Malware Analysis Report

2025-01-19 07:59

Sample ID 240616-xnv58sxaqm
Target b4b37419bf59c7067cd6ae0f2298688c_JaffaCakes118
SHA256 f6ff28476db3fd7b51cefe1f42ebaa56adc794f97251a7ebfd99c50ce9ef5eec
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f6ff28476db3fd7b51cefe1f42ebaa56adc794f97251a7ebfd99c50ce9ef5eec

Threat Level: Likely malicious

The file b4b37419bf59c7067cd6ae0f2298688c_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks known Qemu pipes.

Checks known Qemu files.

Acquires the wake lock

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Declares services with permission to bind to the system

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 19:00

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 19:00

Reported

2024-06-16 19:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

163s

Command Line

com.mobile.indiapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mobile.indiapp/app_SGLib/app_1718564436/libsgmain_1536863620000.zip N/A N/A
N/A /data/user/0/com.mobile.indiapp/app_plugin/sdk.jar N/A N/A
N/A /data/user/0/com.mobile.indiapp/app_SGLib/app_1718564436/libsgmain_1536863620000.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.mobile.indiapp

com.mobile.indiapp:worker

cat /proc/cpuinfo | grep Serial

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.9apps.com udp
US 1.1.1.1:53 puds.ucweb.com udp
US 1.1.1.1:53 portal.9apps.com udp
US 1.1.1.1:53 msg.api.9apps.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 qdintl.alibaba.com udp
US 1.1.1.1:53 sdkupgrade.insight.ucweb.com udp
US 1.1.1.1:53 gjapplog.uc.cn udp
US 1.1.1.1:53 insight.ucweb.com udp
US 157.185.189.159:80 sdkupgrade.insight.ucweb.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 puds.ucweb.com udp
US 1.1.1.1:53 puds.ucweb.com udp
US 1.1.1.1:53 portal.9apps.com udp
US 1.1.1.1:53 portal.9apps.com udp
US 1.1.1.1:53 msg.api.9apps.com udp
US 1.1.1.1:53 logger.9apps.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 qdintl.alibaba.com udp
US 1.1.1.1:53 gjapplog.uc.cn udp
CN 59.82.31.142:80 puds.ucweb.com tcp
CN 59.82.31.179:80 puds.ucweb.com tcp
US 1.1.1.1:53 insight.ucweb.com udp
US 1.1.1.1:53 logger.9apps.com udp
CN 59.82.31.142:80 puds.ucweb.com tcp
CN 59.82.31.142:80 puds.ucweb.com tcp
US 1.1.1.1:53 gj.applog.uc.cn udp
US 1.1.1.1:53 audid-api.taobao.com udp
GB 216.58.204.74:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.204.74:443 tcp
CN 59.82.31.142:80 puds.ucweb.com tcp
CN 59.82.31.142:80 puds.ucweb.com tcp
US 1.1.1.1:53 gj.applog.uc.cn udp
US 1.1.1.1:53 audid-api.taobao.com udp
US 1.1.1.1:53 logger.9apps.com udp
US 1.1.1.1:53 gj.applog.uc.cn udp
US 1.1.1.1:53 logger.9apps.com udp
US 1.1.1.1:53 gj.applog.uc.cn udp
US 1.1.1.1:53 gj.applog.uc.cn udp
US 1.1.1.1:53 gj.applog.uc.cn udp

Files

/data/data/com.mobile.indiapp/databases/pkgcache_basic.db

MD5 4386eb855fd412fd336d30a132482e17
SHA1 164253ac97556978a5ead788ec477991e84de55e
SHA256 ae19ad69349c4fbc6a3ee2c96903b3a4b1160ed7775f59809e9dfbad75a97157
SHA512 cb6c060d8b6791fcb1867f761f15ac75383f080d047bc1738af0bf420c122e575376bb64cccde71401243d55cc9e11294fbf608a41f48030f3f9eb40fd7b4bc1

/data/data/com.mobile.indiapp/crashsdk/tags/unique

MD5 da19d5d543ac8181a12e778f2111036d
SHA1 9d038830e23554ad063c1b0a16de6e13af8df865
SHA256 b1f4148e8d5e27a3a54c400e245fd9baa25ca7203312fd883fefb335b7419354
SHA512 fc66c5f3e426debedde38ab1b607ab0b740e91c1e34297b60e5f48c73af74ea111a04c9c4f113165f5cd0000ca2ad1f55fdcab63f3a53bd282e02d0844757f1a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b15b00bf90b7c93b3665eda88fbc4808
SHA1 5d90cbaee0798753afcad7e6555a92d2567dd02a
SHA256 92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429
SHA512 cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 35101f5c5339685db9e89c60ff3bb066
SHA1 d498475ad306fc9f327123b3aef162a5fb2c4096
SHA256 352d3f804894ebd02e7abfd7e62cf2d2da3c21569cdb348114818a71d0060b01
SHA512 524ca49b9670f1b94770224160f89d51eb0d9e402ad6199576d56410162e3da467dfbd08936f4c3ce9528e01d3a3b1870c71d87860481667eb3dc72f81c02295

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 8c88b1b9deb7ed06ebbd43df5c4e4392
SHA1 ec13fd238488b9f2e673889596fdcc40e1049dd8
SHA256 c681edca212124a0106f82f4fa231ba7cfec858bf4f49bff08dae7c309342afc
SHA512 8c6af4343cafa9556db4050d85c78783132d6e0a224361b5ecc0371ebd71efda4facc95a1c1f7e9820b56a161eaa30ab46f7111bb1dcd9d85db6c819999d3361

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 40f15f4d0fe071d0652fd1e4e4d03d5b
SHA1 6b5fd02be0e736ca160406afbe3c790abd53f198
SHA256 d5f192d7f4c3b8ebd19206979d3ab50c5adc2821fd291fc58691cbfb8f344ab8
SHA512 9739ac9938524038a80e572354d901816c82f6f39a2d6f1c638a2db90b2ebfd10d8d11e26f9729adfaee00607d363acb5149d031d515ef8785bde86a3eafb83c

/data/data/com.mobile.indiapp/databases/common_db-journal

MD5 471f0618ef9b633680f7cd6117ef6846
SHA1 aaebb2a2aef3d7016cb1d59507a3540d4db4a9aa
SHA256 a9a11b34966d42e8bf05295585b4ef7159b8b13fad6a771c401af5b7f8d92102
SHA512 f0b5ec306d51c6c22ce76409293301a8206d9d02a5ae5b9147cb97884cd92702ba0cc05c594d78b8e565fe21d10f5ee1106fa59a0a70a8c67327d2b154625ce3

/data/data/com.mobile.indiapp/databases/common_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mobile.indiapp/databases/common_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mobile.indiapp/databases/common_db-wal

MD5 fabe20b5e2f078908f6248e234919f22
SHA1 b994d7bb0ce34454962a728446eaf01cb8f134fc
SHA256 fe3909801c87e777715031078ea96ff729429c2ec6b3245f0e74c40734b1e85a
SHA512 c135116439b522ca81789878db31c44a0202d42897eeb403ca13f5c835a51d5118b2bbe419c4db93eace002c2d3be3703f1c3c0846d53b91a60c0ffb9a640137

/data/data/com.mobile.indiapp/cache/httpCache/journal.tmp

MD5 ecbc82dd9168bfe99061e5df01621f43
SHA1 94cd396641e457178b1ed170f1a195b18790c863
SHA256 3c22b3d6fbd2e13569bc8bd40cc3f9c9717052bf9e607790ddf3f9118373cd7d
SHA512 e2f98d9e8413ba0cd6e8a854fd766c883ac9ae7bfbc97bac35e08a45adf6fa8cda09efc209ef84d892323d910620d30e3f326988602e20e960e29a4ff6c0e726

/data/data/com.mobile.indiapp/databases/downloader-journal

MD5 80cd0a700dcf21506418291061053ae9
SHA1 ebcb8b14a02cc1a4761096cf7ab6820e6a05154b
SHA256 abfa870d3d9d616e589b5ef66423387c5e73f2f1c554d1cda83e37838d2f7df3
SHA512 04a4d6901e5e76a03f44031732dddf0ed3858c737138143170f9bd955d7ddf1fd6bb5c0526e5860e2a9e08698fbdc49550a5d6555c10765bd9e88c56b0e6a420

/data/data/com.mobile.indiapp/databases/message-journal

MD5 d1938363c9c6564b5513307dcd66ea24
SHA1 30c3e3eb4bd0af092651056be542a026bf08e4ef
SHA256 0b45dec72d09c4029125a4baf25ee51ee16c120157f8a455c7b634a9d830c28f
SHA512 72d844ba0fdb741b79bfefe46b7b28ed9b102e6b4518b42032423d74f5f2de1953e30f736d7e41140cda939aed06dac2126fe758f8278397148c79a6b701c029

/data/data/com.mobile.indiapp/databases/downloader-wal

MD5 bd79e35a9a6ddc246aa7f52fc13b0981
SHA1 b052feea2dfdd8d0c4cbbfbb6e536dbf79e8f8e9
SHA256 7dc6cbeb50d109a0803a42ee9b6994890ede09d5abc8a449e4fdc9a65ea293a2
SHA512 389fe5d58c2f49a00a8a7db1045fb1befd7bbe1ef8d09031044b7eedb73d5f089a355f33b3b61d2a8b1834a7d1f1860d45e6704fc123f310447bcff3afb83a47

/data/data/com.mobile.indiapp/databases/message-wal

MD5 ba9aa1f6eaa5b51221f846de98b9f921
SHA1 d32442c19221435faf530715a10bc43cfd953a78
SHA256 cd41542ef1a2e33c0fee0d391ec88391573fcb910a7e4e1858e59693ea76aafb
SHA512 44f9785b1b97628705480c55dfc0c07831b263fd12b76197b7711e71e6a0789b10ca954b429cd56badc34b994da4f4cfac0069305c6f2816494110d00db55d6c

/data/data/com.mobile.indiapp/databases/WaSession.db-journal

MD5 96573d075b563cd78273ce49454bacc1
SHA1 673bee5a76f4e382d18839f6009488a4437751fd
SHA256 2834214b811737a9c43502f907ad4acd39ae0b78f6129586b13e4f7de618436d
SHA512 2aa36d4682ec2271c86009c33efbaaf6a21ebbcdc8ab4ce7b73b495a5a823b159355e948c7733112fdbeb48ad516dd199bf45f0cbfb802da8939d308039de10b

/data/data/com.mobile.indiapp/databases/WaSession.db-wal

MD5 19fec125b5db5a1aa649da6ce595cad3
SHA1 3730d04974cfa44c52a5abc050adc0b2041c8677
SHA256 b4ccf33927824356ff70565f5070aa409ad66fe7122ffa858b59667207c7f00d
SHA512 02bd7f3671ace21fba724316212aacf6e47022fe886c50e8429e213d108bae07f93a36ed59593d40954e4d0c8179d4e421a10b5d272d736ca020023213c6bb33

/data/data/com.mobile.indiapp/app_plugin/sdk.jar

MD5 4e7bdc12dba237c8a237687d2c1baf34
SHA1 7bdb206603276da76ae32f13f4baae8666680081
SHA256 8fb02d79d0120da325059cde2c13c753f4ad219a2b16d865ce3e227410d2b595
SHA512 d8d8b04f5292ab2eb4b33e71d89a2fc862c819b02f884ee7f3c04e42b65e1f1da5f0dc06451b8b3ef4d00056b945862811e48e5b2241f1bcc1821a556bce593a

/data/data/com.mobile.indiapp/databases/WaValue.db-journal

MD5 ce8197ebe952efed7c0fff52b0f60500
SHA1 229ccd9c921bf03c53a515037d87ee49bf7c4919
SHA256 07cc48e73fe889e89d581dcf289864d3fea40f4091af5a2b3948930e6966603b
SHA512 7e396940fa827df8cd8caf2e0b441ce1c348aea4e037326789da410f79bc06f8e7fa31f3de484f0a77fcc38c752f08bc11d225a9ad11f86bef025ad9fdcd3b73

/data/data/com.mobile.indiapp/app_SGLib/app_1718564436/libsgmainso-5.3.7011.so.tmp

MD5 cf700b21ec224d3bd3bcd210e6424e00
SHA1 7c8bc069087cc119f08c236c435606b7c5d363f6
SHA256 24addb5e5a182e0f36634c2365606283343d75bfb28ac77a91394256b8b57bac
SHA512 a567d67c636ddb5fe32371d87a6375ae0016c90bc1200a0492b6dbd9f7452fb6e3cc0f2e48efbf83ff24d97b6f504afc7f59229546e9f6ea223fbbf31c129b55

/data/data/com.mobile.indiapp/databases/WaValue.db-wal

MD5 2c9c7d104b26c45e7ff887c292fa60ea
SHA1 2e3b80553b48110ed53071cc7a242f700ba74c81
SHA256 7cf01c01a31b79aa1ecbf64071cd59766d7136b7044e05876810ae1c5feb6fb5
SHA512 affcce62b6da83270fe9fcaf827ebbf057ca9d865f9e3b12fa86ce462cbac013df004ac879f238c5e3818509b70442590de1ab22317797a9044ef0ff2a484495

/data/user/0/com.mobile.indiapp/app_SGLib/app_1718564436/libsgmain_1536863620000.zip

MD5 b9fff83be0423460003164d3f885b71f
SHA1 a25c7545f0a83ec66dbe5550a2c906d38d7244e1
SHA256 6343f3d34569d3a38b2571ecaf0e754d9c49360296e4ebe23c6813b6bdbbd4b1
SHA512 57abf9d30424991bcecc6d09837fb85461a8725556efb7bfc4374c34bd3e372c1bb3f0c9003ded7e97a52d4e78907424e19edcfe146a2539b3b96d01d2b9f954

/data/user/0/com.mobile.indiapp/app_plugin/sdk.jar

MD5 75a4cbe3a9f3197118d02ded8db72f42
SHA1 9a830d876acb56773564118bced483680d1cae3c
SHA256 55d2e061b1b6e5962a6538c5b3ef32066f78e835f5bb7eeee3d914f5e760e4ae
SHA512 c9070d2abb8106dcd2ccbf8178d8a5eed2fffcf01f513cb2bc4cb0b0b6af0f11f46c110c3b40514bd3634bd5a90d80d004f7711fdf794dbc539c5835069cfade

/data/data/com.mobile.indiapp/files/whitelist/paths

MD5 cdc5e317323e68a7274807ba3136402f
SHA1 02480412bd3fa5d21cdb8f68c0bd9f9a27d700aa
SHA256 467fd3edb4724e5ed4710b4b2efbfe74139803698d2eff27431c5787b245408e
SHA512 564f172bf4cb0b8a410b8810df188ad2255bbda1a382edd644374b62009369e5b7f2ce89a32fd498996d8c2e8d6157149314484c24c25a935c6f4844b3c3c47e

/data/data/com.mobile.indiapp/files/whitelist/apks

MD5 815417267f76f6f460a4a61f9db75fdb
SHA1 1e5c2f367f02e47a8c160cda1cd9d91decbac441
SHA256 245843abef9e72e7efac30138a994bf6301e7e1d7d7042a33d42e863d2638811
SHA512 e8b34cbf061ca4c58e89b40e797beefdb663b681a96e2d1ccd8f03f9b52eb4e00b661d017d1c73f2746977a8e61efc18d3d3dde5f669ad9062cf533c30b2fbb1

/data/data/com.mobile.indiapp/files/SGMANAGER_DATA2.tmp

MD5 f58f13d0fc991322df1eec4c68481464
SHA1 fac54fd6dfb4fa6e0b0f548eb024573dca8cd259
SHA256 1d3ba112a38305e67ffb1aa4a0e0e70b3a22809904675efecec0c949d0b76396
SHA512 e1ef5bbe84095b5ed02d1d9b23bc7e034b67715b3535473553a2d797b86ddbb81028e0cd5ccc457be1828893413eb368e04f29b7c3a2878f933a025153cca535

/data/data/com.mobile.indiapp/files/SGMANAGER_DATA2.tmp

MD5 e226bf9446849dc009baa24a537ac74c
SHA1 b6b4de6d0febe5a29c94656ddbf85823f20d6204
SHA256 f4748057d8d507d1ff277a03fdef8184f0e215e4be2de5315b48c647fb0d8a19
SHA512 0acf633e9b926ee1c43ba5f11357a9f31524a62e7487fe95b70feee27740197a4cf725c3a0aaeadb2fdc441ce4af69e0800ae23bb7a64c7525e7044ed49c6541

/data/data/com.mobile.indiapp/files/SGMANAGER_DATA2.tmp

MD5 b54fd28d048208709a578c7275e036db
SHA1 2ec3bb1eff10ab7830320a82843d5606d77cfe7d
SHA256 5c3d162ebedebe7cab9b28375c53b898b2ce4aae0ea7d6304ed81667cfab8ed4
SHA512 dd64d465e6d9a3789cf1e60de406dc67bc05d84915fea2ed0fc36b9d8cdddd0a0aab286f56b2605e0f55c7d4017a85bf64a9466c81ac6785c59372d826346f81

/data/data/com.mobile.indiapp/files/SGMANAGER_DATA2.tmp

MD5 86cefb42078b95852e3c1c73aecdf2d7
SHA1 4a24710f22f50d78443ce4af4f0ab4b0398e2435
SHA256 874805db6fdcebe52ba29798411f449c43e1a8f5ca093ecff0d074dd23515c2a
SHA512 f3cc1ce13492ea4e4802ed0277835a2c0eadb03fed3bcbc2230f13e16c5c9c4535ce5f1789c758dbce8e6a2d58e5e5bae1aae6b2d98437c07dfcefc5fc546649

/data/data/com.mobile.indiapp/0384758BCF8C480E/1718564448184.wa

MD5 63d80acd11dbfca9014771b686c6ec77
SHA1 dc8f99b3cf843a88d73ce4fac8c52d779f9ac459
SHA256 3eb3f60d9b0b7cf42fcaee238c1f9553afec9118b652e19c7de68feecc8e91dc
SHA512 0c7b3dbd1f6063307be7207a2ecef849ccbe7c1333e6200466a2ecc5fa6a016afcaf405848a07caf983eb66bb19f314edac513cfe63c99e9f0cb2c4ebdd1eb3c

/data/data/com.mobile.indiapp/files/dc0a37e4de7fdb5070

MD5 a86dfd7a465778b86aa21d5d5a26c7af
SHA1 60db617b6ed9313cc23f4b41aaed121b65a72107
SHA256 7256f1fb64cf5130f0e0810c8f5be73d46f881f38de5bc6405c92d6d21ce1276
SHA512 dd31946acd018c2e9b5e54c486ff5f3bd134c4bd1f2c2b3b957f4dfc82cf2115287b6e2ed8b3723ad86c0ce679a88467d2db8bcc0e5071563f6d96cf36907a10

/data/data/com.mobile.indiapp/files/daemon

MD5 bff3b7a7ba0403d746f79f44cacb03a2
SHA1 985b9e2689b5dc4d6d1fb1eb21cf3432f5380976
SHA256 103750b77b32d0ca54d76695f47e4378dbce65de66841e5b04cf5ca2e1f890c5
SHA512 ea0238dae3e5d4a71cfc6b3422532cde9e6422a7daa41ab4f83ce80a8b6ba96a241de3d38a855a639002a8eaf53ee14a23622d1146227d290cfe1c4cd2deb301

/data/data/com.mobile.indiapp/app_stat_log3/1718564455551

MD5 b006d953e926a898edae8001274cc255
SHA1 8b1dd59201ed9dd36244b53f69fe5249f87564db
SHA256 6575b26421eb2c37c3032434b9f9ab9336a44657993b843b4376a5c05de5bb7b
SHA512 79a38a4bb8e28d884388c61e989eebcd7e0f83fb09efc9764dcb0f274455ff205494088c8fb4344478d53935212338a4012f924455a7111ba51a4684c4db153d

/data/data/com.mobile.indiapp/files/work/PBUD-4173-1718564470372

MD5 49b4ee2b2025a477051fe39f9382f543
SHA1 6438b08369761862171037402930936cbc97808c
SHA256 427390b847cff5760c92380f8e1b878961fc83739aca9eb0307c553a72444405
SHA512 3aaf04ed415cfb39b0e81a2c6643ece1dc3ba19d754643517d0536df32849436ac4fd0dfb85a203fab4d985faa0b6799d07493619d247ef618999f567e0e8f75

/data/data/com.mobile.indiapp/files/work/ECPMD-4173-1718564470906

MD5 6190a4f8ccedf66c398401fa1cd1457e
SHA1 9a9f14f21ec3048b1e6b37b0dacdcb88001c445a
SHA256 18162ba2855879c6b6a7411bef3c05ed23dd37383bba545c683959521f0c549a
SHA512 334835627d3ff618cc432e2133d2c1abd2b76adf231633ed78d6b85375866bd87ae7afc2400a458cc6547fd476cb43172463d7e0774a9f9bf5fd0574d1be8036

/data/data/com.mobile.indiapp/files/work/ECBMD-4173-1718564471005

MD5 056d81189adc62e97a4f798b911faa3c
SHA1 5d3e23ab5509323af5a24b9506f7d7c4062c0dd0
SHA256 280751f6f0daa3b695bda9423fe3f27f23a66b91c9e37cdce998d6417280a256
SHA512 328f24e3571c9dc30c1b15ba1ed5d89c13b3afe4f98c9c25831ed020fa9dbb6a38c566b2819cb7b467de67da8a5093e02c0c3de84be460192d6edec6f536a5de

/storage/emulated/0/.UTSystemConfig/Global/322a309482c4dae6

MD5 6808426cbae48c3c4e47a70437e7c434
SHA1 b5bf98472053a5d2914ce132d6185aac39fe11de
SHA256 1a9d2606fffd604ba8cdf596d86e139d92be5e23842504bb64c9c461a12f2b6d
SHA512 6672e59c205f0c4b79fdf17642bc529c7381cac538192f581bca55f55347a8f36354e141e24550526ef55fdac8357347ac543bbfb3400ac4660f8521b1403f7a

/data/data/com.mobile.indiapp/app_SGLib/app_1718564436/oat/libsgmain_1536863620000.zip.cur.prof

MD5 0208e9628834beef6ae300e59b840972
SHA1 adcf3739f3804a9b5acfbfd4ca8fe5e8fa772e1b
SHA256 d5f07386be080cdf275332f888da70a077c3f8342056ae9a7b3c8e1892609924
SHA512 ccabbcfe230624c8f87fd19c81f87b505ba2a50c6f2f8fb2d83c820be9a3c03456c0c6f66605966044a9f960c1b0f7094d4ac647519876100b926eb79ca6b6fa

/data/data/com.mobile.indiapp/app_plugin/oat/sdk.jar.cur.prof

MD5 2ba25ee9b31401e3a00204b63edf4229
SHA1 f9489b1b797ea8aac98a354d828b85369aa3ba9d
SHA256 1377c6b446f863af5de2253a3f10a01da6449af0949269a6121f0058616df170
SHA512 79fc8731a8deaf18d12bc8ee4c496988b3ad0fb386e6c797d40e38d432e2ba7cd2a51491405a7407232d0fbdd4492ff868744de92bf2cfea9748b03340bf6a30

/data/data/com.mobile.indiapp/files/work/ECBMD-4173-1718564491536

MD5 687996ea1ca04556226d794b99bc655b
SHA1 2e6cfb9ca34d6c2f816a4d3f9ea7c4680c3e5dbc
SHA256 14f598bb86763d0e9b1c35a031545fcfd9d080a5e214b13ab6113d6d0405e0d8
SHA512 ef499fceb5928143c05a98e29868e530a78151daf42dc222474c82962bf002510b710dab01e216546f4bac61380ea829a56571136d252caa87ab211ac4b3ad93

/data/data/com.mobile.indiapp/files/work/ECBMD-4173-1718564492161

MD5 9243b174deb1dadf3741f338f949bbba
SHA1 e583dae45a0f8ed9da702ed778eb14de25c6ffd7
SHA256 76aeb966854a53baf67ec2d0566d3b517a279a8a35cd1ab06e01417123c3d86d
SHA512 a33ca2b2e4fa15587dcc5b0b6a8ae6c0b2994c9aaeb4f741cada78a9f07e765cf28d68df7303776858ace52c0cc84c244d0c42124d2d2cad59baebf5944db40b

/data/data/com.mobile.indiapp/files/work/ECBMD-4173-1718564492890

MD5 72c8d23ba926a0ac60d78e8b262992db
SHA1 8262121dfeff7ce809cb0564c2781dba5b6cbe5c
SHA256 7c1ce18b58a736f9d193b1cb66475631c8f0136e32ce4dc78795d2ea2be2ef0d
SHA512 e0933810077741adfa4db9f637922dd5f4eaf074196c02878af2ef212d840da4f9c55b155119ad50cce95899b41ef397c6ace9edc3177eb883ff57848eb0281c

/data/data/com.mobile.indiapp/databases/utdid.db-journal

MD5 246897409ddd32ff0afae70045ecbc66
SHA1 4089948a26d83693efd93d33acd71ad0f6512a06
SHA256 73295f902600c871224155a9426b7a5127e45726ce7357c935fe51c4a6cfbfca
SHA512 ed977209e499bf5cddb7ab129853ea0960c247f1f212a44e28b9538699e9c13a0c16afb0d464da724093e397d2f6c119283973df9aead9d2eb0807290b4bf5a8

/data/data/com.mobile.indiapp/databases/utdid.db

MD5 42a4f77030c2cafd140392e129ad485a
SHA1 847ece1dd69379b297e14e93579afa7ccfa6142c
SHA256 02a83a3a5e651ea8d4aa89041c76d47314f73eba09b2597cc0f49e9121a48e24
SHA512 3483dda998c04fe9021bde231a900ec67e085e58a4cb435aed921d1d11ffcbec5743616593f38375cc04a829159e3d5711f1966a00c7b69e80d17f252cbba401

/data/data/com.mobile.indiapp/databases/utdid.db-wal

MD5 cf0ca97f52ef4dbe8f0789ca17d6086b
SHA1 5fee104e5db3388f0150b3dbc1f569572b5eb1ce
SHA256 8bf215c3fd3dc837cdc5112db460c5c556c465023af8ce149a70bc96a71cccef
SHA512 ff3f3305e838fc3662f14b3e3f8c77ec55092b080a524c6f5ad4f0cb6775ed6abbbb00638355690f57f0312acc6a879358c56d8607a6f296c1a855ee986c5704

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 19:00

Reported

2024-06-16 19:00

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 19:00

Reported

2024-06-16 19:00

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 19:00

Reported

2024-06-16 19:00

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A