Malware Analysis Report

2024-09-09 16:08

Sample ID 240615-zp78astepa
Target b008355c86b3f4d156e74ca8f181f435_JaffaCakes118
SHA256 038affe1adb2bde60e7815e6ac0ade282a533e922ae68970966b323a2444402f
Tags
irata banker discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

038affe1adb2bde60e7815e6ac0ade282a533e922ae68970966b323a2444402f

Threat Level: Known bad

The file b008355c86b3f4d156e74ca8f181f435_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker discovery evasion impact persistence

Irata family

Irata payload

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the mobile country code (MCC)

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 20:54

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 20:54

Reported

2024-06-15 20:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

189s

Command Line

com.jovetech.CloudSee.temp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jovetech.CloudSee.temp

com.spiny.ma.widerouter

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hx.beilamusi.com udp
US 1.1.1.1:53 t.hypers.com.cn udp
US 1.1.1.1:53 www.jovetech.com udp
US 1.1.1.1:53 int.dpool.sina.com.cn udp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.jovetech.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.jovcloud.com udp
US 1.1.1.1:53 octopus.cloudseetech.com udp
N/A 10.79.217.129:80 int.dpool.sina.com.cn tcp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 47.254.93.223:35553 octopus.cloudseeplus.com tcp
US 1.1.1.1:53 octopus.cloudseetech.com udp
US 1.1.1.1:53 octopus.cloudseeplus.com udp
US 1.1.1.1:53 xwmediasvr.cloudsee.com udp
US 47.89.228.202:35553 47.89.228.202 tcp
DE 139.162.158.81:35553 139.162.158.81 tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 1.1.1.1:53 www.afdvr.com udp
US 172.233.148.217:8090 www.afdvr.com tcp
US 1.1.1.1:53 adv.jpigjqg.com udp
US 172.233.148.217:80 www.afdvr.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.99yesrs.com udp
US 172.233.148.217:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.myseld.com udp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 1.1.1.1:53 adv.malinian.com udp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 t.hypers.com.cn udp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 adv.quanburen.com udp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
CN 49.233.14.127:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 82.157.37.63:443 t.hypers.com.cn tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 octopus.jovcloud.com udp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 172.233.148.217:80 www.afdvr.com tcp
US 1.1.1.1:53 www.jovetech.com udp
US 172.233.148.133:80 www.jovetech.com tcp
US 172.233.148.133:80 www.jovetech.com tcp
CN 139.9.64.89:35553 tcp
CN 117.78.28.232:35553 tcp
US 172.233.148.133:80 www.jovetech.com tcp
US 172.233.148.133:80 www.jovetech.com tcp
CN 114.115.164.163:35553 tcp
CN 117.78.32.201:35553 tcp
US 172.233.148.133:80 www.jovetech.com tcp
US 172.233.148.133:80 www.jovetech.com tcp
US 172.233.148.133:80 www.jovetech.com tcp
US 172.233.148.133:80 www.jovetech.com tcp

Files

/storage/emulated/0/Android/data/com.jovetech.CloudSee.temp/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.jovetech.CloudSee.temp/files/login_guide_video.mp4

MD5 cc900eb425262c17bbbbb45e7eada97b
SHA1 fd5161ea13d197b1f3e729ce76c2883c5ccd0ee5
SHA256 d9f529e466d69f86bd46a22d333054f7170896fbfb5468b77b787998e72c3de4
SHA512 a1c2d254ba932d66d1209d6310b4aa345e660c79db183549489c84e08eba1e75caf9d0a8b6e9e2d1653d7c4ca8c15114f31199820e4259066f1807138252d83e

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-journal

MD5 9abbd892e1176aba9d216a5cf6f9cbc6
SHA1 55f9221e8022657df645abb525c08ee8e4f0caf9
SHA256 b6b84a43de72279d9b37678dd307e597a2b61ffc09b4628d7c43434737bdbc75
SHA512 e97f676436ce68949fb733cf778c839a416b03ad981be5333560da908e5084c334aa133b20c3f976865c53241a8130fa8b8fc605d885a0f9471d6a9c358ff5e5

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jovetech.CloudSee.temp/databases/tencent_analysis.db_com.jovetech.CloudSee.temp-wal

MD5 8b79fe41d9baf660126879e5a3738e94
SHA1 4620bca0cafb80aa4b02f3df7bb1e3c12b686e55
SHA256 88b803deed8ddf6b9ec06f4fb4d733ac0cb826002aff1f330d897a865e002099
SHA512 35f0cf3771e5908e81bf08ac26eec7ef7f8f78f37e9c38b2dd51b7af31387522b9bae4e7139b29576f17a19940b4c423384214e9a5cf1d817a3b8f13ddbb71ff

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 604ff86aa83cfb6354137033febe540f
SHA1 538cf01f09eb3be3ec7e6c6303fbefe35849b745
SHA256 50c644170f623fd5628243813f7f08cacb6704381f2e24c92f937e00ff3a8b55
SHA512 1df8331d470c3fe622757145e55de2a2ea753634b017d15b22107f6fe60fd18597346d99ed87ec42fbb4570ef0392ced69999aa3ca98f450815c8f424cf8c8ef

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 b4aa4db73ab6a78f0ca676905e3ab80a
SHA1 f90354c52b2ca02a03f4926e61fec99424195982
SHA256 7da5d70275fda2efad0aeda8162289c75668f5c41accd09d593ca93479c28272
SHA512 6de6c161038ccb06ac63630331cd48773cefc7d80e2f6f5839605672068aa68af192ebdd5c4d62cf82d5d9ed7d024387559d096b8765e6014a9fe48b3b0c3510

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 2ccfa975d7b570754a4091b748e4388d
SHA1 6a49a95fffba26cab68eb4fbfe3ad08fc56ac290
SHA256 18034048a80e7d5977c8d56f62b4b78b3673815f539d9d97abceebbc4cc31015
SHA512 4fc1acde7cf35daf1bcbb8074c2aa0921c6dd112ed3c1c8e90e3b3fce0b2bf41ecda696ad714e1e7fec448986bdba868fa2fd46300c82bd99879eb6776318765

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 8c147369842811c2dee9d415802ac256
SHA1 3efdb35761fc6f41dc87bcedf447b63799b89764
SHA256 13dcc438e7cf897bd780e0ef8a2bb9b74cba7d7d5d9908fcf22fbd9635410328
SHA512 435f5590975b55a08463ea3c1d9d915424379ba8b41e2f09e6af8eae5706b701618dddce44c786865563d2a3635b61b2963794d7cab5f33d2b693ca6da4ec692

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 635143543bfeed9080afd914ca6a125e
SHA1 3cd67ff94f6de13ae445ef5e8e7759ac68819f20
SHA256 41b2dc216c7bf99b2141655df38b180f94393c1118d0bfffabfad1f44d496baa
SHA512 a02801c0382679e53c9d854af676c002e5b7ceffb7510f47e126377488e9411b55b23b73dee21af589b91507de133aa38682b24c6eb4c00c6e26209b9ad02e11

/storage/emulated/0/CloudSEE/log_cloud/2024-06-15.txt

MD5 a2b4ce214c1be0f558ad2b1290c5f3ea
SHA1 f3527fcc8b44d97d2a5a16b5fd6bacbc2fa8a10a
SHA256 f5f5fbe7a1301533bd5339496368c5705339a66ef620b9c9bbe4c7193fe33b51
SHA512 91603cb6b80003cf2b2b4313b1bd6a0f449290602ede8b789c6071be77a8e634229d757e8588897b466a0d5735acbd11c98b1d61cf97fe60ccfd8dd3afd96b98

/data/data/com.jovetech.CloudSee.temp/databases/pri_tencent_analysis.db_com.jovetech.CloudSee.temp-journal

MD5 89a9011a1388a75cd2c94fbadd4bab98
SHA1 e97502a3ba9ada393f1b7d06c0f75e582a259e32
SHA256 7b7d54299813824a744d02b604a5f996e6b0f9a990f26d21841fe789b7a27e86
SHA512 c3e47a3d3e68d970ed896d1184421958e869b7b6592ff22ff00ae1e5d10a3a0ef0bdbdb5ac4fd1cacfbe9ef726ea24c74e3a1d7660df4f86c8c56c5c1e4a9e59

/storage/emulated/0/CloudSEE/log_cloud/dl.log

MD5 4c4c4452e7f99d8f3707aba17f6f1aee
SHA1 c45b6c81aa1768173b9610ed4c456d17f9f20478
SHA256 df0f51176aae3a2d87f3d9f336b94a2efcaee12ee60a73399491a46e8dc3345c
SHA512 d73f17800aa56b688d5b8279e5178e28903102e140ec4a3619f00ff538871e7d666050dc00c2ed4b0a9212fcd0080ce86905b79421d34f7e4db674984f3cdd2b

/data/data/com.jovetech.CloudSee.temp/databases/pri_tencent_analysis.db_com.jovetech.CloudSee.temp-wal

MD5 acc0615ce9483c1edf69bd30b322724c
SHA1 537b2bc65b3932c8ab1e6f7c19083f2f81aaed8e
SHA256 76fdd355529d84fb75283d4c3f5d246fcd5605efda23dc424133852305fc4030
SHA512 65df95876c7020a7c1292ae703ee756b53c41fb592821e72efa6f4fb59d0ca405cd4d0e40639d8e064c901f1057256697a8bdccfcea5b288733f2c2fee298069

/storage/emulated/0/CloudSEE/log_cloud/yst_connect_log_20240615.txt

MD5 d5621c0f6e615a2bd8900e13a9468b5a
SHA1 744eb647cd566e4971f784b654a8f8d1010756c4
SHA256 22dc752177f3e6e4fa68b5aa708f176d278b10fe37b2b643bbd227a7bde42cc9
SHA512 eaf0e0b8ecea22356ec0536572db495ee27a8737b79c6c2f208d34975fe8b473b971155474c4e4b1af6d550170db0e3b9c0abf5823e5ebc5f855d309f0dc0294

/storage/emulated/0/CloudSEE/log_cloud/css_cache

MD5 a604fd353568538d9348b305864d241a
SHA1 7663f762fa1e8a89d39f5bd245dd9cd0bcc05551
SHA256 135856803564cfe79e7bb1e88e4ff892cd20a1ad010411b237287298598f45c8
SHA512 b52ba1e8bf4a476d248fca3696ce43464d73d204c2919bb512cae78f240ce84fbf3519562c079414b929e87fc31c204b8ed9ec00428facea5b8ac7dd350d73cf

/storage/emulated/0/CloudSEE/log_cloud/yst_connect_log_20240615.txt

MD5 f0e22b751d59e7e46169e959eb29bca2
SHA1 4c51a45a33ed9bab93abf0955e936b56c9c23add
SHA256 10835ebe22cc5bc247acdf7b9bd434dc18d7d3448a790e705ef25102675f6411
SHA512 aa2fbe71e00add971080354859d3aeffe735953d214690f02dd6f97fe5d3c2b84b34048eca6d0fb4fd2c35447b3e14a6d5738cc9b7ec91b1b14e8e0f12fda8fa

/storage/emulated/0/CloudSEE/log_cloud/A_index.dat

MD5 96ec69eef4fe04cda7eb0dbbcfabcb8c
SHA1 60e1e6ab3d3c017159f2550966389d5de33bca1b
SHA256 83cde305e37ad1deb17d86f23a39bd2434d6719e30b307adebe5a189a78ff6fb
SHA512 a8bc5a95767b3cadba530f1a5c6201519a6df25a969f86bfca1a46a86641f8bce1d2983f51322314bae5aa841d1db774adf1093a5a3464e0d64eb94b1269ac7b

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-journal

MD5 dd60ce1acdbd092b2e5084fca3662313
SHA1 e79db9f88ab65fe73e84053764f51ae804021d5c
SHA256 1e17c2e4907a930c3df62131a0de712dd807fef8659884288947c0cea18b7582
SHA512 12806ae9bb9b526661a833cf399fbec6cd5f36c328c9e11c40c2f29e705d38c754e70ce7e2215c273e85b751242b20a76148bdb94693b9662721b8808dd2242e

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 b26aa444ee596e247e5946e27ea37a27
SHA1 488ec4dfbe2ce81171b35e5b77855a22c1979037
SHA256 ff19a2af62b2ba5fd979d54cb85d5ca188544e9e4a11f9d355587227af7895c1
SHA512 fb72c878ad4f58a133e738536aa8708d24796a2d441817094b4c2398c7ab5c42872d04f27e175d216039399307c675646ba56a984eff722e544a4e27611943b0

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 6fbf5b82207ff55b50847f3149c8d079
SHA1 8d9b5079f5c05dbcce9a35f032d512b9e1289958
SHA256 52f3fc4321f1180d5e45ecfcdae8926b34d92ade7dc4c558e8d8bbff0fa4704f
SHA512 17ecc887125ebf565ec5af99b914013339ddf29fddf6da35c11cad8e22cbf547da272be6a6c8932b1ec5fbd123c37d32e40dd0325a29e11036a6eb0421636e9c

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 5d75e5928f5b7bff4e346ea94c0751cd
SHA1 d8b08ec6d11a6870f4ca90c33f19bba8ea2ed370
SHA256 2f6f874a8bca3582ba7559c919c86eb6611d42cfc451b40e6f458bb7d86f82b1
SHA512 82a189bdb1aa362158183e3f30145064c13b466aa23501f0f1f7e1262a22a4fb853cc748fad02c4f69d1afbb18f2d10e99d8767d0400b884ded48846a44dd9b0

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 5df902fbc50e71d746b38e026417a5b2
SHA1 fc75b768e3dd31f29664f975efe7bed9f590351d
SHA256 c26b06c2b3e2286a4fc13f21744471f90f690c9c86dbd731b8bc27dffa0ef7d0
SHA512 7369c32abd3b32fb646fe76a6f183c7ccbd748edcfbb8fdb2476986669aaed2eb3c328621fa2a6dc9b07d2f5589920b39a310177ef09169ab19b595428e736be

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics-wal

MD5 5374e66efef48ae74651a3daa463e600
SHA1 764cdcb2e94288e966a6010f1878f35ed892a7c0
SHA256 f0cfc9c9cc65c84a9157346d35db432463397220f19016f230969bf88258e418
SHA512 c0f424f6c4539fbc9940ccb146800b12a5420f6de686b0be7976b0853aa91ab2684d1c03419b3fc81527f1a14ae4c40b10f426da06584603a1e2a40f754d6ef3

/data/data/com.jovetech.CloudSee.temp/databases/hmt_analytics

MD5 ae50935fc98b4522e0905c952fec25e7
SHA1 e6f38cc70fbc3998cdcb3d0687c5ded00e52c57f
SHA256 c2a0ce180b7dbbe6fa4c7c01637e32a6edb5a0df708e1d065085caf5407242ff
SHA512 5a7c2fda762c13ea0651f2be0f4592805b83bb5eac191800a817ed70de76d74fe000fc422b500e4e47f5bea39e70db0ec8892563c1ac3e4b35f2bc64f5b1277b

/storage/emulated/0/CloudSEE/log_cloud/A_yst.dat

MD5 d52328159d40f287fad5b08a3f77aea0
SHA1 04295973e685bf2cc031df99acb4204093fefd15
SHA256 dbec904ed2ad1756e8d468a35b4c7344c8401346005a6e1390abad64357a8318
SHA512 94a647eff08b7c9b5630bbb25515a5a2fcd8c97d75b2acdc5c046f9800195ffe45dc1a7a64e8a5fd21b3ebd8185a307221b47116a3ef1941a7f992ce22d06b2f

/storage/emulated/0/CloudSEE/log_cloud/B_yst.dat

MD5 972aa3e942f0cca4c4efd9dab978dfe8
SHA1 c6faae3aeec9ae5650a7decd932ca76edf647505
SHA256 d88ef8a8e5659ea38dee587780ef25d515d58910a2f6743a47fc3c81e37fafba
SHA512 3bd7e64a64d86bf474a686845f3ad93113e2317b6e395200b4e18bb1ce2ea67fdcb29b14cb29f81a94ab7d84dd5c377fbd62d8d86d67fae6b029a2e1da71dd4b

/storage/emulated/0/CloudSEE/log_cloud/S_yst.dat

MD5 f0ce11a35f0bcf1a7207e854512ed68d
SHA1 e47e024165b7f8a48e77cb253e1b502050b4b208
SHA256 73c6aca2c9cba7b3f6d1dfe9d933d0a832fa8e54f9fb17ed33ead46084d891df
SHA512 1ac9ed426fcb1f49af8a1029043fc2fb365bf45f725ad09e50bb162bb1a50bb0ae6dc2b33465bcec791810996b811da26eb6bdac6e791d89dc80779390b30015

/storage/emulated/0/CloudSEE/log_cloud/SC_yst.dat

MD5 b7e00a0a7607fd25626807581e269b1b
SHA1 3be37d8ebda4a93c3b4c85b7e1185f0b8caf3801
SHA256 495adc5eb4bc69f3cba964aab12c8a4fb59173fb9b07ce7b6ba8d50bf2aceb57
SHA512 49aeeec05e697f9fa0ec461e6599aeeecc266e6903c6589b7d5ce5243426fef443e5d4ef05c4c2cb38e5348dd439672ef4e6063aca0faf305396678740074bad

/storage/emulated/0/CloudSEE/log_cloud/SD_yst.dat

MD5 8d501032f2a737ead767b47ef349bc12
SHA1 057aed8d9123459911eba655eceebaaa177a9111
SHA256 d730b29223e1ce9a4b09abc8c20febfbbaea497f7cf649cff6df2495ba78945a
SHA512 7407da024025cd734676838576d4ad2acab0487e27543c117522d914a0efa8d7304871acc1eadcbc42775f06febbda05d2590c4c6a4b7353f33075417ce8d422

/storage/emulated/0/CloudSEE/log_cloud/SE_yst.dat

MD5 6b81d6b4add127e8ce151364d174a9e0
SHA1 29d21797f0d2f08e9ec4f9868319e72335fff0fe
SHA256 5910486ea88ba324955b97b06d825860671522857a8702ccf14beb65ccb19f5e
SHA512 3336fffe6bc329766a1c4366d461dba9feed6841c1c033c9c0de6249550e4355dc02915c1e7e7ffc5288e2558dbf8addddf23b17cdac00a0904f0bb581a08b07

/storage/emulated/0/CloudSEE/log_cloud/SF_yst.dat

MD5 8689b2b3b03512ae64a38dabb9e53431
SHA1 f74240c7e15f3d7b3ae235e1eaef8b928e6de517
SHA256 2ada6f28b0cd386731f470728548619246541d38bc6a7e64e6235232e09ad5c9
SHA512 ee596d46bb69982576a75220a2e6f647d50fd15df9cb7f097d45973d026486f5ce23c54c55f992392b9520f9ce7ba3a09ef53721e54f1d89131f1576ac022236

/storage/emulated/0/CloudSEE/log_cloud/SH_yst.dat

MD5 d6eb7fa0f605c689f254bcf0c4c7753f
SHA1 de81d61641ab292dfe41840efc96b352bdff600e
SHA256 e389fe050ddb56fc5a2d1678461e1860c3feaa1691ffacb07081b6593453b79c
SHA512 9148ec07cb12f757c4f11bee12211981590ef45a7f23bd52cb23e163b1bf73e771b5a76cb4a8874fa205503d500ec4ba23372cce148df52ff9302c7392b9de16

/storage/emulated/0/CloudSEE/log_cloud/ST_yst.dat

MD5 78a58ff056bbeca2333dc557dc94acc9
SHA1 4062636cc15a4157dae1c1661f24585fdff1ccb2
SHA256 87ceeb884dc096d6ebea5794e1a774eea87a82367b662cded80d55000978bcbc
SHA512 341008d78b99368926c297305af0919b2f0818a29f76f26e1061f7b32af848276475f8add59743d6b235984c09df89648b50099d0e84582ae47757925049b377

/storage/emulated/0/CloudSEE/log_cloud/SK_yst.dat

MD5 b8069b1cb006e99ffb51f352dd0be1ac
SHA1 693e948708b0fa3472a96c318fd4ced18efdda56
SHA256 80e2a35dfeada46720d943b8842a53e339158f36446950eb1ffe0c8e3d2fb67a
SHA512 f257b94b6e103f1e1a345d0e546fc07261ee5c5c561a9f2638cb7cbd6da6b01cd6516c0cbe47d36c916c298bfbab505ee9643baffc9e92ab15163cd53fee9a28

/storage/emulated/0/CloudSEE/log_cloud/SL_yst.dat

MD5 83ff3c4794e65dc84c93684dd5578821
SHA1 f6ba7baf664b7ca0f94e54b15c98fb59c59003f6
SHA256 58b8d7703a456c6ba593d569036fff133df498186e39d69c9e2d43d26b830505
SHA512 15842e16e469407bd4ef433ab624bcc65aec6ee40f80529ffa6ffa9acb5170247e714dbcdcc8c0ee85039d7663530f811595a75546b592267b79ca8afec891b5

/storage/emulated/0/CloudSEE/log_cloud/SN_yst.dat

MD5 a88d7980fb5f983219dce1dfe26fea5d
SHA1 1b8d44565dd415688eeb9ae3621460e2db763318
SHA256 77fab904a1239385ba87968094349e16ed977543d0d1e8a0b4da40dbf5ecc736
SHA512 72adb306a42dd5a2f5c5a5b7ab67e308228d8a032967813b0a33d7046699af8de5d6cf785dd8c35bd6066b59afa7e3f9a2d7b208cb59f4f9a9821fcf822e4b03

/storage/emulated/0/CloudSEE/log_cloud/SP_yst.dat

MD5 6e9221b33c23aa4f860769408279b42b
SHA1 c9d384c282ae709690b853e164f6627ea53a6e2d
SHA256 c51f6ec37fb8ebd2535907b34af607224b75ce56cc832388518598a44acba191
SHA512 73e08104217324e4ac80b3eafb2d495ba726361eb34636aa74e8fed3dc62566ee3571bab3fc0f3f2accb885d7b7c3359bdc1aced9b4f70f3e36a2c6f4b434539

/storage/emulated/0/CloudSEE/log_cloud/SW_yst.dat

MD5 e74de2579fb73c5636dae6480ff6720c
SHA1 cf05e31cbe6668422af237dd39fa8b528d7c5ca3
SHA256 81e3bc339051e009fea926f6035e89496a472509a6d0c7d36938df53dd2fcbf3
SHA512 7216bb6c320afd5b264b6b9fa6770238e36272fa6c43f99fc03e5f6f5356d2639a87fbca29da25b7a795fce63224d18d9288270e2b17c6ad6e9a7f1177b7f2be

/storage/emulated/0/CloudSEE/log_cloud/N_yst.dat

MD5 89fafcbe46950b587c0329a4b74ec20a
SHA1 b9e5922ee41508479d08059c2446cc11a8b55bf3
SHA256 af3ae003f6e71212b1bc58685280005f6976c2b8553840cc31b798a4c980cf4d
SHA512 65f82157166620e38e93058a0483bc0c8dc9b60c3f9ff44f9035d2c9fbf9c4c1f881845f72e9c28438c09aceea2c1e0331f07c58f7a8420b1d3e2460916acc9a

/storage/emulated/0/CloudSEE/log_cloud/SV_yst.dat

MD5 b9fbd989fe9460d89fb919d2b3dd1636
SHA1 baf03b21d462d29a215c669c82ae2543cb0058c2
SHA256 b84a46f3065fcef418994022bed7aa1a6163f976683771a56a727ad901abf93c
SHA512 d4844f9cfc3a17c5fcfcdb28d1031ceddf3fcc8db6204db19a6d39facf3769514475682334046d0fd4b37d47e49d54ba10aee139300a6768f4149d7e47e88df0

/storage/emulated/0/CloudSEE/log_cloud/SY_yst.dat

MD5 a1620657d60b366916784cac19b002fa
SHA1 792f2c5d9db928266b470b7e25a6cdc2764b5cff
SHA256 59fce7ce68ba9c7c4279e66ee19dc2edf4a7816620d5f6edf2ec45e470052113
SHA512 1bfa47f0a04e44df12a6a409df5d82ae9944de483576a05e2527063b9aafc70c0a70729a2a3fc3977f9254a9129025237bcd13dbf94ffb17e453757869101105

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 20:54

Reported

2024-06-15 20:55

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A