Analysis Overview
SHA256
639871e1bcacdbd954940e0066220ae5c0beb80a66a0a907bb8458a713ad17e7
Threat Level: Shows suspicious behavior
The file ba8686c4476af5942f47245af8455cda_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Requests cell location
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 07:44
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:47
Platform
android-x86-arm-20240611.1-en
Max time kernel
151s
Max time network
168s
Command Line
Signatures
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
cn.jingling.motu.photowonder
cn.jingling.motu.photowonder.post
getprop ro.miui.ui.version.name
getprop ro.product.name
getprop ro.miui.ui.version.name
getprop ro.product.name
cn.jingling.motu.photowonder:vsservice
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ufosdk.baidu.com | udp |
| CN | 124.237.176.102:80 | ufosdk.baidu.com | tcp |
| US | 1.1.1.1:53 | wappass.bdimg.com | udp |
| CN | 61.170.103.36:80 | wappass.bdimg.com | tcp |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.46.195:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | m.xiangce.baidu.com | udp |
| HK | 103.235.47.72:80 | m.xiangce.baidu.com | tcp |
| HK | 103.235.47.72:80 | m.xiangce.baidu.com | tcp |
| HK | 103.235.47.72:80 | m.xiangce.baidu.com | tcp |
| HK | 103.235.47.72:80 | m.xiangce.baidu.com | tcp |
| HK | 103.235.47.72:80 | m.xiangce.baidu.com | tcp |
| US | 1.1.1.1:53 | api.52youtu.com | udp |
| CN | 182.61.62.50:80 | api.52youtu.com | tcp |
| CN | 61.170.103.36:80 | wappass.bdimg.com | tcp |
| US | 1.1.1.1:53 | vs-andr-push.baidu.com | udp |
| CN | 61.170.103.36:80 | wappass.bdimg.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 111.206.209.144:80 | ufosdk.baidu.com | tcp |
| CN | 61.170.99.36:80 | wappass.bdimg.com | tcp |
| CN | 61.170.99.36:80 | wappass.bdimg.com | tcp |
| CN | 111.174.9.36:80 | wappass.bdimg.com | tcp |
| CN | 111.174.9.36:80 | wappass.bdimg.com | tcp |
| CN | 113.142.207.36:80 | wappass.bdimg.com | tcp |
| CN | 113.142.207.36:80 | wappass.bdimg.com | tcp |
| CN | 121.14.135.36:80 | wappass.bdimg.com | tcp |
| CN | 121.14.135.36:80 | wappass.bdimg.com | tcp |
| CN | 125.74.42.36:80 | wappass.bdimg.com | tcp |
| CN | 125.74.42.36:80 | wappass.bdimg.com | tcp |
| CN | 60.188.66.36:80 | wappass.bdimg.com | tcp |
| CN | 60.188.66.36:80 | wappass.bdimg.com | tcp |
| CN | 111.170.25.36:80 | wappass.bdimg.com | tcp |
| CN | 111.170.25.36:80 | wappass.bdimg.com | tcp |
| CN | 110.185.108.36:80 | wappass.bdimg.com | tcp |
| CN | 110.185.108.36:80 | wappass.bdimg.com | tcp |
| CN | 106.225.194.36:80 | wappass.bdimg.com | tcp |
| CN | 106.225.194.36:80 | wappass.bdimg.com | tcp |
Files
/data/data/cn.jingling.motu.photowonder/app_dextor/chance_ad_dx.jar
| MD5 | ca5f2731961d0ce01718fa6ca03a3135 |
| SHA1 | a5c89c7149f3a7f9f37b42a8e0d8f19284bfa884 |
| SHA256 | 244e3a4bfd08883a028701ae66d905fd167cba0c7b522a961d20b44b22f1761b |
| SHA512 | 438392046ed7c1a17407ce2d9a74f9812a9ff226bf7807e4d07fd908686fb03673331e759fc832a8827414f43e04eba08da1ee75698dddc228bde98086185236 |
/data/data/cn.jingling.motu.photowonder/app_dextor/mobisage_ad_dx.jar
| MD5 | ca912fc5eb0d44a368676d60198b4c6d |
| SHA1 | c350f95005a5c5e6a2e179a75e4e2b560b65dfb0 |
| SHA256 | 6d8122e725cf1c0113103e42b13b1e7be7a7f8b3c72737e8867df8cab25d412c |
| SHA512 | d3f5578f3294ce3b172a0c8e50f066e731e9c2421661fbf762db3edc397028bfba7bc49bc116468b33ae1d780c8894f23c964d08100193944897fabc492aac5d |
/data/data/cn.jingling.motu.photowonder/files/libprocmox_v1_3.so
| MD5 | 988a89c1cfe70e8b1cc0b8375bd4d6ca |
| SHA1 | 325b4e5cbefcc228b8a4db91fbcc7c8162240f81 |
| SHA256 | 1b0d8253311bc0fa63355e4e41658f18a52d10301c4908175c114d435cf01574 |
| SHA512 | 550e1fad0a7aed4dfb35979e04255abbecd26750af3f74ec73deb9654475dc96b0eee35431c42af450ab1aed0abdacec06ec2188c3420e3b8b1ff021a0a6c3d7 |
/storage/emulated/0/Android/data/cn.jingling.motu.photowonder/cache/uil-images/journal.tmp
| MD5 | f2946ed39fd0040e81f30196a194072e |
| SHA1 | 9e7ddc7ded51c488efcdad60075ed206bf945c18 |
| SHA256 | db9d04b9545c528bde4ed87b87cb09d42ece4854d6aa00b39282ac3e4bb4207d |
| SHA512 | ebd33bfa76b2b28d7a81cb1e8bf2f41f2d9e4a809da09cd0eb8af0ba07d2e23ae2f7c294c22a9c8415ab5df61cb615f5af34800c3dab1974bce65a03f42df40d |
/storage/emulated/0/baidu/.cuid
| MD5 | bf7d71a82efb4280d0774439afe13048 |
| SHA1 | 652ffa50a7bbc5e4a4e76cb0d6927d086020b255 |
| SHA256 | 2e9ba310145f964b23ad82d5cb4267eb72e21948a597cdccaa7d1677246aed5a |
| SHA512 | 2c2950ae2ecfa302f500e2f326a7ec226be183363e943772c625c01da872434eab0781daa97c0895bfe61abff41d98dba0a314fbe0c285afbbc3f3d5cd904c21 |
/data/data/cn.jingling.motu.photowonder/app_license
| MD5 | 306b32f2df696f6b85c2c22a380fa14d |
| SHA1 | 58ac16360eb6587d099b35603e35f5172fa59d44 |
| SHA256 | f09d9d9bb07ddc2835120c11c0d2d3e735267575b9c1eedcb5cd0773c4ea821d |
| SHA512 | 14e9ea5f685ef825573d6e9a86600ead17798af67a4f087c1ca9f607eba29fc87b2623474b52e63ca4d3940cc656e74d1b1d43bf80a3dce95dfd8f3582c5cf8b |
/data/data/cn.jingling.motu.photowonder/files/__local_last_session.json
| MD5 | 38dccbfb2605be55bce1bf555ed81516 |
| SHA1 | 589620b354782c747e4df4d17012bd307ec0614d |
| SHA256 | a65a903a9d5d430d7c88a180b2b3cd00bc320d4ccecd2b67fef4eafc4020b853 |
| SHA512 | 95ea3f50c491052a916c13cd714449f29cd2825448cad2e9d99f2a196689aac2d873e0db8f2e3b3ba486599b34f0f1e827af730995a393e3f63503b6e543e565 |
/data/data/cn.jingling.motu.photowonder/databases/key_value_cache.db-journal
| MD5 | 494a23b3eca125aafebdff77bfbc6e8c |
| SHA1 | 13302f836bbfc6fef3e4a03099c74e332ad2928d |
| SHA256 | 98905785af46f10ed6946d241fa9149d4b670c5856d426eafa676c53242f3641 |
| SHA512 | b117b7785e2cc5cceeebddd64f77d70fd41250b4b6d9291df922e93fbe3573b77a74a09dc9ec2ffcf816645544f54c5fc6b26899d4a059ae2926229a45b07339 |
/data/data/cn.jingling.motu.photowonder/databases/key_value_cache.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.jingling.motu.photowonder/databases/key_value_cache.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.jingling.motu.photowonder/databases/key_value_cache.db-wal
| MD5 | 7f3ef9d21a56e4f64c6b6b477f8980bc |
| SHA1 | f8b1b6b4427d9924da5d49e3cde8a83d8fe80173 |
| SHA256 | e2666d235b74723c74c39977f0bbd8d06a7a89cddfb7422736e7300110adb179 |
| SHA512 | 8cf539b5c20d6d3dda7a31a5e0f9e31aeaf81090cc4a8e3488d5af5c29b567e1daa3677efd11cfa12fcf1ca212425bfbbecea2176acd17005b189fc99683e8ad |
/data/data/cn.jingling.motu.photowonder/files/__local_stat_cache.json
| MD5 | 2d805b13f2f28dc3ca9bbcc000f49bb5 |
| SHA1 | 9eac165b4d81258fd3967cde5cc53b53b1dabcb1 |
| SHA256 | c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19 |
| SHA512 | 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0 |
/data/data/cn.jingling.motu.photowonder/files/__local_stat_cache.json
| MD5 | 635cdee89ce96952a5ade6046e1f0367 |
| SHA1 | bc41606eddad6639e3fb9ea6d15b107667c9eb87 |
| SHA256 | 25bde2837436f0d0de03cb8975ab2dd49dc7bec1eb1d669c7b4619b0fffac4d8 |
| SHA512 | f2dd85de27ca82b085b1ea3bb4f106b09ac87fecf7eec5fed76f36200755218e53dc8467e3fa524aadb59d6b6ca906bd5708a2fa952e288b1485c6244a9f9cd5 |
/data/data/cn.jingling.motu.photowonder/files/__local_stat_cache.json
| MD5 | 9faa0928eff89653bd425142e7b0a1a8 |
| SHA1 | 6f4b008ca82de89449483b62a4f0d34677ef1269 |
| SHA256 | 0d4518ef78b02d3911917f12c455858a110724ee46e028d7eb3bc8510439c7bb |
| SHA512 | 4a39cc62f0fc074c216b6f449546e2dca8f3e05feb8e6e0a568c0f33980e96494d6b98e5d5429b7223dc1fc7207ae421d5dca857b71daecca1cc1f2a25ad9ee1 |
/data/data/cn.jingling.motu.photowonder/files/__local_stat_cache.json
| MD5 | b5c76bb99f6e8ba1e6432f30fda3924c |
| SHA1 | 9cd4e27778ae001c8514c8af4b2584a50697fc7b |
| SHA256 | ac945c171c4d4ce7a62f7d188dcdc8ae3e51839e005a7ec91ca3da758808045f |
| SHA512 | ac2957c93a888bf0d631e996ee003436b8864891856c7dbe9499da36494a14fdf600393fae35153bf26764693b680e0b1ad48fa3fef7eae57be4eb01683e7f22 |
/data/data/cn.jingling.motu.photowonder/files/__local_last_session.json
| MD5 | a8fb5c0b367aad49e3f2eaa79e418e8a |
| SHA1 | 67066b5cd3c8d795a958628db22233b9f438b318 |
| SHA256 | 99c2c86452d179abd0d98e7aa027b0f0ef5b1df19fce83828756365fcf72f260 |
| SHA512 | 9b1b149ede87de0878308335cc86eb758c6c7d93ed35faad6b80820b09e82f857c72adab7faa74f8ea0c6f97bc20a62f65c3c094c3b0363f5846a5bbf7fd954e |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-arm64-20240611.1-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 07:44
Reported
2024-06-18 07:44
Platform
android-x86-arm-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |