Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-zsk7yayakp
Target ba0591d992e50f021c8ca336623d479a_JaffaCakes118
SHA256 4a6bde2d828fcbcca58d85b706ec24dceeea6ccd2c6ce787dd0867e2a45f04f9
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4a6bde2d828fcbcca58d85b706ec24dceeea6ccd2c6ce787dd0867e2a45f04f9

Threat Level: Likely malicious

The file ba0591d992e50f021c8ca336623d479a_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 20:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to use SIP service. android.permission.USE_SIP N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 20:58

Reported

2024-06-17 21:02

Platform

android-x64-20240611.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 20:58

Reported

2024-06-17 21:02

Platform

android-x64-arm64-20240611.1-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
BE 66.102.1.188:5228 tcp
GB 142.250.179.238:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.3:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.178.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 20:58

Reported

2024-06-17 21:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

148s

Max time network

184s

Command Line

com.lejent.zuoyeshenqi.afanti

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A
Framework API call android.hardware.SensorManager.registerListener N/A N/A
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.lejent.zuoyeshenqi.afanti

com.lejent.zuoyeshenqi.afanti:bdservice_v1

com.lejent.zuoyeshenqi.afanti:remote

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 xdrig.com udp
US 1.1.1.1:53 jic.talkingdata.com udp
CN 114.67.241.135:443 jic.talkingdata.com tcp
US 1.1.1.1:53 api.afanti100.com udp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 114.67.241.135:443 jic.talkingdata.com tcp
CN 114.67.241.135:443 jic.talkingdata.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 api.tuisong.baidu.com udp
HK 103.235.47.247:80 api.tuisong.baidu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 sa.tuisong.baidu.com udp
US 1.1.1.1:53 tcp
CN 112.34.113.194:5287 tcp
GB 172.217.169.10:443 tcp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
US 1.1.1.1:53 stat.afanti100.com udp
CN 60.205.8.11:80 api.afanti100.com tcp
CN 60.205.8.228:80 stat.afanti100.com tcp
CN 60.205.8.11:80 api.afanti100.com tcp
US 1.1.1.1:53 www.baidu.com udp
CN 112.34.113.194:80 tcp

Files

/storage/emulated/0/Android/data/com.lejent.zuoyeshenqi.afanti/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-journal

MD5 47cafd1f58fd9a0682f2a3391a37781f
SHA1 6d5f4653103af2f970d5bc9def711ab16f1a80fc
SHA256 b5cefe9564d9d715d5999309074f5df9b61bb7abb7222d384346e075c58def81
SHA512 7ab67c4ccaf20cf704119cc9e28ed14cc69636ad68e108b620d15760ce8b6e057a17729016cdedcbce9b65a2fd450f3f5c4cb29c2f0dcc98e44e3e641b8a9a40

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 4856f79ad3b1f37643dd5633a7aa3cb1
SHA1 e2c03b1129fb7e4f6691c18114f877f4f7a322bf
SHA256 75e30cb0188ab2d933b9259ed593c15d98dbe8e61ac5038fa71344cc41811187
SHA512 5900edfe862df8c23b8d050601caa7c72e8afc224ab4971f318323b8256be20749e4ddb6090e3de144bc4c735514cfa8d04118a56dfd7956753333a7107a588c

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-shm

MD5 eddb01ea4c834c063a12b4e734ce1601
SHA1 b8d59d9eae7f2b24be3908de8e56b77da02667bc
SHA256 b033d53ae85b91af24736e788b157fb9ac0a77c60c70a913aaf4d400e29de6a0
SHA512 7c2ef8f7ac2409c7a9f8cce5e0fe4e981ca82e02cb390b6c6aa12743869c88d9557c0eda96987f8c9c6c5c74dab91ad56c56570aa977af4024f3a5ab0af0a147

/storage/emulated/0/installation

MD5 d536ec9a3c2278e8ab9ffeed621f6725
SHA1 6ffd96b7c7932f0a928ec672031d90e2faea08a5
SHA256 c28898655b813d87fe18ce8ba464f0bb4a8dd6e1308b52ec804e74277cdb5b44
SHA512 178e1697dcb2ff4fdc68e5b51f7c6f0d40edc19fcd5e2ab0cac633d2676357e913df3e01aab03197474947265f7b89c456f0ca341610930cdf03e275a61a4916

/storage/emulated/0/afanti/app/installation

MD5 8e6e7f86089cfeab6d5c95834a9ebca8
SHA1 a1ed803f4b52291b912f8ff48dda32aaa02aa40b
SHA256 b1280666bc3e548ecd58012d6396b381eb871252949bf2c80cc6d073ecf7333e
SHA512 6674fc7bd6e5aa7dc202ef88668c268ffa32b45ea04d0eebd4615f2e0dd537cef0d1248eb29b16ae34072949bfef0dae3f499f4383a6cd787e104a7720e5d522

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-wal

MD5 645e4956fe7502b9b7fa1cdf25c38df3
SHA1 eab86fa147a8bb9b02215de4e0a2bdc7c8223ae8
SHA256 dc95ab5f86ed10d8d30cd0bed9e74f3c29b75182d1a67857597fad1c3dc9a701
SHA512 7cf64e64221621b6d3abae9a2491f87e95a393eae5ae65072ffc80d642de2561a48b5a102f6f9332f82d394d58d6e06bcc05b23567b74146070481621aa7944a

/storage/emulated/0/versionserial

MD5 46d0138d44c0a530c15915b7ab5433ff
SHA1 ca36d95ec21c51f08fe9294e23e5ac83668e3671
SHA256 dc9a5b4e2c512f0624660e704b5624a701bb75cc6ac2c667b1f2898c998bb0da
SHA512 a14785bda9c71c3903755a6b6ebb5af9efd9dfb17d35dd27268aa2c22120ec3b9b437d7ff282ef2a22eb3c07538dec9618bbf86d527eea28dbe5b6a8829628cb

/storage/emulated/0/afanti/app/versionserial

MD5 7cb9e27fc717515db872b6f3e22954fe
SHA1 feafca10b503c9d02ec1cbf34580a046fb439f0f
SHA256 eab34b96bb0732a26bcf700fa559889c02bedba93102d8589035930104013591
SHA512 dc096e8dfd52eed6c287646d3ba9bd074444b78d928892291b60a3fe6e7fabbf131238d772784abaa45cd8a83399e3e493a6778f4020fce9d28ffa251d603b9c

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 cfe988e93732b66b468481bc36cecac8
SHA1 f97c2c28028b5754b45fa20b456b7ee605d9abe8
SHA256 389c629c20c0e72970045adb5426142bbd31f3ac1d688b27cb5d7b47911817e4
SHA512 a06156b6d92974597047864703f8ac84bdef69ce7d5fffd0d6f6fedc158aa097d41d3e4100a6c5f4df0e83ef078439e7e15e28efa5138288ebf0cb0fd1a0b4ae

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 bc910bb1821a066f0ca951368cfce30c
SHA1 717761b4f9a20bc6a1a125606938f4adc70ccdf8
SHA256 5a4e31d7033eb97eec1bbdff686e5d9be0736f720c1bfdd6eb3478e58eefbdcd
SHA512 20c43361c3698f91eee7120f8cfce832eb0a90c3405c6c8becb5e561cf1d4ac2cb82e548081688442a7ea0234bf6ea4182a8e04387bba3612f5b69a5d7aa88b5

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 77ed9492c7f8b76bd2a7b24c7d4527d5
SHA1 f48e3497da93fca812298349861a1b27a56c1ee4
SHA256 a8692a213e41bf135666deaad11e2ecc720d8f02fee0c446106c03f2937bc7a8
SHA512 96c9edf5b8116b95e2e1cb57b57d1f0b83173172aa41132fb471c765e7200afcc02e153e5e7407f556ceae7f281b12dd753eaebd5b44ca3c8e434fc561407d91

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-wal

MD5 ee2241fc7badede98eb68c7a48b6ac1b
SHA1 649244a55ba8320037cdcbd208a62dbb68d113d0
SHA256 3cb481c3f65b0ec50041023b8efc6ca4aae99bdcc3a5931efc203cd66ca0609d
SHA512 2aeec00e8120b955d3867c105fae7886341bc5dab7e3c97ea459780913384e730a98ede0f0335ddb24456ca562cbd0286c27be22eb12bf8721c44284c610d8eb

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 246fc16e0a7e657eb8af249ba90ff145
SHA1 f3dd98eb98c02a06bf66978a5361b1eb6bdd61d4
SHA256 9bda68190e38c324cdf409cb4da66de4bd66ab929db0e3bcd6553d0aa266c1e5
SHA512 9fde01cba90617be0caf76440c0ed3cf9c84f71a14f83ca87bee116d2285c7dfec7bf50f0d9320d56478707c15619f35c70efb480d1f338e913c8e8f168abace

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-wal

MD5 517489aa326378d3a1089a6e51cabdb4
SHA1 da15a9379cd19360821f730e1e99d08f970abd2f
SHA256 7eb773b16d7cd3be59d9dcc9875f1eb5d828f303cc9d98315110f01481218468
SHA512 b004cbcf9c7ae4de35216439b0cebfb81cc350dfd71ab695f5271e564e56282bd5016727779761577b64aff55a47f5b4a0e85b192812a57d2452765fb0968608

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 af71db4ca21883358abe5ac594be2e91
SHA1 10a2236bf5ff3aa0eaa965cf283375a299930414
SHA256 0dcfab9ded19ce1d06198590592612cb4fe27ebbeb676698c2a0a37b9280d03f
SHA512 1d6321fa5a3a8068d723d555b0d17dd1399de9d2d374ee8b2de537eaf9d26ffa4e2e50f0b03e782059af6cefe18e9918acf1ec0a88994ee5fda13985e36f85d4

/data/data/com.lejent.zuoyeshenqi.afanti/databases/video_storage-journal

MD5 7aba9d96d42f8bfa217dbe2dc5b60136
SHA1 4bd7b89add956783e71adfefef1ffafcaed852b3
SHA256 9cd6fbc48cccebf60485f075ca1cbc438cf2dc26dcdf5e24571593a1a2e9f45b
SHA512 996910461b9544dc4203fe9482d70adc5da921b41694ab1d52cce7231bdfa2c87ccf550d44ae51907fd50c4c05b902fae78c786c8b9a25684de5944b59abf037

/data/data/com.lejent.zuoyeshenqi.afanti/databases/video_storage

MD5 14a1c7a0c434a00827ff332ec1990b24
SHA1 3579646a75fe3d2147c1ce8ba1f597195823789d
SHA256 4967968832fd03e533e4f9431109eb348150c110590372431376dbb5d1b6a043
SHA512 ce284ffab89c68b1708126ef8c61f14a3ed416192b278229046a396d5b12cae0b34787562e64a342b3cf9e02944f01913d141a9efdc178c7cd60041dad58cfb4

/data/data/com.lejent.zuoyeshenqi.afanti/databases/video_storage-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lejent.zuoyeshenqi.afanti/databases/video_storage-wal

MD5 253d93c0ff257a2968b539f11742fc63
SHA1 7bd206f71a305f627ee3f95ebcdf714303d7b0ad
SHA256 466b0406586a2cf587e996921fed3c823405336a8788a471f075f4b93ef51597
SHA512 aaff8f5dc7760a60330aea042185ba3dcf8902e6bec29baa49f8f07ca7485f5c6bcc754e88407688d157c47cca866535266072526b068498caa4a74135d32634

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 42eed3ee0c5dde9258486d2472ded7c0
SHA1 993942ded42c2fc36e04bf0692bfe284b205b021
SHA256 80a98b3928b28f33c616dcee1ff703eb8d1d86de9c9af565d707079d76d35d4a
SHA512 933c3b3adc2adceeaf65f98019ef29e61aba8180d2088beb67ab98a5064946189172602c5f1d51e4cdbb05524400655edc1fbd266333c7012958a474cb74d572

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 8e29f7d554729466437693cb9ba7122e
SHA1 60f53317f15c5a252d69018ce92802bffc9292a7
SHA256 81d1961d46f99c9acf493cb5f29c6e032d4a42461f5b763e39c8afbe2364b4ab
SHA512 b19895ed87b53c50902341692d4b1c25c74e233293024f19bb51220756d0213b6d8928aad663a32429a06d443b59066786ecca8f3f79fe33126db3242f5663a1

/data/data/com.lejent.zuoyeshenqi.afanti/proc/install

MD5 bd7ccf47011f1118b6efa73765aaa669
SHA1 9ba61e820f91818521fa9e3d23717b441876d708
SHA256 042c13e71509bd04a4e48dbc4c8288b62ee195c13f4796cb9176a04b1a9f6e66
SHA512 34bcef35b2d487f9009abcef8daa4e2ba09c3661f69630f46cf19cb004713560b929d0eae7dcebd555553e5c29bcdeb56324ef28ed59789a8887a82db8752d12

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-wal

MD5 65c51b9034e1615d39208154c73f8774
SHA1 6654ea669067e4785dff6211982f4a5c67419f9e
SHA256 9841e570b1ce9c84898d3677c79cb416e5d1ed6ade0a2384c4e3d0d9f713c247
SHA512 e0f3eb787805dc1bf88c9b7ee52024eeb82aaa14da1f86578eed51ebee80cabfbbb96fd90a3fdc238d09ce1148da7a1f116bb1029983b2aac73f9d37d4540fad

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 62a064eeaaadb970184747860c358def
SHA1 cff2f1b8723f9e5bed404d11724446c405957d3e
SHA256 793b3bed0b35c868a0e101204940b3baafd7b91326e5e0c23d6789e03382b883
SHA512 c3180a818cb01f05e6a29fff0e41a00983588e5efd6d9d0db1acf869cdb44e91c449514ad0ace2e9ef507fde96a7e750fdde639877a8401db25221c2af2cb015

/storage/emulated/0/afanti/skrepo/c3bd44de2a1c40e56d3a046299b65cee_beach_dld

MD5 8b19cecd6128056bb3138c2a16a198f9
SHA1 a604745bb6394cfd8f874351339d230fe55d50e2
SHA256 b7b765db8245608c84136e2eea2022719c3ea851f4438a3eda76a0f124a313e6
SHA512 8b8fae7246ea020414549bce305a2942084fa9f94e7010dd864653fc95577cd221bea28b63829ac7345511991658eb276ca562fb7e7234b5a4245200161770a5

/data/data/com.lejent.zuoyeshenqi.afanti/files/error.gzip

MD5 f1bba0cf267380247aacc55573989fa8
SHA1 c862e6cc499c5ad635d63670631661b0cd2167fb
SHA256 bbacae5521450b01987b04d2653ea8548f77761084d827180ff8237f3dc96a10
SHA512 eec0cb2ceb4c81fd7c9654340893c6c78d8564e1eee9a156ac0c01a3188b39533c174822852f15363fdd34c9242af6916405e7c9151b4dbfd832477f2ac039c5

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db-wal

MD5 4ed4326a57849571dd84f3f379783e15
SHA1 789a330fe8c7969bc436c640ff13fc7172d1ea98
SHA256 5aab86f5af0a181ef9b2400f07fe386de38724f3b52ae9a2c957025fc7f71a14
SHA512 4809d0ba6999c857612ba9db2a93273dcb3c1897b857b157ab17d0e67e64e5215a022b94935e63db7928d1eb8053679c086006adf86b6c26bd52ff507d5daf1d

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 81826840e07eaab6494e03b3d6ddc87a
SHA1 68e9cd262ce4aca4e8f018247a941cc760f70564
SHA256 ed644ebc395016c8d1587aed6f35c02c1765cad3275436cc595b457cc5f9c551
SHA512 30d8b4a8998323f74aee81a8217c3f42362910f68a8a90b1124d09bd3bd460428745d602674fc77e26a23e6a985756de4d5e1de734f42c4e9bbcbadbb2b8806a

/data/data/com.lejent.zuoyeshenqi.afanti/files/TDtcagent.db

MD5 9c0c64fde47c1bf9b447ba4528aa2edf
SHA1 cb538447c3d1c4f85f80940adb1e81235a77e51a
SHA256 e604d9566ae708978f19fa813a92d49cdc24d860fc3eda206b96e3c0ae02dcf5
SHA512 90f254e4445f49e200c1815d36f91793b929c473d9972519d87c3997463b519485f21629207993496f54b099e14193b5a61c8c03fb9f494d444ce56403715476

/storage/emulated/0/baidu/.cuid

MD5 f40c8b53cf0ab6bae8f6d2990b91a842
SHA1 152d85138da23bcfee9011181c7675d05f5e2f32
SHA256 05a3aa9b4fdca7745e466215f06abba5d2f75a599dbb67eca9a77581c2fd51bc
SHA512 8dcfa2e0c3fedf4a5579281ff8bb33b737f14538c9628d8cf7630812af55a50e6b72265d6aaa760db8aa125f3915ecd5aee15ee87a2b77b073e1467567fb570f

/storage/emulated/0/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/baidu/tempdata/yol.dat

MD5 ff83102c0d8ad1ded12a36257d3a5e01
SHA1 a1c8aa40add6808df5818733b723f654674c718b
SHA256 93765d78693f218c6fde76c7c494ee0256f4b32269518bb5a1d19e7391256929
SHA512 0ad6296d7d35d26bef24d22fae33514c75ffa56ef37c921a0f00b648acb8fca577e042f6bfdc805d8619002720682ab4076d8a422e234e397b62815df0daa4bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 20:58

Reported

2024-06-17 21:02

Platform

android-x86-arm-20240611.1-en

Max time network

150s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A