Malware Analysis Report

2025-01-19 07:59

Sample ID 240616-q5sm4svhpa
Target b3d5fc22f69a13fbfc2f61d8338963ac_JaffaCakes118
SHA256 2848d16e35ba818338b54c112bafeaa53406e8136c93a2627407dd8c2c9918c5
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2848d16e35ba818338b54c112bafeaa53406e8136c93a2627407dd8c2c9918c5

Threat Level: Likely malicious

The file b3d5fc22f69a13fbfc2f61d8338963ac_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 13:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate. android.permission.BODY_SENSORS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to add voicemails into the system. com.android.voicemail.permission.ADD_VOICEMAIL N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 13:51

Reported

2024-06-16 13:54

Platform

android-x86-arm-20240611.1-en

Max time kernel

168s

Max time network

183s

Command Line

com.excelliance.dualaid:olle

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A
N/A /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.excelliance.dualaid:olle

com.excelliance.dualaid

com.excelliance.dualaid:chk

chmod 755 /data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

chmod 755 /data/user/0/com.excelliance.dualaid/.platformcache/main.jar

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.excelliance.dualaid/.platformcache/oat/x86/kxqpplatform2.odex --compiler-filter=quicken --class-loader-context=&

com.excelliance.dualaid:lbcore

com.excelliance.dualaid:smtcnt

com.excelliance.dualaid:lebian

/system/bin/sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:443 mto.multiopen.cn tcp
US 1.1.1.1:53 folder.appota.cn udp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 121.199.60.204:443 mto.multiopen.cn tcp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
US 1.1.1.1:53 statis.multiopen.cn udp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 118.178.30.122:443 folder.appota.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:443 mto.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 121.199.60.204:80 mto.multiopen.cn tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 121.199.60.204:80 mto.multiopen.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 121.199.60.204:80 mto.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
US 1.1.1.1:53 mto.multiopen.cn udp
US 1.1.1.1:53 mto.multiopen.cn udp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp
CN 114.55.203.49:80 statis.multiopen.cn tcp
CN 118.178.30.122:80 folder.appota.cn tcp

Files

/storage/emulated/0/.com.excelliance.dualaid/game_res/info.data

MD5 cd5a9fd9eff842ecd4489a936b023f57
SHA1 17ef1db623fd15b9aa53bd7dc3a77efa059b6f75
SHA256 cf197eb268f4d19b9b3c1b7ae7785ebbb98ead9518c146146eed2a5a9886a142
SHA512 17392ed7a38218ba6508fbec65c7dd354a18d8a7fc70862ab638d73d81d980a0b6f1933124eb67ccdf7fa03816f468f8ddf404b7be701a977a62e7a06148661d

/storage/emulated/0/.com.excelliance.dualaid/game_res/verinfo.cfg

MD5 a0bae7d7ea603a2b2af932e180dead2e
SHA1 084a17c4c57f0d8117294fc6d018ef7caae24346
SHA256 8929244635010c48942d74af5a5290696e5618fc4799779b16f03be6c8f48681
SHA512 aa696f5fe51c054c7c7417ee342fdefae3902ac46bfc7d08e06e1090cb81c78bbdf32ba1b9f8255b8d4ea67a9ddafda87ac799494f9b7533aad09391298a0a96

/storage/emulated/0/.com.excelliance.dualaid/game_res/compVersion

MD5 ec0562757e6c3d9f8e9a3f20416cb337
SHA1 faa82cddd6742abf0649a3e3dc84c72e861ee2d1
SHA256 d7485f2c9edc565a15c6763cf66a63b6f7d41e3d143e7be63b4fc3cf4662698b
SHA512 c8e01abfa0adff7ae884ba2728afb8bfb1c5efde0da5803f9074706050e772e2466f836f5d1c7b4b047a585130dc0719b0b8caf733160c85c33579194561f7d9

/storage/emulated/0/.com.excelliance.dualaid/game_res/verinfo.cfg

MD5 baa9e9fd1c813f3b2ef726f6191cbd34
SHA1 d88fe3b06978ff2f75acf9288f6d074c8f4ede37
SHA256 89a9ed2bec1e8f0b0f2a36e99b2e2468c9de622b7d58595e22554fa66b5ef82a
SHA512 ec8f3813b6cf0f92cb3ac59c0ac2bb2715afc20eaacacab089b02d4e528395be218c65dd140244aec885e6cd37f7125461580413cad458927d047b1b97a7f0f0

/data/data/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar.tmp

MD5 c4ae9d252708a837957a9ffafb0fb1b5
SHA1 a9781bfa7ca6d79a46c7b097bc7b0a641e545323
SHA256 3351ead01ff61e8bbf5d71c7dad070f55b12a36c97fbb09f8583af269b8c7c8e
SHA512 dea404d092fd0151ef7b516c0aca84c52a96d46bc3074150c161e51259e8ce732565480a963419ca96aaea711001455d269db531dae1cb9c79971dc38a9952d4

/data/data/com.excelliance.dualaid/.platformcache/main.jar.tmp

MD5 81a6b68f93a2a6ebd99773e7acb69bb9
SHA1 aad12c03915062b5820034d7026cbbb4d5e2ffef
SHA256 de6b351b54176858e1b1a3263509a936b677758ba375d4de40b0b42139bcdb6e
SHA512 ad55ac3afdcad24b8d85d1a6473190733ffd97c8da65499841ac0e6e0abae2a9883310875719e82e8eb659a35928b30e6bf7419f2dd0bad97ff51ae8cc657f01

/storage/emulated/0/.com.excelliance.dualaid/.phoneInfo.cfg

MD5 0a540d868d2aa71366a8fcaccc2f4416
SHA1 2d13b0fef2c43642d69e0e3a4a24f3dd2cc1ac16
SHA256 5f8770469f6760a0ef00fb9c3dd403ae9cdf91cf249f17627cc8f73e9357121b
SHA512 5ed9e8ac8781d358a0e03469e68ba7f7b70261a9d4c4777a3c22c1504f6f8561f7226ca8dfc3e5160e7f9cb00cdd91e9452658b86e9186693ba303876c257281

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-journal

MD5 e1deaa0c77766a19c1f0cecb52781543
SHA1 c1ebe9d705b1be06c026e91c74acfc17123a721a
SHA256 8d47081948fcfcffda29d5953141778911327bd109e9d52a718537c6a7ebf821
SHA512 f59c619c97485b8b5d2401da7f24cd9d42629115c5a44256eefab84bf4d0c26784253139a3c6fddc3781d943d879ee8b855d0c3e8e8483cf6a83de445d541532

/data/data/com.excelliance.dualaid/databases/lio_statistics.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.excelliance.dualaid/databases/lio_statistics.db-wal

MD5 ce4b14a3e8b875dd0bd507d2786bc5db
SHA1 6af278606e804b6caded89c77d13e655edb8b520
SHA256 784a7ec242a1a9eb1d45105f658660e809a720305299bc44a022adf7e55f3ad3
SHA512 f3d2d46a9bbb02d6e02bae24fed42bfdc43b8d2837ff44d4b011f2fd8608d3b3fa4f14178197a96517832ad8da935b9cabf3b87e676600506887a321dabf72b9

/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

MD5 2fdaf30b790f25c84001193320b164c4
SHA1 719985b162d23fdf2e11ad3b501c1d60c653b1e1
SHA256 1072d56fe7d7e66895cfa29c16a52cc0b53beb602e754f33870e9ed9ece42349
SHA512 2d3e9b68e18ac66d68cca3b765e8b7f25fd81873b2dc88a1f5c6e0c4b29200a7f5cb8d93e63d8d6a6292557dfc26ad6621c188cd63ffac0359fe2d20d462dcc4

/data/data/com.excelliance.dualaid/databases/airpushitemnew.db-journal

MD5 55fb6f47368dc93e8f618aa74431c05c
SHA1 add1598d47f8d36708b8348189233c66b772e60f
SHA256 bafe2989338537122c60efa18573452a4a42eaed282502e408ee34f3ead269ed
SHA512 cb55b00cda8d5a7d0cec67315a9761b3111bb55d56103a3bd507f8a57e13e62393762ba462b214172cbec23309c1c36def204bfd6ee4c41b12c288919f9cb014

/data/data/com.excelliance.dualaid/databases/airpushitemnew.db-wal

MD5 97a5c00ffb88490640cd4055b3038486
SHA1 8bb146b803b1e925c2ab41a41d4c41cec1ba4fc9
SHA256 285ca15ab10daf40556e0b56ced52ddd60195d4a2b05ef7831c68dff65630e49
SHA512 20a5839465f0c9a0f52f348298e16fda3b5d6d2105d004b3c241e56d4a33e8077a1054a7bf246e058c1749020a9c98cd66b9d8ec76b44357acc79bba461850fe

/data/user/0/com.excelliance.dualaid/.platformcache/kxqpplatform2.jar

MD5 60378d24cc99780ff6c6f36ac35d9a15
SHA1 f6a4ef7e02684444d17c40aa9043a7d2fe95b18c
SHA256 a36f5c15f151c8cfdbe4cfbd2612cae9e1de65278cd7cfda3129034e5ee704b5
SHA512 8711392b0e49e2303ffa94ba465a3b96dd7c3f92d55cab3a507adcbb87455c4aac22c66520948d69c84c77683929742b3e1f8262f92d49d3dfd727494f66eb91

/storage/emulated/0/.android/.systems/.idcard

MD5 6743ed0c343bd99a4e0f7e114f7867da
SHA1 841f5decbf934d4c4c66e69e3c9fe5ec424fc93b
SHA256 ca1b99c572f0017ef96569e24a84d167526537e4a040eebd898d6826179ed7d9
SHA512 6bb225f600b3ca79ab8c53131d9fb007a7e265ee78c836c78beac454252201c9996c4c9ad19f08a12f8ab3b37572ff4ee939341dadcbbf4118d27e0b51a4c4bc

/data/data/com.excelliance.dualaid/.platformcache/lib_kxqpplatform/libkxqpplatform.sinfo

MD5 634a0e37ad1d1552cca67c409a9a74f8
SHA1 13b62c5e13b597fb157da43bee340ab55ceb3d34
SHA256 7372d6d28313947f7ca4dc418b0c76912ef57184a5f7db41f99474347198b30b
SHA512 8e0f4be197af96fc0221092efa3e24026d6886eb6ebe32e2a10dbdd3acf15891654d9c1e67acffea4abec1e32cf2bc89de7ad73ad6b4ec7b7f9358f844206d9b

/data/data/com.excelliance.dualaid/gameplugins/lb_packages

MD5 afa4321ce9a41e633acc66bdd6f2f6f3
SHA1 22268164d7b8112709944d906d69f98e1af0f043
SHA256 89a9746578d8cb09bb217a60ee448faaac83ec95bb81b0f0fbc9cc1cc7e2199a
SHA512 6d804ab87938fe0ec9c17ce2b382ce0e570f45e1005e2ab516c993ae16e24b25cb7b16dda7fbd72f4233b404e1c0219ab8a3839034ef4d392ee256739a0866e3

/data/data/com.excelliance.dualaid/.platformcache/alipay.jar

MD5 2648e005c43d6f1816916f34d6c2fa3a
SHA1 c0d58e69fc6f8e280559e8f8fe9f5b7497327774
SHA256 74781f30e8df9e007444273494808cf352fedb55090f15f9c33e6c6d36974db1
SHA512 d87dc2e7026f68aa339c64146a3c3b684eb3475cce0fb25be7b76be54211d1a99ee4016b65a5c5de4f8bff31c5e5e179d45d05efa08d0a2f69d462acb20ec00d

/data/data/com.excelliance.dualaid/.platformcache/alipay.jar_temp

MD5 a9843ca124c0cbaff30684495fd9ab1b
SHA1 56ecbe8a45b00975b83cf3e7a596296ce7292247
SHA256 34ac9148391bb9201115fee0e9684fe0dd46eb943fec89568e19700ae0a61d2f
SHA512 90ec6f0ab06faf1de2ca71f42aa9b800fb0541ee34255ebc3ec69b28d5eb3e93adab6112bd9b415ec9b11574d30968820b1f469af7132cc81ea5336ce78c35c5

/storage/emulated/0/.com.excelliance.dualaid/game_res/mainInfo.json.cfg.tem

MD5 274e0b565252e957b56613df4e5f6229
SHA1 96e651c8df6a67a85d4e6826448a1e187d291026
SHA256 acd8db5643e0132d06441aa25e60f07f42a44f864644bbcfd1bbd53eb2296fbd
SHA512 64163431907cc88d57e9b98a150daf16df1ae34410bfa0ba0a6f34dd4a3aaf0c457c79a068258f278ea84e90f342824f3ea1649330e935275ae664dd9c60a1e2

/storage/emulated/0/.dygameres.apps/game_res/3rd/icon/com.excelliance.dualaid.png

MD5 c2832b346953f217d0b84aedd56e4f31
SHA1 9e645148fa68084eed7a4ad214efa34fc535beee
SHA256 a873c5ebf131ad05af8121eedc7804c50e83fc72702bac607627d918b2aeeb11
SHA512 70aaa3152a815f566bb38a20b98f800b58720ac6b1349feab4ba1586f4ff108c4490893470e78026cedc659dba5da93d8c96bfa90afec825bc7d9daa476512fd

/data/data/com.excelliance.dualaid/.dygameres.apps/game_res/3rd/config/cache_list.config.tmp

MD5 099695296d4dc5819b3e3b69c9b322a3
SHA1 412bff571faec8c739ae079b4cc47b8a4f39be04
SHA256 9e40dfdfe69257989b6efc3723843a21c946f0b1b05b4933f27833c8d06de308
SHA512 3beede06d860b8b3fb44d03b158d7ee2f7b5550ce6c9250c13a37b2fff1205f8e3131d828dcaafcb0153e371528ccb00913374e18a8ea91435e7c3ae0d1a556d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 13:51

Reported

2024-06-16 13:51

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 13:51

Reported

2024-06-16 13:51

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 13:51

Reported

2024-06-16 13:51

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A