Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-khe6lsvhmg
Target bac8292074be11b815af9b001cf5fdf5_JaffaCakes118
SHA256 20688d52ce02609e981ca44c652167d0eeb37db60b07153d7a2022153e49fda9
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

20688d52ce02609e981ca44c652167d0eeb37db60b07153d7a2022153e49fda9

Threat Level: Likely malicious

The file bac8292074be11b815af9b001cf5fdf5_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Checks known Qemu pipes.

Checks known Qemu files.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about the current nearby Wi-Fi networks

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 08:35

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 08:35

Reported

2024-06-18 08:39

Platform

android-x86-arm-20240611.1-en

Max time kernel

167s

Max time network

182s

Command Line

com.lingqumall.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.lingqumall.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.lingqumall.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.lingqumall.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.lingqumall.app/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lingqumall.app

/system/bin/sh -c getprop

getprop

getprop ro.miui.ui.version.name

sh -c ps

ps

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp

Files

/data/data/com.lingqumall.app/.jiagu/libjiagu.so

MD5 50750315eef281575611bc425174b939
SHA1 acaff02526d7b4c257e00002ed09af364f66a401
SHA256 c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA512 60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

/data/data/com.lingqumall.app/.jiagu/classes.dex

MD5 c679f1d0e5bc66b0e0aac06ce0a34fb9
SHA1 f3e45970c241220bd3b75204aee08b5a592e48d9
SHA256 0d446429b392a035698e5f8d810ddeeb1cdffc1b2de9238a342aeb501d94e8c1
SHA512 b787cd9e57458ebe14eb956029e5a707f3b5f4f4ee380223fc94b35a12706d5f3cc241b365cfa0cd979b23cb1d30ab67aa895859dbb7d67b691bbf567b0465f1

/data/data/com.lingqumall.app/.jiagu/classes.dex!classes2.dex

MD5 618eb756b2fdd43a9ead70995d0f173d
SHA1 a6a1428fbaa07ffe018f836737a30beabdfb7456
SHA256 47e106e8316c700161c3052fa7d68b6680334df770db0e52b76a7d1cb9b37938
SHA512 160548eefcf620c05005d3381b1d940bfebea9a0c9d9f5af95a3bba3fecd84d11f3b262ff1c8dd02746208bea6233e4fe7e7cf8f90416a049883603822ddb6c3

/data/data/com.lingqumall.app/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.lingqumall.app/files/.jglogs/.jg.ri

MD5 62fe28bc6d8659fb12edf0a0ccae211d
SHA1 edbf3775f29dc92c38d3a1de3e1aa8303930c1ff
SHA256 a94376b9c0b6f4eeb0b70d6293b17d4056cca35bd9f1d8632bf14cf52623b0f6
SHA512 b76f92babeae2b981c3229eac7bc459083ea017a8feea207012dc376404fa8d2e91a3119d73c6aa250af990751dc16b857f43d4d1ac18ba6a37531b9905e052a

/data/data/com.lingqumall.app/files/.jiagu.lock

MD5 96b194a400a74444aabfdf4147eac509
SHA1 9a9f6f34af38cf34023c17fe1643ad1ef12440ae
SHA256 98a3aef50d9bbff89c7b71a0552d1a5225a0faf89b6762844ccf03adb1fa40c8
SHA512 5974ca5dbb145498758fc5a3103f8a619a10d36af1c96040275dabcb4ec4cb33b5cf89411e87bf2febfaba1f33ab60160cafda06bd713779caeb90ad427bd443

/data/data/com.lingqumall.app/files/.jglogs/.jg.rd

MD5 8649d0ec137e386caf7cadc5bf7668be
SHA1 80c08a67e3b0a7295e65fe3b251d070e573cde3f
SHA256 a459bb8b96896aff6f7e7df0bdc6f014374132b7b5736298c6a7c5d87bc70db0
SHA512 832679ce3d35ea0daa4975686c4ebbcb617002fd968265c0fa380a2687a68626919af3d356ca086d223026ce828b814298b769c11de24f24f2cbd3169fd0b449

/data/data/com.lingqumall.app/files/.jglogs/.jg.ac

MD5 7ddd9d2084c9a5b85e76252863b68024
SHA1 445bb6a8ab29cc2b112966debc761bb4d67183c8
SHA256 5960203a9ed871e41c9c535ab322221bcf6d5335a97357f8d4d8068df329f707
SHA512 48c091eff6de8470d3b724c8d82a938405d8c26da554adcd7a97decedbb65c97d7f2dc98526b81ea3ab7d371fcf2c70280d3f6e434d2396194359b516bc7cbb9

/data/data/com.lingqumall.app/files/.jglogs/.jg.ic

MD5 2c55fea5434640fffeebf584829d73c5
SHA1 191758ec51664d88fb6038abe023cc2a63b317e8
SHA256 f480c662412c10f2f69b9a7403c0dacd3bbb0fa442a35c8eeadd8c4fe17960ee
SHA512 57e85476dec755a70c20b34f3ca4b1da66af481dfe7e4c8bb69d4db05cc428b0351d51366909c85aeeb7d3f20ed86f0eee2f4b5f846aab23b344c97545312e1a

/data/data/com.lingqumall.app/files/.jglogs/.jg.di

MD5 8c967a1c68f8cb04d06f2534bd517b70
SHA1 7b8c00d86b193f5e66b7329cd96024a59146b91c
SHA256 a315c3b0914a92608556e0abef00fabcdd82b4ec71615ea30c01913ce3e4dccb
SHA512 4577347ccdd83c424ebc05b0737fed575859f991502cd2ab6840500dae262f76ccee250b3516d947e53979d5ff049981ed077a2a0a2c803fb657465e68c39a4f

/storage/emulated/0/360/.iddata

MD5 9ee8c0af1e047be5ae5e5b0b498f73d9
SHA1 fb1efbfb1e5227b51ffbaba86643b49bd84d4e85
SHA256 58d4bab142e3b5bfb3f67ae3a0d94ab64290bc25f49d92ca717e269670914d76
SHA512 6682ba898b5898cf203a7d10a3e582fbd63f01c71d7cd9a7cf2a0a6b117445aa6abaa46c35b175d4e91393e29b574bf00795a80e3fbe3cc731a2a41ea60abacb

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.lingqumall.app/app_crashrecord/1004

MD5 a2ceeaa44e3414cd0a3e32315eea5562
SHA1 f837a0af5637faaebe33bc465d7d4d2b5831da7d
SHA256 3c42b4f534daf303eb5065ec9ffb96e900fff79c534c9d3a0d0e7cf7c37f053f
SHA512 752510bbccc513bc2bbf3f822302c2018c6141c16e8b2b4c1ffb36d6a3aea9cc2c6838fc0bd656f9e37bb5099b92a5b46c04a0a76044fd4901f994ac493dbd3c

/data/data/com.lingqumall.app/databases/bugly_db_-journal

MD5 b1548c30d9c44f73bc983dce8f9743e7
SHA1 02723c0a4d74a8c7a69785bfad23a2a972c8a628
SHA256 18d0a2a81564c5c8efa1c443fc35f651e6e2edd0b7688b71a8d1863e58028726
SHA512 74609fa78195b8b420769d36783320d6805c9f09d9d871faa46b4bffec2aa95ca313d00f06d545a05d7e24def0eaee51c062ce060f38052d94e38a4e1be1ed70

/data/data/com.lingqumall.app/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lingqumall.app/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lingqumall.app/databases/bugly_db_-wal

MD5 4781150a830fea033172425c44619e2e
SHA1 1a4b33d2b0ad35859f65829c3afcc61c0a220fc4
SHA256 ed3c24648b901061985961a71f074a80f027d32dbf6862d1b32fdd6425d56cc2
SHA512 57a2f18320cd278830b31efec81ac464e60553fa4268501da371413682273192a7ecd2f9caae8fdd50b57b8342a7c53925fedb3317437c985aefbeb212276ac4

/data/data/com.lingqumall.app/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.lingqumall.app/app_crashrecord/1002

MD5 150f005eff024ff67d26f0a850f303ca
SHA1 a91604373c4ed130762ac77ecde95cced16217c7
SHA256 3a2509af79197598c2eed7441b6ea08605f6af120e7e2024f162a4ef1b1fe223
SHA512 d108c26a2eea4c65f7ed4fee4cbf380744e9af2a33b1f2c0214c3b0cf4d3e694dbd5ea3f04ff7aa81b8884965117921ebeefb2d8400ae18276bb789a1cf0931a

/data/data/com.lingqumall.app/files/libcuid.so

MD5 47ac8d83975338bd80d6b0132bcabda0
SHA1 52afe3212f6d9ec170e28a8929d677129983fbeb
SHA256 333dda654910f5a069139539d609cd17765cfe6eb50d13349f5de1c3368a80f5
SHA512 8d42c226b5f355181dfb3494a8528f825f398e40a920e0007cf07a0df0f24c1fbea0e1749abd0500613d8c4fba0d1db0b0e32529fae6a448f5a282ca8c1f8324

/data/data/com.lingqumall.app/files/.jglogs/.jg.li

MD5 2c135e1b88a3110106f741a90fd56f0b
SHA1 6983db947aa16b89a5bbb6d2cbf840c334f1f52d
SHA256 fb31fee0c37fba943e619061497c123533f0d5044e7304dc16d399068da428b5
SHA512 dd55a55d580ca1a611078eab762440d9f03bfbea9118658ba1672dfd89f2cfec46b39443b7f3d95d497be45d2ea4837424b04b90ad1fa0d3560d4dc46593f530

/storage/emulated/0/backups/system/.confd-journal

MD5 fabc2269d3cbd93e18ef8c9f808c9aee
SHA1 5a74dcbb0da4f0313841310d06632554c57905de
SHA256 ba7168419857c3acb46ed6b4d004b5d3ec0efc4b8be445ad3de9bc41c3c19c7d
SHA512 e70307068d41b6828007d7b8a432f4beb0e59b9ea8fb4305f4acdf91850f9bf60848dc6c6b57def932a88766264df5417c7e82edbe252d61a381b87126bcaa80

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-wal

MD5 d231dd7c3e2498aa365a54ccb9376d7e
SHA1 7a2e8a5cb8fe3a21ef0b0ae51ac7955a4b4834fb
SHA256 2f01dc84160c6e53bfd8a7c6400216101291c414c66dd9ace9d44e8dc492cc9c
SHA512 8c9362fe1fde6e8a9055b29887c8b7355b0e352890db2bdf35cddcac9285c69742cd63c00d9649ea8fad25490bc79f53e01312e51fdfd53f9a3539e8bddf2b76

/storage/emulated/0/backups/system/.timestamp

MD5 01fe34bd86dc86d3190a8dea92f2d546
SHA1 81e29d073775e888e0d45ec1f5d6cfbe02a464a4
SHA256 239a057dacce73997d80bb82a8e86c1f851d93871e332251053fa13e7600828c
SHA512 a538fb24c1649595694ff308bd30a75273dcb80efc1e078002d9bfa0f75ee901149a6e3f7f748954e26f9de7ba907e1324f028a6bab27e2eb8453c5482c25d66

/storage/emulated/0/backups/system/.confd-wal

MD5 22a0c208b3dc0b271467e27585917210
SHA1 601fac0737197e32db7b22d0cb84526f7c6d8d84
SHA256 7f70a5b31b69a5e64501ebab5758fe31fc2537278e6bbb1960afb1c5c1a15747
SHA512 b29a733cab8b39a4ae8b48c021331faaa0ccdbc99f4fe0820c7c343986364a367ba85ac72ad696d09d332ddfc7f3c6f687e919be01684f07c7d577f572d5710e

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/storage/emulated/0/backups/system/.confd-wal

MD5 b04b9581666dc02231f5bcc296df8caa
SHA1 b4ef52b649dbc7a16894aea1bb5913567b99a81a
SHA256 c5d3ff6ddddaad03b335e1ad0bbee8c63d3ff0dbb6aef6dea588ae2eecd30602
SHA512 93c7aa31818265f9fa1749428db8ad465ba40eaa773f722682f316bcbdb4117789b1f254395f57853461157a4205e74138aa9bfcad77ff01f89086d29df01cda

/storage/emulated/0/backups/system/.confd

MD5 8cd7c3c9f4b9f6f413ab03e209b77f33
SHA1 8306cd4808cf1c860ed5e2a01bf557b89b2cdeb6
SHA256 5a21977ffcf345ca96eeebd08e5d3c4b2f559da288638751983d0a020937e134
SHA512 dc6d8b707252a1cdeb99bf4f924cd7edbf0ee97e502133c493b4bdb5746c0b719259345a66585a17594e37520fe4357b6206a20153c24aee30ef3d3895ba62fe

/storage/emulated/0/backups/system/.timestamp

MD5 c6eb484e2b3437a178fdcedf877f9037
SHA1 27054a5b211c0d77ef97095b77e464599eee05ad
SHA256 73a4571adbc8ebac2468af5508215ef058674d9da6e89debf3c3061e7e9ae752
SHA512 61456b4bf10b16ced420bc1fabfb533e6cb72ad4d4210ba3b1524d7ccb50030f58e66e0821a06de1f63dfcc23ed6da72db0485aa7d3ed6fc0f8b47d517f1092b

/storage/emulated/0/backups/system/.confd-wal

MD5 790b1ee202351738e9c9bb9eca486707
SHA1 ff553b402d8f33e96973038b06d37607e2353392
SHA256 f846580b6def4f7beb58267eee3fb57d5a1a73a5ae35dbe95ff61b8ae7c1efb5
SHA512 23e23c0ca7ac43c81379f6555a09e6484392068f0abf70c907b61fde6f9d28c57095a61bc3e6b39333d23bb90d69a0e7524c780ebd0da72e14e69782eb6e5770

/storage/emulated/0/backups/system/.confd

MD5 dce59afd5238d9aa3699fb9caca9208b
SHA1 15fb0e73e70d5df5462d738f8125c6b0d87d0bd8
SHA256 48f4be1fb53a32717cd228f3c6846e3ed8dfedf7f7d99df96eccf4d46079201c
SHA512 fae43d9bf2c68e7d7606fbd4b3b7b0239882e9e70e9dc7dd3451b0a36588c5470414efa15ecd4d5a9bf1a0fd2c09fd4b13cc404a0a2b41778f901bcec3879092

/storage/emulated/0/backups/system/.timestamp

MD5 5c7e7b29c47f50150f2a770faf458cde
SHA1 6c03c424d86f4ff7caa8bf9640a5bbfaae85ff7e
SHA256 8a28e486775a3dada5ff251093148f62c79b40e9084018cecac411315c064c42
SHA512 a3a9ca45abb872bb698a00a6368ee9012bb018bced9903b9ccc6047b6bc8344323b9f9a2c54dd76317ca242d22e612c262aada350b0f1233bb3dab94bb51ba63

/storage/emulated/0/backups/system/.confd-wal

MD5 3ac679085b2f20908720712142cbade1
SHA1 4e7a992af7fc7e8b2c51975f8a5b822646a2ed00
SHA256 b39fbdd4b8672f1b92c4d1cbc299d1fc936c9833b4293f9c149c5679773ca3db
SHA512 c46aa25c32648ddc8a3ae2280b3d4dcd1b739ea41351be35fd252022909c7cb84e5f71319356188b9c84522abd134cd7003ef853448310eebba21f95e15d36b0

/storage/emulated/0/backups/system/.confd

MD5 c5cca760df59e1c5eca60e934bb5e44d
SHA1 c0d7e95ecdd673219cfee1559e0082d4a7d57cd9
SHA256 dc958df374e46d940633b1ef5bfb93c98bf270ed2116c0ec852bebdae6436f6c
SHA512 3e524092fa2b55fb7aa54bab7e6700cdc8e73be86350a40692533931ebbe82f4f0e2569c338a679e3d3d6da736c3fe596bcb8e026edbf857ffe9ed2f363d5495

/storage/emulated/0/backups/system/.confd-wal

MD5 80d0e0edf27a428c1e955dfed134c904
SHA1 1bafd56fdff3fa23511a125bed74e35a9733c33b
SHA256 bf7866437bfb47865cc3ab87d3127454f1a23625e6bd03ffee054409127bddbd
SHA512 5e084a85262ff00dda99f596c5308d466e062e07758c5a21b622ec8ad3dde5b9c2ccd9d0f4541bcb94af77b492e791cc452b7d61b52b5b6515a1bde1ea5ac206

/storage/emulated/0/backups/system/.timestamp

MD5 c7c09dfb58f3d9e082def4d553e64ed6
SHA1 0c27495e596fa6b10221256812797e948e6d292f
SHA256 ceebf55ea202e7446045dc73a887ce0bdc2ec33bd4fb0f05d1f6573e12f7a7b8
SHA512 4edc4afba60c084dba8e78d939916fd94b48f3814136b7762bda28ea57500888f3950bd3796f57e728632298295a5b5134d6d3d822f82ab1ff54bb455e5b6027

/storage/emulated/0/backups/system/.confd-wal

MD5 3b4e7973cc0ad7d6173adfdeadc68449
SHA1 bf410eeb3e355c8a4288bd6ebf5d5679a5d2b941
SHA256 1151710560843b32cdf8c848006caa460b28afa5219e6c8bfddece8bfcbba1a7
SHA512 aa5e32edcf2e7f9dcdda488139f455d7cd9660cc7fd2aad2d6a66064f5726ed94ad7d3b1600388684efad5baf8e2514229421c63f2eabfc29f912c47c3724198

/storage/emulated/0/backups/system/.confd-wal

MD5 d3d20fc06c06e160fcbea69407e4ac80
SHA1 788abf7a2028d8624e91203b643cc52df4a0ae1a
SHA256 f4ee4a397fd5c0e8c26a4d1dad0ba53708fca1a0a72628985d2023501e7b85a4
SHA512 c6e7bca03eef7c3894e30283af34b8d04375cce99ea004628c29f24167eff60fbe7c52847416bbd69a071421b583b7273116ab995082bd4fe990be87ba1c5b9d

/storage/emulated/0/backups/system/.timestamp

MD5 f82ba22806539c6198ba5d454efb3f74
SHA1 043a324bb18e6b4240ee1f889b46da43b2936915
SHA256 a43f09390eb03c02602cbeb092c0e243a10ec2754aa37d182f96dfa5793d03d0
SHA512 da266e92cacb60fd6a48364a334b9302a3322f0722c2c0dc6231d204b919e66b45108276f1797b4e5b29678f8686d93a6a2f1eaf8f7a1cd0be36d00f54e0a7b6

/data/data/com.lingqumall.app/files/.jglogs/.jg.di

MD5 28140fd81ab599e633957d80a4187e02
SHA1 3be58b0c856f964ada1a828dd78b583573ac2100
SHA256 fb2dd3b632f7434db9c4dcf19ff1a84699a008b2db0c3ea159114c9731a8c4fd
SHA512 ed511842822232924ef7dc510f08d37ba9afb61144d3ffbb806433431af48142db76fee899c8b7a2a7abf525c5c5422424a2373e3723c17128a9c9c9f6f529fb

/data/data/com.lingqumall.app/files/.jglogs/.jg.ac

MD5 281852bbefe988b55ab92fcd4fc71ec5
SHA1 6fcaae109fdbb6de538a4abe4f1f3abba22efbb5
SHA256 411d79b91b6b831a4922fa2546260458f59b60ee34b186f20c4d0b8f1d5660d6
SHA512 21eb17ecd61300c139914390ff701388a417038d011fb3c7cfb9e8952e3490278e69dca627188a88cdb9f670acb96feb74292c05cf5897dd91330c062ca9e718

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 08:35

Reported

2024-06-18 08:39

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

132s

Command Line

com.lingqumall.app

Signatures

N/A

Processes

com.lingqumall.app

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/user/0/com.lingqumall.app/.jiagu/libjiagu.so

MD5 50750315eef281575611bc425174b939
SHA1 acaff02526d7b4c257e00002ed09af364f66a401
SHA256 c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA512 60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

/data/user/0/com.lingqumall.app/.jiagu/libjiagu_64.so

MD5 32a8cba7e6fac645ea3d1fca87cba90f
SHA1 6b01347c0d6777ea644c9859214decf5a00431b3
SHA256 ec2270b007c53f33ec3ae7c49e78fde28a64bf2eaf4309ce60abf9e03035227f
SHA512 018c9c65ed954c48b98d6a42e28f6b2e5850179079497367bca849667fdd69a96a2182b43c2a865ebcbfd8548d6973d9b0d2f9570644a36bc7549b1a420557d4