Malware Analysis Report

2025-01-19 07:59

Sample ID 240616-r4w5ks1eqp
Target b40d364c5dadbcaa058e0e666f9e53b1_JaffaCakes118
SHA256 339c05a3653969518b459178d8d992b036bba8b11222c90706ca142f57cd713e
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

339c05a3653969518b459178d8d992b036bba8b11222c90706ca142f57cd713e

Threat Level: Likely malicious

The file b40d364c5dadbcaa058e0e666f9e53b1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 14:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 14:45

Reported

2024-06-16 14:48

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

com.fuzhi.xkw

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.fuzhi.xkw/mix.dex N/A N/A
N/A /data/data/com.fuzhi.xkw/mix.dex N/A N/A
N/A /data/data/com.fuzhi.xkw/mix.dex N/A N/A
N/A /data/data/com.fuzhi.xkw/mix.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.fuzhi.xkw

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

getprop ro.product.cpu.abi

logcat -d -v threadtime

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 api.s4ty6.cn udp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.31.166:19000 s.jpush.cn udp
CN 1.94.30.121:7000 tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 1.92.75.200:7000 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 1.94.30.121:7000 tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 1.92.75.200:7000 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 1.94.30.121:7000 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.92.75.200:7000 tcp
CN 1.94.30.121:7000 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 1.92.75.200:7000 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 1.94.30.121:7000 tcp
CN 1.92.75.200:7000 tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 1.94.30.121:7000 tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 1.92.75.200:7000 tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 1.94.30.121:7000 tcp
CN 1.92.75.200:7000 tcp
CN 1.94.30.121:7000 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 1.92.75.200:7000 tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 1.94.30.121:7000 tcp
CN 1.92.75.200:7000 tcp
CN 1.94.30.121:7000 tcp
US 1.1.1.1:53 stats.jpush.cn udp
CN 120.233.33.205:443 stats.jpush.cn tcp
CN 120.233.33.205:443 stats.jpush.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.fuzhi.xkw/databases/bugly_db_legu-journal

MD5 10cd3ffc6ba9301c0bb8e318248cd710
SHA1 5c545d8bf82a5cd040701f31d4700970eb433161
SHA256 a14a18f897e6040888004cec25d3b189476d8cbdde73695963045930238076df
SHA512 f02aa5e51e62ed4b6b270f6bc537ff45594917ec3da3a19fb9d823ff5d71d84faad659d71cef3389f7fead55dc23a7571f513aedff4ab90f9f7ad24345f18077

/data/data/com.fuzhi.xkw/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.fuzhi.xkw/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.fuzhi.xkw/databases/bugly_db_legu-wal

MD5 a492897061ac5ec8e7d5ea99d71bb569
SHA1 970a74dc865d581c2d005aa61191a4a13c4af864
SHA256 d953256aae7c9373f4ae2afd04634e7b39197661eecef0a79835fc75bdda5ef8
SHA512 90ba610a2e7b224c8636ec59ae88cedee23ac1fc71fea3748b319daf5c0686dd83f3dc554e6d809cc71affad5dedb3048ecb4442bf8a4fa77295a31f464d4c3b

/data/data/com.fuzhi.xkw/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/storage/emulated/0/Android/data/com.fuzhi.xkw/files/tbslog/tbslog.txt

MD5 c8cc652a7328c98dc5e82d098363c970
SHA1 2f7848c4ac9899af778aac2323d050402b700263
SHA256 858679836657f4bae286a70239aec9f59700c68fa90d03557de89c0586a474ce
SHA512 32f30b5bd0aef2a4e183f79b23d591b808f27a6120545bbc1faf8971c93cb9460f3e84b9066f98bea305ae5d33e27d0c80ea7852389812e24a3bfed313f7e0eb

/data/data/com.fuzhi.xkw/databases/okgo.db-journal

MD5 2cb73bd3eb6e11650789186c23c39a96
SHA1 9ea5fc3daca2cb3f6d6b1a322f23053089b19280
SHA256 491ed3a7afb9f61747b8d243e500043b1fd49c4b8ba2ea5fd788120d3915aa47
SHA512 66c89b3a5a80c7333a58765fc12b4578e9123c723237b09c713c10b5ffcfa8fdd4a8647ca6e42310c400848db503dc3502d59b3586dc97cdb31ec4ab162f1b0e

/data/data/com.fuzhi.xkw/databases/okgo.db-wal

MD5 44e035c71412c65b84d78937078c15f0
SHA1 91154dded23ac3b5606ed8d7156ff9764290d54a
SHA256 1bf24a917b318341a22a9bece444b7544a889c543cf18a166f56af80d8b0683d
SHA512 deba77619069b2977244deb603f261bb28e368aab47d55bc0605c1ad796b6391a5926d43bd7f39fa346bf360afa996db257aaf6f5ff504fec37f9095940f6724

/data/data/com.fuzhi.xkw/databases/ua.db-journal

MD5 06621d6ca934b95d94d3d4f171cb3fb0
SHA1 b0c113a8976ae3094e95eacc6701ae29df4a5b02
SHA256 70b5ad4c8802caaa2a8c731a0a199834dad77880ec83c9b90a5aec58f801e053
SHA512 ec3016329481cbb26de1760d9d96ef297bfd98f7ce31c2571aff31eefa30a2c55e3746d33d738f73a9ffe673df15e8248fe6f3164d063b196d396635a6588c35

/data/data/com.fuzhi.xkw/databases/ua.db

MD5 b1d53316c030b91605dcb95f6bd4b9da
SHA1 739c8d7bf2d497e20edadae8ede92c4d44ea517b
SHA256 0e7fcd8e52ef987b33e0e3133bacc9ef339431fe4f7349fc8fcbf3a26fe3ce31
SHA512 84fd51731977739aae12a8e87d10070231328229e815c08f66d2ade6b12874a13057ed872a7744c59fac4647ac46313e8f46017d662b89fe12e05251084a6355

/data/data/com.fuzhi.xkw/databases/ua.db-wal

MD5 756d71ef910aca49d2d2224ef26cb427
SHA1 55b9c1dae9be56957fe1d72164bf496e7a65c726
SHA256 30181959de5aaa1eb85b719e7c0b18652899433c125a2257fd97e95739d64439
SHA512 fe4a4e89ee8ad1c6425b97bb096dee9496a0f69c691fdbea0204f18116181d6f67934f650a2f02f93797e6bcae945d27a9802a6f93ec62be6e5642b38f90a80d

/storage/emulated/0/data/.push_deviceid

MD5 78a4e7c3a5af3d62b4cfc50f4e8f6996
SHA1 acb41903db448803cc51c307217457efc3d0b949
SHA256 0c0c09dd1dfc156d55eb21d833b7be56e6aa59004bd70358caf461c39c889db3
SHA512 b6825fbaa7d30813cc4463f40345d78a7cea88e81b4933212538231d32749a4809ec42bb8cafe69572faafb25c75c56b5f1e2a7e0899e70881d1b32dcc6771f2

/data/data/com.fuzhi.xkw/databases/cc/cc.db-journal

MD5 46584b77170627e1bb6e2057a240422f
SHA1 f77675674a977584bd68c96cba3b86d0e80b3873
SHA256 2d58d548c582f4bf95ba7243a208b266ac2d4bc8955c8a8b7e4085f532cb12cb
SHA512 3df26e260a35f2672535a8e4c1267214eb439c8c0f5ace1ac9ceafa05009298700084ade119b921231dc006000d998a5d463681b49b0d4722ebf84b997c7860d

/data/data/com.fuzhi.xkw/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.fuzhi.xkw/databases/cc/cc.db-wal

MD5 a483ebc07a830b0a0bd3bfb6afbc9075
SHA1 c7b23b4a65f0622b06132f6463e8661f252d45c3
SHA256 426c062355309e25337b15ad35f5df09a629b552953e987c6676b50bcddff4ae
SHA512 cafad3d89789205c2b6ba90d282bb35c31f8f00152ed058e9036f3d547b66a7e6ccb94bdc9a732d0437d482da914c130a772173fc05c4e007cc36bb09f2b06a7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 917edf3f49889beb6611614615bcc899
SHA1 5b2b92bbac2abea4a32b9ee78613cef5cd829844
SHA256 c866bd7916c5756fa4d3584365e105f23e346604c947bd46af337b256b9694c9
SHA512 dbce66fef12a0bbe8404595490df001dad7d2e6c11dcd8fa49e56acbce6081a29a65dd8a4f497ddc67879c0d0b4297433e9ec719648b6cf14bf172a44ded9346

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a5ad6dc63d9a81fbcbb271c5ea3101f1
SHA1 a65bcdcd4b730a22b994eb9ad093e997beb31757
SHA256 e99c1dbd90183ff475a0369eb8209c0c146e695bb29ea24dde72640c788e9eb6
SHA512 e93408917cb103efa44748eda2febb81cf031de3d0bd67844cdcd974c83a6d36ecd62d00ef373bbac00365923e02341bc6381c2ccaf2bb8ccaaf69440cab8a07

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 cac81b42a4282a7197b569551728ac34
SHA1 1f54415ecc14482740bc91530b6d6d6d01052952
SHA256 a12876c0c7f3f062bb31cd42bf83dc6edbcde12305a6796b6a3df69f4f5e144f
SHA512 d7ce10266d9d1a6a7bcd354e8ddc2038cde3fe2e68cf2702b7753af55a9ba5be3d198ba7e234c8f4eb96f8cc1830be84d47bb82b97912b0e5464fe37bf990279

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 dd41fcace73eb4ce6e3d0115b5dd1953
SHA1 a2b1e8fede2fec7d55f906bc1a1e525fdb496c2c
SHA256 fb8e12e2e9ff5f5f62eeaf74af8ed7fb1a9e1b7eeb91e630e1503c277d4e8522
SHA512 1952ad5eca35f23bcec0a7aef1ae691d2afe533c42e9a2fd6b3568f492ac493c380b866239d0b8af6611c8ad5f1f218749f173bee329425358e837c2dbe021f9

/data/data/com.fuzhi.xkw/files/umeng_it.cache

MD5 36d2f5e1f9f70561d7c84dd0fb4d70cc
SHA1 4d8b0bfe48f0ea8aadca3e179c0424f5a3bf1767
SHA256 7b744bfb41df110f868fe6a9bcad4d1de525aa6b480241a52f111aec37734db6
SHA512 9fa26c140e6126640f93e11369a6bdd00bfa72c1e3175bc5cdecdf92213cdc12abe2aa9f1c59b77864a12d9196bc93a3a131ee89672203e13638dbf7afd77acb

/data/data/com.fuzhi.xkw/files/.umeng/exchangeIdentity.json

MD5 2433d2931da26b212eacebb0174abe4a
SHA1 faeabdde0827b48f8edd56383ef6541f112dde92
SHA256 71dfd8807251a09f635dbc02efadbab4df70de68a469cd7b9234548f9bc07cf5
SHA512 037b4a69a8aea1898a534ee422b78c286b93949e14ba23b6f613bcb25cee91497edfb4b0bb57de650cd4f04749ae832c9257e519c587999e94fc0305d2a374d9

/data/data/com.fuzhi.xkw/files/exid.dat

MD5 8cf90faf10be881276504e8e5b550ddf
SHA1 c064679ef6e885441be9c05d13c6b492a57d2f49
SHA256 2c96c0e36da39f943e49aa3a93932e0222563741cd53f5cacfe13059ac65c17f
SHA512 a24ac4ee40fca42af779d95cddba871decda1db5db2d569aa3bc8d529b6ca6b29046a9cab2c39e26e82767e2356dc17ed520e95021ce8acef0c7d66e43c3fdbf

/data/data/com.fuzhi.xkw/databases/ua.db-wal

MD5 3b5aa3977cc5541b1d5c788d87db2af9
SHA1 90df03b8820ad82364cecc11a6274f8bdee2edf1
SHA256 af25c3c75b45f282fb9f8ab75a431bd44f4a71e0f742518d55cf08d1e122a1c8
SHA512 3894adf6afb71a902632871ce1399f3ed0f7f5cec82c408d5d3b076af7d92e9b0e4d53d68c81c5467c730253d9d478848ad3301d7a7e1a0348136b278b6a1983

/data/data/com.fuzhi.xkw/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.fuzhi.xkw/databases/cc/cc.db-wal

MD5 1781d21324c6114d4f3151ff5c8ca0fd
SHA1 e47321765ff10dbd92dc81963d2f35bef6c2466a
SHA256 9bc3a0be4829f5c2f94cdef754b15f105538bfc841118d4afcea0395d1ab9a20
SHA512 0e320c586e63a312584c160985043c11fa999d167efe856466d0819cc1d0555e95861ff5f0b5db88c6c9ad2ed20c480d08242db9ff3ee3fb10e754a173ffdf06

/data/data/com.fuzhi.xkw/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.fuzhi.xkw/files/.um/um_cache_1718549284750.env

MD5 d6b2cb571da3ed9a0bbb1208a3eeaffc
SHA1 c3a89dad6accc71d44760de3e93ccb8ad75ce3b7
SHA256 289a96b9c29f06a1ce3f0f016f5912b2995c4abcb68009348034ee9826052d0a
SHA512 fbeed3b880eb63dc02262636c25e27f1178ab3c07f36be9825c0fa2da16030137bdddb9b83bd04a353250e19f1e2a559e92e37fbbdcbc662390be0a09af63512

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db-journal

MD5 d953720184bafbcf02330f517c632c5b
SHA1 33cb7043972023c4d52b76bb36130c3e733331e4
SHA256 ccecdbf9c3a48911ef4848969c3eea4f65011e7163d5241f1901880f8467a211
SHA512 7117f1861d612f760f1eab9a1e8dc6bfcf426b5533c9feee36d16f398e39110faf5bc1a9d0ddd295fae8fa2018de9c4ed79afe2c30bedfed84b8c2f136565171

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db

MD5 14c143bf03622c50535f1f002409c3a7
SHA1 682633f6920704f9ecd40568dcb442d2257ac7fc
SHA256 65f416824f23eeea229a19b4634920d3a502ed41b6e67d58728b68d4f03bc817
SHA512 b9da03b744c15ea05f3182821b103652319e38a8592535ea32e88a83f297ba6316ba398ffe36cfd10c5803497fad7fb248d9d63ce1d93bc1f80b6429a454a77c

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db-wal

MD5 92b29600a5f0f53a82c189a79bb025db
SHA1 b54890657e11463493406d964e2271da9612c2f9
SHA256 a2ace9a602cdfaf3dae570d76928399845248adad10fe6ad2e6dcb1a9aadbb31
SHA512 e5e9a4a7ebad045678455e06bd3dfdfaadbe71fc6a74c585eb5d21bb732fbda77137ddf3b218813e7ebbb4ecd7e4b2fb3af5b5ab754f94eec276fc184b2aeb4e

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db-wal

MD5 c80c2f12127943b2ce594b6ee2ba05fa
SHA1 a20be919b4a2bc2996105dcb1e40a80dd784ae90
SHA256 447a8b4854d1ea2a4fd68411da5d12bb1dc6462efbff4918943740a21a9b4817
SHA512 cbacde9cb5ffde7fb1d6a890e0bdf63291c41f7e47f480268a94ae73d28106a24884a6f86fdbf1966283591e0e22a14c51221e8bece1b93727e2f4c1bbd56604

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db

MD5 c33760be3c17c934fb4b62ab93d8cd36
SHA1 82124f99514f35072ab36aa87855b44ea9e5e4e2
SHA256 60ca0e007049e21810b29026c53accf681195d59eebb5f9321d00874e31b9ac1
SHA512 4a3f09d1ad275ef5c41fbf7bc9e40149796d2504fbecbad4100f5e523708ef30698254556d56b2ccffe0544a3f683e12ada1284b3d771d4b9cd55c6a326cf5d8

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db-wal

MD5 e17d542c8f656f2f6694f9c4a5b510c5
SHA1 af0215473ddad9cd40c82e9197dfc194bfb7c0ef
SHA256 eec4dcb8dd4d697986fb06ac44cb73884d1d6f0af988c2b38217744999b3c98d
SHA512 249a37c12c6975ccb78b16b2375a554673748c3af4107a5239750448deaa0ab557c02ca251a3e06c4fb11d91dcccf0a216aae0281612453246aa082cc7401a62

/data/data/com.fuzhi.xkw/databases/jpush_statistics.db

MD5 829d6cc8f10eb02b626f2b5990ade69c
SHA1 156c79b33f494e7cf8e4a1c61fee7c751918a15c
SHA256 8ba154719fc85de040fb293c26adddc2fdfbc898a96908736dadd43165bc2cba
SHA512 9f1ac611d13fa02df1bd6d41b3a8d67e443436060720274373525d7d54ee35458bcf51d289f69218a985b9d4b0c85acf72200719c7cd3d808be87bc704c2a13e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 14:45

Reported

2024-06-16 14:45

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 udp
GB 142.250.187.202:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 14:45

Reported

2024-06-16 14:45

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 14:45

Reported

2024-06-16 14:45

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 14:45

Reported

2024-06-16 14:45

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A