Analysis Overview
SHA256
1e6c7511c81c799917f836610f6a409be4d034c3eacec7dd0fbb87c26cbb3348
Threat Level: Shows suspicious behavior
The file b96b25d99b55d1883a273508bf8f1e3b_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Queries information about running processes on the device
Requests cell location
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 18:35
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 18:35
Reported
2024-06-17 18:38
Platform
android-x86-arm-20240611.1-en
Max time kernel
127s
Max time network
188s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.chuangxiangkongjian.basketball
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.buerkongjian.com | udp |
| US | 1.1.1.1:53 | ucm.buerkongjian.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| CN | 47.98.121.217:80 | www.buerkongjian.com | tcp |
| CN | 47.98.121.217:80 | www.buerkongjian.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| CN | 47.96.51.69:80 | ucm.buerkongjian.com | tcp |
| CN | 47.98.121.217:80 | www.buerkongjian.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 47.98.121.217:80 | www.buerkongjian.com | tcp |
| CN | 47.98.121.217:80 | www.buerkongjian.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
Files
/data/data/com.chuangxiangkongjian.basketball/files/Reservoir/journal.tmp
| MD5 | d6ac8c8db0504502d7f0e057a78c5ce3 |
| SHA1 | 8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4 |
| SHA256 | 8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a |
| SHA512 | 100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb |
/data/data/com.chuangxiangkongjian.basketball/cache/script.spp
| MD5 | 9b12280d299346255ec6a9f170cb71d1 |
| SHA1 | 98208d126b503ce372ed6806a06b0a70b78bb2ac |
| SHA256 | 07f1b7f0b2a89bb21217142275aba00972fbe27e5bc11dc332aa218726c01867 |
| SHA512 | 913c54711f96a534077bd4c9f4f566f1bf7957aebad698f0b6462a9a7f2c8620f99e1c4681e81fe2a734a857acfbe433093301b578f6f05450195b60f0f74886 |
/storage/emulated/0/baidu/.cuid
| MD5 | 191d6c5b68dbffb35572fec8481247bb |
| SHA1 | 007897e6be7940bcd170d8a56492a120d125ed39 |
| SHA256 | ff1a4fc06a47aebfb97a1f08d9f9ce77a10eeb355bac6436780c8900fad22e69 |
| SHA512 | 999133f1607bb4d38295424e3e90df57ddfdc5eb80831a4e8781c701d1cfb5975608241de97b8c52a6ffa77232bbf1456e318a20fc038cb99bd3ec9ef44a9d50 |
/data/data/com.chuangxiangkongjian.basketball/files/video_default_parser.zip
| MD5 | d417816ebbba93a8fe4c28641a5d9597 |
| SHA1 | 7923aff5cd732cdcfd2245f694e02b38b4e7cd37 |
| SHA256 | e653aac013fc7138ed5a46dfd1e98b42722b221907753a8fb0377ad9c6bd0928 |
| SHA512 | b2b8f398348269caa851546944271c80166cf1d916a7a90564d85b41037f7e25cb6d3e827162b4bd2d2c71ed082ec96881cf330ab5cecdfb76b3e62e3e84c037 |
/storage/emulated/0/Android/data/zhangyoubao/device_id_self
| MD5 | da9fe9d7f8d02bad889d2b1c903efbbc |
| SHA1 | 805b8d3bcd31fbb39c366a94fca87e746624f571 |
| SHA256 | 974fcd5dffabd56a19370282adeb9d78fe6b55cb30863d01cd1e085a00d711a8 |
| SHA512 | ddf8729396acfc40df9d748320fe2bbfa1e5d63603321c841a788b5f5cb938b6738a3e24e8cde42398d2431396e0c029c83f4bfaa336e74c612ae37950cafbb0 |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db-journal
| MD5 | 9216381a9d8d24b36e9692ff626fe6ce |
| SHA1 | 3d856bcdf51409fb9fb59d905eb64fe1aa56152a |
| SHA256 | 96c564ee26d64ee45c9072cfb20cf51966a97c76a4efc56be11b35def8147c27 |
| SHA512 | 457711a57b8c1faed98a3a2dc3de1b5f269f26468e46e76d73a5cf7bf052653f872ae62e6e4c0e2e22ee94b782526739b99df1da455979bf55af2e3596ba2a1f |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db-wal
| MD5 | 22b1062f6a1bdab4089d79412431f822 |
| SHA1 | 61ff2f7806e21fdeedc442e1aeda270bd39eb6ee |
| SHA256 | f9d3800c43488f769094a0c74741891b6f4f810e88793589771517157505bf0d |
| SHA512 | b48f0a9bed698188d437f4527bd7ae3f7dac3ab4196f2766dc67bd39e104cb6ab3147dd7d707e8c39469ff47dcaf4fdfebaed89aaaaba283c1d372727dc4cc8d |
/data/data/com.chuangxiangkongjian.basketball/databases/netcache.db-journal
| MD5 | 075b18254b8db4771e708f110ba5f11f |
| SHA1 | b6f407ff1b4b7fd93cbc356b403ecc4840bdb72e |
| SHA256 | fcea15f39db6b72cc0a100fcf5ad885ef94579793b8e9954d07b1a4b65d88792 |
| SHA512 | 27205d2e7444023a7a6313d93027bdb6f203cae4c1ab4069650ad2c6e81cd13c8938d029917336e7b913af2e31d0a3bd8414349744b4ce11311ce906b4bfe5ec |
/data/data/com.chuangxiangkongjian.basketball/databases/netcache.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.chuangxiangkongjian.basketball/databases/netcache.db-wal
| MD5 | 9ab4bc32072f1c0b5ed7671ec152400a |
| SHA1 | 03b725bc8bedad8d284088b36db51f13b83821b6 |
| SHA256 | 5b55b2262a611804005b00ffa3f6b8a6a0d48ce11c530962b76486bd7043d77f |
| SHA512 | 6c81593c01ecc482a3993b33d22b2f09dad5ecb4ed40964de428b548204377976730d36c2bc5af2134c0db6e96689befca31bd51af5ba7d2a5256a84a677e816 |
/data/data/com.chuangxiangkongjian.basketball/databases/.ua/ua.db-journal
| MD5 | 2537980a30c254cad17250aca19cc293 |
| SHA1 | 253fa996eebf5aa0f6e1235976ad333d99ca5056 |
| SHA256 | 4f1e9a40e0592b12a38f713bfeba5753bc4b4d836da74e4d6a09519689a16fb4 |
| SHA512 | 576deb0322c0b662feb712067f1c3e0d9fe20dae0886908792e8fce960e65453ae59c58d927e7a8b320a8c89a3bbdc51d069f185454d49419627b38689f6e042 |
/data/data/com.chuangxiangkongjian.basketball/databases/.ua/ua.db
| MD5 | 1cd45c74f125ddab39b1a037787659af |
| SHA1 | c6be855ecd60925ba819298790ff1eb32f81d44a |
| SHA256 | 51818d4489f673db3c10450b25e946d63a44f56cd03fd8d9940f97e670311b90 |
| SHA512 | 229335a71ab3f08abe7a3ae75b8846cf433a1ed6da8c240fd2f2ba3316b4b99ea22a3f2ee4a24dd5044670b126092251acefe28af27a13b2f6e067146f5868ac |
/data/data/com.chuangxiangkongjian.basketball/databases/.ua/ua.db-wal
| MD5 | a1164eb4ea77f0673d4e3aeeb437fe09 |
| SHA1 | d9820b2682a77a4c58037ed520d057b577e39f21 |
| SHA256 | bf58dd3c19a9b0c6dc8ed0017dbaa976c3f4f0f1f9e33ab731be12c00316892e |
| SHA512 | 3a13d07a271656941e9621e0af8b286c26505eff1be6542ad261ce96b38796fb7f805a21e67fc919650a0bb3a6784326b3ff63c9474cb8ff807cebd0921cf87a |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | db51d1a33e4e4ed7718ace99a95675e2 |
| SHA1 | ee4dfa0b32db4d32187838b295c6ddc95d047623 |
| SHA256 | ff8d9cc2bccb3f563e455cc7d4492bb93e90f8c7e198386941c858a9a97105be |
| SHA512 | a4077fe3e0581d8c20f7d2d5b4142aae7ebbdca9bffc83048771d7a7e32b4d411f8f8691c85c5af970b56a40b9c18a94c15d7d1d3144a92b8418d00d20db1e3e |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 4b54d19c89b08b810fcb8515e6910d57 |
| SHA1 | 16320ef45f5aab971733b223fc34e4b5e5b5018e |
| SHA256 | 19dcbe6ec039edcee64b95eb7aa9e3aceaedde3d89930411c7360f3236548ca5 |
| SHA512 | 88041ea27f80412a76382cf04c2509c29ce67a990fe18239bee1b4402f54a234e3af9fb4df9bd706a28b2241e3d148de426f9e3068bc1ca4499a9cb1fdeaf197 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1d644ed9b006525fd54200defdc841f5 |
| SHA1 | 7c5b7818308533678f44420f42869d810e7e37e3 |
| SHA256 | 1e92820de521ec7c0e148bcc8c0605ad38e313687abb2291bfd0fce9a6c5d9f6 |
| SHA512 | 660251323dd89a954a2d5344287f46aa85a7e7e9a012cb85cf9c702522ed2dbc4b3406b388932d1b1413b0a8f5f29824aba8842d3162fa9f3ebd2a004b23c459 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 87f7b75396f292b9e8c79b4a498b834c |
| SHA1 | eb98cc63ff41012b3a56f5f2e571f8ccd5cc46fd |
| SHA256 | 5951b6bcf214273d895c3c55694ba602c8eac066ef9410378f67fa14ff53b375 |
| SHA512 | 794b5588705715627c91700c5b75dfbc7a97ae39c54e4130b6668c2e02277d571489e151216b285f4b3b86a00459f22c80cb2a22c9f6f6ab30508a58c8f68e45 |
/data/data/com.chuangxiangkongjian.basketball/files/umeng_it.cache
| MD5 | bde01b0c1d5183d9b7a2de9b08f9eb57 |
| SHA1 | 4a634e0e39c8ffb7a0e0851cf0d5123977a9cf3b |
| SHA256 | eba0071569fa6c286533347a5d64df6fc634228ae4a1e301b1f42ee5c955a8be |
| SHA512 | def11d3f61c8adb8a3adb3807d3dbf55846f2a53ebcabd2938711b1c21e7887e9761f2cbc9bfe26f7488d9ea399a66fab7ca764ce8ff8087b8cbda4450321a8a |
/data/data/com.chuangxiangkongjian.basketball/files/.umeng/exchangeIdentity.json
| MD5 | 5e02a2ae6a43c56f7f1f2581f5eb124d |
| SHA1 | 3ec71bd7919b149608e29cfb4d56f78d43a79b83 |
| SHA256 | e5ec5c376fdd31e8d99b30ca76d803061593b54455fa2e1c1f6222d7c1bdfe32 |
| SHA512 | 9ddf87790d1668951c4a7f032cd36127625d1b82af713470bee27a2fedd0259be0084ca0bac60f18ae73aea219ffa527e5a599ec2c5e9074d8c465ae57b78b16 |
/data/data/com.chuangxiangkongjian.basketball/files/exid.dat
| MD5 | 2175e558ea92af86769368249e761eb9 |
| SHA1 | 50c7ba0f6c0a21840cfccc401ec86666dd3283c7 |
| SHA256 | 4450dbe8fe540caae22da2fde8bb2bbc5519ccb0f05a67ff24590011dcf5c8b3 |
| SHA512 | dbb4947aa2b1761f0af49c8b60a292a41b335bfa4af8cf0dafc59ace7c6afebdfd95d5bd85ee69a69f4c813ad4302d4a58b6cf337a686c4d107a11969568b42e |
/data/data/com.chuangxiangkongjian.basketball/databases/.ua/ua.db-wal
| MD5 | 560f7305f85dc9820076d4e128d9e5c5 |
| SHA1 | eb42a6541bda80080dd43c1b1648d4390a0ec0c9 |
| SHA256 | 717624cb961c4c21720565aebac9bcd9fe81b8a7ee8e1e51251d6284ed42fe3c |
| SHA512 | 7c797c878b49e990d70c5ff882e4c73c07fff671cacd7ddeaba3e28a3d9502b0f0898bddbef326876aa51b56c1d251f2e491f53059ef7ef6b03156418c5b8bf4 |
/data/data/com.chuangxiangkongjian.basketball/databases/.ua/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db-wal
| MD5 | f17a8836b578c47ae51fda65f2009db7 |
| SHA1 | b7c422cef025ed8b5686e8764565efbc9ff5a8d7 |
| SHA256 | 50619345707489c6a27fecd72db4e534d9e32808f905d6332e1149b0f8bcddf3 |
| SHA512 | 5f18d61e58abff130e1d76f059ceabb5339faa00f5596a989d3caced88c1c8103f24b481b49b6d3b75302127c03e4ec24dfcab19357b48146de70cabaedf905e |
/data/data/com.chuangxiangkongjian.basketball/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/data/data/com.chuangxiangkongjian.basketball/files/.um/um_cache_1718649449080.env
| MD5 | 3599ccbcc9819e4584de994de60f27a2 |
| SHA1 | 599adaa0284da76478b4a175298ba8c09d5f220f |
| SHA256 | e0b90dd4b5aea3bd28489146eb79a671fed9bd9d47c7eb52af2916afeea52a32 |
| SHA512 | 0e49e223a19b2a8170fe828a4041337494a698cdee2bcb76fd4e91fbe9dba7af78ee47daf47cbceb051d35a52cc85ddfb06479eac4e7963edcc890151d090e41 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 18:35
Reported
2024-06-17 18:35
Platform
android-x86-arm-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 18:35
Reported
2024-06-17 18:35
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 18:35
Reported
2024-06-17 18:35
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |