Malware Analysis Report

2024-09-09 16:00

Sample ID 240615-hytmts1hrg
Target ad442a7e4059b7d0d545118cf8d1ccb3_JaffaCakes118
SHA256 b95a7cbc72e3f16a4cbb64a6c7c3b25cd5e8d548a4013e42f3c436cf20c36283
Tags
collection credential_access discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b95a7cbc72e3f16a4cbb64a6c7c3b25cd5e8d548a4013e42f3c436cf20c36283

Threat Level: Likely malicious

The file ad442a7e4059b7d0d545118cf8d1ccb3_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Requests cell location

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 07:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 07:09

Reported

2024-06-15 07:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

170s

Command Line

com.zyhd.voice

Signatures

N/A

Processes

com.zyhd.voice

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.zyhd.voice/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 07:09

Reported

2024-06-15 07:12

Platform

android-x64-20240611.1-en

Max time kernel

168s

Max time network

183s

Command Line

com.zyhd.voice

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.zyhd.voice/.jiagu/classes.dex N/A N/A
N/A /data/data/com.zyhd.voice/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.zyhd.voice/.jiagu/classes.dex N/A N/A
N/A /data/data/com.zyhd.voice/.jiagu/classes.dex!classes2.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.zyhd.voice

com.zyhd.voice:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 voice.csl2016.cn udp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 123.183.232.80:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.178:443 ulogs.umeng.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
GB 216.58.213.14:443 tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 123.183.232.80:443 umengacs.m.taobao.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.97:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 47.106.45.115:443 voice.csl2016.cn tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 110.253.189.208:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 106.11.61.135:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 106.11.61.137:80 tcp
CN 110.253.189.208:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 106.11.61.135:80 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
CN 110.253.189.208:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 ebjvu.cn udp
CN 112.65.70.244:80 ebjvu.cn tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 106.11.61.137:80 tcp
CN 110.253.189.208:443 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/data/com.zyhd.voice/.jiagu/libjiagu.so

MD5 98736de515958ae37ae93a0a0e997098
SHA1 72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256 335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512 cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

/data/data/com.zyhd.voice/.jiagu/libjiagu_64.so

MD5 faee3e2700558d7b5439f45321f2843c
SHA1 1ef44475fe13c66d968966b12525a1f483cac18a
SHA256 77a310eaa0f39540793eef60f151118269059a9881a4d94ae35229fb541d90e6
SHA512 bc6bd1dc479d9d77462608bc60f0960c22c8e98ff91f2c6d36cb19b6d2cee1bf50b7a93a903f5e3610b8a7b6982c85807cf07d2274117eea25557cd02d3c8f96

/data/data/com.zyhd.voice/.jiagu/classes.dex

MD5 b68508e8d5354412e25718f1afa809e7
SHA1 45c5d9becc1b3ae0b880e93b53cf09e8ab834236
SHA256 148a9114a426fae8a967b0b007e75820a85b992a2d4681b9d30aba2d6ba593f8
SHA512 75a510ca4a2ef38bdecbb682c515f1315e0b3a00c15a5847a5a0f8b2ea6978bff4da61d7c499f2886876eee7f1175bc18f92cfd3d474dc5c6cf060210ca0c431

/data/data/com.zyhd.voice/.jiagu/classes.dex!classes2.dex

MD5 a096cbb6d37fc388fc3107503e63bf46
SHA1 eba7f2f9329ab74d0c57fd5628029bab3e602c7d
SHA256 ae96c172ac0760491ed6361a9e37a42bba60a1055ea5d0c8d3ab063fd7c91fb4
SHA512 fffee95d217cc22c0f666c9d093652f58fc68c70e364a3ca5b25813042c8d460ae1f8017f310b8acd9bdef73212d0aa473b45327b9bac93dc9d2a48b86b5ce9a

/data/data/com.zyhd.voice/files/.jglogs/.jg.ri

MD5 920d5749062a43f2c7d3467121bc2179
SHA1 6f82f9d7b0f5dfe4225b28c6ae9fe78514d8d417
SHA256 058ebac92ad296ca61115e32b0901195a8d182d01f81d718c24c1fa58cccb69e
SHA512 1faf6191211a86f2232d877905f063f087f13500807b2b3e6063dd62d81dc55e64a99bb97a56541cb72e08af4781bbf2cd1768cb065828a512bed5f191394e33

/data/data/com.zyhd.voice/files/.jglogs/.jg.ri

MD5 46a5b1ea73986cb92337dd21de7ffb80
SHA1 d8e788fe011858b0b4ea6c9a9955c9d5696ee7ea
SHA256 847c8625ccf842944bdb982d8c4a78b0ad623217167ddf612e487eab44583502
SHA512 95ee3aa8af35816c13588e755511edccb4bc21be59e5bd0a28708897fb014b53d470bf077dc0d7ec4ffdd655b32250a3538038134d2b9b8da4d5190869e9293a

/data/data/com.zyhd.voice/files/.jiagu.lock

MD5 d274a387e476002a902c57b923dd952e
SHA1 3a03cdfa7a2a06dde1d752090142723eb90026a4
SHA256 2626b924fe8ade141b79e23fbebcdcba088b9f5c847289c29badf175235e60cc
SHA512 977ec80553661e7754e09c60f03a93868a1e7e46c8d743c5b5c92fa536e501107a7505617dd3d8a69567c0ef9497f9b14e6f6b95deccbfc71e4b5fb198a39b34

/data/data/com.zyhd.voice/files/.jglogs/.jg.rd

MD5 9798b9ed22d38222b4e343696a3a3148
SHA1 39b09fc823c44b178806e1aa7b0b39b30c402dd4
SHA256 421a4bdc75164bcc8621835c715cfeffde449379cf113b4e4fc7169ee3b15b65
SHA512 33071ed18f9d452effa94aa866231bd8b53b7086fa941db8d9e55291f9cde5e2bef6b5dcfa8cb5f957a0e4e4d474a4135a3e030c91b2caaba790165933a1e9b1

/data/data/com.zyhd.voice/files/.jglogs/.jg.store.report_pid

MD5 50f3d63f4b9241e212be8ec20bf3e374
SHA1 10353f506f0aa9dfab398275482eb42da167232a
SHA256 be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512 dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

/data/data/com.zyhd.voice/files/.jglogs/.jg.pk.h

MD5 2d733f6f69b9efc9b6bc185229d54e7e
SHA1 78753e3a8a4de26d11e22bb38f187a8db58ca0bd
SHA256 472436b1235c032f509a6baed7d4cbf40320186d3f7fe886fe41edc3bb3e5068
SHA512 4b8d9b1aa65811df4f7514fd00f09707abdc9302e92a79bbaee17698ffd50ba0c0c59be54c9d53e8400d72eb23fb71e9ddc1a9520f0397724bd0efe0c37f5998

/data/data/com.zyhd.voice/files/.jglogs/.jg.pk

MD5 7991fad2445fe48d361c4483db91f388
SHA1 82fd568cd601d133d959fc65c4ec3c1b1e99afd6
SHA256 32fbc636cdd79ff895ec178c1890ba8a537425e9fcb7e38eb8b5973a9c90823e
SHA512 d6fb947b541763d6138043c28ff2e8978e4e6a4b6514d947c97c29313e9c14b463231af94ab7c7b6f6336cd8a12ffa1862d3926e65251f8b017cc60229bde1bb

/data/data/com.zyhd.voice/files/.jglogs/.jg.ac

MD5 7c15d88a444af3070c9d8082586e59c8
SHA1 75bc6f93cf49706003346d092eba083937fbbcac
SHA256 f5d30c231d178ee585b401b39460573359f370c8657ee5f195d8364214abc512
SHA512 60e197bed745424f5dd230a00196b0d74a9990cc1e468fc110ab4890aa60f64de1ea742a12e64c179db175a1a91af2e54583f8d8f12acb411ceb9a9ed47564f4

/data/data/com.zyhd.voice/files/.jglogs/.jg.ic

MD5 078779e948e31ecba04f83d3eae766c9
SHA1 bf5e5a10832a4593fd18395ac3dff69463f56550
SHA256 d347b822db6823d07ea6560ccc6d9dcab0a22c4725109e0b235a383f8672da86
SHA512 dff944950d4095fc66495c494c9231449fedc487fe1adb912911f6f0f601e08fd60494bf0f56fcdced88d337c4226b27348fc64f875a6ceba8cba098cae15e47

/data/data/com.zyhd.voice/databases/MessageStore.db-journal

MD5 a5fd9a6d9de71960bd32846644fed640
SHA1 320ae68a44da1abd0de8d6d2e3d333bba6323ad2
SHA256 0c8208ef27d44068223c257c68e80eb0b1d360953150b45af36c03799d583963
SHA512 373f4f1e23acde53318a9d14dee0b5e0d1d1e0f408aa5d4b46c6f2cd76a3f6280541ac5d6ae4040f50f7c3f279cff36781b9396ac9f581c9192b1ecf7b9e5513

/data/data/com.zyhd.voice/databases/MessageStore.db

MD5 15669eb47bb19111cb64fa7508b227d7
SHA1 c7585424afeb0fc7051697b771eb3d81e0e3aae3
SHA256 ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071
SHA512 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

/data/data/com.zyhd.voice/databases/MessageStore.db-journal

MD5 d9fe8101193e6cb9a803683efde488e9
SHA1 1a22fe2b0df8122e42becd0c44db122f04f6990e
SHA256 5b92c9da4959bf7638fe787229bc01a3e31b7a779ba984e6e57e9de6d0710e46
SHA512 3d302f9116e805bb46936135ddfe88fd4cc7782e83be72c8d2b399a46a90bc93aa2383048357b1b10dbf23555ead1f4fea984b09b0f470f2091309afb494e9c8

/data/data/com.zyhd.voice/databases/MessageStore.db-journal

MD5 4d04d6715b112c6b8a8f71184fd08f06
SHA1 b66709ebe426cf9ab443eeddcf2b390388f79d06
SHA256 805dab0418a5e464246d7f87ba3adbaa6c13494786e4a4de65aa6d30c31d67b2
SHA512 614dce1990b95d6ce160736bf10c5e01f855778364955f9504aaa498f848f89152757b33a4bd0117bec0628b7d103f6ac114f064b97055cc56d62019983f47c8

/data/data/com.zyhd.voice/databases/MsgLogStore.db-journal

MD5 09bcca537480ba084d912d61e607f406
SHA1 a7f15b08381a54e5bec5b47bc98de1d5bc957b16
SHA256 c497961348f86f5a0c6342ca991980f4096fc8005bd9f56f8bec002f9e7137a5
SHA512 e58e3a5737f781a5a8099c0ccfd1051d2da403138e44c8ac16ee4454d91a8b2ffccc348d86b7927295f1eae08a9e9abed8cbcac1228f4016426317e633538e1f

/data/data/com.zyhd.voice/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.zyhd.voice/databases/MsgLogStore.db-journal

MD5 1d7a533e4c84e48aaf93dc73ab53d379
SHA1 5da1d20e412c9ae947ad27a2767b874f4523cd1f
SHA256 1405b52ef220ff11f62d4e9638ce1c3ba2dcbd410d230b8d6d96316223fe2018
SHA512 064e108cf3df555c9e7aa9f0de1b185ed569961f13ff6d30633cca315667f86561985a756fa59e349fb9f67f5cb3557a4d9c5a3749a98efb9509369c8caac311

/data/data/com.zyhd.voice/databases/MsgLogStore.db-journal

MD5 e1d5aac7c9e33542a80d2bc17a99590e
SHA1 befdb153dbcd540549d55e7140cc86e9c763f4a6
SHA256 a7420b964ae3c191df7e7862f0a13175a1e28455bf4ba2dd9c04406c92303ea1
SHA512 52bc9e2d2d01202f2a5bee8071748f74d1aeb4dd50abab0779a73e1ead5bf0086ca3b7df104090458400bd3dc7af4e85a1b284f3af779e9380033619da10b39f

/data/data/com.zyhd.voice/databases/recode_file.db-journal

MD5 1b39af346bbe75da398c11148cdc9159
SHA1 3dedde40e1128914a4e8725c8ceac5aabf05551d
SHA256 c62c3b19b4f3a807c387f7dd9c6a2f4ef0d290c5a56ed5bede0c20f7bdd44fe8
SHA512 cc5106e7b30d3fb95a5e121c07de4a78f1aa401e6364637d7e9fb0bafb038e2bc5de4d022acbbdff32c77459bb515224af113c1409da8067082c828071f4d66f

/data/data/com.zyhd.voice/databases/recode_file.db

MD5 3bfc58f3624f0cbdf8f806f9a6e3539c
SHA1 cea569d62ec6097ffda8d361607276f6f7579701
SHA256 14acc69ebbc53ff4bf52604a47c8eb395dff2a1fc8a1fa05fa9690edee6fcae3
SHA512 c52e577ba8d6750b87d5cc366b32a184c506564f5eb5e26357905193372a604f7e12bdf790d806a8852be4b827a08c9b394d6d0aec74ad65d406d12f1163d791

/data/data/com.zyhd.voice/databases/recode_file.db-journal

MD5 60111a4a4be1838423464987bead34e4
SHA1 187810d5892334b35080b7525af61a731469f8ac
SHA256 c5c37b50f193a5034d7559bca48566c618dcea40a34a3bb02df82b061b409e7d
SHA512 53d7befa4d55fe692f92104b5772639f8500ddedc61f9ff55a43d7b917b41d538a2f33c5e4ba0e920128faa214adceef5bd4467f12afde2f5a1aeb40a712e003

/data/data/com.zyhd.voice/databases/recode_file.db-journal

MD5 4b13011a5486ae79babd8420c9170d3a
SHA1 7831a14ddac90d8aff7246db7c52ff02aba75958
SHA256 11dc9d6d7bbe99d26fe3d469eeeb3cff183285a79081963ef9fd38862b489da4
SHA512 ad70818e18d272ce8a3adc44099b95e8b4818ceb67e05a8900380bab3aac3cb7ce6628a8d4e036992ce0061a3c6141300070eed1e39d6db6a8dc347878fbb9e4

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 5bcbf6664b81c78578299afecd3d3882
SHA1 b786e35714e20f0cc3f34c4b3661a41ac47bf36e
SHA256 65389f429143213333e042d571f5e283137ddf744fe9ad37d10bce5ca3719788
SHA512 d7c75fb577a6e6fa959a86404308c79883698518d78e4c17e50e321849ed19be5604c692024470a33fc9709a2f433df50d934557990303989af70ec4ef8a0a00

/data/data/com.zyhd.voice/databases/accs.db-journal

MD5 4ccf4febe7497ac93b66a3588941130e
SHA1 f45ab349d119a645a6a0c33722b509501ae90b26
SHA256 7110e8ea033d876d3e7f6087d84859056e95ae687cd42932fc4106935e8262c2
SHA512 d1704216123fd5a22e5580d1bf1957bac49c12fb228b200801ce387006f67ce7ddb3075e97a930fd8711dc48d05279ab8ca5b75b0320eda49b21491ea00fab1c

/data/data/com.zyhd.voice/databases/accs.db

MD5 d95e1280cc553509d7b5b7851398db12
SHA1 121eb76ea37f3407d0f3b56392f6f67893fbe649
SHA256 58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c
SHA512 f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

/data/data/com.zyhd.voice/databases/accs.db-journal

MD5 0eea055579876a0c3c57c037cb5e3882
SHA1 04c50ae5da2b4cddbc7d9add01faf5312cfac869
SHA256 a5917810c41befa73be4fc3322cf087c49eed03f0e91bc6bd9c16bcd9552fc79
SHA512 e5feb29ed546ca880542f0f3a55ad4c50567d08fb39f3aacbe348a99dc1268880598653fdc6c8528b96afcd17b8df1c2777d90fc271ce1d4d7600b6c65ff658e

/data/data/com.zyhd.voice/databases/accs.db-journal

MD5 8008dd5beec329ad4afc78931632b28c
SHA1 7ef71cdb333ddaa2c8a62c44f374c007d8fc3305
SHA256 d15dc5e2a9e7a52e73f375c77678ea9234ecb31bceec97e417a250b650e8ade6
SHA512 accf6c8008651f5cf8a917184a059cb3b120170c2fe267be7816ebec6c7714ed1a6dadab1c6c4fb50cd3271ee37499badd7393ca1918138b283ea5165a2ba312

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 d2ca39a542200527df18dc8009f15100
SHA1 5951adc242799d66fa65faf4f7a76e55c0075cfe
SHA256 0e5941570fa51a37a3609d12420a4bd4e539591016ccc29bf0a54e46d16067e5
SHA512 d5aa6e9e1387bfc5380438bcca9823513e703101ee82cf84f4b78207b0e56137a37ff1b15e96e7f4acad755f9c8b7be9d261334abd836a8d6964ee4579eef109

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d57b26bf569bf9e580c40d0b708c21a3
SHA1 31f1aab076c8245a12207d9e0bff9a6d11aa9689
SHA256 d65c73ca27d61fc401058e84b3ac27ebefbe0dcb2b7270f2f201a9ba58e52594
SHA512 244a613b31f678d4da1de31559f118bb733e0803c2c4ef6aafc7093385d517222e8f36c2cd924222af5cd24d4c415991ae8a1b75cc720e0771bb33790598d438

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3dc9d4ca45681a37048e835bd73781cd
SHA1 c29ee292e5fcb915c60cd93b02dd4ece0ed13285
SHA256 66e2c0ac76cd2086170b4847fcd9d34d3ee8971961012509fc9f0316dbe7f48c
SHA512 773945df1f01a94509a292bfb8989df3f0212634cc4dd8a51da2574a818031d88ae672505a59c0d2d5044740a648fe9128673d5087f5e073d1253c70fc2abffe

/data/data/com.zyhd.voice/files/umeng_it.cache

MD5 aeb7dbda8af97ee07c6a91309d469f39
SHA1 6285a1c7baf942e530a09f02af46fe5ac8f0a851
SHA256 a65b31538022050be8268407f8b77092d9e7ea81e6bde2ecf13b87235d41dab0
SHA512 be63f2fc93763f7399af8b432029573079a1df14cc742416f306f3cdb433dd92531c8e87a704fb39e8aeb02eac91147472368f6aabfee61f56976d76a04c3ebf

/data/data/com.zyhd.voice/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NDM1MzcyNzA3

MD5 fdd55cd9c700121f9e934241c476cd95
SHA1 1936dbb0d1f8d9816965006f5ad4e93ca35f6f9c
SHA256 1715e4ba352572774ac20b89f904217207bd20abcb0410d0baf4669448e96464
SHA512 6fdbdd80c81d4038e1a71abf64e6819fc7d0acb0836a481747cd2326d4af57270eec58000585535e14507b6c616e866dbb0191abfb5b9a1dc8d3bfd175dcab69

/data/data/com.zyhd.voice/files/.umeng/exchangeIdentity.json

MD5 74cb8ccee65cab8d43e93bc9d7f207cc
SHA1 e5fb62de46de587a172083fae28e18aaa548adf9
SHA256 d75deae94bf730bcd8360e33605c4e46a0c20daec8a14b6cd47e3585aa37951c
SHA512 bcf8b66b7965bdf194cf091be2b0d082fa526a7ec93087304484764f21e8ea9746a107c0a8cb76951fd48e2b05a42c8be1a57c5da0277550f08fbd2cc2d8b4d3

/data/data/com.zyhd.voice/files/exid.dat

MD5 ca26a729ee4529a8b5f7190e803522ac
SHA1 43674568533b11815b1b2f43e988517adc0ec798
SHA256 6aa68c5fe9db8dc8d4fc044738ea9eb43df26f6b747f28a3378d2a7402aa567f
SHA512 ac4f737fcf8e39438c29ae02ffa0f5d050df1051ab5e1963870688f21c6e163aa89f53a1a2e915976ad273397f236fc666fe379c5f448d55c015276e9479bebd

/data/data/com.zyhd.voice/files/.envelope/i==1.2.0&&1.8.0_1718435374964_envelope.log

MD5 ab2234eb93b957c251e3ee450cac2e4f
SHA1 44c6a368f52e6cb21161d58ee6097d274f42bea0
SHA256 66da7c70a84056aa759cd46d88812c273e8395d493ca21b6ceb565b63ae2165f
SHA512 43f29a20619f2d337af0d7885074577657ea83912dc354d7a07b7af009f45c15f14f450112cdc6f17c05ee596ba3f54f43e49c56dbf2050070b587b6b55a7e67

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 509deb8a9623162049efbe61bf4197ca
SHA1 87d5090afa116c43ef571ae9d41318b9df5a8406
SHA256 7a44d3b5679cb7d2238baa13244c5374cc13eb9c536b2b5225bf23139e411bf3
SHA512 75bce9ba8cfa20f7e0e3810c3c227e091298c460becd5a44ee3771b2f9ca058391bd43d15ec650859869391c07db9e01e10dd6e992a7f0ab47ee2fdc5e957765

/data/data/com.zyhd.voice/databases/ua.db

MD5 a342af56ea950c9380be27c3d7367861
SHA1 135ebdd4d3f0bc23534e3d01dea5451924246474
SHA256 11a75167d37d8639f826800a09d15d24a5649f2f268acb4fb9ca5af44ea45bd2
SHA512 a5984169c9c0f5baaf01b4da27cb5db4de4021b296b3d709a5c27548b0dd14e56278338020fb9788a0170c034f61086be8599f8d1c96f46352644885c84bd378

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 e905a5a499fc5512951d67ffb852dcee
SHA1 da871f0a334e48edc9291b395cffb953f4b7508c
SHA256 2232f1b824082b250f66ffe861636f72cb654ee23879dad159251505e4a9f317
SHA512 bf2aa813b9cb198dbfb3de3371537443f62ecff2cc1d202f266fc77518878a2219f927fb8d20143533a9ece6a2729d8cf730dce73cd9bd65d2f145fb23c64551

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 51fc97df1ada600b8908842e4eb98188
SHA1 5acb7d9834c04f825e0abbabf9771b4a40c178f7
SHA256 6ac399d5353d698f589886391137567309f9958ed6737f80cc4be450d0c9a6f4
SHA512 42403734a535157bdec0b505c2cf035e61883b02a3b1047a0f4779c064a63f4105156493b6c8d5aae4166d1f266a0076cc2fb9cdab99b111766f7f2df965e0f2

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 80c7e9529cd75439d777ba1fb2554034
SHA1 aa79d2bc2ffef0f6c757ebae5dc8aa2daf6d501c
SHA256 68a0abdde62ebd9c2d0bfa7ea312ec4e8a7f2fb3b71580ff1d91652b5df8232a
SHA512 e4311a876e5adc9964629515295bf27afba8d1982e1a64c0508d017da25a518d61983db9dd7ab2db7683131eb1a48436e649bc66b7e5416c80fe513491a5c732

/data/data/com.zyhd.voice/databases/ua.db

MD5 7cbe2c019442d2258fcbe7c915cd3bf1
SHA1 74b71ce9dc06e34bb89754c85c51d7bb1a032491
SHA256 9d026c5dc056f9b3c6da8a0319a9094e7320e35f20b656ba2a378a6329cb11f1
SHA512 9a66de71591502b0937c19e861b29540c4a22346530d3868922c0890660ace2311ea6da0ad8fb1238edd3f2dc0f83a1d400724ddfe66f0b876a16b7f0fe21dbb

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 16a433c21de4fb4f150f33888bc47b2f
SHA1 aff0d692851d454160b73be6b2adfd5fdca21a2a
SHA256 046524caf2fcd1ba4f995bcd584c43aa3f536dff7e0db5b659432b8be0808682
SHA512 a414e48212baeb9dc2ae22f3bf992f3a851780be7598e07926abd0e6c055901558df2673df9f6fed080f7a5fc5a7fbcca8f97468afe23ddd0638505843d0fdd9

/data/data/com.zyhd.voice/databases/ua.db

MD5 f48249cbe32e6601cad815ba0fd0efdd
SHA1 7ceeae8bb3cd83e5d4925dd516bb196bb403d4cc
SHA256 f300dbeb37195858223d2d7d5df2646f210b5b643b30ed07860eeb7b6f42bd06
SHA512 4c3239fc594d26de490626dd7b3332a1e912594869289fad24571de5a1ab4ae6e21c7aa75d93bd16e9779aacf3d982092b146080b655ab0401d95af3b2582b49

/data/data/com.zyhd.voice/files/.envelope/t==8.0.0&&1.8.0_1718435378813_envelope.log

MD5 1fddce97c35bb85750aa55579bd2c9b6
SHA1 d5ea530927c74ea0ba379aec0bd4fcf65469db98
SHA256 ac3d247a435a2830c14251d4700c5032a4aa395c2b35d4c2c37b66d662245e37
SHA512 63982f766bc2f49b6ed3808264d5223c3eb032a7afa7913d663a981ceb861bb9f75f2fa23a41bf68b841917a74fad06d7842be0a1c773f774d3b45c086684e9f

/data/data/com.zyhd.voice/databases/ua.db-journal

MD5 b81069f24156ad54327d62278a88faca
SHA1 66f83ca09bf8d859d587484389306ca473ff6436
SHA256 4287b68f79551ed9311465e011fbd5157a009f1f30df8dab6ae0031f141fde94
SHA512 9aa536e72a77d1c321bea688357cdd55b764588604ded264fde27b2f32307869580dea7ced0480cac3f2fffc2820814b070d155f858a6be22fb917317f287b56

/data/data/com.zyhd.voice/databases/ua.db

MD5 2cc0571b3bf90b13167829416c74791b
SHA1 6f03c4f1c289b9eaeb0e568164d81a932a465960
SHA256 cb1bf09a181a532733bf1511dce0ceb43fabb11641a54b92faaecd54c855156a
SHA512 e8a37ac4426f473467d31ce5e1bd63dff421be1a5467a5ea612b82e646e75ffbcb16b3c474c5d267e40e25d3f4b69ed41a3e4f9b86365f379fca1b200cf51e46

/data/data/com.zyhd.voice/databases/ua.db

MD5 7a92f3a7ddebced7ab21e49a6db81160
SHA1 6919665ef4e3c0a306c28e954a5355e934472f22
SHA256 017c58f4c9a7aca4254271e219b0914b05078ffd8610882d8c0592456b67f387
SHA512 2f121d14b295b7dedbe9ba98298ae3dfea065a16817b0394e75ead7409b63ed3f32d9961408f1fdeef406489e87c35899c456770f00ec28987d8fa5830f95c48

/data/data/com.zyhd.voice/databases/message_accs_db-journal

MD5 6115b9e639fe9a69d3e93218e12711b8
SHA1 2d5e8b75fa775b09891f4e97477813fbee6a9109
SHA256 011756fde9fe88e884f793993d62f862ab3aba695e60126e2cfde7914e499456
SHA512 41f71f132c1074edfb0e47c1d2e9ceea82cf84676d5558d4c49aa5ed5b177eb80ea43a0cea942d2d9779aa6fe64a2d6b531b2a98dc2724fba8e76ccdd81a9ee0

/data/data/com.zyhd.voice/.oabugaij/.fsgkea

MD5 01abfc750a0c942167651c40d088531d
SHA1 d08f88df745fa7950b104e4a707a31cfce7b5841
SHA256 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b
SHA512 d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 07:09

Reported

2024-06-15 07:09

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A