Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-y8k2fasgqe
Target b9e3abc91097f4b6ee80667dec3888dc_JaffaCakes118
SHA256 32033346b9ee2ee6a29898f23da2612e4e5d5384102db6af3b25c204335f0525
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

32033346b9ee2ee6a29898f23da2612e4e5d5384102db6af3b25c204335f0525

Threat Level: Likely malicious

The file b9e3abc91097f4b6ee80667dec3888dc_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Reads the contacts stored on the device.

Acquires the wake lock

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Declares services with permission to bind to the system

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 20:27

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 20:27

Reported

2024-06-17 20:30

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

186s

Command Line

com.qingniu.health

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qingniu.health

com.qingniu.health:multiprocess

cat /sys/class/net/wlan0/address

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.build.version.emui

cat /sys/class/net/wlan0/address

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

sh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 rqd.uu.qq.com udp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 monitor.qnniu.com udp
CN 120.46.84.108:19000 s.jpush.cn udp
CN 47.119.26.211:80 monitor.qnniu.com tcp
CN 120.46.84.108:19000 s.jpush.cn udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 116.205.165.66:19000 sis.jpush.io udp
CN 116.205.165.66:19000 sis.jpush.io udp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
HK 43.135.106.212:80 rqd.uu.qq.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
CN 139.159.137.254:19000 easytomessage.com udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
CN 119.3.188.193:7006 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7007 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 119.3.188.193:7008 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 119.3.188.193:7009 im64.jpush.cn tcp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
CN 139.159.137.254:19000 sis.jpush.io udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7000 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7002 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7003 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7004 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp
CN 119.3.188.193:7005 im64.jpush.cn tcp

Files

/data/data/com.qingniu.health/databases/bugly_db_-journal

MD5 b42956b76b9431021bac0378353af61f
SHA1 b35dc1ff7c2252fd17c3172f965b9148ec48053b
SHA256 7d7706ffc6031f305aa1b629600035f41a141ff0f9daa9c8074d0ccf471ca3d6
SHA512 ac42e49c8e40e277ba4b00b5027a0f7a532600aa313e99a9c63f4c7101788b7f738a8692ca9753765913000f8d6633365e0576dde06b9f817d33a33195be99dc

/data/data/com.qingniu.health/databases/king_new.db-journal

MD5 18b3ccd18be37e6c26b693c7220b1f42
SHA1 817e4bb200eb2a3010d50ae3c18b8a16f6d2ac0f
SHA256 8d1145ce62c07b4111b5c1dfc6e0fb8299d84ef462a715f8f6629800a7259075
SHA512 b7153b59abc542ce1e599b3b6f886e852660f6d41d378eb6cdd42fe4794664163dc961586b86ae3e266959b5959714d7653d192d1dd544996f844e85ef83c082

/data/data/com.qingniu.health/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qingniu.health/databases/king_new.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qingniu.health/databases/bugly_db_-shm

MD5 66a0acae7de6f51e3a36e407d57b6c34
SHA1 568d3cc6818bd6d3c52615ca1ebadf580d5745bb
SHA256 9ffdb746597277d45463747f2fb3ca4e7e73f0b72da80615984815052df46419
SHA512 13c531dc9548e2b0cdd10ced90316095f772010e0cd09eeb3327084f48a2565a97eac9c4a15af0b116e049e38b5d038c47dee73d3449ce9d6435eb241855e802

/data/data/com.qingniu.health/databases/king_new.db-wal

MD5 03f6798c7b329e307097ef54d8e31a26
SHA1 118260b9b35eaf14ee4f71910579ea9629887905
SHA256 4e90f9c4a83ce2b67a8b9ddf2dabd6f27f684b76a8d2e2db967a0e65bae3f10d
SHA512 76dfd41655b11f9d2cd9b5906adad7d8a5741e9cf13458d2a627efa25f7820d7330511d52853ab7b4516df14843ebf4b70dde64d49049432011c439b32fd6b7b

/data/data/com.qingniu.health/databases/bugly_db_-wal

MD5 6f1b237def02082083641bbfb550ecbd
SHA1 5b4c94b5f8f41f00a0d22479e1a2a83dda36975b
SHA256 ff8b0b7b6032049b54c4f462609570366f6f019f4b383f2ab51c75dadb5891b0
SHA512 d9ad04df6ab0cbf5443d02a9ddee9da0446e2f30c8a35a4b9311eacbc4ca7c297b7f7761bbac1bb68c3c9d8d078201b3760987b5a3b83d3dceb97b4068fe4212

/storage/emulated/0/Android/data/com.qingniu.health/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.qingniu.health/yolanda#yolanda/core_log/easemob.log

MD5 8a67cb57fa1f2675459aac9b569090df
SHA1 44f2caa4ef0a70b76514d8113e30adfd6f574994
SHA256 9f25d2586a768ae0c085bc89038eecad16dd1c1d463e48b9cd0884b790eb2080
SHA512 4f1a82a8e64144b0d8a0a6c8d3feb978b72713a06b8e738fe3a7a11035e69fbf8b3da3785fb9134dc5202f7f01db2c6032a270a5cefea8a3b6b614f747bdee6b

/data/data/com.qingniu.health/databases/ua.db-journal

MD5 0455db586e9d29c403418da697b10684
SHA1 c240a3ee031bee4b01c67e9d3f47a9d2427d041b
SHA256 abd2e91241f6bfa0ae0165ea69acc00dec9ed92d49e955e68364cc8a9a12541e
SHA512 afda8b29248753832fab9f44f2ba1ca46d83aaec768cc91e0286b3c65a6bf368e6c0e9d65d62910f98effd65dd175910f34475a8d4644550f955e4fccaac0acc

/data/data/com.qingniu.health/databases/ua.db

MD5 433304cd2991963a9e92b22881e8cb97
SHA1 625faef411b422a44635b9d8c0e028e9b42686b9
SHA256 ba934be7a7e7bf6d8394ec927be44a4d746a03369fc1a79480e552d792fbedb6
SHA512 147637ae094a123e4f942cfee07ad55870401394a78d8f99068896cd4684055ac736c29274e729ff47fc2158a631f2ea7bcf94e72705792cf757146be23edd7a

/data/data/com.qingniu.health/databases/ua.db-shm

MD5 463967a9cfdf6ddcb66fe5df78e47b39
SHA1 586923a07a182706b4c5e18f567c9d92f18e38c0
SHA256 b8e67669dcf2728e623d24f42ab1bafe0dd56db9c7cf3a34fc987a0352c0e2fc
SHA512 271212318aa650f3439f3f9e8527483e49cf5c162cf64d1134483781cd2c8c6dcfecd8012866a9a9ca5125fa43aaa600e362a1ce1aca1eed638ba6a081a581f2

/data/data/com.qingniu.health/databases/ua.db-wal

MD5 6cf74199dd5cbf42ec8280f6fdbdbf9c
SHA1 09237917137627607bbc60f67fc900565edff200
SHA256 44c9f3f751a2384c90f134725c9ca560073690221dc1cf612746ebc6a62c82b6
SHA512 0a9407846d3664dcd6db791907fc91cdcd82aae3489e59985e9f16f137817f277b9f2de898a321f452c0d04054f9952fa070e1ba4c08f99373ef4dbc10e15de4

/data/data/com.qingniu.health/files/jpush_stat_cache.json

MD5 f83ca5ff3449c0b6e3a774de4f36577b
SHA1 2169a980fa64504091174fbeea6faab52da3a252
SHA256 e6219a612de9938a78e2fb0adeb4c0952a8f7ee2f5bdf9f2db0d61754eefde43
SHA512 846d2337a3c28eff6f9008c96dd95169bf787f5c773fc591f9279865f3669c2c69ac6b50f4a261e8f6ce38c33f92512900b6d6b0a20ee8041b1fc50c9061102c

/storage/emulated/0/data/.push_deviceid

MD5 90bf901a04941faa4a08ee0f01f5e499
SHA1 2f6d187d2d875eadfc776dcebd18f552cdd5a7eb
SHA256 1e59aaa049b787a4b9352a8416cd6bfce220d3e0ee44aa4e28e3f44d33292481
SHA512 c8a0d8355a1411c011d1fe2c853a5e352c919f350ce344cb8cccdb611cb4b537924d20d6d0e0ca3a59e0b130583ce5251ec26a23d5a62010bf65e0a493d097fb

/storage/emulated/0/data/.push_deviceid

MD5 7c167779bfddc9d8f4795c0f53218f3f
SHA1 fe157a143ea3c92d774b55b1b44c8b38a95bb1c6
SHA256 7a8d425b690aba7005e9a52c22d847d80032add4d3c0a3e2b9727caead61b1b0
SHA512 9db30a435372c33a2b7109920a1cd5971db6b933e34cec03a4873a3b9f574b68850d12fdcff51b708c5ead2314d8b52a0d5fe85ab9658066d3862a14640b3afb

/data/data/com.qingniu.health/databases/ua.db-wal

MD5 6677f8c209c1414f11933eb491054965
SHA1 233e0c88f7758bcb5413dce21bb2bc6a7a1f30cc
SHA256 5052986f99801abd5abe1bc0fa05327afb209b33be3d8b07de01ffbcbff43601
SHA512 ed22f420bc828c5a1ccdf1d97584e80719073bad6991bdbd428102fb2296cd462dd6b95e3b550d6a3f99da76f240ef96ff9bb4cb5ddc9d1f75cfa0dfbfc31ea0

/data/data/com.qingniu.health/databases/ua.db

MD5 f8bc891761ff527a891f010ede0344a1
SHA1 5a63d0ed7f7986c7efdc38756b0e16cc655f2088
SHA256 79b069d241b197f6afc1771ba380c8d3b14676faa71cb13272e2d7c5ea28baee
SHA512 a26223e6023b758ba03b9e5ab349326530a0b14758429f2e5dfcfd1cd7a1420dd5272d05510a4cc925e294107a791923bda28c0d52cc70428ec7cfae50fb323c

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 db7b092d0bff39fa709c9fbc7fe3f8db
SHA1 696720241e2032ff994356d6b69d10345407836b
SHA256 8e5daf046ad0259365d55c5bdb8db55b690cf43a791f5ffd14b94339372399ed
SHA512 bfba9610b4d25901133cfc73f98fe7e247ce034d8758c44a01120b14a989dd527de99c5992f8125a20378f10afd7a2d315a26f6168af3d7a8e18dbb6f660e981

/data/data/com.qingniu.health/databases/cc/cc.db-journal

MD5 4f2966d4e64f19a3b37b65541e7eb637
SHA1 45d2f951ffd076629340468562c568b800167e9f
SHA256 d53769f2599ded3b5c6acbb086d876187342d85982dc09eea687cb3a3502f79a
SHA512 1d2c02b8365ca365d31e9eada28dd20f7f45b2da39f134bbe3e8c66d77eebefaf6108b5481b7d339c62daa390279b5187912a6a77c9e54c5eae0b07074006190

/data/data/com.qingniu.health/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.qingniu.health/databases/cc/cc.db-wal

MD5 886c90f11b4eb4115968a1e0103d926c
SHA1 136587a0ce54e336c83926d178c76a2578db14ff
SHA256 caf2d34ae1854e9063532c62fd1550cccb7d55a2c20be46667e0e98e44d6fbde
SHA512 e5d2f5ede2fc94df94e79654098860bb4f8bc7fc262a6a58f4c4ab213860af4741b9860d668a40ca48e93824b1353476b6c516916fed7673af2b8c43a2311cd7

/data/data/com.qingniu.health/files/umeng_it.cache

MD5 131e14c75747d640b4708364d39a85dc
SHA1 d7dcb61b32aef4653f08a0188e2b36eaf11709a1
SHA256 100230c0c28c1163a3fcaab13e0efb74e4307b4df509d88e0d09e3f17b9caee5
SHA512 5abe212b538611cf46487f16974382fc38b6bcc821a49c91fcf63eb93ca985dc450f1b733e1cea10cb645cbe7d2f36eccebb1bb064944eb38fc67103b4a0bf5a

/data/data/com.qingniu.health/files/.umeng/exchangeIdentity.json

MD5 8a863bf78ee0d5ffff63bb4ee71516bf
SHA1 ac6b66c4ac7a36384bd43aa83cce08d381efe0f8
SHA256 32bc3406c29381c952bea94a75afc27d51172fec41f24992fc0d74e0819da695
SHA512 5500b70ba12bc850cf8bf35a0cee79ead3e5c7c0a281ea3c6490389a31b5e371f80e1d4b979b916a2fc05b957aa878b42c06fc97baad75829c4fa47bb7e76732

/data/data/com.qingniu.health/files/exid.dat

MD5 110ff8edf20e54b79c2124df1b98c58f
SHA1 80f6849f4b0fb7bfc84550b24b5a110824a73f05
SHA256 26a31878628ce48d0b6391b4f5c1b2b86c6f724bddcf3d1464c3f635e26f58da
SHA512 75a0455a4a29dcac7a86101c1ed0cfc0ab89ca22a1b440ccce241ce1e4a8a2008c31993740be49b73b0639d9c98e0a5cbcf20ad92233de8dab4e46738d9db484

/data/data/com.qingniu.health/databases/ua.db-wal

MD5 8130012e831b5f8004a25d445aee1a4a
SHA1 40d9a337f8746116026be69d2668d1488ce05ee7
SHA256 5ef92c49bca0de4c3257ce6270986d87abcb47730a7aa33e24ae0f137d090bd3
SHA512 5fe0f155502d608cdf55fd0157d5757836b5f30cfc7d2715d20c3e47a1c7d89fa7c96a4996a94059b945dc5c1c920aa85e79386fc0bcbce5e7e512085d5b3f2f

/data/data/com.qingniu.health/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.qingniu.health/databases/cc/cc.db-wal

MD5 2541b69403070042c1b9d08e3252bdbf
SHA1 9e719a982a9b49a0eeee7a620061a154975a49ed
SHA256 cd0ce39c75c7f9a6b06e57fed1dcb3819d6372b1f1138e396c2fc49a834bdf2c
SHA512 e9185de6021a992f13376f7b26476084b6a2a82789844595719e5d5705b24dd99a1acfb001cf42cdc9ce873f9fa788cb26663b1bd5cfdf01ef2e7ab64655cd9c

/data/data/com.qingniu.health/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.qingniu.health/databases/ThrowalbeLog.db-journal

MD5 50b39f8aac60f2877e3e3c05435e4d60
SHA1 5df2a39e345ca9bbcad25b441d3df4bc0bf3babc
SHA256 0e04fdc022757a1b73a5c87f869fd84cce91aa9e9eed684fc77e36f30349ff75
SHA512 9fbf84d1d645b48a456f0721bba188ea402f89fa2f1ae33371181907c3d093c50c94aae4af3764f56be60fdc66133023dd33bd1f6f30d0d677808c7122402ff2

/data/data/com.qingniu.health/databases/ThrowalbeLog.db-wal

MD5 9820239ed95438894ce5cb17d2989014
SHA1 93a87e736e35df4e03d47d5185d67d7de863ffa2
SHA256 5b3e4c9cd668a2d6762a7ceb3f912a0bc42b70f448e7786690e9eb05be174dd9
SHA512 6767acc86a00f7a679149c15dcc5899608612151f57954718bfe958c11de5265ba9a0bb25a181b2ed60e59ad5c86b70b49dde59b7f6d40b32ba8112644de6a4b

/data/data/com.qingniu.health/databases/ThrowalbeLog.db-wal

MD5 22804ba7ab422c4ef13af4bf2dd2ddd8
SHA1 05724ba5f5bfc29b0b69581abfdf98cd218bd75b
SHA256 11b0b55a165660d6291729f7b47186aa8cff916991cce010a93b564cbfbc126d
SHA512 a2c7e7006238d787f29c2e9a34fcc726fab7483f155e115005d20140d19567d1abcc8b0da1e2124dfb4b312965e2723ee7d062ecd71f95ef1e513cfaa600ca83

/data/data/com.qingniu.health/files/.um/um_cache_1718656187813.env

MD5 e75081ea3b3c9998fbf54b018abec88f
SHA1 b418d880470eede4167637d9391715d731f2f6c5
SHA256 a2313cc1da45811cf8e915f4d714f08a3b44e6adea9e0a159dfe383f2c249381
SHA512 6f8bf9fed47cd368ebcb25e3074e2473b4dfcc85cbf68dbe0d7db106fe7f0201e149907e748ac2c6b54f45cef81811f8280a1ac67e1389c39c6e1dcd74e1aeb1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 20:27

Reported

2024-06-17 20:27

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 216.58.204.74:443 udp
GB 142.250.180.10:443 udp
GB 142.250.180.10:443 tcp

Files

N/A