Malware Analysis Report

2025-01-19 08:01

Sample ID 240616-tk7s3steqm
Target b464a6eac59d9a30bec0e6df604789cf_JaffaCakes118
SHA256 2d405c4fd7b9d77f59dc0038773fe90b73ab4773ccb682d180b100e35b4e3a1f
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2d405c4fd7b9d77f59dc0038773fe90b73ab4773ccb682d180b100e35b4e3a1f

Threat Level: Likely malicious

The file b464a6eac59d9a30bec0e6df604789cf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 16:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 16:08

Reported

2024-06-16 16:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

181s

Command Line

com.jkzx.WSL666.vivo

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jkzx.WSL666.vivo/files/runtime-dex.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jkzx.WSL666.vivo

ls /

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 joint.vivo.com.cn udp
US 1.1.1.1:53 st-onlinegame.vivo.com.cn udp
CN 220.181.128.243:443 st-onlinegame.vivo.com.cn tcp
CN 220.181.128.243:443 st-onlinegame.vivo.com.cn tcp
CN 121.12.67.13:443 joint.vivo.com.cn tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
CN 220.181.128.229:443 st-onlinegame.vivo.com.cn tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 220.181.128.229:443 st-onlinegame.vivo.com.cn tcp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 121.12.67.14:443 joint.vivo.com.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 220.181.128.243:443 st-onlinegame.vivo.com.cn tcp
CN 121.12.67.12:443 joint.vivo.com.cn tcp
CN 220.181.128.229:443 st-onlinegame.vivo.com.cn tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp

Files

/data/data/com.jkzx.WSL666.vivo/files/runtime-dex.jar_temp

MD5 72d72421f078c947923c51bc1e814c9f
SHA1 adf71c8def7082cb3806e658dbd570551e876f05
SHA256 afdb414fefe27f57394c194618c7652eae81c261140c9b1896e89cbc9049d0fc
SHA512 b970632e5ee89e33e4d756ffd7d6f5ee51d59363dcb9b74d85409e32e8245e8689176c7773804f62f8226533cb76704040746a82b3a30c94c2146088cb02325d

/data/user/0/com.jkzx.WSL666.vivo/files/runtime-dex.jar

MD5 d59928b8c35a17037700865926047f2a
SHA1 ba5ac2e360a81a76d8c2785bad946c1435793006
SHA256 a62c8bd4f15fb5c0d037202927122f3e4ad5c9cbf47b1f66f61e6c543208eeb5
SHA512 21cf6d2594898ba0b3c2543417b77df8ae2b2ddaeef1c42b41430178003042bfa72c665740b002a77d35d9302a3a8007a896cb856e649986827090a1f88238f3

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 221c73aa132a28c53985f6d962a0ff66
SHA1 820a74427543df22cc9f5eb2784a0625a67354e8
SHA256 52bd47eec24251a0eafbc87d1500b67096c30224204c77d586cae7f40778520d
SHA512 6c868751a42dd9e412d186eedc2be42659e6b40d983dbd62e4e8ba970f32d8124c99642d4d04a6d79163943678023474b258ac9d31c208fbd3400a896ea7dc28

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 130c66ecf980884a675e016edaa5b24b
SHA1 f6d26cad9066f156c86875ba57438926c5b2bc93
SHA256 e077a096c7ec83e1c8e1d7bcc901335e389917c6e177151f12c1394db799fc20
SHA512 25c318026f19242847c782d4f85c4561fcc1b742ded7a9f3d95746d3084c7fc62043d9ab2bb1b224e0a740e696eb5a4c5dcc06e1bda1b5cf9cc53e07f790565c

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c029c968fa4a9dbee94a1c7ca31679f5
SHA1 8027cf9dfa4982a9ea06a0858f366cff1bf6ce7b
SHA256 d15f63007d10d191793bc488aa155b74aaf0a1142d7e51beb25d17253f35c344
SHA512 73fa2283b3641450037cf9fe4e23a4293f18b55ee832b3f5410342a7583153cec012288fd7952b52e42bbcb2c1ce451c3b4849ab9f4947ea6a51e9155ae810cb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ceeb5f665e0127ef938e4c1ecad9a8fe
SHA1 f5c474705917ff3c6e0d0082b577b9ee6a11ab1f
SHA256 8c44098285225538e198b0b9ba8e8420fec2b8201ba00e2fa6dca21b20f35197
SHA512 2711ad2eeb23dbdddeed0ab1d89a3ce6cf3446371d9e9f621af8fcb9724133ab25c60cb91b522bbc9caf5dbc06e023fd5569462b55b6fd9af1572e2c8b8451a7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a90de21f6713d2141f715ed45da80782
SHA1 b89d4377a900bec813735584e7844bca76b9d23a
SHA256 87eef42aebf9ca8aba9f244469df3de43adc5e3f01230342bfa86fc7ef754e92
SHA512 fc1e2b5921d5a19aaff034e4375a3a8c01dc25ace07c0c43576ad9a3b0cb2330397ccdb6f8d1b363856267544b756b094b955f22f6e83f9fba84db08d501912c

/data/data/com.jkzx.WSL666.vivo/files/umeng_it.cache

MD5 68a5b50e8e7c510a52584279fce6b6fa
SHA1 0ebb7ae0ce8bc5cdb0d60fdb6163b93e982215ac
SHA256 8586c6c47ea7af9b1d7a8729c46433faedd57c6556b5384cf918c5f1dc147e11
SHA512 313f4972f0d6082a2a914faad067109a73daa503775cc42190ca6734fb1736a0b8d12c9211103cfa9fe1fe9495ffac5c209f8eefa35c6e0ec153a0dea1491228

/data/data/com.jkzx.WSL666.vivo/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NTU0MTQ0NzQ5

MD5 3063006f45ed966a30a6d418d49098a3
SHA1 d750ae02280d4b0540cf7103eb7e217340572df0
SHA256 34222bfafaf78952e8584bde424c1d8b3f21b8c622ba4c61e506f5c56a9c51dc
SHA512 b0b20f436de39627bc598dfb0786ceed1dce2bfdb34383fa45d737686a56de9d1cc2953c60f4a34836d946517d966ccb1186e1f651bacb320e07b6ff9b4cec0f

/data/data/com.jkzx.WSL666.vivo/files/.umeng/exchangeIdentity.json

MD5 b852081b15ab7592c3171d2ff1268efa
SHA1 99b7058c8e38dce019391d7f9a65bac52828aa79
SHA256 8fc99e8f8cff1cff2f4bbf4a75fbaea5ffd974954f43f159d9484d5eac1bc43d
SHA512 b24a12944b9235e128cdb49a9532154cf9ab7653e409df11b49c890095d6b8c3756bcecff2274bae42569062242b2907a74fb545bb46f9eac79c404037bdee09

/data/data/com.jkzx.WSL666.vivo/files/exid.dat

MD5 9d44dacf140150a5d9276ef7176c4da8
SHA1 947239eebcefdc1bed0d90e21656c58e475c9fae
SHA256 0b1b1348089691b1fa24263de967db4e6e929b835b2b8842b0c4e9c134c6c634
SHA512 ba595ea4d5770f6a3106b7aa7393b7c1711a0b8d6d3aaec08e1b89abc94c28bc3f69423c5a53d0ec64c76d9d4dff0cc2af4429fd24f2bc8d190e4b9323186852

/data/data/com.jkzx.WSL666.vivo/files/.envelope/i==1.2.0&&1.0_1718554144897_envelope.log

MD5 40890b79165a87ff8ed826a4782e6c52
SHA1 d21504df03003cb2d8033a37cfcc21db0e8d0a64
SHA256 ebc7d6f30c5874ca87d91405bce4e79b888a1b146ba38359028de04d6238219c
SHA512 16a3a936c114796b56555c035c4b8c7d13ff1ba59049c36ac244c47a4852c83803521512cc11d480121ebfd97efef5b3fe36073f68b379837d78a0bc6d451910

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-journal

MD5 1f2a7c160db49149bc59461dcb04ac95
SHA1 5eed5ede9c1bbd75531896cdd948a3233cda35cc
SHA256 19632336dcc3e0052d04a879030af3278cba061d1cdf951adb0ddee92fee4a8b
SHA512 3eb23eb47ec270cb7e1b89c4e2fc0a3c633c95fc73313077c10cf1a67e0b11860d5db82d874ffcfb5b9eb6d9f09f3862ce11969d74bec79eb30a542e3756aec0

/data/data/com.jkzx.WSL666.vivo/databases/ua.db

MD5 a2c8ea957c4597e5db4c0a0d8e0c5ed9
SHA1 60e20b2855a3cf0725332849c7717c6d98875e1e
SHA256 c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866
SHA512 780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal

MD5 ee66cc9ecb6e035f8ec41785dd75cf3b
SHA1 c3a87f470d2cdd328cc7a72cf8fc20dd6e5788f8
SHA256 9799754bd313020f31c59203fdc98a5139bbec17c4dfc415a26dc7680dcab274
SHA512 b3efc32f47a9f983056c105cc4fe727a166c5d439cf20b929fe9da3ea0476ca849c68faf6977f5d13b9767eac827470cd2cdadd3cf15aaa636c821d4d4570dbe

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal

MD5 49e7d37638cb8892b30661f2e6820b19
SHA1 bd0d1653542f9ba57e05725a444d609c3de70314
SHA256 8c14d89bcd26d217d22e3b1073d1bedd2f06b06c0f2eaec65d174d63df0d634a
SHA512 b4ab5b39f28790563d27f5703a4fbf3d6ef3c51764d54d0f73f072dd8bca12a8d3ba93e55c5ee506be8aca52f4b89855e176e3d8d1c6713bc618ab311924410e

/data/data/com.jkzx.WSL666.vivo/databases/ua.db

MD5 1475a4e73106da7da73b1aa1d456eaec
SHA1 41587d1f726cbb0fde60666d2c2f6944db4c4aa9
SHA256 72b0835345ac6cc509a04f913583a1f48c37c4cf40b18c5799ac6883ed401ca1
SHA512 11134d20441504703b0d405f5ba63c7d4f763ed07f618235adb3faf53298dfb6310d323420dab2d8507e6f24a576906c5457fd69a8d8d4b619f4d5626686a1e5

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal

MD5 472aba501bcd323d3a53a09db24c75f1
SHA1 8c02a5b7c58395f530e868766db1401134f98cff
SHA256 79b7029625506c915814c77268c9d2b193b3485c2838fa836ad0e316cd74ecb5
SHA512 3bc426eb3ea44ce00ac9548e3f3c3147dbedb1bf9f5060c29faa38867e5b8c2ffa8991fcb168751a8a500c640ed333a76437b6a2079316248e452d48d141c4c5

/data/data/com.jkzx.WSL666.vivo/databases/ua.db

MD5 cdb9bc69e765ac4b82bae1b36f5e98e7
SHA1 312b910f997ea30969f698884f5ee3aae322adbe
SHA256 c3373fa8439fb13088cfd31358af2cfaaec72eb1100bf316eedd5cdaa3752104
SHA512 178f1ad64be9657faae382c77ff1053059cb0a3642a1978fecce9ab6499862649d410154e8921b3d0e38f4efbc74008ff2ff330bfbac1684826fc06d4a54e5db

/data/data/com.jkzx.WSL666.vivo/files/.envelope/t==8.1.6+G&&1.0_1718554146805_envelope.log

MD5 db753318bbbd7d75974a4670748c8667
SHA1 2898cb38cb78b2932717e2fc2927fd3609fd5609
SHA256 fb669f057a085bb527cc7bea4a54e36a14358eae067bad85fdeb378620b7738e
SHA512 b63a0c96e02974c520028b9b8e720f37a384ba38a26c4372de61ce3d0c04e43c1ab23bd5845237cb62d63fa54cec509d767c62715112b0e99b75606cdd95363a

/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal

MD5 5586b83070b7b98d109f1decc3395415
SHA1 b454545d8a6c665489ec7f98f47805747c7fa782
SHA256 81383313cd5b92ff0e7630b03bed5b5d6ffee3bac749c73eb7e360d26feffe0d
SHA512 a72686624983e7a5c8318426cc7b5b8e9d15ccfae12c64f64cd7b2ae57f82a5055be2eebad8f03e5e8cc12eca5e92f477905427d4340595f8d8564729923ef3e

/data/data/com.jkzx.WSL666.vivo/databases/ua.db

MD5 9bc3617be0a6238397c3b324ff4848c2
SHA1 5cb5ab2bf1ed4c9e38a7b8ccd9033e9f2b4fdd93
SHA256 481ee03d59d2a32e35e37ff8b742f174eb3f7eb7f292f5f15a2242fb4e98c265
SHA512 00568cf2647c1fd6949fce08740e233800ed4bec8ee1a418a23bcad7ab043687ab877739f95383eaed9a3fd1df93e172214ffe3ccd67369915019c7f5b586cbf

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 2748290b614c5c8ea925f3beb66b7f11
SHA1 8b9dba83fe6bb30f05a80cdc254ac2073ab51df8
SHA256 26e391a6943a901336be91ff2adc73d443c0fc44931b69742583a29f3f844fe1
SHA512 c3523e002fe8df5ff21a1c96cba8ee3614dbe06bae836b6b6c0ba1b6b053bac4c6fca47a265d7ce12d9d80d4b30d3ebfd3fc3a7156de440ea9b7a171a97021d5

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 5e1236747cfa4e52cddac4b02da097f3
SHA1 d9077411f15f3ff2f0dbe55ba30fc4c5c40b5eff
SHA256 f598309018f44b138cffb345b6c186121e3e2ca01a43958f5159d42f9bc083ee
SHA512 d814c5395ce6d21aead601ea5e27db2aea5ca1911425a867a007081aade5ffd0aead74c925207e12c1d3491fb37ef84703d8ca4a600e6f54f43946eb64e7ae71

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 ec052e02a1ecff1cce7e09812739fca1
SHA1 5f82d22f8402bca705234535e6d0efaf02c5a478
SHA256 f32d19fd0a39b00ace78719c00fff6a7ffa72670c132252960f13c566d827eea
SHA512 630688ce602a49c59dd8c8e405d76acf82eb598e679a293d6b1219e139d84ee551f429d6d260f204cd13b36e6f538f9db91a09c3f9f2d7c5ff15210bbcf0399c

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 72ca2c2b36639d82f81a086054f87276
SHA1 543c9b44dca310fb5d97c3aee761ee4ad363a3f2
SHA256 e347313f1ab6fb5fbaeb20b598758d7160ae64b9bfcaf67e006f560f77548453
SHA512 bd8b04117e019a20090cf57af06bd872af37c1532f609fa01c0acd5926a18950dc7414a98862881afabf3b5c6acf7fdd1f934e0733f026c7af767f966e1ee2e3

/data/data/com.jkzx.WSL666.vivo/files/GameDataCache

MD5 26ae74709f16669608b8efe98ad8efd9
SHA1 b721ee44f0b703d1fb2fb2fb8d2c1a7466c76800
SHA256 1df9440a45d3f06033fb72603cc1587a082e5a7f7b19b4c4133205bc816a8fbf
SHA512 d409c548326c2758e08fad58bbfcfdb61f7ad915bc7dcc5bad9487e1fd8f800a5750bf40f0edf2b620667baead51c61c7c58d81289f889bb3094f89879be5736

/data/data/com.jkzx.WSL666.vivo/files/oat/runtime-dex.jar.cur.prof

MD5 9da803cbca4171265313592dc8f062e6
SHA1 619ba8af585fa2490627b5aa8506e0fcf2feee75
SHA256 d4349525f1510471356da3c5ab2d40a720a78819a09c3cfb2402831b400becf6
SHA512 349b4572cd49345791a17317e9c5adca3ade11c08a5387893e4ff640ec5b5d1efbb62fa8bc15324ccf940030d5163a9fdd1038549c2c47d495ac877aa0db12ff

/data/data/com.jkzx.WSL666.vivo/files/.imprint

MD5 6becb0e0782302909d29511362218e9f
SHA1 67612a059c84a55ba94861cb9b26d20390974d96
SHA256 9a3b6e10ea1f749800a2bf563eaab355049edeb6e73d735922d824bd40a89683
SHA512 181e651788d672ec29e14fd2ca77f06427514f9d82f1fe24215612338e2dc36476124a3dc33cc3bd58c4d21d3be2ade561dc39bd657c23422e4a3277b4b117f9

/data/data/com.jkzx.WSL666.vivo/files/umeng_it.cache

MD5 19217d475f481ab2d31365462a43f53c
SHA1 ad33dbff45d6d1d54e26005ba8ab2aaaf2de7a70
SHA256 23fa943ca4e9457b14acd037be799581e95c5a8aa79c191b892c8ffefc7a22f6
SHA512 706fdfafee0ad1bfd7c2ff70cd1386c954f7bc76ce82c19adb41eee8d8e5a2c278eab96c02005f8139520c1d1f6ae4c4c173af96c5af2ffb7ab8b3545b434efb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 16:08

Reported

2024-06-16 16:08

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 16:08

Reported

2024-06-16 16:08

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 16:08

Reported

2024-06-16 16:08

Platform

android-x64-arm64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 16:08

Reported

2024-06-16 16:11

Platform

android-x86-arm-20240611.1-en

Max time kernel

65s

Max time network

160s

Command Line

com.vivo.sdkplugin

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.vivo.sdkplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stappupgrade.vivo.com.cn udp
CN 220.181.128.217:443 stappupgrade.vivo.com.cn tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 220.181.128.235:443 stappupgrade.vivo.com.cn tcp
CN 220.181.128.217:443 stappupgrade.vivo.com.cn tcp
CN 220.181.128.235:443 stappupgrade.vivo.com.cn tcp
CN 220.181.128.217:443 stappupgrade.vivo.com.cn tcp
CN 220.181.128.235:443 stappupgrade.vivo.com.cn tcp

Files

/data/data/com.vivo.sdkplugin/databases/vivo_union.db-journal

MD5 793efa94e5594eecf2c1bc3b86ec5c88
SHA1 2f2299b47074cf62f23a895126e684655aad0fd9
SHA256 7fa98d03f1ca8c295096516b796d8859cfecd059b99513b9b3bf5b9e04b0b761
SHA512 e12ca1b3dc608af8f681757ca141cf0096f4fa15f266c86b1527944908a9f7b72098fbda4b7e42d14abe2f641c5a7a021b723f0a1bdffe5c7e950e537570b986

/data/data/com.vivo.sdkplugin/databases/vivo_union.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vivo.sdkplugin/databases/vivo_union.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vivo.sdkplugin/databases/vivo_union.db-wal

MD5 82f54132a754eac95232c646d1d7e714
SHA1 f1ffbc2387467be007609ce1604e143855c3d430
SHA256 7bf68973aadbe114115860d4ebb03cc10fe4a4b12f2e7870aca5e8b0ddc8d612
SHA512 43789eefda7230340541327633b632789aeb13bacacbc6dddf4f73e1b6550effe9d66dab86694621ee696cc56df5d0f1b073f0a401ffe704975f05b86379582f

/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-journal

MD5 0d246bc6da96dea9c4d45ff5be391f9c
SHA1 0728011e0ae980cd6c7e21cee19b973b93caf0a0
SHA256 b335f5e514eaf15ac726a26d9f862632bfbea213e89f0c38d70c9beffbdebba0
SHA512 b516b04edea38aa53e09366525f45f88bdad7030965cb3c7b8c71e4fbfef9fd61be0e544dd02c483e645bcc37983a0e9a3749806edddd97432b5c24c193ae8e1

/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-wal

MD5 7373026107e17ef5cb78814a6c7e3907
SHA1 4fae035659528f39f371d1f1a7ab91de9fcb5cad
SHA256 7e47c72e6f8a8d4495e138466bda5100284e21636b20e0f7dca6b3ee81b92d6e
SHA512 867f2e322139f5e3ffb4a0413236fffafea6b2a34fc234164337af6c50310e7940ff96431f7913eb4d69dbc89c51a576e337e4321e985707d697f6a05ca35a73

/data/data/com.vivo.sdkplugin/files/vivo.crash

MD5 0e1835a166d8e67b51217c8688cc1444
SHA1 043948449b2aafb2b44cc3b0d2151a2039c7088b
SHA256 80a3659ed5d30675a9bcf62caf886113bc02d57093842483ee54e426d8749fc0
SHA512 811438fba5fe68b9eb437bcd86737a06449f3c3d723e07d4e3fc38996d7eab3d070c528f919456043bc57d1fd4741876d4f4b20dc018bff9f302ff0b563d368d

/storage/emulated/0/.vivocrash/com.vivo.sdkplugin/timestamp

MD5 83abef49ae0975e7a5fc34bcf39a1752
SHA1 4c37b316ed212f3c0f3cef1c2a7f29a116165a63
SHA256 d115cb16f6cab304711115476a7f6796471ac8eb3842a849f36b67fa55bf244b
SHA512 c275f4784eb1c1a38a642fc6a9173778401fcf2c1d948d9465b313a3361c1c9f08354bde4b2dba1a2d88aa5c1cca0529487fd15d6541d273586377a53b8d6b66