Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-sjyncasbrm
Target b4279b50b703cb08dc908929380e0afd_JaffaCakes118
SHA256 659e693c703426377c25e6d0c0278f9c756dcc9535610a7d8ce4e6a3c8ff4fa4
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

659e693c703426377c25e6d0c0278f9c756dcc9535610a7d8ce4e6a3c8ff4fa4

Threat Level: Likely malicious

The file b4279b50b703cb08dc908929380e0afd_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 15:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 15:09

Reported

2024-06-16 15:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

181s

Command Line

com.sxd.webview

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.sxd.webview/mix.dex N/A N/A
N/A /data/data/com.sxd.webview/mix.dex N/A N/A
N/A /data/data/com.sxd.webview/mix.dex N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.sxd.webview

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sxd.webview/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.sxd.webview/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/sh -c getprop

getprop

/system/bin/sh -c type su

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.bugly.qq.com udp
US 1.1.1.1:53 www.17188.com udp
US 1.1.1.1:53 cgi.connect.qq.com udp
HK 43.154.252.110:80 cgi.connect.qq.com tcp
CN 120.76.130.39:80 www.17188.com tcp
CN 120.76.130.39:80 www.17188.com tcp
HK 43.154.252.110:443 cgi.connect.qq.com tcp
US 1.1.1.1:53 pingma.qq.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 119.45.78.184:80 pingma.qq.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.sxd.webview/databases/bugly_db_legu-journal

MD5 0824a09292012e394f0079ecd2bef71c
SHA1 0ab9a1e15500904d9a39bf2f6739555998f79695
SHA256 f65b0fef7b64bd2e14f47aa60ddd3560ee77402c2fd1e87af97fa318d6de95e9
SHA512 dd2edd428ce99aceee7fe6a7611248f73d9b99a8cd662f3bf6401f83ec98d74dc24811343f85efe545cede6c5eeec0b0c0e802a564c41d080dbe3a6dd7f201c9

/data/data/com.sxd.webview/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sxd.webview/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sxd.webview/databases/bugly_db_legu-wal

MD5 5df18ad3d24a313cf463be20d2135e13
SHA1 bdd20744bd60f04c8a6ad2212caad13dd16b7e76
SHA256 644c8c6a8effaad73b13530a1b1ec8d66038765b3f4384bfb29dd64b4fbafcd3
SHA512 72c621bce915447c690344587c48402d0b1d6f55e7dce02591d94bbc112833aaf7261049f572fdb460ab81ff30f5e6404df4fc7c24e24a102311dd4cae9be712

/data/data/com.sxd.webview/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/storage/emulated/0/Android/data/com.sxd.webview/files/tbslog/tbslog.txt

MD5 86d29bed62c9476ac5040638f69109c3
SHA1 efd88da6b6ce4ff6a90bd0f82c438cbf39719b72
SHA256 11c8b551b544e54322a57af3d961c92a3dfd06dcfd5f15e0be532ac8df8c1d76
SHA512 cb65597721e6ceb7e02941b165570a1b4af03143b11587932c6dac344bd9846493dc52d4be6e2aa4e9d5cd38c9191a139b49818d0d6a1b47718a6ca413a471b2

/data/data/com.sxd.webview/databases/bugly_db_-journal

MD5 15a3d15a18e32509634b324d4362b146
SHA1 34ae722bb54f004138f5f6062efc51588adc8476
SHA256 ac02d71816757b815685aec904fb591daeb3f7308e1ed0fd3bc3021d1e9bbc8f
SHA512 cca3f27a3229be39fbbb8fc34cfbfe3f7510e65b471d497395316b96b481738bc299f520c1a12412607e4d63e83b233617cbf6cd87704b710c6513c836796f2e

/data/data/com.sxd.webview/app_crashrecord/1004

MD5 46c2295a4446006f45be5d6b31a66ad5
SHA1 7a27596e1d97e473c49f0b552c6b27e9345cffb8
SHA256 f304969a05def22e2020f91f1dfab9fa25dd89d535ff0d43708ccf2feed83333
SHA512 7bd204fb7a56d63595cd0e8bee9cdc0370c39683b5f5f81a61e24f21824d4ea909b8bfd0941bbf26c7dc1d717cfa7577c876c0cc3914aa9755f36781125a43f2

/data/data/com.sxd.webview/databases/bugly_db_-wal

MD5 7ed5efa24b03722c575938b53bc74354
SHA1 d1a3cd4bae072084cb18b8e259f11d5b3ce5e3b2
SHA256 34437d59ed1089f9e7377478efe3a11c173a981a079353ed872c1d0bcbc21c53
SHA512 395ac52d78b2f6485f3374a575a7302a03aaced085d294e8b63be5dfe9efdc0ad2f06a782e5e31766c90c27bffc8040c980f825d98db7af392da8fb6c7e1f689

/data/data/com.sxd.webview/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.sxd.webview/app_crashrecord/1002

MD5 36ce14142c5be7dbd5fa3000559e5188
SHA1 0d08e96edf97efe83365c8301b8557f8c88cf8c1
SHA256 2d98e680fdc7cf5bb34fda718a4e7ab71e5445c49fc39ef815a5ed13c0be0a66
SHA512 c0e162f6c8c8de1dc67d60b8151cc897f69be00e800061fce5d57ca1217cc30536a4e5e982d98ce194099e29169ecf197a548137baae8a678a9283543efac901

/data/data/com.sxd.webview/cache/tomb.zip

MD5 eb2ca4db26dd46912bd0f2b85bb7515a
SHA1 d772d93fa4be5b7c97a8ecd81495fc4de31220db
SHA256 5b9355582afef7d00fc9bd7c57b5cec0f6da210ea3fcc320ffd032bf79b4a0a0
SHA512 cf440ce32f28bd523f22ba3c0bb78fe3ad3d07123e62549c03626e50f42d8143b991e2e47f7d37cf6b14535201da7bac99945d1a16eaca8dc8ff2d12101619fc

/data/data/com.sxd.webview/databases/tencent_analysis.db-journal

MD5 808b5036f700e6242c84e427bb6f6dc1
SHA1 fed5862a943767a16c0274bbeef3ad7d713eeff1
SHA256 4a753fc12203f27625ebc0a46a52ee06841ea0b791e1a679045b14d01ad08db9
SHA512 4288fbaa0a2185710abb4d4f85f3722333d9ca62c0a4d4f5e2d004917ea012ce6cd6333828e6f663f45b28a89bedd823711cb331e5eed0ce72823b56c926b3e0

/data/data/com.sxd.webview/databases/tencent_analysis.db-wal

MD5 acb6cacd9425d0b9c1978e0b7c505a4d
SHA1 3c9e3c9e3022a67c358937978a7377a681919fdd
SHA256 a20cb40c8d8fe67896fa73cd29c1375eed8b63689f3a4f09dd327b2cca34fb0b
SHA512 8239a18b9b87e9d5b62f255091e19b464414ee3de0174f7d50ce67f664b14bb59239501bea020fb00504973aa16364f47a287a39d815f3bcb6ec1878f4a43fab

/data/data/com.sxd.webview/databases/cc/cc.db-journal

MD5 09cedb1a9b6067fe7e5c97e991431250
SHA1 dbce441c943a06923d1e232641c8951027bdd2ce
SHA256 f2cdc1d69bb324d3542ff69eb35bf0bf3efc19e8c1cbbb97f2720d6560d81633
SHA512 4123e5db8a726847771be2d93e4ce80b0e7c51612eed6701325d6d0d62a99245d13fc20805af113d97ae3ea068eb019b7dce5a6d23020d1b6315df7a66cab66c

/data/data/com.sxd.webview/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.sxd.webview/databases/cc/cc.db-wal

MD5 fc72fcefd0ee02176d9bb496a273e5b6
SHA1 4e14a13a8de615bcd2bc9f789f7156a9ee8928f6
SHA256 c4a42118bd5d87813a4dc628ec218f80f73e43c7ad7f6a4f5b84ba0288c0f2db
SHA512 7a0b5f34ab72b46128a035d8a244daca1cfc2609a2cecd452e498c94f9ee8ec6341e67248c04160e83a09dce0d8ea6c3197fe97b226983a3b31cd169d3177d61

/data/data/com.sxd.webview/databases/.ua/ua.db-journal

MD5 91587a9c3f5dde9c28a551a5b159fc65
SHA1 a0fdd8fea7723bd0ad566129f7ee1dfb16d0639c
SHA256 e472b627c5bc9a24f2f525f3e64a503deec67dea122001d6b7c3b03af8245405
SHA512 ef22dafd214f9b5616ee193344254a060d3610387067063760c6a3c6106e11b3676e9583a5cffe30ee997de79986311d692a26fee4370ccd86d3b068481ebb16

/data/data/com.sxd.webview/databases/.ua/ua.db

MD5 eeb34b46ffcb7afd89a589933788129f
SHA1 ec9b0a0c6ab66628761602a9511dd5e1c9dc1a5a
SHA256 214d712e3e894db8bc7a756566adb935988a27360113e29c5371538d6f7ce4a0
SHA512 044f0f2168e0598dc132bb2b142606b5dbded9ac03acdc02bf7598e30f5f2dafa1d30578f70e1d844b2205ebfb414994ce7ca7159caa56965ac8e38d39d0ea8d

/data/data/com.sxd.webview/databases/.ua/ua.db-wal

MD5 d13359634008f416942b4897eefcc077
SHA1 99dc440c6bb2ac69a55abf9ecf76b807985d714e
SHA256 0fc300c7d51614fada578d0ad3b9341862d8cae38d4339a43df9e23993516b51
SHA512 bb01985d8a5c69facea043e4fa49481a3e63fcf994fb66331e0e7f72de249a8caea8004a001a435916526611a9d7b665c5cdacc0c3e90d85235f236fb391c3b1

/data/data/com.sxd.webview/files/com.tencent.open.config.json.101409491

MD5 f526172de1566b34fdcea744710d9559
SHA1 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA256 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512 dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 bc322518b0a23653c2b85cc3c4219f36
SHA1 abb0dd14695fcfff5de55f13f9d98320075f756e
SHA256 05d58bc411939f95073fe0bd66a4a0f193c94cdae0edaa6a7db864c0d41ae247
SHA512 ddf69648d454c4903c93c11e1228add26f570855a062cc82c79a20320703e79a33fc6495031d6f446aefa22e4bf4c90a9efb0c57d19f91c0477f32f97e32ab73

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 cfb3f834a2adc33bf69e43afa4e237bc
SHA1 1c215fb0b84827f66e42a4e08e18f3fc698a46da
SHA256 6b4f25b5b608724898075c7b2cc9f96b445e63ec0aafc9a9ea4a289456918447
SHA512 b423f9aade3c11c25d7dc90259577dc01602cfde41866d4c30d10c15f69a4400b9b0e294c5204bb9377dac3833745536df799968338ef929b341118e83013546

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e1cf5621087e67c88e8d27d5fff8d5c1
SHA1 d84d73ebb1634f3b804d4b73053b15749530ac4d
SHA256 394fd26b54e9d242dd4cdbd1a416c90aaa773b4d561d7c7f68686ff0e2e2d445
SHA512 96027a88ef3910774cb10165701035960738264be6d926d2b738e9f43309eaa88727a772fbf485f59b482b0131be94b91d69540605a781a359bb17c3a074d1c1

/data/data/com.sxd.webview/files/umeng_it.cache

MD5 dc3d36d7e7b34256c2a06989c4a2ba24
SHA1 46ab074ae8f1bf6538e4938ff4a8b9c5753a567a
SHA256 3314ab46b81e825b521259a2d39b20c4a90c57e0bf70bb8357c7f6c706699235
SHA512 df5361cea86b3b653ad3975cacdd24aa2459dd8fa1e1815ccf7673bc9e9541f8cffb364d24cdee6ebb5dc8b459603265044cbfd271c9dea78e5d9fe2eb0d46ab

/data/data/com.sxd.webview/files/.umeng/exchangeIdentity.json

MD5 ab9f75a32cf6c6605b66b04a19200f89
SHA1 938f7ef1a59eeff6c2a6b0a341cdeb71d49d6eae
SHA256 f1dfef69bcc3814a8915a4e463baba787249c168809190a7df5e3971e3436c72
SHA512 64e12de4c27a9b72199f538128f93d91d25e38987676eb998a49798f6dbd73631b50a07c1e66f2c8ed123ca4067298954f1b2ae76564cec2c699d8676a86e43f

/data/data/com.sxd.webview/files/exid.dat

MD5 430459ee861065d7171cf2af87d9ef8b
SHA1 02e9ffd59e831a914a04824f937db22c45f44789
SHA256 d381821a671a5000b2b0060d06f2c9c7dc76406320db476cf18e62fcefb1bdcc
SHA512 2bab89229b9afba73214b415a15f0d27c55ef3aaceba6c805d6184a0f7f86a553fc120d3a515f121118d1f7c27cb9f385701644475694a4e6818fdc68ccf00be

/data/data/com.sxd.webview/databases/.ua/ua.db-wal

MD5 69dc914179248c13bcc2d19aaa8a8900
SHA1 7002b97ce7debb31e68f7e2c77559433ebe73fe1
SHA256 a034accaf73e964a069c193cb40f42fad4985e7c92a4c7196920ee449f4fdcf3
SHA512 febe2cc702d0f379a7b878fc43ab2d6556aa3502a45eac0850422c3d4abed0bdbff38ee46388045adc9d5ddef1a5cdbd0b59abc8fd72888b1e041ecf48f79c01

/data/data/com.sxd.webview/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.sxd.webview/databases/cc/cc.db-wal

MD5 034349e6148a5ab0f8a6222d9c246388
SHA1 72f9f4517e77f4a2c45e551902cc0062c416bc8d
SHA256 955652a4178825835b3db48949bb604d03683071a1a764171fc256c708c02860
SHA512 55d3786a51061f2c530ff8a2d4f613f91265455d301efa7ba2b5de14f92792343fb073d1581ecf71cd6e9d7c22c93048b96902541e8f98578b13655383ab5329

/data/data/com.sxd.webview/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.sxd.webview/files/.imprint

MD5 793ff2e8becb710525670934a75a30ab
SHA1 0ccd775294fa7aa35f07fa94a100222aa738bf57
SHA256 479e980fafa00120bffc4e180e8046e0a60ae8f566e4120e03f8fd9f3a4913e4
SHA512 ff4c4f0c669d5ba0522b6a707a483687f4b22c553dc473a5cad1858e2ba98af4392bb96575f5f6242500f0aaa1a0e33cdb08feebbc84477056fa85b40fcf7fbc

/data/data/com.sxd.webview/files/umeng_it.cache

MD5 48d2e094571c6385c995efdabfad47ee
SHA1 8e5cd8d84f61fd0b8e5967c40ab9d1b1643bb8c9
SHA256 efd1c92a2b35614cbc9bacd00ebde7581c249c3f37c3c06ba7066526224c5a1e
SHA512 f9815e8a9fa807c6fa4d2751d21ca8cef420c1daee63725b5d41f493d15dd71c1b31200f39b51b4172ce130dbdda371006c98e0de203854cbd330b321b43eb3f

/data/data/com.sxd.webview/app_tbs/core_private/debug.conf

MD5 08c240ad43425b46aab7c0cd8e9e07dd
SHA1 2b3ecb1a5adf0c11b184b72585dc5a5aac75e227
SHA256 b53bd36150112161d060942df0eace83d79b2b46ae6ff7399c465fb79dfcff28
SHA512 ff554f1de0d712c90956de37fc16b0586cb5a7e066f8e133b7ca41f4c2ea889eb481c0c8a769aaa1d232f78bd1ada7890c46eb72418f7b454a710a1854f22ac0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 15:09

Reported

2024-06-16 15:10

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 udp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp

Files

N/A