Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-jvfggaybnj
Target ba9a988868ded438a4178f271819a580_JaffaCakes118
SHA256 f07a5b59f2dba248d012676c861c71b16d31ef6fb50b20c297bf9e6482e7ab26
Tags
banker collection discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f07a5b59f2dba248d012676c861c71b16d31ef6fb50b20c297bf9e6482e7ab26

Threat Level: Shows suspicious behavior

The file ba9a988868ded438a4178f271819a580_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 07:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 07:59

Reported

2024-06-18 08:01

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 07:59

Reported

2024-06-18 08:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

5s

Max time network

131s

Command Line

com.yodo1.skiat.BAIDU_02

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yodo1.skiat.BAIDU_02

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 gamesdk.m.duoku.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:80 hmma.baidu.com tcp
CN 82.156.25.163:80 gamesdk.m.duoku.com tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/baidu/.cuid

MD5 22d587f07176270d0335c8c752d76733
SHA1 458638950d985bf0c9f7cf896c36a550fdc35fe3
SHA256 bcbff2403bb4235c9b7618023cad0b26fa3557100b7b0c5375afa6fb4559e149
SHA512 9b26fe77cfdaa7a8a07aaa2cf9873352771a1bec20194bee05357ed936a18ae746843b9b2a65adbb8cc12f1d52dd2c3eb2dd44a1b340126d98efe33af7a781f8

/data/data/com.yodo1.skiat.BAIDU_02/files/2cb6687eb5__local_stat_cache.json

MD5 1c3d10e8359e1fc1f30910485ba9b775
SHA1 62bf801a8f70441b36cabc52b1820303d01b0e43
SHA256 852ca41acd267e3122a4aa280b3d2d60a338755596b8b5e7f26ff123a0391d14
SHA512 774fd872647ef6da3bff28b6b723a96c2dd62244c9b313709a14a673eb520f83af60a5b494a63873c923b582cdc64321a99e943faa341f851cd26e6ebd322d1f

/data/data/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar

MD5 e2c47c231d27f082fd61c159aa105d75
SHA1 79fcdcea972aeb2bb7f5ccdc20e8aa3ac1608395
SHA256 8d4d1d443966c84fe656b33153e338e72251f21b6f18b869cad685506b6435c4
SHA512 4f0cbcab419abf2ca89955c0240533bec51abe53c8364f469cf29b8822e0b9aab168dc0d78cf3ff53b4bfbcc687925d6c9e2ad8fa95f6557f30e5f4ffd3fa091

/data/data/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.key

MD5 664c65f99dfd8bc4ef4fc9746918bff6
SHA1 941b66d7f3ef277426fc9606025f1a859be3a03e
SHA256 e38572f67831fe5ed47df2cf40a9d3c92c7e58345384dffaaa17e55831b63574
SHA512 f13a45c1b5afc4cb67d48dcf88058b408bcf7f8865619a6e0d5058d58bb4c434626631154fdab00714b27f950900f16d5af3418f892b98fecb2ce04a2f6f7925

/data/data/com.yodo1.skiat.BAIDU_02/files/2cb6687eb5__local_stat_cache.json

MD5 2d805b13f2f28dc3ca9bbcc000f49bb5
SHA1 9eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256 c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA512 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

/data/data/com.yodo1.skiat.BAIDU_02/files/2cb6687eb5__local_except_cache.json

MD5 3950e81bf0e6bced0ce6c005124d6ae3
SHA1 55590f718aee816e940670e9e5f28bd10746c2a2
SHA256 6ba27ec21a8ccd69b15f94ca629b93c3dcb6fcc0774a49cc1267e8e2ee8faaae
SHA512 a24e3849759745f34e1522fd190c056c3e2077eae3a81d05f023d6de1d9282cf0f843ee23b52247f07c06e72511d9daa53a6f053f378fe8081bff1922af0e65d

/data/data/com.yodo1.skiat.BAIDU_02/files/mobclick_agent_cached_com.yodo1.skiat.BAIDU_02

MD5 d9004894530f31610be19b7da1a6c2a2
SHA1 3ed5efdc5942b04ae027a62bc1191c03176ea538
SHA256 35b8618b6676045109513762fd6c2ba35e913cfdb7095d1aadd489ffb4ee4d55
SHA512 ba35e182aa8356d1f0031fe5179b15a81b94ab5ebcf8fcfc5dc9376928749fec1a1ca5c9e66848732279ca31476a77c79c367ba0aaa161881d2bfdbc04a31ae0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 07:59

Reported

2024-06-18 08:03

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

140s

Command Line

com.yodo1.skiat.BAIDU_02

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A
N/A /data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.yodo1.skiat.BAIDU_02

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

com.yodo1.skiat.BAIDU_02:bdservice_v1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 gamesdk.m.duoku.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:80 hmma.baidu.com tcp
CN 82.156.25.163:80 gamesdk.m.duoku.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 42.193.107.21:80 gamesdk.m.duoku.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 81.70.207.199:80 gamesdk.m.duoku.com tcp
CN 82.156.25.163:80 gamesdk.m.duoku.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
CN 42.193.107.21:80 gamesdk.m.duoku.com tcp
CN 81.70.207.199:80 gamesdk.m.duoku.com tcp
CN 82.156.25.163:80 gamesdk.m.duoku.com tcp
CN 42.193.107.21:80 gamesdk.m.duoku.com tcp
CN 81.70.207.199:80 gamesdk.m.duoku.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/user/0/com.yodo1.skiat.BAIDU_02/files/2cb6687eb5__local_stat_cache.json

MD5 b9a86b5f04bf5634cc656fb24ef12fe3
SHA1 d1dc48c726fb6aaf26c239595cb9e60635f0b072
SHA256 c34b88bc8e5c996b4df48b050835f537187600c7e35340ec243e70ae620c029b
SHA512 97bf5a702ff31a2d3a7a1fef2819b3d74455e0e12af9978afdaf2df8b3f7ed43171d1484a2ba90ebdfde79a4e7f391dd1fc9b71625a9487af2eb42357fc22946

/data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar

MD5 77b57daaf756bb5fca8dc8836ae07f01
SHA1 92502ee8ae489bdd27754718ee8be07a3899f7ad
SHA256 e16f429828dcfd180bbc124153c647b55e940a0efa9c0e9e1644292ce737f219
SHA512 9565722dd9fca568b0e05b7afa00a2baaec583eaa4370dc7e2e98f6a07150a9d381667950688240467c32233623a57858e60e15a911da6eadf2c2d0924b4c981

/data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.key

MD5 e6a75d17818bcc5a3bdead8218930111
SHA1 3820e3f10e0a31eda282032d14be153d8e7d2a1a
SHA256 7681999d06de51605065af540eea80b65e1ea28c15458f316ab33d9f9903e637
SHA512 775b8e69418f2f35a7feb964196f5038d954fae294f34e829f5b0b2056962640c7496943e0b53b24db4d6486453a0da4c9978098ba7907927ffe90228321dd62

/data/user/0/com.yodo1.skiat.BAIDU_02/app_push_lib/plugin-deploy.jar

MD5 804341627011536b17361fd4f5743c02
SHA1 2a251363d80356411935e87438bf6cc7a18e33e7
SHA256 3e56ffa5430a25576e3e639b7a72da7da14e83abe1fc83267d38fd659c857e77
SHA512 05754a6a49873ebcc78e4965ecfaea35fdf05b29bc8eff172a69dd92203db7e3bc6391ef06f67a48d9b17f68438d8c49e081833f71606ac97eb84dfb4bec5d5f

/data/user/0/com.yodo1.skiat.BAIDU_02/files/2cb6687eb5__local_stat_cache.json

MD5 fe449f1511018d6141467ec561a286f4
SHA1 1dd2f208f97a20e3bde9e0acbec4baf2b7202a7d
SHA256 11acd512c00c7e66062f8a7850e1b0d013d592c2a40042d09576a50f58d7e791
SHA512 e435bf5be547f86919fa2f7373eb58b42c0141aa8e614cece0afff382aa766ff7716619a8365b919c0f58f5ea876ae63aa7625fa8e4067568bbbe6cad6a68131

/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat_3.1.db-journal

MD5 aa03a9e05de5cc27f977782750e8ed77
SHA1 ba57d8086d72905a02673e04807996f114038028
SHA256 b3459e30f7a6fb26bda5722b4938161f0beba5068d85b7233c00aaf88bce047f
SHA512 70787f6b6a0919b42721ead1b0e543e252b4be9c69ab8b9c74c9fbabafddefbcde15730d0b27910efec253e072102506d23126ebea585a98288814dbd67b0292

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 07:59

Reported

2024-06-18 08:00

Platform

android-x86-arm-20240611.1-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 07:59

Reported

2024-06-18 08:01

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A