Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-v9cvns1hpn
Target b932b1fb867f31b3a8f065ca82782dcf_JaffaCakes118
SHA256 16be387756e78c70a5668413ad6f4d6dba10030b84fc4802146a0a3b4fc206f5
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

16be387756e78c70a5668413ad6f4d6dba10030b84fc4802146a0a3b4fc206f5

Threat Level: Likely malicious

The file b932b1fb867f31b3a8f065ca82782dcf_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Requests cell location

Checks Qemu related system properties.

Queries information about running processes on the device

Loads dropped Dex/Jar

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 17:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 17:40

Reported

2024-06-17 17:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

184s

Command Line

com.beixiang.points

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.beixiang.points/.jiagu/classes.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/classes.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.beixiang.points/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A c.appjiagu.com N/A N/A
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.beixiang.points

chmod 755 /data/data/com.beixiang.points/.jiagu/libjiagu.so

com.beixiang.points:mult

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.beixiang.points/.jiagu/classes.dex --dex-file=/data/data/com.beixiang.points/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.beixiang.points/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

ps daemonsu

ps | grep su

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 c.appjiagu.com udp
CN 123.125.81.24:80 c.appjiagu.com tcp
US 1.1.1.1:53 bx.szbeixiang.com udp
US 1.1.1.1:53 bx.szbeixiang.com udp
US 1.1.1.1:53 cpull.360.cn udp
CN 59.82.29.162:80 log.umsns.com tcp
CN 106.63.25.12:80 c.appjiagu.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 139.159.137.254:19000 s.jpush.cn udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 123.125.81.24:80 c.appjiagu.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 106.63.25.12:80 c.appjiagu.com tcp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 123.125.81.24:80 c.appjiagu.com tcp
CN 121.36.15.222:19000 udp
CN 106.63.25.12:80 c.appjiagu.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 123.60.79.150:19000 udp
CN 59.82.29.163:80 log.umsns.com tcp
CN 124.70.159.59:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
US 1.1.1.1:53 p.appjiagu.com udp
CN 59.82.29.248:80 log.umsns.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 139.159.137.254:19000 easytomessage.com udp
CN 59.82.29.249:80 log.umsns.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 59.82.29.249:80 log.umsns.com tcp
US 1.1.1.1:53 tcp
CN 120.46.141.4:19000 udp
CN 121.36.15.222:19000 udp
CN 123.60.79.150:19000 udp
CN 124.70.159.59:19000 udp
CN 59.82.31.154:80 log.umsns.com tcp
US 1.1.1.1:53 tcp
CN 139.9.138.15:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp

Files

/data/data/com.beixiang.points/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.beixiang.points/.jiagu/classes.dex

MD5 c9bb0c52caa0a34705101398fb4490f1
SHA1 cbf05f2cce74a48d54e7ea6750ccf8d716c5b114
SHA256 b723a7632d5d03e043f21fc60229dac14c1e1d2ad724825d8442a803f1e49723
SHA512 e831cf6a627160c05a8368a135de64426aeb310242f6abcc576a424f43e4bd444dc290d0b2b46ede1ecca23ad51b33816462bf8ba9c9750498beec025a8decac

/data/data/com.beixiang.points/.jiagu/classes.dex

MD5 1eb08f0968ffa138a439500b46da761a
SHA1 d4780fda799632563cf2b9330fb9c3cf2162bca6
SHA256 d487d002e2314b67ecab9eca33b9f5266a66816569a688801de327795d511556
SHA512 9dec726130e70de0d9dedcad675ea3ab99b490a8ec36954135434e4513f1f8957e0529b5a5a68c329a5c2d492b705311c303c46fc7308b005104ea17d1ca2899

/data/data/com.beixiang.points/.jiagu/classes.dex!classes2.dex

MD5 1332e05f4d026e2cdaa9ffd75115ed75
SHA1 2531339a2090a31348c2f3cc86030244e1248d09
SHA256 fb13fc8ccac34c54454928aa6a1368bb978a156c85d54cc0e3f61261982cb5b1
SHA512 6e848f79d1eea227e4da748a7890a7224f816f24c84b313e3c64dce5f74fb0ab54841c639238a632c0ad30ebd46f449efcf9eb20550032f8b9114f2ea74203b6

/data/data/com.beixiang.points/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.beixiang.points/files/.jglogs/.jg.ri

MD5 b57203b0d1c5c85bce8ff404780f2d96
SHA1 095a8797fc8571844848348ffda3a2ed24bbdfaf
SHA256 2c0814ef2791b97ce8886ab3af04aec28e6b1d6c587253b2df3b9434595e38fc
SHA512 812fb61c72a328b3bde5cd064f3eb890bfbcff5f73cb8da795064f6512b3f13b582af1b83808cc195203b4fdab500b50762bce48ed12f81a1697c9a04c3bd29b

/data/data/com.beixiang.points/files/.jiagu.lock

MD5 0cd1a78a5e8d74e3e5acbc419dcb2401
SHA1 30145e6365499ea8ec0e45be949665234c7e3158
SHA256 a01f60448c70abaa45a0d1c131706225a545d003afa534d74cbe172ff4ce8d5b
SHA512 f68432da248945fe6288e7e2846e237345428598f622162ce33bd036cb25d91a99f12bdf2807b045ca720c3ed1371e9ba6350a9453a14b45780ad222917df1cc

/data/data/com.beixiang.points/files/.jglogs/.jg.ac

MD5 8777a61317abc35a45b504e30f330e14
SHA1 165d75b8277a20d9d6b9350d40480abbf8fb7720
SHA256 b493e06c9298ee316dc9ffa0c44dd6b3e1f1f2beea791a7239e765e98c049ecf
SHA512 21613858b36892a3cbdb563ece9a02303aa060355d4cfcfd7d3ade80f11146cc228ddc1bc0d274fa9e8d912a57c4f27226d8a041cc279ac7ab1ecab837eba28c

/data/data/com.beixiang.points/files/.jglogs/.jg.ic

MD5 816e8ce275a89270dc06bce14f2009a4
SHA1 625e18ec222e5d2ccb8e763bb0ca797a6ae0672c
SHA256 dfec3f76a0eaf5707ea61f7d0918d032ac01154029cc6e5c905f3baec5cebc37
SHA512 734ca3f2aaa8f5ee9ca1cf8ef370fe5d3ff55adca03d48e98a73c0cee862f03b899d792903df7aeff19ffd94ed8a5adab87ce1b8de34e5d9f4003756cadcd25e

/data/data/com.beixiang.points/files/.jglogs/.jg.di

MD5 7b91823a2ac409092cabb852f9ed8c1b
SHA1 c348bbb181844d244928cd54e1edf08f2e75d5ae
SHA256 ded5222813b114e1751859faf5eb334ea59a0781c4287c3f97d535d52bb614f9
SHA512 6afca36dc2c5cf315de9a31d10c45376935671cd8013853d2a6bd2c6534c645c71fc37d8c990ca38d09298765b93077de8a87817f82148a77c5e939e46c4e6b3

/storage/emulated/0/360/.iddata

MD5 54e20a6c1aa90af9740b0c9dabcac0eb
SHA1 5cb76a0e8003337331f554ac051d89e1f17ae59a
SHA256 26674977bc32f8868f2331ccef6fffa2c5e6bb4c5ccf19b74c7d342ad6100237
SHA512 9b871efc8c24db29c3f523770ef088ed2c4e3adc06e731d95daca02d2264578c415b91d1d8c5ba3995348b92fb5883cb4d1d572e097658863d20b318c6edd8f6

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/data/.push_deviceid

MD5 46f395c921817d371e6ef7412d73c7df
SHA1 c43be894b8bcd75b183390ebc20d21ba2fe409f2
SHA256 7ee4cf2222c37a16f3359841fe0149bdad4e7d3de5df420767931163a1f652ea
SHA512 a1eced6d537132d40b7675131b33e2b3b7f74565f6f306bd3181b17bd876ebbb754e3f5851fddf19a91c527afda1fc4dbf7067a4ff1177798b6958d5f2002318

/data/data/com.beixiang.points/files/jpush_stat_cache_history.json

MD5 156ba39141e123659a5df28f9e9753d8
SHA1 5e9cf06a302535774a6d46aff927219d40384030
SHA256 e80d19727c5d3bc08e67c454919e1601811533f9eb2d07efcc48e8cb4e57b916
SHA512 436625340ce135b773f8ca697ce62eb503bfbc9ee87da874bf9f70b2ade04122b4ebcdfb6189687dac87ec8aa1db2b1351de8c43bbf41d9d5ee5eebba17ffb7d

/data/data/com.beixiang.points/app_jgrpa/.log.rpa

MD5 f2e6f1ab4c6d53f657603ad5f46c77d8
SHA1 93fefc3e83e00d060bf61fdd2193c00987dba4c5
SHA256 dd94adc1787f3ae29ad9ec74c4fce196251177c7395ec9612d5d42ea4b067015
SHA512 5498689ae06f7f0af2de22bf36629750dd442c91f3d43f3d026bd12928df3e3f89e937bbbd4af594cdc75135b8d34e61d54b7b644975d37a44766bf318afe48d

/data/data/com.beixiang.points/files/jpush_stat_cache.json

MD5 c51c1906f8862c7b5fe0f62be5d26c38
SHA1 591ac754ffeafde4311c6472814dd26dc3a677a9
SHA256 a8c97af8761f9efd5927235cee41345f9bfc38ec8d030e9e52b7bf2eab15a06b
SHA512 f98e11829b85ef504a732fabb027f3dedd681aa00244abbebbad17dc5118152217d05950480421e0b68f557a72f94863c1fe4de3c9a324ceba5ceaf0e69955b0

/data/data/com.beixiang.points/files/jpush_stat_cache_history.json

MD5 025c0d444a0932c769b27f8caa35ad25
SHA1 c4e5b5346b0ec0c96b0c7b0355c32197509778ac
SHA256 67f2c58d9d39ec03ef68c5e101298fb3854574e1069836b0fb94e17b934e8faf
SHA512 30b61c90250dd24517e0a9fc69525ae286dec52fb5bc92deb6f89f5120e790eda66cd6d25181e63ee2e5196154c541ad3cf12fbc6df0b9446d0b147e003263dd

/data/data/com.beixiang.points/files/jpush_stat_cache_history.json

MD5 2c839c9e516a0bdfd5562ca24935e0b6
SHA1 b4dbf470a9787d337201af1e78fb41fd3821203b
SHA256 13260b2348f7226e512046405c61c075bc9e40230f285e0c6df1a1e6ea74bda7
SHA512 1311f1200608dad070b84d196785e4e7e8b32e3cba4edd825e285512ad3eefa4f5fb7496c37ad14f4327b327daede1e405acbd7725f33512ffcf065af1aaa292

/data/data/com.beixiang.points/.jiagu/.jgck

MD5 0a646262376be20be2aab351636de496
SHA1 2af085702ef83152fd4a1493b595c05ce4ed20bf
SHA256 1d555d06d52f69508b6e4007d4e1974db7e8ed76629a14f9e03f2ecc3fd8a316
SHA512 fef8b319d2118868633fcecb237176ae6618e8ae520d392bcd33ebf85c78e7aceb65689480eeb273368d329a003a5f686af5d527a6f3380923661a370045a995

/data/data/com.beixiang.points/files/.jglogs/.jg.di

MD5 9e11d4ecf7996bc823904254a3687753
SHA1 281aab44714a3116246c5a16f828412578783a0c
SHA256 673ecff15923df5bddd0bdb8abd0b8dc6f081f98a8d044325e72d56412362f7a
SHA512 d90828f6f43d2a3c2edcc547d12f088f6dc487f14508418da471018b7f1e0f432eb4d53eaf6347d23e27785e03090ccb14f0ccc495c6efb747e85ca295397d1d

/data/data/com.beixiang.points/files/.jglogs/.jg.ac

MD5 ea7f1cf7442f3481972186989d511564
SHA1 dce12c02d7c071b06c8a61a5379f7c342813ab70
SHA256 b5fba76e7662dca4df038ac45750822cfdf920e481d3629609c5e4606123230e
SHA512 9704e3199dafa3ccbbe9f6a71fb809d47c52be4f5572ca38d81bd865778ad3f4922d8919ff60da23b006d381a8f0a61c4edd4a2da1995e28d22b1121c4183607

/data/data/com.beixiang.points/app_jgls/.log.ls

MD5 e8f33b3d9141b6abdd53a2c5b78bfde6
SHA1 ce0255f5945cd9d447bbd32670f42c7cab7d3a81
SHA256 9b8f09a03dc5da4717399ee76a0e4177ec39910614416151b147ba30c09b3ae2
SHA512 5967380b70b0a75c137b6672e2af35229d16ee05d741871c98effd27c707528f3c151feb782915303993953ff0d37c6973cb2ceda3a8ed524cb5aae4ef6ebdec

/data/data/com.beixiang.points/databases/jgad.db-journal

MD5 e54ed0f27dcd9c043baf6a473f236d5a
SHA1 2b0a1b6d933b29297783e4f20868f90263faa91c
SHA256 f6a8727eabb3d2fe7ec3290c3d982587651f7cb384de04668be0a6bf269c080f
SHA512 631474b3c8cbeb0fb325bbde038a117b5a552012ffdbf1357ec50261bf6e84b70f1ad321463ea44c6bffa3608037c31c01b648f3a86c9aefab0400fb2f98a5e5

/data/data/com.beixiang.points/databases/jgad.db

MD5 f974f117c977ecf8b8ce2052d51f86ea
SHA1 63b65e8cea1dde56b380413252c5b2255e292477
SHA256 c8a47b7a573d61ec91e8144ff6ec22f0231b1b8fcf946e92ba1a03e8bb3bfef0
SHA512 818cab46ffad0c018b6f935a7efae96d5ee76ed285bbbbee4e73c842eb6b46df5f9fca0596773169fc73b83322db9d4f813ae019d4fec45eda63e5f0b8fe40d1

/data/data/com.beixiang.points/databases/jgad.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.beixiang.points/databases/jgad.db-wal

MD5 e674dcbd8a921514ef073d7123d41f62
SHA1 66591aaf218ff1df36c75cf0ba9b47d90978ca77
SHA256 3ffc76d8998a249a854c3a2ede804be0d5e60b00a5493534f4244fcc57b9cb43
SHA512 54857d873af1b9496ecef8aafa7ebb42ed3945a2f0cc704badc24619bd45f93a814d13a9196a37d1c287e966d70a1e736aeeac7bce38407e117ebb712e5934b5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 17:40

Reported

2024-06-17 17:44

Platform

android-x64-arm64-20240611.1-en

Max time kernel

2s

Max time network

132s

Command Line

com.beixiang.points

Signatures

N/A

Processes

com.beixiang.points

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.beixiang.points/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/user/0/com.beixiang.points/.jiagu/libjiagu_64.so

MD5 05a8c3ca16893f4e6cc997a82d987fb3
SHA1 76d6c6d19e0bfa83c847e5d330bd144f58994bff
SHA256 82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10
SHA512 2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96