Malware Analysis Report

2025-01-19 08:01

Sample ID 240616-wtcemsvfnp
Target b4814bb1ea12d80bda667e35e3e19a64_JaffaCakes118
SHA256 58e314d493f47dbc0cb3e0119af6e50c20d74875b10619004c5b05be437f51f8
Tags
discovery evasion persistence impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

58e314d493f47dbc0cb3e0119af6e50c20d74875b10619004c5b05be437f51f8

Threat Level: Likely malicious

The file b4814bb1ea12d80bda667e35e3e19a64_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence impact

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 18:12

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 18:12

Reported

2024-06-16 18:15

Platform

android-x86-arm-20240611.1-en

Max time kernel

158s

Max time network

165s

Command Line

com.coolgamestime.dropblocks3d.gtx

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/classes.dex N/A N/A
N/A /data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar N/A N/A
N/A /data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.coolgamestime.dropblocks3d.gtx

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

cat /sys/class/net/wlan0/address

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar --output-vdex-fd=61 --oat-fd=66 --oat-location=/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/oat/x86/vva.odex --compiler-filter=quicken --class-loader-context=&

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/classes.dex

MD5 77ebeb38c2647488e5cec3d6ba26e046
SHA1 150644027c166852630cc974b7269c45bfbb41b9
SHA256 57f7c2c7056962bd32409d9d42c4f5b8ffa34a2c5c94089e528b8946f5e071bb
SHA512 d4efcea6cbc688118a9d7488f8a279e4b9db6d828409c9ab25d5db74fe33e028d5e4a7df7ed3656cc2007f0555bd52ab22d604687883bf118bad6d3dc8c6a019

/data/data/com.coolgamestime.dropblocks3d.gtx/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ri

MD5 c7e52e01b01af47db5efce18d76ac16d
SHA1 283cdf65ca135be1002c2c0c3f659a953aa0efe7
SHA256 e59aed144f8f09afb3093fa8a4dcf40e38e496c64f22ace53098c85bbf73c782
SHA512 fd789d18219bb6a7167b13378062f1471c37a4fb46739ef1235b4045b0adfd17ed8fb8d46fcfe08fbbefff382dda7564d67d3063150b9d6113c408b035ca72fb

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ri

MD5 5a9fa571b00459a230eed8b7a6746b07
SHA1 7e6dc245881010862e956dfba933b996edced4cb
SHA256 6d181ec0c789547eebcb09b7bf01adfd783fa07d72741f7193a4349683d1b63f
SHA512 aa6055377779d3449f65f82e0f799f8dd0ebec306bcdf39558116b585035e3ec0d83caad93ee1fec06b63f410087f2ccf0d39cfc162f1ef1d0e7dfe9bc1ae7a8

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jiagu.lock

MD5 4b88461cdcf43c05aa890be82a3d6145
SHA1 366ab26a959dfc47872889d3f1232a537284305a
SHA256 b2a863a8e04b7a954af1f7b1cd7528c9504cd7f4f81b38d2d57c941a37c75910
SHA512 72e1546468ae01603a92e088fbde6847bc7094fddb068a1d9a751b991e3ff5bd3178d40937df7dc30a9cc0bb3bdd9b4dc64e24308f96871f720f5966eb03c4c7

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.rd

MD5 18318546664bf3cda2e9e080b2e6a6b4
SHA1 ab00f0e0ac3005c80de7b956ae89edb6d6ddf1f2
SHA256 d952b01ee8c8a74dd9d34d152ca39cafd65881a76feb1789e41fbead423cf593
SHA512 b21e6c3a12ab406564e546024536c59f96eb1659d21728c82866303a546606d219927b47266e8568422fcde3cb420fd9df2f6cd252758b436c2f6e1e5a875f61

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.store.report_pid

MD5 c40e9d05afa6788fb5b0df68b679d785
SHA1 8c83c0c99d569d60c76fba0928f81d192f005916
SHA256 24c1187b262c833275680a88221496b51a835d6baa2a743e836c976405619bf0
SHA512 9c7b02c9691d954c8041f709ae5d556164216b04f088d160c4772f5d3d8206b5ecf5171a4c355ce9449a0619ee0dc43bb655a4b8ed21cf9d0c3dd72799125948

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ac

MD5 5b505cf2c409ed7aad64a29d44b9910a
SHA1 5cf7f4b93c02ea1fef1caf2f0475ee47472d711a
SHA256 0a3c87fa91798239f7f08d261ec374819e83f4330aea2652f5f7e2602274cb13
SHA512 48dccd437e34317938c9c69da0b60893a4109fba2cfa2e52299ebb92705cd0e29df5f2b1f41d7aa917cc8f16b01702526862faa16a722eeb07a6dcc27ecdcd3e

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ic

MD5 c9a044e50509f1cd8050125b016cf4d8
SHA1 e67e3759bcb59aea3ce46f6037c4bb158a7f5830
SHA256 5a07be786f57c340c7cfb5d8dc8b78c9435f5de0552b1e7bbb9c3738783981cf
SHA512 861095810f57aa5777b870679cc569931e0b48268f63a9770ab236f9219305812a62a40664c75ea63be36317d3ff6bac99e30be74eafb0b5aef18353ff051d66

/data/data/com.coolgamestime.dropblocks3d.gtx/files/ebody/seey/tv

MD5 1c4ec9002d8f6c1ddae5c151e48cf718
SHA1 2425cc273831d722bee4906c14c03fe497b99c08
SHA256 f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0
SHA512 6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

/data/data/com.coolgamestime.dropblocks3d.gtx/files/ebody/as/cheuu

MD5 de04405a9ecd52ba48b30cc84048459a
SHA1 5c9cf38f6e8dff6706033de614a3c2619a495442
SHA256 7b4c12f120a65dd2a485f9f9b5c6439dcbb7c4c297f0156294ba0191782345bc
SHA512 928bc110ececf5fbc27f438cf527092c67da134e56941753ac7e14fba53ecf18091aa47d90f87a4dd678e6527563d3c6852e73f0a8aac92ac689b5395423ab91

/data/data/com.coolgamestime.dropblocks3d.gtx/files/ebody/seey/tmd

MD5 f22d1c9d8805a03089a14cb8f0a077f0
SHA1 fbf44eea9680293a31ffaefdf4a51fe76b661b96
SHA256 c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49
SHA512 9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

/data/data/com.coolgamestime.dropblocks3d.gtx/app_ebody/res/xmtok/37673/uuloi

MD5 a4be05e15ad132090b309f396e91ff58
SHA1 8c8b8354188d80d9abf60f4f63883d2b92a553f2
SHA256 e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016
SHA512 1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

/data/data/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva

MD5 c7464d7ac75c59a56ff2f6a0f9374094
SHA1 e18fb726a5a36039aa18c383b265e79a343479e4
SHA256 c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344
SHA512 93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

/data/data/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar

MD5 c575a286b11bbafcf8e4905d27f30977
SHA1 92f75a7425564f8e5ced10e4ef098c378a0748bd
SHA256 185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba
SHA512 f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar

MD5 7eb039aa7728169a015707a82e1b41a4
SHA1 adeae37340af1ce383c908cdc4d375b270b30a60
SHA256 9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c
SHA512 c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar

MD5 8caf3f483ed2add014d8d4b8c866c5bb
SHA1 8999316aebec7d65799d753aef9453a51c2e6a13
SHA256 71e6601b6a0b4de3231b8b0e9b38589d6f1f8795472dfc3db33005b12dfaf583
SHA512 5d6af6270e9550634cfbdc980d2c110f8514e60ef12aef7d575d3ebf4db7ce64562f355c2bc9908522cdad45a0b8d7d3669909ddd42bea00b26579e4a39014c1

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ac

MD5 f2fe0575eb8bb9a460dedc6e54794c9d
SHA1 9f734b14d1df28921d0093ec675b046d21387775
SHA256 62be4c2f8d27553a3bdf5afac9a8fa3338a1a3c48ecc3c7f5192e62426a781f9
SHA512 44d21b4f9c1677e89d480e66f40c60253c1f36378f9e7d485daa9661132b31282bbe4061f263ba47c583f2a11aca8a9c77c5984ddb18340ad7826f6c956863b2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 18:12

Reported

2024-06-16 18:15

Platform

android-x64-arm64-20240611.1-en

Max time kernel

175s

Max time network

173s

Command Line

com.coolgamestime.dropblocks3d.gtx

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.coolgamestime.dropblocks3d.gtx/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.coolgamestime.dropblocks3d.gtx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a.dan665.com udp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 game.62game.com udp
CN 47.107.234.67:8001 game.62game.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 39.108.120.165:9127 a.dan665.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
CN 39.108.120.165:9127 a.dan665.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 rubick.gameanalytics.com udp
US 1.1.1.1:53 api.gameanalytics.com udp
US 52.1.46.33:443 api.gameanalytics.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp

Files

/data/user/0/com.coolgamestime.dropblocks3d.gtx/.jiagu/libjiagu.so

MD5 5aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1 522db1748608e9173547b29b7aa82ddc3542c534
SHA256 5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA512 5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

/data/user/0/com.coolgamestime.dropblocks3d.gtx/.jiagu/classes.dex

MD5 77ebeb38c2647488e5cec3d6ba26e046
SHA1 150644027c166852630cc974b7269c45bfbb41b9
SHA256 57f7c2c7056962bd32409d9d42c4f5b8ffa34a2c5c94089e528b8946f5e071bb
SHA512 d4efcea6cbc688118a9d7488f8a279e4b9db6d828409c9ab25d5db74fe33e028d5e4a7df7ed3656cc2007f0555bd52ab22d604687883bf118bad6d3dc8c6a019

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ri

MD5 0286a213f96443863a4f13a8ab5e0114
SHA1 9f0a40a0b66c316b036cb3f27876f6abea9a2c41
SHA256 14979e903b7a9fbea16829b7840613cac14b190accdde9360449943b0a7445b2
SHA512 38423f1a102f92e4e2335c1fbe6c51e64ca310e111c7165598ce7097b224fc052e3107dfafffc4c4fd9964f22ced69fca0292852ab927f1d745b6b0c900f046d

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ri

MD5 41644bbb3d2871af99a955ab998b0ce6
SHA1 c112d6daea420a5576984be188613e4f526eee05
SHA256 6892e5fb13ef44089f27a36715af7944bbb7ab3d15c2e96d75569284a370347c
SHA512 ed1d2e482801a77f55daa70d138c62a9fb5913ab43e1c4ac511333f622b527332601d0b77976513134881f3505473601146c9fb267b9f4355bb0ab24bec79001

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jiagu.lock

MD5 0a4e8bdc36404e091705d3bf21071107
SHA1 b7e87481ef2c5b0336a152553e60acf6bd317862
SHA256 e13e6364f624470ba82a8f9b238950972ba44e4d0276dadd7a0a8dadb97e9d77
SHA512 b7c24e19f896dd3d5177fc7c47c09c3b41bcbdb861078189dfb3ba2269753b7710e04014bb5446cefccade70d76ef2bca8b218d01ca7650093ec2f14c43fdc26

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.rd

MD5 e318f9fbc9dce1f9982c4daf4201aaed
SHA1 fbb658f4892f27062dae6f0035dfa1173dbbae7b
SHA256 2c462888a0cdbfa9448ad9e6da36164541451fba2c706588785a55aa51c0772f
SHA512 2cb62c16cae35849965000b3002de59c1ef96dd64e15a26673d2a3e926fbc31fb88449a6c35c106a35de4d02496497c43d5ee7bb347b812850bb812c3a853e5a

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.store.report_pid

MD5 c40e9d05afa6788fb5b0df68b679d785
SHA1 8c83c0c99d569d60c76fba0928f81d192f005916
SHA256 24c1187b262c833275680a88221496b51a835d6baa2a743e836c976405619bf0
SHA512 9c7b02c9691d954c8041f709ae5d556164216b04f088d160c4772f5d3d8206b5ecf5171a4c355ce9449a0619ee0dc43bb655a4b8ed21cf9d0c3dd72799125948

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ac

MD5 5b505cf2c409ed7aad64a29d44b9910a
SHA1 5cf7f4b93c02ea1fef1caf2f0475ee47472d711a
SHA256 0a3c87fa91798239f7f08d261ec374819e83f4330aea2652f5f7e2602274cb13
SHA512 48dccd437e34317938c9c69da0b60893a4109fba2cfa2e52299ebb92705cd0e29df5f2b1f41d7aa917cc8f16b01702526862faa16a722eeb07a6dcc27ecdcd3e

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ic

MD5 c9a044e50509f1cd8050125b016cf4d8
SHA1 e67e3759bcb59aea3ce46f6037c4bb158a7f5830
SHA256 5a07be786f57c340c7cfb5d8dc8b78c9435f5de0552b1e7bbb9c3738783981cf
SHA512 861095810f57aa5777b870679cc569931e0b48268f63a9770ab236f9219305812a62a40664c75ea63be36317d3ff6bac99e30be74eafb0b5aef18353ff051d66

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/seey/tv

MD5 1c4ec9002d8f6c1ddae5c151e48cf718
SHA1 2425cc273831d722bee4906c14c03fe497b99c08
SHA256 f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0
SHA512 6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/as/cheuu

MD5 11d04207e5a9f7d18e3890553d751a6e
SHA1 43364344d1be9bfa2017b6e000d2d51eae359df7
SHA256 69ca61f7e25f1d4f3c53132fe8c9cd32868037bc3e4bbb56766ee6efd65aa505
SHA512 d0ba7974c7235bbc43b7bad2f8a13cd15f83716fe5fe635915016e74d0c920a66e83c6aca17653149dc4028503545e4c739441c219793934851e1cd10aa0db6e

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/seey/tmd

MD5 f22d1c9d8805a03089a14cb8f0a077f0
SHA1 fbf44eea9680293a31ffaefdf4a51fe76b661b96
SHA256 c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49
SHA512 9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

/data/user/0/com.coolgamestime.dropblocks3d.gtx/app_ebody/res/xmtok/37673/uuloi

MD5 a4be05e15ad132090b309f396e91ff58
SHA1 8c8b8354188d80d9abf60f4f63883d2b92a553f2
SHA256 e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016
SHA512 1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva

MD5 c7464d7ac75c59a56ff2f6a0f9374094
SHA1 e18fb726a5a36039aa18c383b265e79a343479e4
SHA256 c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344
SHA512 93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar

MD5 c575a286b11bbafcf8e4905d27f30977
SHA1 92f75a7425564f8e5ced10e4ef098c378a0748bd
SHA256 185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba
SHA512 f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

/data/user/0/com.coolgamestime.dropblocks3d.gtx/files/ebody/res/37673/vva.jar

MD5 7eb039aa7728169a015707a82e1b41a4
SHA1 adeae37340af1ce383c908cdc4d375b270b30a60
SHA256 9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c
SHA512 c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

/data/data/com.coolgamestime.dropblocks3d.gtx/databases/cc/cc.db-journal

MD5 f4e785ce7790b48a308804000e78f4df
SHA1 67484b663268bb4ddc5e0755feafffa374909866
SHA256 ce2efd01ab6cbe6d60d3e50c2ec6efe508890fd14df4d27f0cf99a48fdef6396
SHA512 cd0a872acaba1a9fd10e4f212d553f6664a2030da814a469959cc937c728487f5a6c2943b9026fab7107f64c32a638a990a088232c8c0985548a7cb0733bac1b

/data/data/com.coolgamestime.dropblocks3d.gtx/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.coolgamestime.dropblocks3d.gtx/databases/cc/cc.db-journal

MD5 f1c14f16a84054e12174874d5ba6ee97
SHA1 1cd1e79eb70941c24aefaee7f5aee5836e8a28e7
SHA256 686fdcea3bcad212b31e5b7033a9759c0f96b515f2b4324318a306f34ad9e052
SHA512 b7d3f72ffe0a68f7c2325c01eec99e2b42643d47bcad9ac3f44ac8f7b34bb679694cc1523eb40c282791cf1329d667ef688229eb2ff25668f2f06eb542e15e2f

/data/data/com.coolgamestime.dropblocks3d.gtx/databases/cc/cc.db-journal

MD5 6e5d7ced4e678abf9625d03bd68bffdd
SHA1 ab6927ba9eb61510a5906427030e5fbf3bbb7fdf
SHA256 31fefb18fec587fb4d812466e379e1ab72d81297d55207fb6d7b74022195ec88
SHA512 0bf5b45357f06c54b3c459a95fc93cf9000d2529b20e0383d25f814df4497377adcec406aa0d57927b31fcf40cbd4b4d06d1ab62720a15e22d58dd6e6c0a3835

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/files/Unity/local.d03c3a97561604c7a9de9d51484e1bff/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal (deleted)

MD5 2d18fd51ae9af9853f5f33d23280e2fa
SHA1 7184eb8d19ba9556c4a851e3de5461ca694694ea
SHA256 5894b59d4621f9dac5979b0647c7989855c1fb37a6178335786f10108a3f4795
SHA512 e9868382a5000d28dea8bef40d1c932be822b4e93427c59496178103912f833d2a4df3a5aecd4d659f3e3c82a0182847d03055b433826d6c4393fbe76aef71b3

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3 (deleted)

MD5 7f68a7f248d18573f970d4bca6560ea5
SHA1 4f25c5b0fdf84b823e671865d565d6b2958c308e
SHA256 e2360c988255a5653f0fa9972a056bebff01a5baa1c9a66bb408632b96c15a7d
SHA512 30082ec0a634b1e8ffe4bfc8bceb4395aca26b57f4ef9dc292af057bd3f31a241fffa4b311f14c6d9668f54185f65e20739a7f1e893b200eb745d5a9e9e0c2d3

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 68dc4a5912b173373b7dd48e14bba5ce
SHA1 fb3d6b46d8b99f029bc496758f7fb147f946bc49
SHA256 25cb3cf6ba9d258d593273b9a05aabd8a30929f3efabd3d58f9d4a417297722e
SHA512 aa8a2b10cb87dde0442a87359d0aa747cea12933b7b4597e6e8524d698d185be4c053cce26b56e470fa8e37dbc52b8dbb979c2e316c9cf58aa607157f4edf019

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 2948871091eb86a2dac803b476c1d643
SHA1 0c86ea03e61aa61434af205f461104f01a8325ee
SHA256 e8f66dc89f0622bd2c0405d283278813a5302ca733509daca46790c7c295ff67
SHA512 4d2b79add9d2bb15c8a770d9d8683d8ea26e1cf20f19b7839e0a62906774181406066fa0fd95b777768e4dc477012d5d231ff6fa88f4c8ea54ed679d478a993b

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 a19e071ee663905cf405039bc92e04eb
SHA1 b3c490cdcecff55a86a03d4d412d1bdf75603987
SHA256 5bfab28fc228f933e9dd2e7750beaf5b4186bdeb23636d2894f49242935a48e0
SHA512 c07d0ce8eb0bdce51ad05bdbc22f095aff1e33250f6eeab9784fb1fa456187a4715680c3e76337ee524d3634f13e244c6567252d2a59ffae5b08380595385f35

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 a2371333973fd4f8ab2c900f086c3b8e
SHA1 5217949a4d191550d8eac7ab6abe1e9677607d16
SHA256 5d7aa5c88f3f1160a1b3547aa2da4833e3ebd97e0a016ef0fb87ee9df4373e30
SHA512 299d0998c3dc46100761a9181d29af2eae058414f42c47989dd1e87e3a17b9b19b1886d3c232e287d6c5e55df5af06072d7ad632f1e476c540f505fd8b6b0958

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 9aa66c122e6899edc3b4295120219c1a
SHA1 2f0971e411442d0e21e9444c1890d0cadfe652b7
SHA256 1ddd23fe7fef08d3e63cb5fb3584567c7096d2f82d4a5dc895a1f6d5c57ce46b
SHA512 162df3201b15ad46bc8f80a1a44be221d07f026b74dab7c2cae94e875d65a4c53b269aeaf019066140ded3381705fe8516bf5d8c691a909a6016b2274c04c9f8

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/cache/ga.sqlite3-journal

MD5 ef8b2b01b755f7a086d0ac161b2f4e71
SHA1 bde32b6630f5bf053dfd75af3221319ce14b36e7
SHA256 dd55fbb553993f46ca5f04227f9bff28ec61689008c68dcf403702679de76303
SHA512 a45ed87f9ce1eefc9b683b6b33e9d8e283cb5a6c85dd08cb970c037e82de92d717310edc5253c86a3eee90733961dfac3babe2939e785c5d7a36ff330411dd70

/storage/emulated/0/Android/data/com.coolgamestime.dropblocks3d.gtx/files/Unity/local.d03c3a97561604c7a9de9d51484e1bff/Analytics/values

MD5 746b75a944ddb6c016b7f2cae77f56ff
SHA1 6b9ef714109fca1c1ec5afea45c45641b2c5b290
SHA256 22d28e4d6317ef6d52718346ac248a08f14a8c3447924ea24c8243b264fc942d
SHA512 2cdce5fdb91a98f233e844fb41c1664da2c74c5e1c108bca654b7cc9b0eba7a47161d3cbe544abb7659cbd9e7e2cb8dbe5810c7959c3b7e1e070b166da9c98cd

/data/data/com.coolgamestime.dropblocks3d.gtx/files/.jglogs/.jg.ac

MD5 f2fe0575eb8bb9a460dedc6e54794c9d
SHA1 9f734b14d1df28921d0093ec675b046d21387775
SHA256 62be4c2f8d27553a3bdf5afac9a8fa3338a1a3c48ecc3c7f5192e62426a781f9
SHA512 44d21b4f9c1677e89d480e66f40c60253c1f36378f9e7d485daa9661132b31282bbe4061f263ba47c583f2a11aca8a9c77c5984ddb18340ad7826f6c956863b2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 18:12

Reported

2024-06-16 18:15

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

159s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 18:12

Reported

2024-06-16 18:15

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

131s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 18:12

Reported

2024-06-16 18:15

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

132s

Command Line

com.miui.ad.mimo.plugin

Signatures

N/A

Processes

com.miui.ad.mimo.plugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A