102914092e64b581d0b15c890b0f

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 f5895b4749d7612dfef5f7f984d636e6
SHA1 ba0f7a0b9a8aae5128b2a122a135a7ffb78f8d2e
SHA256 6d9f84bc9f1eb2ac9f1ca64ae4e2e20b0fcfb0f259ae038d80a3f3424568aa21
SHA512 484ed95603439b8e23621147919f02616113117ce4eb6d8b09a1e9adb138326a5bc4ee99eca9897925eb427d40110b6d0a215e7c40718775f93e2bad348e4b97

/data/data/com.xiaomi.gamecenter.sdk.service/databases/report2.db-journal

MD5 2ce7e04824fb12119a9d54c837515011
SHA1 b6a918d4c7723b50ed3fa7ba13d314253d1c5726
SHA256 537e70b2f587885a7ed1cb820f39f2d0c304768f69e473d779dc784241e4eb3c
SHA512 6ca847ae738a19677a7c47da5744ea870ad614abe42db01f6850fb0047d1df8004f5118c178b626d15ed43b18262b94e630d5c1e34864e4d8dac5de39d588d61

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 c898fc20a8a40191dc17f374d25a6489
SHA1 9e5bc73e7db4c6ab2c24598522aeabe8d06563ed
SHA256 2329868d8bf67e98a11697fe889e35c95bc3b2b0ae8568d1f4a55b51bb7bce09
SHA512 9f153aeee3642f88953721afe17a0f26c302eafe47bf65f21e27e8ca0c4db1c12b7a80122737453a93557a25407de57d54296980ea31951e7995e6f61f2c9c57

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db

MD5 cab9a10c6b1fdd948cfc52d06f75d961
SHA1 f9aba63d5fdd0bbd49227824502e21b7870a1243
SHA256 76454b2ff99e875447542a27745fe67f7fd1bbddffdbfb459ac18546ab58b4b5
SHA512 0e7ab1496508179ce88ee45fe49d39672190fce5a785bbeed8e0031fff14c9e42a7ace9fd60bedecf1c2562a05e82e12a3814cdbf8fb5dd2f11a87ee42fbb8f5

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 479356b91ceed374e00a1a57227791b6
SHA1 2cfccb2ad3cad708acb30ee3bae00db2029c921e
SHA256 afe635e666f367f615c7f681694e49e0d91e94597ee24409824c4e232660090a
SHA512 e872022a8aed2fa4bf3a055018055af3f7b7e1667e3042e6e0141249a4e6dc9c2bcc7325ac6e752d89a6866ff6559cc12cc89b9f7f244aea2be4aa4397699dde

/data/data/com.xiaomi.gamecenter.sdk.service/files/users/0/accounts.db-journal

MD5 f05ce2730b52655e92d887e85e8961d0
SHA1 38bf796c7b9e1043a79c32facfe31b2f345d21e6
SHA256 75b2f25eb2f4316fe252deb36b6b607345b1ad608acbd1884bd138e53d808d21
SHA512 3294a9b8e4e918b147e1c6846916d2a0af7e16bf94d0f6592452ac0a046ac093408f177f3b8b9c21085ac83b170485b3a07cc444fb8c240e338921ceb462c8a7

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 0004516359bd99a01c9fcd1af2b8b1ba
SHA1 2f69b41c40f70529c472ef369dc9a34d10a2fe8f
SHA256 a26fa9786395d37d864453b4ea3d3270f3110123ac810b5604d2e7c1a58a49ef
SHA512 6f6e3345c909ed6f819273093e307494ccfc32f871509885ff4d75f712365049909fbb2b53fb6f2f93e4efaed6093eecc16456817097718467f16388a091bfdb

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 a5098283c5b23fae2df9ca6fd19cac18
SHA1 00e8529b9db80f11b5966a1db929a022b0665b40
SHA256 417d4d1c3b9282a6c23f3e2863fa6835d0beacaf44346496bbef080814ecfd1f
SHA512 a42b1b0bceee5bb5c935f226079b8a57d62301c32883ef62563349626ff0ac8ab1171449bdfa04a151ad59dd82fe8b8743b6f835fced32b01bd43583e55f1478

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db

MD5 73c3bd154bf35fad6b909e8da67443e3
SHA1 841c18c19602d86874a59739ae408338bcd3050d
SHA256 3a827ab548ed10797e28d4380d67236fce431e77dd4f4e4c6406480178afccd9
SHA512 f22abd2a33e8684f3e8487b36e0e2a37f50760fd2a8291689e662a71b2e64c6b07993585b31a511b118dd66c043b4506abfb34abba19168eb911ed749f711036

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 ab8c1f2e06a3df41ca5b3ca88208fa96
SHA1 cfe1a36cff0d7f7afdcc48b102ed1b2df3c86468
SHA256 a027304a881746f6dc91f3abbe395d826261a6679cc3cebc6dd4a75d121b01cb
SHA512 ee6990ddc63f43719c0add03e2f4a52897cfa5eaae24e5129f72a9955fdedb5936358bfeadefc7525661fc9a23f4cefb5d9d54406c7439a4f8d3a4e83fc42ca1

/data/data/com.xiaomi.gamecenter.sdk.service/databases/mistat.db-journal

MD5 a653aeab04622a55879184ac7c0ffd7d
SHA1 586e1b7f5189077371c7bcbe86a7d8514a4048a4
SHA256 287f722721c14b86d27054cb28d61b9656d41b1e9a4a7176477e2412e49be86f
SHA512 3eaffd4904bbd18a4761191d3eedb38e7946c872344a2b12e306fc48025156cd00dd6fb56d32291e25f1ead9f38b307658044a05e24fee0171c841966408a4a5

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 3c3d49192e0dc0955710ab65892b47d8
SHA1 22a7d8262e0c50e64efdb5059e3bb15830740d0d
SHA256 57b9e0aa8b2d1f35443bd30e7565e9a0e2c1a337672c882160c953ce6a29d397
SHA512 ca5a3f465d12350d72f1df9ce12fa0b2a593f2ec05ad8f6cd491649f520e1cef6a7b709eca85e11eacdf0badbd8d9c359043bf69ec971e9fa934fa7ae468d175

/storage/emulated/0/mipush/log/com.xiaomi.gamecenter.sdk.service/log1.txt

MD5 306ff8d54d44a340b94eef1127a62d72
SHA1 1858163801871ee4d7ded8b5368e4381904e5903
SHA256 760bebe277b7a5afbfcab65a00172cfa038bd8c1cb58cd79607e782b3085145c
SHA512 368728164b4117550550b9676e4e69c5d96ab82da95c1a11a54c3612cac0b5815fa779a4141ed2c699740c5aec0064c5e43c32a2646d2a0d687da00254799289

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-15 05:49

Reported

2024-06-15 05:52

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

134s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A