Analysis Overview
SHA256
2d405c4fd7b9d77f59dc0038773fe90b73ab4773ccb682d180b100e35b4e3a1f
Threat Level: Likely malicious
The file b464a6eac59d9a30bec0e6df604789cf_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Loads dropped Dex/Jar
Checks Android system properties for emulator presence.
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about active data network
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 16:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 16:08
Reported
2024-06-16 16:12
Platform
android-x86-arm-20240611.1-en
Max time kernel
178s
Max time network
181s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jkzx.WSL666.vivo/files/runtime-dex.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.jkzx.WSL666.vivo
ls /
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | joint.vivo.com.cn | udp |
| US | 1.1.1.1:53 | st-onlinegame.vivo.com.cn | udp |
| CN | 220.181.128.243:443 | st-onlinegame.vivo.com.cn | tcp |
| CN | 220.181.128.243:443 | st-onlinegame.vivo.com.cn | tcp |
| CN | 121.12.67.13:443 | joint.vivo.com.cn | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 220.181.128.229:443 | st-onlinegame.vivo.com.cn | tcp |
| US | 1.1.1.1:53 | plbslog.umeng.com | udp |
| CN | 220.181.128.229:443 | st-onlinegame.vivo.com.cn | tcp |
| CN | 36.156.202.68:443 | plbslog.umeng.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 223.109.148.177:443 | ulogs.umeng.com | tcp |
| CN | 121.12.67.14:443 | joint.vivo.com.cn | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 220.181.128.243:443 | st-onlinegame.vivo.com.cn | tcp |
| CN | 121.12.67.12:443 | joint.vivo.com.cn | tcp |
| CN | 220.181.128.229:443 | st-onlinegame.vivo.com.cn | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.176:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.141:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
| US | 1.1.1.1:53 | ulogs.umeng.com | udp |
| CN | 223.109.148.179:443 | ulogs.umeng.com | tcp |
| CN | 223.109.148.130:443 | ulogs.umeng.com | tcp |
Files
/data/data/com.jkzx.WSL666.vivo/files/runtime-dex.jar_temp
| MD5 | 72d72421f078c947923c51bc1e814c9f |
| SHA1 | adf71c8def7082cb3806e658dbd570551e876f05 |
| SHA256 | afdb414fefe27f57394c194618c7652eae81c261140c9b1896e89cbc9049d0fc |
| SHA512 | b970632e5ee89e33e4d756ffd7d6f5ee51d59363dcb9b74d85409e32e8245e8689176c7773804f62f8226533cb76704040746a82b3a30c94c2146088cb02325d |
/data/user/0/com.jkzx.WSL666.vivo/files/runtime-dex.jar
| MD5 | d59928b8c35a17037700865926047f2a |
| SHA1 | ba5ac2e360a81a76d8c2785bad946c1435793006 |
| SHA256 | a62c8bd4f15fb5c0d037202927122f3e4ad5c9cbf47b1f66f61e6c543208eeb5 |
| SHA512 | 21cf6d2594898ba0b3c2543417b77df8ae2b2ddaeef1c42b41430178003042bfa72c665740b002a77d35d9302a3a8007a896cb856e649986827090a1f88238f3 |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | 221c73aa132a28c53985f6d962a0ff66 |
| SHA1 | 820a74427543df22cc9f5eb2784a0625a67354e8 |
| SHA256 | 52bd47eec24251a0eafbc87d1500b67096c30224204c77d586cae7f40778520d |
| SHA512 | 6c868751a42dd9e412d186eedc2be42659e6b40d983dbd62e4e8ba970f32d8124c99642d4d04a6d79163943678023474b258ac9d31c208fbd3400a896ea7dc28 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 130c66ecf980884a675e016edaa5b24b |
| SHA1 | f6d26cad9066f156c86875ba57438926c5b2bc93 |
| SHA256 | e077a096c7ec83e1c8e1d7bcc901335e389917c6e177151f12c1394db799fc20 |
| SHA512 | 25c318026f19242847c782d4f85c4561fcc1b742ded7a9f3d95746d3084c7fc62043d9ab2bb1b224e0a740e696eb5a4c5dcc06e1bda1b5cf9cc53e07f790565c |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | c029c968fa4a9dbee94a1c7ca31679f5 |
| SHA1 | 8027cf9dfa4982a9ea06a0858f366cff1bf6ce7b |
| SHA256 | d15f63007d10d191793bc488aa155b74aaf0a1142d7e51beb25d17253f35c344 |
| SHA512 | 73fa2283b3641450037cf9fe4e23a4293f18b55ee832b3f5410342a7583153cec012288fd7952b52e42bbcb2c1ce451c3b4849ab9f4947ea6a51e9155ae810cb |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | ceeb5f665e0127ef938e4c1ecad9a8fe |
| SHA1 | f5c474705917ff3c6e0d0082b577b9ee6a11ab1f |
| SHA256 | 8c44098285225538e198b0b9ba8e8420fec2b8201ba00e2fa6dca21b20f35197 |
| SHA512 | 2711ad2eeb23dbdddeed0ab1d89a3ce6cf3446371d9e9f621af8fcb9724133ab25c60cb91b522bbc9caf5dbc06e023fd5569462b55b6fd9af1572e2c8b8451a7 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | a90de21f6713d2141f715ed45da80782 |
| SHA1 | b89d4377a900bec813735584e7844bca76b9d23a |
| SHA256 | 87eef42aebf9ca8aba9f244469df3de43adc5e3f01230342bfa86fc7ef754e92 |
| SHA512 | fc1e2b5921d5a19aaff034e4375a3a8c01dc25ace07c0c43576ad9a3b0cb2330397ccdb6f8d1b363856267544b756b094b955f22f6e83f9fba84db08d501912c |
/data/data/com.jkzx.WSL666.vivo/files/umeng_it.cache
| MD5 | 68a5b50e8e7c510a52584279fce6b6fa |
| SHA1 | 0ebb7ae0ce8bc5cdb0d60fdb6163b93e982215ac |
| SHA256 | 8586c6c47ea7af9b1d7a8729c46433faedd57c6556b5384cf918c5f1dc147e11 |
| SHA512 | 313f4972f0d6082a2a914faad067109a73daa503775cc42190ca6734fb1736a0b8d12c9211103cfa9fe1fe9495ffac5c209f8eefa35c6e0ec153a0dea1491228 |
/data/data/com.jkzx.WSL666.vivo/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NTU0MTQ0NzQ5
| MD5 | 3063006f45ed966a30a6d418d49098a3 |
| SHA1 | d750ae02280d4b0540cf7103eb7e217340572df0 |
| SHA256 | 34222bfafaf78952e8584bde424c1d8b3f21b8c622ba4c61e506f5c56a9c51dc |
| SHA512 | b0b20f436de39627bc598dfb0786ceed1dce2bfdb34383fa45d737686a56de9d1cc2953c60f4a34836d946517d966ccb1186e1f651bacb320e07b6ff9b4cec0f |
/data/data/com.jkzx.WSL666.vivo/files/.umeng/exchangeIdentity.json
| MD5 | b852081b15ab7592c3171d2ff1268efa |
| SHA1 | 99b7058c8e38dce019391d7f9a65bac52828aa79 |
| SHA256 | 8fc99e8f8cff1cff2f4bbf4a75fbaea5ffd974954f43f159d9484d5eac1bc43d |
| SHA512 | b24a12944b9235e128cdb49a9532154cf9ab7653e409df11b49c890095d6b8c3756bcecff2274bae42569062242b2907a74fb545bb46f9eac79c404037bdee09 |
/data/data/com.jkzx.WSL666.vivo/files/exid.dat
| MD5 | 9d44dacf140150a5d9276ef7176c4da8 |
| SHA1 | 947239eebcefdc1bed0d90e21656c58e475c9fae |
| SHA256 | 0b1b1348089691b1fa24263de967db4e6e929b835b2b8842b0c4e9c134c6c634 |
| SHA512 | ba595ea4d5770f6a3106b7aa7393b7c1711a0b8d6d3aaec08e1b89abc94c28bc3f69423c5a53d0ec64c76d9d4dff0cc2af4429fd24f2bc8d190e4b9323186852 |
/data/data/com.jkzx.WSL666.vivo/files/.envelope/i==1.2.0&&1.0_1718554144897_envelope.log
| MD5 | 40890b79165a87ff8ed826a4782e6c52 |
| SHA1 | d21504df03003cb2d8033a37cfcc21db0e8d0a64 |
| SHA256 | ebc7d6f30c5874ca87d91405bce4e79b888a1b146ba38359028de04d6238219c |
| SHA512 | 16a3a936c114796b56555c035c4b8c7d13ff1ba59049c36ac244c47a4852c83803521512cc11d480121ebfd97efef5b3fe36073f68b379837d78a0bc6d451910 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-journal
| MD5 | 1f2a7c160db49149bc59461dcb04ac95 |
| SHA1 | 5eed5ede9c1bbd75531896cdd948a3233cda35cc |
| SHA256 | 19632336dcc3e0052d04a879030af3278cba061d1cdf951adb0ddee92fee4a8b |
| SHA512 | 3eb23eb47ec270cb7e1b89c4e2fc0a3c633c95fc73313077c10cf1a67e0b11860d5db82d874ffcfb5b9eb6d9f09f3862ce11969d74bec79eb30a542e3756aec0 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db
| MD5 | a2c8ea957c4597e5db4c0a0d8e0c5ed9 |
| SHA1 | 60e20b2855a3cf0725332849c7717c6d98875e1e |
| SHA256 | c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866 |
| SHA512 | 780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal
| MD5 | ee66cc9ecb6e035f8ec41785dd75cf3b |
| SHA1 | c3a87f470d2cdd328cc7a72cf8fc20dd6e5788f8 |
| SHA256 | 9799754bd313020f31c59203fdc98a5139bbec17c4dfc415a26dc7680dcab274 |
| SHA512 | b3efc32f47a9f983056c105cc4fe727a166c5d439cf20b929fe9da3ea0476ca849c68faf6977f5d13b9767eac827470cd2cdadd3cf15aaa636c821d4d4570dbe |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal
| MD5 | 49e7d37638cb8892b30661f2e6820b19 |
| SHA1 | bd0d1653542f9ba57e05725a444d609c3de70314 |
| SHA256 | 8c14d89bcd26d217d22e3b1073d1bedd2f06b06c0f2eaec65d174d63df0d634a |
| SHA512 | b4ab5b39f28790563d27f5703a4fbf3d6ef3c51764d54d0f73f072dd8bca12a8d3ba93e55c5ee506be8aca52f4b89855e176e3d8d1c6713bc618ab311924410e |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db
| MD5 | 1475a4e73106da7da73b1aa1d456eaec |
| SHA1 | 41587d1f726cbb0fde60666d2c2f6944db4c4aa9 |
| SHA256 | 72b0835345ac6cc509a04f913583a1f48c37c4cf40b18c5799ac6883ed401ca1 |
| SHA512 | 11134d20441504703b0d405f5ba63c7d4f763ed07f618235adb3faf53298dfb6310d323420dab2d8507e6f24a576906c5457fd69a8d8d4b619f4d5626686a1e5 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal
| MD5 | 472aba501bcd323d3a53a09db24c75f1 |
| SHA1 | 8c02a5b7c58395f530e868766db1401134f98cff |
| SHA256 | 79b7029625506c915814c77268c9d2b193b3485c2838fa836ad0e316cd74ecb5 |
| SHA512 | 3bc426eb3ea44ce00ac9548e3f3c3147dbedb1bf9f5060c29faa38867e5b8c2ffa8991fcb168751a8a500c640ed333a76437b6a2079316248e452d48d141c4c5 |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db
| MD5 | cdb9bc69e765ac4b82bae1b36f5e98e7 |
| SHA1 | 312b910f997ea30969f698884f5ee3aae322adbe |
| SHA256 | c3373fa8439fb13088cfd31358af2cfaaec72eb1100bf316eedd5cdaa3752104 |
| SHA512 | 178f1ad64be9657faae382c77ff1053059cb0a3642a1978fecce9ab6499862649d410154e8921b3d0e38f4efbc74008ff2ff330bfbac1684826fc06d4a54e5db |
/data/data/com.jkzx.WSL666.vivo/files/.envelope/t==8.1.6+G&&1.0_1718554146805_envelope.log
| MD5 | db753318bbbd7d75974a4670748c8667 |
| SHA1 | 2898cb38cb78b2932717e2fc2927fd3609fd5609 |
| SHA256 | fb669f057a085bb527cc7bea4a54e36a14358eae067bad85fdeb378620b7738e |
| SHA512 | b63a0c96e02974c520028b9b8e720f37a384ba38a26c4372de61ce3d0c04e43c1ab23bd5845237cb62d63fa54cec509d767c62715112b0e99b75606cdd95363a |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db-wal
| MD5 | 5586b83070b7b98d109f1decc3395415 |
| SHA1 | b454545d8a6c665489ec7f98f47805747c7fa782 |
| SHA256 | 81383313cd5b92ff0e7630b03bed5b5d6ffee3bac749c73eb7e360d26feffe0d |
| SHA512 | a72686624983e7a5c8318426cc7b5b8e9d15ccfae12c64f64cd7b2ae57f82a5055be2eebad8f03e5e8cc12eca5e92f477905427d4340595f8d8564729923ef3e |
/data/data/com.jkzx.WSL666.vivo/databases/ua.db
| MD5 | 9bc3617be0a6238397c3b324ff4848c2 |
| SHA1 | 5cb5ab2bf1ed4c9e38a7b8ccd9033e9f2b4fdd93 |
| SHA256 | 481ee03d59d2a32e35e37ff8b742f174eb3f7eb7f292f5f15a2242fb4e98c265 |
| SHA512 | 00568cf2647c1fd6949fce08740e233800ed4bec8ee1a418a23bcad7ab043687ab877739f95383eaed9a3fd1df93e172214ffe3ccd67369915019c7f5b586cbf |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | 2748290b614c5c8ea925f3beb66b7f11 |
| SHA1 | 8b9dba83fe6bb30f05a80cdc254ac2073ab51df8 |
| SHA256 | 26e391a6943a901336be91ff2adc73d443c0fc44931b69742583a29f3f844fe1 |
| SHA512 | c3523e002fe8df5ff21a1c96cba8ee3614dbe06bae836b6b6c0ba1b6b053bac4c6fca47a265d7ce12d9d80d4b30d3ebfd3fc3a7156de440ea9b7a171a97021d5 |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | 5e1236747cfa4e52cddac4b02da097f3 |
| SHA1 | d9077411f15f3ff2f0dbe55ba30fc4c5c40b5eff |
| SHA256 | f598309018f44b138cffb345b6c186121e3e2ca01a43958f5159d42f9bc083ee |
| SHA512 | d814c5395ce6d21aead601ea5e27db2aea5ca1911425a867a007081aade5ffd0aead74c925207e12c1d3491fb37ef84703d8ca4a600e6f54f43946eb64e7ae71 |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | ec052e02a1ecff1cce7e09812739fca1 |
| SHA1 | 5f82d22f8402bca705234535e6d0efaf02c5a478 |
| SHA256 | f32d19fd0a39b00ace78719c00fff6a7ffa72670c132252960f13c566d827eea |
| SHA512 | 630688ce602a49c59dd8c8e405d76acf82eb598e679a293d6b1219e139d84ee551f429d6d260f204cd13b36e6f538f9db91a09c3f9f2d7c5ff15210bbcf0399c |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | 72ca2c2b36639d82f81a086054f87276 |
| SHA1 | 543c9b44dca310fb5d97c3aee761ee4ad363a3f2 |
| SHA256 | e347313f1ab6fb5fbaeb20b598758d7160ae64b9bfcaf67e006f560f77548453 |
| SHA512 | bd8b04117e019a20090cf57af06bd872af37c1532f609fa01c0acd5926a18950dc7414a98862881afabf3b5c6acf7fdd1f934e0733f026c7af767f966e1ee2e3 |
/data/data/com.jkzx.WSL666.vivo/files/GameDataCache
| MD5 | 26ae74709f16669608b8efe98ad8efd9 |
| SHA1 | b721ee44f0b703d1fb2fb2fb8d2c1a7466c76800 |
| SHA256 | 1df9440a45d3f06033fb72603cc1587a082e5a7f7b19b4c4133205bc816a8fbf |
| SHA512 | d409c548326c2758e08fad58bbfcfdb61f7ad915bc7dcc5bad9487e1fd8f800a5750bf40f0edf2b620667baead51c61c7c58d81289f889bb3094f89879be5736 |
/data/data/com.jkzx.WSL666.vivo/files/oat/runtime-dex.jar.cur.prof
| MD5 | 9da803cbca4171265313592dc8f062e6 |
| SHA1 | 619ba8af585fa2490627b5aa8506e0fcf2feee75 |
| SHA256 | d4349525f1510471356da3c5ab2d40a720a78819a09c3cfb2402831b400becf6 |
| SHA512 | 349b4572cd49345791a17317e9c5adca3ade11c08a5387893e4ff640ec5b5d1efbb62fa8bc15324ccf940030d5163a9fdd1038549c2c47d495ac877aa0db12ff |
/data/data/com.jkzx.WSL666.vivo/files/.imprint
| MD5 | 6becb0e0782302909d29511362218e9f |
| SHA1 | 67612a059c84a55ba94861cb9b26d20390974d96 |
| SHA256 | 9a3b6e10ea1f749800a2bf563eaab355049edeb6e73d735922d824bd40a89683 |
| SHA512 | 181e651788d672ec29e14fd2ca77f06427514f9d82f1fe24215612338e2dc36476124a3dc33cc3bd58c4d21d3be2ade561dc39bd657c23422e4a3277b4b117f9 |
/data/data/com.jkzx.WSL666.vivo/files/umeng_it.cache
| MD5 | 19217d475f481ab2d31365462a43f53c |
| SHA1 | ad33dbff45d6d1d54e26005ba8ab2aaaf2de7a70 |
| SHA256 | 23fa943ca4e9457b14acd037be799581e95c5a8aa79c191b892c8ffefc7a22f6 |
| SHA512 | 706fdfafee0ad1bfd7c2ff70cd1386c954f7bc76ce82c19adb41eee8d8e5a2c278eab96c02005f8139520c1d1f6ae4c4c173af96c5af2ffb7ab8b3545b434efb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 16:08
Reported
2024-06-16 16:08
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 16:08
Reported
2024-06-16 16:08
Platform
android-x64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 16:08
Reported
2024-06-16 16:08
Platform
android-x64-arm64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-16 16:08
Reported
2024-06-16 16:11
Platform
android-x86-arm-20240611.1-en
Max time kernel
65s
Max time network
160s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.vivo.sdkplugin
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stappupgrade.vivo.com.cn | udp |
| CN | 220.181.128.217:443 | stappupgrade.vivo.com.cn | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 220.181.128.235:443 | stappupgrade.vivo.com.cn | tcp |
| CN | 220.181.128.217:443 | stappupgrade.vivo.com.cn | tcp |
| CN | 220.181.128.235:443 | stappupgrade.vivo.com.cn | tcp |
| CN | 220.181.128.217:443 | stappupgrade.vivo.com.cn | tcp |
| CN | 220.181.128.235:443 | stappupgrade.vivo.com.cn | tcp |
Files
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-journal
| MD5 | 793efa94e5594eecf2c1bc3b86ec5c88 |
| SHA1 | 2f2299b47074cf62f23a895126e684655aad0fd9 |
| SHA256 | 7fa98d03f1ca8c295096516b796d8859cfecd059b99513b9b3bf5b9e04b0b761 |
| SHA512 | e12ca1b3dc608af8f681757ca141cf0096f4fa15f266c86b1527944908a9f7b72098fbda4b7e42d14abe2f641c5a7a021b723f0a1bdffe5c7e950e537570b986 |
/data/data/com.vivo.sdkplugin/databases/vivo_union.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-wal
| MD5 | 82f54132a754eac95232c646d1d7e714 |
| SHA1 | f1ffbc2387467be007609ce1604e143855c3d430 |
| SHA256 | 7bf68973aadbe114115860d4ebb03cc10fe4a4b12f2e7870aca5e8b0ddc8d612 |
| SHA512 | 43789eefda7230340541327633b632789aeb13bacacbc6dddf4f73e1b6550effe9d66dab86694621ee696cc56df5d0f1b073f0a401ffe704975f05b86379582f |
/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-journal
| MD5 | 0d246bc6da96dea9c4d45ff5be391f9c |
| SHA1 | 0728011e0ae980cd6c7e21cee19b973b93caf0a0 |
| SHA256 | b335f5e514eaf15ac726a26d9f862632bfbea213e89f0c38d70c9beffbdebba0 |
| SHA512 | b516b04edea38aa53e09366525f45f88bdad7030965cb3c7b8c71e4fbfef9fd61be0e544dd02c483e645bcc37983a0e9a3749806edddd97432b5c24c193ae8e1 |
/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-wal
| MD5 | 7373026107e17ef5cb78814a6c7e3907 |
| SHA1 | 4fae035659528f39f371d1f1a7ab91de9fcb5cad |
| SHA256 | 7e47c72e6f8a8d4495e138466bda5100284e21636b20e0f7dca6b3ee81b92d6e |
| SHA512 | 867f2e322139f5e3ffb4a0413236fffafea6b2a34fc234164337af6c50310e7940ff96431f7913eb4d69dbc89c51a576e337e4321e985707d697f6a05ca35a73 |
/data/data/com.vivo.sdkplugin/files/vivo.crash
| MD5 | 0e1835a166d8e67b51217c8688cc1444 |
| SHA1 | 043948449b2aafb2b44cc3b0d2151a2039c7088b |
| SHA256 | 80a3659ed5d30675a9bcf62caf886113bc02d57093842483ee54e426d8749fc0 |
| SHA512 | 811438fba5fe68b9eb437bcd86737a06449f3c3d723e07d4e3fc38996d7eab3d070c528f919456043bc57d1fd4741876d4f4b20dc018bff9f302ff0b563d368d |
/storage/emulated/0/.vivocrash/com.vivo.sdkplugin/timestamp
| MD5 | 83abef49ae0975e7a5fc34bcf39a1752 |
| SHA1 | 4c37b316ed212f3c0f3cef1c2a7f29a116165a63 |
| SHA256 | d115cb16f6cab304711115476a7f6796471ac8eb3842a849f36b67fa55bf244b |
| SHA512 | c275f4784eb1c1a38a642fc6a9173778401fcf2c1d948d9465b313a3361c1c9f08354bde4b2dba1a2d88aa5c1cca0529487fd15d6541d273586377a53b8d6b66 |