Malware Analysis Report

2025-01-19 07:59

Sample ID 240616-x7w7msxhpm
Target b4d272f0e9e66bcf8b378cea6ebad9f2_JaffaCakes118
SHA256 49aded8b53f4b2115df8d0a7cd9eea05b478ea79f2a92f2fd7dd925a9a8957f8
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

49aded8b53f4b2115df8d0a7cd9eea05b478ea79f2a92f2fd7dd925a9a8957f8

Threat Level: Likely malicious

The file b4d272f0e9e66bcf8b378cea6ebad9f2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the unique device ID (IMEI, MEID, IMSI)

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 19:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 19:30

Reported

2024-06-16 19:33

Platform

android-x86-arm-20240611.1-en

Max time kernel

174s

Max time network

183s

Command Line

com.yike.naoffer

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.yike.naoffer/mix.dex N/A N/A
N/A /data/data/com.yike.naoffer/mix.dex N/A N/A
N/A /data/data/com.yike.naoffer/mix.dex N/A N/A
N/A /data/data/com.yike.naoffer/mix.dex N/A N/A
N/A /data/data/com.yike.naoffer/mix.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.yike.naoffer

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/sh -c type su

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yike.naoffer/mix.dex --output-vdex-fd=51 --oat-fd=53 --oat-location=/data/data/com.yike.naoffer/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

com.yike.naoffer:pushservice

sh -c getprop ro.yunos.version

getprop ro.yunos.version

logcat -d -v threadtime

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 stream.dcloud.net.cn udp
CN 124.220.154.50:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 m.naoffer.com udp
CN 121.42.231.130:443 m.naoffer.com tcp
CN 121.42.231.130:443 m.naoffer.com tcp
CN 150.158.157.83:80 stream.dcloud.net.cn tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 43.142.22.58:80 stream.dcloud.net.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 43.142.67.81:80 stream.dcloud.net.cn tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 43.142.150.110:80 stream.dcloud.net.cn tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 43.142.166.20:80 stream.dcloud.net.cn tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 49.234.42.40:80 stream.dcloud.net.cn tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 49.234.44.193:80 stream.dcloud.net.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.159.41.92:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 stream.mobihtml5.com udp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp

Files

/data/data/com.yike.naoffer/databases/bugly_db_legu-journal

MD5 cbc9e99471df02041b3045e5a4eb54b9
SHA1 9a534ad86e885ac216a1001b4d0320e20ed97700
SHA256 28c4263bb141e487660d398902a5831f21e9992b7899f7a52c80f4d8a6f1e07b
SHA512 f0f919913e6e91d8e721a8271c584d59439073fffb05178090f1e5fda16f7cf2f2bac614aee189dc93ce78f3be990e554437f56eb36c53367dc477bee8b30510

/data/data/com.yike.naoffer/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yike.naoffer/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yike.naoffer/databases/bugly_db_legu-wal

MD5 72a8c358c22faff7ae734d10f2613de2
SHA1 7ccbac602a16b7c920021189dca957b211d4a04d
SHA256 9b9e93083915a7cb051f072ca2feedcb222889c277845700895162880cb637fd
SHA512 750e35b3575415753945827cac61d53d38dc9ed6a4e37108989d18b4f732bfae005311b3c74b913aefd52caa7fbf459261d826f540ed92fe138938ff4e98d459

/data/data/com.yike.naoffer/mix.dex

MD5 4b5b330dd9752711956300adbd3830a2
SHA1 404b77e1824c8a3523e29d449fe160feeba16728
SHA256 1a7b5e7fd9a9e60c86cbe8f9728546f5cb6c82df1a7a8a1c2b1a04a30b8fceac
SHA512 50675fc1fff019865807794caa9404755349c69e9e0ce5884d53efb9a3aaed9f6aca967601fcee8e1185d9b3b4aaefb9a25b88e17abb4a45fad33b97f524868a

/data/data/com.yike.naoffer/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.yike.naoffer/files/.imei.txt

MD5 8460342d2fe4603dfea27652bc5087d6
SHA1 f601b3fffeebaaf31c25270bf506acb0153e6bf6
SHA256 a257b68f80f43a80d4e29b8156dade01b1d51430e8d8bf9942dcbc4110a8d958
SHA512 c260b19a63b0425404904019f44477b2423325dd3b2d8175d00a14bb669e8ecc90d10135ed7366242c0ca544ee8ab4ed22c7975c1c64d92a7b0d8842ceac8d96

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__shortcut.js

MD5 afba5c096dbeab5699b83d1f18e278e7
SHA1 aa654c988829ba63b4128bf3c6f1aa1c8acdf98b
SHA256 08d5ac2b3578b69885ba3e681faed3d7450e6dcfdd19079bfd5e895e99c5e1a8
SHA512 6aa4779018e38bbe4106a8d0de42c203482db01b94260d70c12847569949d67ac090476c8ca3e7b2c4630c1eef17e1207e4b77179ef9424e64b5e2faf01aa644

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__template.json

MD5 51f5b075629871512903e0b52fe83dd0
SHA1 fa98563f57009c6c449aff18d0ba41ccdfc5b538
SHA256 1b355863045b34d4f4f5c4562ed0b1f256fec4c71a603a472d92f9230e1f8be3
SHA512 ddc452f7d2083ae0a946ba2cef9caf4217bfb05a0d6d5fdecb6e8b81b87f70b6fa25fda014941c53d3e8d3f368b882d8b4a24b40018b3d3d28e7177580ee4c00

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2app.js

MD5 efba11790a15a9acf22793c966f88232
SHA1 df2217e216580956437828799064116be3e3be0c
SHA256 19e1987fac3f57ae0c62a78d325e81c362900fae59b6bfc91df4344ca85c6429
SHA512 f1228e5595646058eefe80c4e2d38c25866199f7bb5f216e114231ce10a5a4ee48b569e71484c85873fcfbd5d7f5e785bdd03992e20f660bea9baf84982eba0d

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2app.ttf

MD5 547acfa0fde7bbc54518dd520b797f34
SHA1 a0023ccf7c1ee34ba73bac710f01a53b4b9aa765
SHA256 7395a871265355194bb9396ab67be348b12da19251b59f1940ca1a5f21fad386
SHA512 ace1a9c92b747a6d9fcce9da3c2be06748dd82bd0cd86a60a8f019cbc0f37cb2c89874815a22d80ba31eedd4ef167ddd5a039b296abee20ecc270bde688bf98e

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2appbrowser.html

MD5 9ced946e7905bf6d82a9e31d02af668d
SHA1 1095450ca62c5b37f1db57be51636ad082c582b8
SHA256 ee73e465d67a304ce64bb987269bbbdd17220d1972c079976d72f645f5cab163
SHA512 49fcecc2896e142b7c960d4ef137b5bed91fed5218656c5d361088219019f82c6e56c4c52e87663ea2ed38a0f1f9081432729b2facd4054dda03ffd86b9ab545

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2appcontext.html

MD5 8cd274d153dc6f0417cce65fc116c267
SHA1 1efe7d2fb834dd1a0743c0a25474d54000bce242
SHA256 913bdb3bb6bfebae8f49b66d98ed659d5bc694eb25578c75e342fbb4cd88b47c
SHA512 8ddb741a6541d07edf277ffd19a10f34b81f24e9daa5f6b33420913186c1ce396d9a636737521248ae8ac0cc7a678d6933105a26173766cbe825bad262cf923c

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2apperror.html

MD5 8bd6e5ea9a5c8a199e343c37c5438a33
SHA1 6cb6bce59060f6fc059c41e1874fb657cf8b6272
SHA256 d969a084059966b4fcc7a090ce06d45493497ebf6f6be97bacf14cab6756d268
SHA512 8f7b804f4071fbf0af78be3004d056f020b63bba6a96117707faa20b9241b9ede25774a6df0c85807483e69b7a4bf96a6b6134ec0f7958b26576cd1dc6294e2e

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2appplayer.js

MD5 9e296fc129b4247f5e086a2a36fd5c94
SHA1 e89c875c5627f9321d24a91913d5892fe5189b91
SHA256 38b381c6b5fc3ee1136beec3db912dd71e0786cabd90f069c0b4ad6b7b310792
SHA512 febfdd0d8c5fad94a69253f34bcd46699a3ec9221e9e2a11b22fdce95ce7d48ff5f50fffb2b073c43f418c91a2c93910d5bfb4d2a9a44f2ab015e5471c109259

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2appquit.js

MD5 d5bb915218acd49bb77421da4375fe3b
SHA1 510913f958d5eb1bc6e56b8a3c9ccec30dc93215
SHA256 655868bd3bab6196ff736ba9b7ae3acbc614cc4a2839117cc0f5e58e27bb7de3
SHA512 00ba96947c383c3e2a6adf6f4dcfbdc3edd0d4143d5ec567b667f8bc9f3b8a50402980a62e278593ec06b50d304c4aea8a4bfb3dce89652c6a33b540429b1215

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2appswiper.html

MD5 f346e9a8b98a64b021d118890dc88176
SHA1 66982e861e28b9372d68b53f96657f31539a6792
SHA256 fcca6c52cb2c79818912567af518f96cdc4776fe9fc1a990a38b9957024cbe3d
SHA512 1e95a00273bcb55e6cac675587d6e7e2bdc612a764ba2b430b55fa7cd59666670aad1ca7402776ecc4b5491bd0ee33facb0b48a06fe3dec4ddbc0b5bb95f43aa

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2apptabbar.css

MD5 52dbbeb73ea1eb43eae20cce83abf9c9
SHA1 945c26255dda4d4f1dc53e080bbed91484d87a9b
SHA256 e613d71151b2c01b697f662e3f194bcd60265c767bef9bd49766bbd54f24b019
SHA512 7cbd9a4f3cb3a70d0b487aad9043b357dfddfdc975d830d8e2bee8363a96263c885671a72adc98bf64e2627108bb47bfdb03b27003ba2b24233b41c49017c30a

/data/data/com.yike.naoffer/files/cnc3ejE5/wap2app__template/__wap2apptabbar.js

MD5 ef56482b6a5bb9544e8025d27b7a3c95
SHA1 743b075843bff1d3c9fe993e0681a47ac66f7b68
SHA256 74f86605265a03be3a48a7db37e4dc8a16acf660c92716f77f3740c3f7610ac3
SHA512 0e54053f3119a30c7f33feb950b3d44509ab43f57185f4f72f22ae9685c6d92233856404c2e7d7aaac813fcf118f4522d0e219eb0d9a67e36571e5563a4b2525

/data/data/com.yike.naoffer/files/cnc3ejE6/eje3cnc

MD5 585839d66722cfd02e40cb740cccb633
SHA1 374c19200fee201b26d0153487a281a934615884
SHA256 86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8
SHA512 09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__shortcut.js

MD5 4cc67d73b280b1239e0d3ff5fd8320b4
SHA1 0969dba11e4b0bc4c5274628239ad01cd24f177b
SHA256 0295b03e168249702fccff78b03f20e7e8beb760286b8ecea910438e4eb9fdc6
SHA512 267843d4e562076119e9ad0dc91eea74a827b2fb1d0a1058cbed225ba6e72003c6019fc2b6da9e55424b5baa33a33a2630487ddba4de7e1cc73af620c30e9cad

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2app.js

MD5 165deb1739411c87048da0ed0a5303c9
SHA1 429bdb74689f4cda3a286c25c8088646bc587afc
SHA256 7802d3ce5a8991a0887c76c78311b3122de97b49afaa4a2e222e51792ef212b8
SHA512 8bee94d6151a26f62cd737a5299f882980b64f8b0386b85a766714a1d957c91f22c1830470959513e918ff4b04e7d7887777a604922bf190a8409e8c716b4093

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2app.ttf

MD5 95e605877ce5ac89b030be1cb8cd5a23
SHA1 aa2c4583a3934ddccc49de2b11286198f0e09f62
SHA256 fa82d37dd15c712ea5b2e9d53f1f29395de28158a75ca537bf5dfd3761db5aab
SHA512 cd36408dcb7e4ed16aecb3c36a03e27ceb28f924467c8f97cf6aba42a35913ec4038c8fd477fe5e180c6e9d130cdf7f49590a13e74bc30c27953a7c7ce948b13

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2appbrowser.html

MD5 f37c3c8b41b76eff1c6d98aca40dc0a1
SHA1 ddeffbc4c7b3958a29306d889579bd367acdafcc
SHA256 c17c9fa9d1443652798ead675193629bbda3c285e60d6fe8a0b5e2e39e05ca03
SHA512 cf77fb0715e2f00773acc6058991ac5e4c314d85ce879feff74ef6f7dabed42182b54b84af4be8a9e508eb3b0ee6cb5f87ca004ea0446c05c3d579a606cba478

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2appconfig.js

MD5 35732e240a6efb30074bc3ce4b1792ff
SHA1 53d8b2f844a78cb34e9938359d4b93bc70027d3a
SHA256 b60ae0e9c69351812fefa26aefa6bdd6987d9f64cce08caf67091063977b26b1
SHA512 2ce5e6855d78e3dfb3bb1dfc0ce5a2f4ed0e7019b438f75fc67e4f7ede2f3fae74c3e5171b4086e284c9c7d9b021b85ed0a2933660aafe1919f33de666904243

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2appcontext.html

MD5 6f6f2b25ed240fb534a8737fe675b371
SHA1 cecb50311db62b17830a53ba1d501d654e1da1df
SHA256 3eb57ce77cbeb3eb30a1a17c405c9ddbbb9bf82b5c2c87ed31f6f479793afb09
SHA512 46f3d7c20a0446a39ffe3a895c55deb3ad431cc5b89c529d4db127ed20ee37c7eb6f385be36371955103475e116b3547ec76ad4f865ab91a77cc9bcdc0273e3b

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/__wap2appswiper.html

MD5 eb5f938650308c63a3f082a5b1e3382a
SHA1 08ddcdf824e285921f1b43faaebc817514fc9345
SHA256 72d7ce0d6e3b6ded505bdd9f279ecc3262027d40d6222fdee2749c9850f46d65
SHA512 50a8859f1f3c7f71a1c03d3e547d53a189916f4574c61be834bd877f6a6f52e1e07863eab2a7a9387d1f52569eca2784de90898b3fbfdfdfab1239f3f5094961

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/client_index.html

MD5 2e84318a5501f8f68ff3f30a838e1d4d
SHA1 6792f36daf81460657084e932df41db482441028
SHA256 daed39bee427600090363f74c7fa1e55b93b323332c39974bbb4d62d5eeada50
SHA512 532ca219be21268b186f42d634408932f7a9d86dc4f4959396a9687c5ba58abb10415645d9c9fc6dc060d6caf02bb7f912d37a371732ac9262d5277a69c3b70b

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/manifest.json

MD5 898d419c1e0f2ab8f5382a0da41d9821
SHA1 604a8974d86ab1af561e866bc409db27320d5a54
SHA256 6cf6fd0e9d971338a152119d5940d523332cd7e10612a95d352303e894b5b026
SHA512 c2dd9ca3f145802e0fa84f19ece23adc1ad3f5392adfd78bce1d67b364516d39b6f5edbfe31072a25bee5142595644fa5c1371c3a8724d0b6499e561d4d3c748

/data/data/com.yike.naoffer/files/apps/__W2A__m.naoffer.com/www/sitemap.json

MD5 08e4581c7aec78a29423f051d9de8deb
SHA1 dc4295c3437089aa2370b6876f89b19a56446155
SHA256 6c246c48c257804678ebf4f258f411c9f7c6b21f6d082ad35eecbd1995f66a6e
SHA512 25ffbf68c2abe65bd1e637c75abf58df5c775b924884963fb3dfede28909e040b9a6852dda1b215fb0d9e03634cf6a20877c150b6230ae797c65c887a4fd6e2d

/data/data/com.yike.naoffer/databases/pushsdk.db-journal

MD5 037ebab13a8056bbca56343aeeb189cf
SHA1 8b36a6f0ea4197d5a491ca80ece83cdb9c39bf76
SHA256 48491a10686219eb7f6ade622383e03219d584a9dd2aee566381ccc93f079a7a
SHA512 3665352cef437d22160858918ffbabbebcef207582ad6e6224fbcc323665f0d0619e63c4f399e1f91102e752689952677abc6f5c6cf3a207fbe0bee3bd31f15e

/data/data/com.yike.naoffer/databases/pushsdk.db-wal

MD5 e7ee394c4a5aaa2e5511373a75fe17c0
SHA1 d08363230137bfb973b95f5dd9a0c683cdedb2e0
SHA256 6767d08e2efadc6c874bbf1377562010946ff8393a9cf8aff62289d5b2955a92
SHA512 b0656cc94113ca4d781a05f8a78f31e812c98697c9eb91a5e6c37cc265f9344678caeb34ecb2d3e54736ea1e7b6e057d1e603a6edab5a2c7aa70359297133fed

/data/data/com.yike.naoffer/databases/pushext.db-journal

MD5 c2f649b70aefb88fef8a68889d9c9312
SHA1 760f67ffaa3db991c1770f862c7bad468086cca9
SHA256 83ea2ccd5d9e5de68869c49390e524793b62256d27a6a010198c3c1d7148a518
SHA512 aebb671e38ea210fcab3cb454fb01de9e1720e23531e3f15e8263f8675666c1fa04394c5d8c9b41a96fe25c8f23760170f2b8d70534950a6f108692e57f2d777

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 19:30

Reported

2024-06-16 19:30

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A