Malware Analysis Report

2025-01-19 04:53

Sample ID 240618-an4q2stgrj
Target ba416ef892aef27ed0a855d4f460d613_JaffaCakes118
SHA256 2a0f4394d2f6576e942bd3c906e9260bf8a1c330d41a2b657a2cfa1d37beea5a
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2a0f4394d2f6576e942bd3c906e9260bf8a1c330d41a2b657a2cfa1d37beea5a

Threat Level: Likely malicious

The file ba416ef892aef27ed0a855d4f460d613_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Requests cell location

Checks Qemu related system properties.

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 00:22

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 00:22

Reported

2024-06-18 00:25

Platform

android-x86-arm-20240611.1-en

Max time kernel

158s

Max time network

184s

Command Line

com.xunrui.qitian

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.xunrui.qitian/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xunrui.qitian/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xunrui.qitian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xunrui.qitian/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xunrui.qitian/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xunrui.qitian

chmod 755 /data/data/com.xunrui.qitian/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xunrui.qitian/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xunrui.qitian/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.xunrui.qitian/.jiagu/classes.dex --dex-file=/data/data/com.xunrui.qitian/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.xunrui.qitian/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

ps daemonsu

ps | grep su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 s.69876.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ff.ali57.yuxinleather.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 222.186.12.221:51449 ff.ali57.yuxinleather.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:443 log.umsns.com tcp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.31.160:443 log.umsns.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp

Files

/data/data/com.xunrui.qitian/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.xunrui.qitian/.jiagu/classes.dex

MD5 69af8479e39e444b11e1ace64da10bbf
SHA1 4e49bb1917ce8fbd50856939148dc6366449ed20
SHA256 a03fd3ff7c0d58abf500ca138e712e7693fcc7caab2339054c55a15288c35376
SHA512 1292f46be517de2e76730edbc7e30fb4db978e2be24a9761a2c322df067c07ea120247e898aa21234a89bef1f7ae05a697f0f823516c28ed247b0297f86cdd2c

/data/data/com.xunrui.qitian/.jiagu/classes.dex

MD5 e0cbd9729befe129ff996baad7aa2be7
SHA1 aab7cc889409678f21135268058e15619cf75b13
SHA256 52ca2df0f3a62bbf4689dae269a674d0b2840b8cc044faceccdca8044b67cdc1
SHA512 d222bf212bd2c1adc8000f53dca8c3af1083c52b4a9b7926c7383e5590ad7c34296d85dbdd2e8017469ae8f14c8c1ae604880a2d8aef44058e725e99607d5cc0

/data/data/com.xunrui.qitian/.jiagu/classes.dex!classes2.dex

MD5 1f25364f831d6c9fe327681aae3be7e0
SHA1 4e98b619b54d4c18ac215150594b244712509cf2
SHA256 1a09dec391bab6045a0e17c155063e6304a9070251ab9e6218fad10c72917b85
SHA512 acf159cfd23fc7e0b803dd1d9e36269c122c3842da042739088222f9a7f577acc3205206bafa8109ea3159dca689429224a1647933bc1c4676465dee539a381c

/data/data/com.xunrui.qitian/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ri

MD5 24e289e5894b61544572b968da8af9a2
SHA1 9cbce120ee40c97d8ede9f7e3150b790f5604520
SHA256 92b74d52ded8a9bd17fd12119840a85bca8cf625da2d9f3fd9a9120c542857f7
SHA512 16ea918314bc1d36779d224c31a1fda988380f894d6ed4c9598f40febc2cf027dabffb4131e4fea35b39e6ca9c7d9c68fdea2ea7fd8c3843bfea2ba1a078582d

/data/data/com.xunrui.qitian/files/.jiagu.lock

MD5 c6744e23165cf1be647017001b17e237
SHA1 36b5610828f0e33c9f3145674bf40bec54a5527b
SHA256 b43f3115ceab12b2889d8754aaeb69bc749c9758274133983f2e5d1bd211b18c
SHA512 8c2525ae41b10707c48249e03f3403bbe5c023e3015ecba2a600f2301ffd5b6d25b078b90822858d8d7145447818fea8ac26bc6bbcd84505fc138043edc05c89

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ac

MD5 caba2953687e6620b07792e4be98598c
SHA1 52b007557d45af6ab48eb2b8cf6a4b886924abad
SHA256 33099ec858eec76a1dc04e8c50eb0899b2eb19b534cbe354ce079947b1625313
SHA512 5fccf21adcb5e3d964df2168c7ec7a944440cd23ba05f60a9bce4ea2998ec300c566f5d49b6ccd5bc1f59eca2addd2818c6c04ec613711e1fc1b9129e3b73726

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ic

MD5 ea0503b58275b03be0d31a7b79ae49a5
SHA1 c274eaeedcb100eb86dbe0bc22a8658e1f99529c
SHA256 33a679d8971af278035dc5b1c60117f779530cb203b24704d68203acb7eafaf8
SHA512 24f8e1c73ec75183139024f0d8d9906cfd1c5d0e0a9ef3644b5241be140988821b8fe2cacb4a0136a972343bffb98bb4ec8e1c859e0f867f9e3c99a129f6ed0f

/data/data/com.xunrui.qitian/files/.jglogs/.jg.di

MD5 a761b7e43b796dfc3531e0fd6b08ee5f
SHA1 5bf3f89ed165036c097c2d0ff9ffde154fc9fafe
SHA256 b32687bf0ea32829d32622296aa4a5a3cdf1ef5214f42f5a4b30a7b6e6148039
SHA512 3afcf65e2513133f6c7e1c7ac38289c22ece19f5914707eb98e684d64fe8eccaad7c0aca35d99b39a24e09e8772b2b9d7c76844d9d3c9558151c48ddea07e6e6

/storage/emulated/0/360/.iddata

MD5 9b513c35a27d71ff383a7d9d26e88be5
SHA1 cd34fda09fb3cb48f6620c9fd47a3dfe8eddbe1e
SHA256 c71f739c5a52f00bb281d32d66184e08a3662a5a127d774829020c9879134719
SHA512 a89f81ae6f739a3b6c0fb1f8e388b3ba7e2443100195a48bc4b7ed7eee184037b0b066d8bffce91a879e936b007b2c7285601d8c4658dc397ebbfbedacf05bd4

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.xunrui.qitian/databases/MessageStore.db-journal

MD5 0aeb446ac1b1ca8ca9d1905b9d17ceef
SHA1 c0b236c4579920a7535a10514c53b0e34a4a1aa0
SHA256 3979d8a79f39d6da34e0a3255a533f4e813cef4d4f040136b6b2cee7f0b3acbb
SHA512 bb9d082d566cfde039157d2c7315df9558147ad08faa248d3babec9ef7344461c8c594f59b86630c992aeb53e587aea191589a724ff088951997390260b60422

/data/data/com.xunrui.qitian/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xunrui.qitian/databases/MessageStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xunrui.qitian/databases/MessageStore.db-wal

MD5 c1b574d7365421bf3a7c053d74af068c
SHA1 d8df618afd08fe1b5fcf8ba59d5cd02cace06232
SHA256 5d301e30477f86648876d5a1c7f60e2a9095092a2be4ec06b6cc3d3c267c032d
SHA512 90cc41f05e518599fb295243328028240f74f26e4473f066e5cbe9d170a5ec0a66e09e9901f3c084b4117abf3fbe310c9acd870d4862fc052715d4349baa78c4

/data/data/com.xunrui.qitian/databases/MsgLogStore.db-journal

MD5 4071b0fc35613c4e7e510f7d77e40d6a
SHA1 f3fe95ada9a9a91386beef3b87e21f73a7aaebcc
SHA256 193860a016197bddc44308b8c2549a91e683dae3434b0a270502641763a5fba2
SHA512 6bb20eb9f74616017978718b1354abb125950a90bdbbb5c8be4cc2ea87773d5ccc466f24a5cb8516cfe8076781c0a797ac99fee9277e7bd7293531143af29fac

/data/data/com.xunrui.qitian/databases/MsgLogStore.db-wal

MD5 04b2558e015be2f0cbcab7e27fb77671
SHA1 17e459568ef3d339c87d1943c08007121c500308
SHA256 533e697e16e904a2d1bc2387e384dcb4b52f23b43b077886a3f068c1855e8b95
SHA512 837db6ea79df547e3c4db6884b96fc160e06a67693cdc77934bac9e7c2edffec672250d00b577ec1f9c1cde451753be90abd591bb118938ba51a2ffe560bf535

/data/data/com.xunrui.qitian/cache/HttpCache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d8a95ed59f72b3ae4c940635c46e6410
SHA1 9806812a0ae8f2cd52621e53791fe694f7eda8fb
SHA256 91c3fa0132321999ceb8a622767abbcc92ec1c34ea6cd5f19aba40fccf8ba26e
SHA512 bb474e23fa33dc1581f065aa2e26b0d1403f4b289bdb17e9dc5cb5e01bd188cb46dc931fc8a1e74d05b78d18131d3325d59f0cf673f4acb5fccbf0f8abd53f33

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 ccf7a5279279d4b1b7db7461fb6d419e
SHA1 d0142e47ec4d3c1b3d96f9e1319e35253fc29757
SHA256 547001d2bcd930ecad41b98ef689de5b7782dd67f4b61a78958c564f1f861d29
SHA512 22090fb4a704fbe50e638d3a8e7d6c1fce98174be9bfd2c6f538c47c2c1b1e3ad56d4aff2ad083411c9c92481c6137531c9ab2619df8d8a5d4dc2fb758f04daf

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b7af9e86d3f600c4d9683443d101b00d
SHA1 22021c5a0cb935407ebd459d7530bc0cafa1015b
SHA256 fbdb97ec28d937a9d854e3e1e07b284cadfdc97491a176045a64cc2232e685f3
SHA512 4f9ddded5b9efd30389dbda4a1cabdb806993c6bccc7149f4edf764c17bca09bcc793b2e4b6c3586cdc4ada819d429d21772984e7d6f16151043060bf2ed423a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 838f3c0e7ee1ab34bcbc19940fc9c44d
SHA1 8933a3f465da579b706aa222a3becbc33c6d253a
SHA256 1579b243580cfa869b7204b3bd782608bedb2c9f1b9d13fd90faaea95a566d95
SHA512 40922830ae2d175bafe0fdbcf1ff396d2d0f3ff62887da8dfdc336a01d6d4e8dfc0b2fcec2d2b0220a0659c509589fca9d3252cd84e005567dfd6e5b7a6319ce

/data/data/com.xunrui.qitian/files/umeng_it.cache

MD5 9009584d5f967bacd8e962bc3da5e2c4
SHA1 57133a7461190a80e2cfe65c4c3820d0c55cb19f
SHA256 6881b14a5454592d4746d2157b543984a3564b2366553b1f083bde819380774b
SHA512 7dc66fc93ce39cac44abb825d1cc408e378c5dff9a3457b7406d270fef3439a93d8a7e43e4a7d253e8dbe4b55d84ddba3e69ff11bbcb2e86295bc7e2a0faf2e2

/data/data/com.xunrui.qitian/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjcwMTY0OTU4

MD5 14d6c55c7f055f7a0f2a9476819cc4b8
SHA1 75625acddda00ebe1282578dbdbf9f60300b9832
SHA256 33687bc53e895bd5adcbff22963f3428319f31b283a0bafbf35de84e4e66a1a5
SHA512 675e7d7b7d496c40054f893b5b5c22dc9ca34c2165a49664e2ae52a285fa2eb7c8331e89fac9933bfd6541ad2516db9a10d1fcf46763483884c7b88e74d1a9bd

/data/data/com.xunrui.qitian/files/.umeng/exchangeIdentity.json

MD5 059370a330a15b4951fe6021b602c246
SHA1 85148f1f43682c53619717beec4965d4c1271e2c
SHA256 e5bbce27130a6d448e8121b74659e60109abe8928c6c19aa6f86c70dbf7eff7f
SHA512 2021399171a1db14370cc7964a798fc75683e2d7628b14b343f56ef81beaa497207036f8cdf3dde67806f2f0c3c595a173d1dfd3d19b9aeea37240d3d779ee60

/data/data/com.xunrui.qitian/files/exid.dat

MD5 fb2cc14b98347ab38a8130b4a197c9e2
SHA1 8bb51213214aa827c6984a1ea7689959295a936b
SHA256 d79b703d749814b60d41e3288172cce4a2fdd0f964b0673c6825cad69d220e32
SHA512 e13b029899f25384f893c2352cd32a9620428d160138f829fd3b0849e2a0bcfec560afcaf5e0c1bb26d3fe91e1d2a0eb898a826c11f4fb95ba8520e470450a2d

/data/data/com.xunrui.qitian/files/.envelope/i==1.2.0&&1.0.0_1718670167327_envelope.log

MD5 2d5fb44f2a4aab8dbaa7cd56936853b7
SHA1 2431f2adadd2337d56c6aeefc26d7fd5f119911e
SHA256 09ff0070eb2ff9a43f7ba9abbf2195bdeda7bccf235a92202d8c5dff588f9edf
SHA512 70c68587196c67309fc67996f7ee3f7ef8af95a2dba83c6cea935cf8cc89f671b0890e518cf304eb2485443e6218b92ca7d1037c23a4ab4376024cb75c6df560

/data/data/com.xunrui.qitian/databases/ua.db-journal

MD5 da3f7dcd13e3239f9d11db3c107a6531
SHA1 2b1be7e5ff6c2509a1393c13e99c511c1804151f
SHA256 f8422631b36fc330495b57b5b5d3df66f4b088c40df5ccc1947487d6ec62bff6
SHA512 d4e041b0c7ea83a99adcc32f0889ed7442091e5bf43b5a2c8631fcc5c28b10b0cf7963ae5b9ef7e4e601fde4558a96a34a7f9be4f29e0db04b61067ab103648a

/data/data/com.xunrui.qitian/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 1d493de7fafc81bbf8a292d3a746d77c
SHA1 eee242812accb6cdd6c7df6423c8152de81e9135
SHA256 49b7bec49975e56199453548d9a70657e3eff5c3561bb780932c8377e2806da6
SHA512 fb933b00aae0a795cfa6c547f1aed00e50e4936b9bf75755711566a866af183eebdca99972cd8a597bb9a3a46dc323f925e8b0d0748d9adc2f280923246633c9

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 903f9a7bd502e7a5f4b0d50f20399a7e
SHA1 d4e9c302294ddc2b52fd72e45b01b727e0997696
SHA256 642575ff4865900b8e89e657bf35b057711be1875b9a27cda43b53531c8b61ce
SHA512 a767b9ca879285cfba31e3b927dda7b4260eeb51f82b52a330984cd636b7ecbfb2816666ba27a52815978c4fdbe5a94db1cd0b7bef3cdd71bc20b326abaae8a3

/data/data/com.xunrui.qitian/databases/ua.db

MD5 07d53e5b6ceac334ee3572234058eacb
SHA1 b250e80300ca53736a9b4bb64279b8993a03d268
SHA256 a06604394ffa9495b6522b80b2f5d9c55dbb1a8364107d6ba6951dbec7b8796e
SHA512 3f46070afcf620fcd0380f5936699ff6ed652d75735aeba2a58c3f94e504bca1a2008218d4c568acabf0450647e558b2dc5dfc1bda5a6b42283f6636bcf053c8

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 cae5d96a99a81d28777ec3fd156404a3
SHA1 742f8a1b521529a33bd02bad862df3720ab75bb6
SHA256 4c2460a2eeb780b5053169fb7c3200a4fe77a7c890ff8d5d31231035b2178215
SHA512 78109f98ed0662e84613b4839594e7328e84cdc94963e27889f44e9113810e436b16e57e6cadc36ddb19bd74897ad3f4170b78764d9cd55a5632476a50828066

/data/data/com.xunrui.qitian/databases/ua.db

MD5 eb75d3c4d45d147c00e3c2aa4282f332
SHA1 3155dab587ee9d2d27a0efb9dbd2f561edc317fc
SHA256 0d66d3e940d28f95d9ca416f7a67f7a21cc3c17b0c294e73c8680076f0fda2fe
SHA512 a68a2b6ce5c57b8dfb847e14920f6052c6cbf560ae64217d0df50880abb08e8241c255ed5085272e6df4e9c5975f8c8dac19eec93728523b52c4f28e57b2467e

/data/data/com.xunrui.qitian/files/.envelope/a==7.5.3&&1.0.0_1718670169885_envelope.log

MD5 32fe9711429eecdb4e03da5e68a23436
SHA1 160610d4dccaeb92628475ebdb7d9bd3b88f4fd2
SHA256 2a7255d970287f6adf429d8c99b25a14c29697afb17eaa0997997b05fa0272e7
SHA512 e56c6eec9ad6fd7ead9911ebed78a5a6c117529b0e583b79ec96a79def1d87e09cf2095c21a37800283e357610ebb2dc28fbdfc703f6d67f0a120827deb2a1cc

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 c75694ab33dc0487831a16de7a19ae38
SHA1 0228b404e8859976409e8975831c01a5002b3f67
SHA256 100f6f0ff4fe99334f280e329ec5e8e570ba66f8bb634e462a9f361020de7548
SHA512 59f8e03c5f7637efbb819803aa83b5fb0338cbcd8657e756f428fe1ba4dffe4deb71ee6929c2273096e78f1ccb9bf1becdd84efa9138898a42eb748ee8775e95

/data/data/com.xunrui.qitian/databases/ua.db

MD5 2a2f212f94cae215cda8be5838439b4f
SHA1 810d4c4dff965a60189f22e8fc502c7beb04d43f
SHA256 1c97c47788f6e013a999d3180ed46f5fb1e1ed7d49cf717eee0475a3745096c4
SHA512 f9ff6847e62d04874335e4d93e10ebf625dfbdda367d80d56d37d14770aa80fb3bacfa7b67bdacfcf7e7b74afd4b19d47b78187f20e5a01880f8adeaf0cf1d43

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 2093eef337b6fc57d367e3e1af718c2c
SHA1 a51d03ffdd7194441f854c06e52b87f5e13e98bb
SHA256 8900cffcff459c2ba5223de778d868c7af8ac1c045ee56f95210286221331d2d
SHA512 22f94ba64b8f85ae733b3489acd0aa498cc0cafc2b471babd532e9293115eb7b5a6355c519e5b7b51cd982ffdc64e5591b3965077226da2b4168823b5f2a31c3

/data/data/com.xunrui.qitian/databases/ua.db

MD5 a5eb96754678443e8ab744be1f641a4c
SHA1 01a0f7e218fde1ef263f585ddaae27ea67d2d441
SHA256 fac370d1720b19ae0cc083f3bd0a7d6bde9df7faf98f0d51f9526c2a0a85e8f6
SHA512 12be418bd6791f30580aa4db6d2acc54bfc3426c39a3e3852eb72e925f5784aef3938f35084a893eb6a51c2ade4b3386d5b4d22bc501610dbf9bfa7ff8f97189

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 6bc4f286b6b65af5607471f3a97010c5
SHA1 3e7a74847218a1d637d53f080b0ef4454528baba
SHA256 f34dd4ed0d9c461840365470f095b59a637461267b571726d3f1d85aa3e20d23
SHA512 8c34033fbbddb9c4b9430f8e0a681eb4be79f32b8af8d2030b9b2d8f5ffa2740ba6df2b814b7daf4c0a0890f7fe366712be9cd0df8ea7dea441d6adb76f7deaa

/data/data/com.xunrui.qitian/databases/ua.db

MD5 7355ad5881f784991fbd3295804810d7
SHA1 f9cd172dfaca87627aa75d8e473a3f0ba88bb202
SHA256 c839bd7ce4d933a237b8aad46009f18719be123ff026c3f7a605cf9650402640
SHA512 c66130650af642250567199fa8278a9d8e196f20ac7670ea603b82bbad07499af18720cfb3c33d99a82f650b2669012ed94eac4dac21dedd1dff8aad67d6b32c

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 0bad86ecf8c2e0217b71d5bb5842ffd6
SHA1 5fa98d9fa04bc330cd49d5a283c8a33b6f85b3a7
SHA256 a2315e278455a57c8b248b36760b17e21959c59dffeb4294a9200274844d65a8
SHA512 6bc2d856981c2d85d52aa91ff1165092c228e9e7345592e7f68c059aa97a4080b638bb0010f2ce6696a0ade90ea71b9adaf92c218a19b078e4fab8e34e25259d

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 8c825735ff81bac072fe69ad7799296c
SHA1 7cea8e45e6715b5e955265ebfb0ba2370e5edb05
SHA256 06f5cd03fae7210cd5bb74c8e3975cae0d86f9be4644f47a8391964004f1a04d
SHA512 49a096618cea43d99fa99bf669f969e3268a44e4706d3d10c9c67d06fdf9e3d2b0a98e29058a759c36e4e111ba4498ef8e08abda2c50368f832bd4cd067745e0

/data/data/com.xunrui.qitian/databases/ua.db-wal

MD5 7275aaa1c4cb895a4927c16a850add70
SHA1 d56767420e9dd2e6dbf6d03843f844fbc862079e
SHA256 1e33369d47583c578abe28181ebdf05b5d53760a3c2e5ae096966131d29a3664
SHA512 6151f722100eaf974eb96a1dc5fb80af652bd238319db09d13961a697e0a269ea0459170e1c37c509d9c54018d68a23667e942f350f76043f964fc0147ab7112

/data/data/com.xunrui.qitian/.jiagu/.jgck

MD5 c77e78b48015a7695beaad328106cb88
SHA1 37349d5fbbfb620d0370e545a0835a2c626ceb01
SHA256 0134de30163927b3735a69493cb8c5f63ddbb16d0e79b2edc28865a34170b6c6
SHA512 6f378485e68977bafa7921e27002d3435f790b38e3676a26777816ca7d4e254922274cc38e867e082a3bb1151a56d792c2c479f94b24c491bbb61f46496fb5f6

/data/data/com.xunrui.qitian/files/.jglogs/.jg.di

MD5 60540f198e3052c99b02b99d0bca331b
SHA1 369c68476955a914ec23947a666e23d86ce45ac4
SHA256 bd8bd3f7492196eff968c43fdf831a54c270303bfb4a03544f521ac71220c221
SHA512 8745cba002cdb77bb435e68a913170b863005267c28b3a9af829a56fd43a87c371fc26ca4eeaa2cd41d9336cbd632d130b4043955aef4d552e49c5f3cf86bf5c

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ac

MD5 cecf0aef304f8c8f7f6f99bfe3799ad1
SHA1 6dfd05fc7fe91341b442c31d702bb46dedecb991
SHA256 516c743283e97cbacbfbfcb75cea743b0ca13e1fd082d275bbb69d64143c425f
SHA512 c16bc2d8ab87d3cbc88b2aee925e1078879f270e7da3e628c6e45948c05d02445edb1547b8a895004a1d4098b1569acca2966de19c289c0abec4f1d39268a42f

/data/data/com.xunrui.qitian/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4NjcwMTk1NTI4

MD5 7f2fed9cfd2986666e33f4846ac895bf
SHA1 19cd5f5c10c2b88960088ead3d69f030cbe95cd9
SHA256 640a05d4e0510b81cf661f16dd9eb2dd5d8b6d4a60090df449c7d241ac0f0c9d
SHA512 407aa16885caca258a733b835457d86374e46213ba214c34013a0e3a9a7289bb5e46ad71f99f12b7e10f22bcf513edd629e534735ba6b20493258bc079d9d817

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 00:22

Reported

2024-06-18 00:25

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

140s

Command Line

com.xunrui.qitian

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xunrui.qitian/[email protected] N/A N/A
N/A /data/user/0/com.xunrui.qitian/[email protected]!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.xunrui.qitian

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.xunrui.qitian/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/user/0/com.xunrui.qitian/.jiagu/classes.dex

MD5 69af8479e39e444b11e1ace64da10bbf
SHA1 4e49bb1917ce8fbd50856939148dc6366449ed20
SHA256 a03fd3ff7c0d58abf500ca138e712e7693fcc7caab2339054c55a15288c35376
SHA512 1292f46be517de2e76730edbc7e30fb4db978e2be24a9761a2c322df067c07ea120247e898aa21234a89bef1f7ae05a697f0f823516c28ed247b0297f86cdd2c

/data/user/0/com.xunrui.qitian/[email protected]

MD5 e0cbd9729befe129ff996baad7aa2be7
SHA1 aab7cc889409678f21135268058e15619cf75b13
SHA256 52ca2df0f3a62bbf4689dae269a674d0b2840b8cc044faceccdca8044b67cdc1
SHA512 d222bf212bd2c1adc8000f53dca8c3af1083c52b4a9b7926c7383e5590ad7c34296d85dbdd2e8017469ae8f14c8c1ae604880a2d8aef44058e725e99607d5cc0

/data/user/0/com.xunrui.qitian/[email protected]!classes2.dex

MD5 1f25364f831d6c9fe327681aae3be7e0
SHA1 4e98b619b54d4c18ac215150594b244712509cf2
SHA256 1a09dec391bab6045a0e17c155063e6304a9070251ab9e6218fad10c72917b85
SHA512 acf159cfd23fc7e0b803dd1d9e36269c122c3842da042739088222f9a7f577acc3205206bafa8109ea3159dca689429224a1647933bc1c4676465dee539a381c

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ri

MD5 da2ea5dc9e84a5a7aabf4f51ca34203c
SHA1 c7b442e7b5a24281ced4cb11878adcd87766f126
SHA256 5c1ed31af774e3192423039e4c03fb3292ae5e42f5d9b4b79af95f45eb471cd4
SHA512 aa78040024f680813cbf12e7b2ce6e1836f9bea05d69ca97b7d2693089a88a18bd0c8e5cb91bc5fa0cd3b66ab2019be46fcb1869769a2e40efadee25e299f44c

/data/data/com.xunrui.qitian/files/.jiagu.lock

MD5 ad16037d94101fe2b0e8d442624f6dca
SHA1 9c939d9f4b2d9a018d1a9532b6001faea4f1b1f6
SHA256 bc303662c221f399dd5bfa7a0bbe8dcaf1c5003b007440914d1bc2d9270c8fd0
SHA512 0e6ae787d2a40e34ca2e6a1a8d29856d07d0fed1d2914720e4604b67d1e31f9cba2f576894648bdb14485af09d4aa21ff3be35500dde0e17c79211625773f49c

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ac

MD5 f8c39fde7e1e8c8c2e071f46734e79c8
SHA1 4ba19e387aae7ffd58d3c6f9c4e10d7cf341edc4
SHA256 0e6ba2eaa1586856c22a9bea21a207d6a2d81ac11faaa48f4aa68da155298c49
SHA512 da0f8fd731ceeee20cb72ac1e3fe1ea4c50099e71eb22f96a4d871bba594ad6d6c1afdc79c071be11a6d83ff230418e2ed2d107590beafbc60e8a1513ad6f357

/data/data/com.xunrui.qitian/files/.jglogs/.jg.ic

MD5 1b440812a97d921898fd402b678631b0
SHA1 a63867dccdf1d03eb939f4fe059b80d1299e3c1c
SHA256 5e45e7f22525627b1b8c9cbe216a99a6e498dee82f2ab58852381f0796da2c33
SHA512 d587679482c4c7a43a1a02e7af113f02995f3de4f91df586dc00b270c828c94b4d4f0cadeab6cd2b6da3ef14db9accb9d4a01dd689c72d1c90534dff2942da18

/data/data/com.xunrui.qitian/files/.jglogs/.jg.di

MD5 00548191fc628bbd2b57560dfbaee1cd
SHA1 324680439d30bf85c9e667ee4817b2b6ece5cf0d
SHA256 9d4bbc408f3d7e560b7a8f3d72754b67cef866406f58f1df561b6f463d4dd302
SHA512 44d0916a0cc32398c75f38c2714eea43f9f0769a67e26e14ff7a9c2083cc53eee8602e480d28b9434faf8d473c8cea18c8437890437127922bc58b744efdb1ff

/data/user/0/com.xunrui.qitian/databases/MessageStore.db-journal

MD5 b2414c325c68ccbfb19de4c99bf7d040
SHA1 82c3d19a39645a3d939af93715bfcdf9f74fd41e
SHA256 554bc04bc3c38abe490f5f2a14745062da8080d8e72f71cae07366f2027f8939
SHA512 2da3f83ec5fb17a27992f17c3aeac8487f3b22137ad416848a37eada8102f076775ee253ce3fc61ce0cb069d62382d032870da6b6f2c6d8916376a748b6a4e6e

/storage/emulated/0/360/.iddata

MD5 100f2abac431acc1f7f43e2866273fb6
SHA1 aff8254f6ffb33b78c238ad6d89e07a69cdd6583
SHA256 8a5fee53f68648455bd7829dda71a64931574d53883438ccbc96464ebaa8af28
SHA512 dfe4186de31edcfdbc13f7dac08a694ff9488089a9dba7f5c790302b0b586c533b3757666674158e0242cad24e24a3c4629a199b110052a3b48ee9d3b8d0626a

/data/user/0/com.xunrui.qitian/databases/MessageStore.db

MD5 f1abc67cc72bf5fe66779fa5dd1dfeac
SHA1 660f6d1cffa2bf57ec29105e40d08ab103cf18ad
SHA256 a953ef381606a6d98d98f3278e94fc1d5b58a0778f8ea3e305111586b759c14a
SHA512 dfbe97f3c1f3a3ebd63fc5bcee1b1dd1b91dfe01ac95af8fe897f44079e852421fa0c4cf038da6e43264d50f3e612ddc2be9aa17bf47ef604ca428fafe0858de

/data/user/0/com.xunrui.qitian/databases/MessageStore.db-journal

MD5 bd1919e142fb8c89e196d19af4680ac2
SHA1 dbb27b1bd126ecc92db33bbe5ebd38a256961ed2
SHA256 75dbc9e9c254d6c7c6c634fd258006456689b171705ac02d83bf5616122879aa
SHA512 2d593f6e749594a4b1fca299e0b5993f6bb74f5452be177da3f0101e69457dc10309dc082e1d7c1240bc962e9b422650015894e72f4413a99f8acb62c9fc9cfb

/data/user/0/com.xunrui.qitian/databases/MessageStore.db-journal

MD5 d2bad63457b9514582dac927c7ebc356
SHA1 5d8f9ad7e282bf19b943fe8a60d5bd3db67f0522
SHA256 303600fec588268682cf17448e4f7f2082c35de9cf384f1293efb814ed65a15b
SHA512 d29a0a5628a553ab4051b248ea156a9981b1754d5717dab355559c6705ad4ea432f460465cf243fed23a18c852461355d6b9ebec494902ac1858c10ab8e2027a

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/data/user/0/com.xunrui.qitian/databases/MsgLogStore.db-journal

MD5 f62d854f7edb958cc4b9188341526ab0
SHA1 a2db14460b9c5e68f285723672ee74b4879a4976
SHA256 2fd0a4ff9ca1a114e5a9d88c5c036f88a99f810d60774114d80823d9b60bfe1d
SHA512 9635a19a88b5f6bb5e05bd7e16d5f6175a25e88ee1baa69bf4475dff6c818b7618b0a4c93bbc4373e5b85844c8cca5a104c2e0d6eb711ac388cd6a5cef390cf6

/data/user/0/com.xunrui.qitian/databases/MsgLogStore.db

MD5 a860ba3e3a648f73fc11269ff9ea9c16
SHA1 7167faf1666bdb05633e945dddc3d6af6c35fd0b
SHA256 4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e
SHA512 279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

/data/user/0/com.xunrui.qitian/databases/MsgLogStore.db-journal

MD5 223f26b6e7ca32d429a7e77d828e54bc
SHA1 4e0d8cdf3ccdb114633bad75794138548b9bbbf2
SHA256 4cbcf081f65236eec736fc3c96dff479d993b119bd922d3ac53e221e920b171f
SHA512 f71c96133ffeb0a6d11a4e6a0bad12563fd34962c9edcb534f0e602761656467a622b12e95e3a55da2975c88b1277cd351fb00b1d15b919dae5c9a89bc70ab19

/data/user/0/com.xunrui.qitian/databases/MsgLogStore.db-journal

MD5 fcab69be5bd307f708e4af849f9168b9
SHA1 0ddfba91d97cfd6c7b08b8308b5e227bd182bd76
SHA256 70a0e7dec2f3b523c5b1894787b3c90d7804a54766a6fbab5cf96d9a56f8bcc2
SHA512 5c3fc62c1c56ba25ff75d6b98f42e93fd8ee96953c966b6dd07fa5acb8dd3058f9f5ca41f02601a8baeb6e043d1c03340d169dfa69c88575c9f7a95431c0a269

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 00:22

Reported

2024-06-18 00:22

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 00:22

Reported

2024-06-18 00:22

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 00:22

Reported

2024-06-18 00:22

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A