Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-l3ek9aydpd
Target bb5b9bb3ed84d52d7cd933cd2edcee5a_JaffaCakes118
SHA256 fd4514ba8b53bd08269c41ab307dfc42ed450d4fb236980d5f8838d1ccf39904
Tags
impact discovery persistence collection credential_access evasion execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fd4514ba8b53bd08269c41ab307dfc42ed450d4fb236980d5f8838d1ccf39904

Threat Level: Likely malicious

The file bb5b9bb3ed84d52d7cd933cd2edcee5a_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

impact discovery persistence collection credential_access evasion execution

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Checks known Qemu pipes.

Queries information about running processes on the device

Checks known Qemu files.

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 10:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:08

Platform

android-x64-arm64-20240611.1-en

Max time kernel

33s

Max time network

130s

Command Line

cc.dkmproxy.push

Signatures

N/A

Processes

cc.dkmproxy.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:08

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

158s

Command Line

cc.dkmproxy.staticsdk

Signatures

N/A

Processes

cc.dkmproxy.staticsdk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-20240611.1-en

Max time kernel

9s

Max time network

153s

Command Line

cc.dkmproxy.extend1

Signatures

N/A

Processes

cc.dkmproxy.extend1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

136s

Command Line

cc.dkmproxy.extend1

Signatures

N/A

Processes

cc.dkmproxy.extend1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

4s

Max time network

139s

Command Line

cc.dkmproxy.floatball

Signatures

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cc.dkmproxy.floatball

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

5s

Max time network

141s

Command Line

cc.dkmproxy.notice

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

cc.dkmproxy.notice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-20240611.1-en

Max time kernel

5s

Max time network

133s

Command Line

cc.dkmproxy.notice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

cc.dkmproxy.notice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:07

Platform

android-x64-arm64-20240611.1-en

Max time kernel

4s

Max time network

132s

Command Line

cc.dkmproxy.notice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

cc.dkmproxy.notice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:07

Platform

android-x64-20240611.1-en

Max time kernel

34s

Max time network

131s

Command Line

cc.dkmproxy.push

Signatures

N/A

Processes

cc.dkmproxy.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.14:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

144s

Max time network

181s

Command Line

com.qynpz.jmfx.s

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Notice-10-10-104.jar N/A N/A
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_FloatBall-10-10-111.jar N/A N/A
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_REYUN-10-10-105.jar N/A N/A
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Push-10-10-105.jar N/A N/A
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendOne-10-10-106.jar N/A N/A
N/A /data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendTwo-10-10-102.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qynpz.jmfx.s

com.qynpz.jmfx.s:pushservice

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 event.9187.cn udp
US 1.1.1.1:53 cfg.imtt.qq.com udp
HK 43.135.106.117:80 cfg.imtt.qq.com tcp
CN 43.139.43.37:80 event.9187.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.107.80:80 log.tbs.qq.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
HK 43.135.106.117:80 cfg.imtt.qq.com tcp
US 1.1.1.1:53 sdk.9187.cn udp
CN 43.139.43.37:443 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
CN 43.139.43.37:80 sdk.9187.cn tcp
HK 129.226.107.80:80 log.tbs.qq.com tcp
US 1.1.1.1:53 register.xmpush.global.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.global.xiaomi.com tcp
US 1.1.1.1:53 push.hicloud.com udp
CN 118.194.34.26:443 push.hicloud.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 118.194.34.26:443 push.hicloud.com tcp
CN 118.194.34.26:5222 push.hicloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 118.194.34.26:5222 push.hicloud.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp

Files

/data/data/com.qynpz.jmfx.s/app_crashrecord/1004

MD5 748982f5b65280150384e23c2e5f6d61
SHA1 188b641f8a26f5fc2acb166a3760a1cd2d8bf298
SHA256 389b04c0307bf7bc953999ff11f0c67fb330c764d6bb87142aa17351b3b4b80a
SHA512 d23e49fb303932ad4653c7e2af2e723154bcc80d7f547715b1d4de8aae01011866648ed8fcd15a993c11ebc2cd250e7d4792e9db1bf183cc9aa4c1a6a7d43cdc

/data/data/com.qynpz.jmfx.s/databases/bugly_db_-journal

MD5 9c0cf388b7e5e9c8aa733ecbf08b881f
SHA1 27eaf8c58ec9d263b524845ab236cc55e6219637
SHA256 2ad9d04a866b971bb2b0b7db36bd3a0b77784cb0e17273e68c8c72907031f047
SHA512 58001cdbdb52f7d7140084df4cdfb2a9186bfe4de70ede21c1b97a39ff07631a57d8a8f1579006fa17a91001068ce5f04a30cca17f41769adf3e6a972fcb6314

/data/data/com.qynpz.jmfx.s/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qynpz.jmfx.s/databases/bugly_db_-shm

MD5 7191890b720f70b7160d4d531a265829
SHA1 c8303590dd95c174ebdcb932b91a374ca17b6fbe
SHA256 d0f908025f053092f47f2fbbb8ee068b8f75deb17308311a23d715820e7fe493
SHA512 f4c825b534ad1bd62aaac342d8ff64f4c47b7e4d82a30a1100134bfd5e3e93c19b56b7b8cc8f1ecb1e05ecd0f91cb46c7c717ca05951d4417c54cad9afe268dd

/data/data/com.qynpz.jmfx.s/databases/bugly_db_-wal

MD5 adddc0dea90c06ad5792a298ed78eae7
SHA1 eb2dbc8e46ba4936e258a099572a6e1f23f1888a
SHA256 f9f27e2d99212aad5582a9c492c98b1a6c091d3d8f69ea7d91a780206a71ea9f
SHA512 e2215e9379b3b76dacacf0549248002a7a19f9dd5435b89de4a71e17988ae8c7d56f70db19c4bafa35edc88b359e7a0f68b90cdd6d4ade81ccdefbfb71690812

/storage/emulated/0/Android/data/com.qynpz.jmfx.s/files/tbslog/tbslog.txt

MD5 2c6ee942e55e642ac6a8aafaf0bde4e5
SHA1 7be9c2b3fc96fa4ce63d3918113fb8e8e497e2e6
SHA256 c6f653f166b13051aa4a44e1c0543470e20cff53644c317fa3fd4f8b949226d1
SHA512 02f7bebdb92f07889ea6abb28336d3d847d5c84c1d5685119d16339dc69b707893de2dd56086ab003b64392f9fbf374c560e4a6f759593c47095dfccea394526

/data/data/com.qynpz.jmfx.s/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.qynpz.jmfx.s/app_userData/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 8e33c582c341d6ac4c85e3c440b7c15e
SHA1 29e3e97104b0d6d720620def18556e2780f5b93f
SHA256 5be04427bd715e4e1f92588fb05f306572fdb3e764cce33464c5bf152c2fcc2c
SHA512 645e8ef4dfb7d62a1f299fb3e377b4f27ccd6625b78aec9375a580b01f871c65f19bb2b77b350437e8a969047216134658d197954e331e51798173615708fc0a

/data/data/com.qynpz.jmfx.s/app_userData/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 e8eaca32715160c43515e7aa62f9ab96
SHA1 6812a90ec40ea28c7982949962e1579ed8f34f5a
SHA256 dfac367a7e0c9d16881eb31ad387860758e19a23036ec71b270875833afe2d8e
SHA512 90ace646cc931c9d89b86ee1f5e118f40dac6ebe1b35a80fad7942a313df269c4c75bde97ac0401725af0af260b68d730133c219ab419ef70264ae4c6dffed59

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Notice-10-10-104.jar

MD5 98b62e9fb3191c7c1b9f6cf8feb84c48
SHA1 8435a6e5beee38247af9ef22b00163d744827347
SHA256 f78dc92c74f15a76c4ade4d1f6325578b9e76339f7f880cb0237056e82598815
SHA512 25a2895af7f9e59dffd925f0caa71770013cf24cd250e1e843a1b56abf18e48882e35cf1220f5db7431e01a84839e5658d5338e2ea769cb1de30ff3decb5d77d

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Notice-10-10-104.jar

MD5 4d32380f39858fafe2d56be0ad3d0bbc
SHA1 ad19bc709141d13443d6f58a6b8e07e9d2300136
SHA256 01194caab6ff3551bb3fe91b5a2de87a9da1926e90389e3ce1b4ee83f117d9d1
SHA512 1d4770cfc2449d68bbb6658ec7bbdbc15ca19903a930e8f59cb4fe1f4a8cd3652a37c84515892ef8807f314837a08ef7cd1f437ffbc4f55f41f60ad3048893d6

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_FloatBall-10-10-111.jar

MD5 833a9953e36f23258530d9923f237972
SHA1 a36edce4f2406db4adc95cef58527eb14ae5f6a9
SHA256 22d528017b5bdc1455e9f4a283fb2d070bf3e7514cf43cef64cc085132654380
SHA512 8579ecd9d644115a3cccd1331c5c187d1c8f542af3b2af9ab06b783f7d235db3c330fb5e7eaab1de19de3e7dd3f8d204e673accee0356b9b4de71f71a2834cd1

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_FloatBall-10-10-111.jar

MD5 d8c688841a1014e40f0ce0cc3d01fb71
SHA1 2e77875d796fb657f09d6cf42b14a728d483923c
SHA256 af0758b7bc5569cdf3e05248bb1021ae49a35a2ce0ceaaeaac5777f1da474bc4
SHA512 a098276774f01bd30c2775b2dc0a2ec8840167362d603aaef31e77ebcb00672843fe0fca9bd9f6fe3084ce5d3c585bbba65d28a77ff63f99c1bf48b2b756a360

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_REYUN-10-10-105.jar

MD5 653418a5e61c30ae4f8157a59ee707b3
SHA1 43e0fa2a4c02a531e5ff9db7da6370050ca3f24b
SHA256 46080a04b5a8e721c6eaacc9030e724654c7350fbfbb4baf0d7ccc8574dd299c
SHA512 a7577be8c0aaa28e6c68a0296d260d5b7ab84bd26f4f9e99ad94a2833eeae82f40e75b4222f80778cb807f23f4a0e2918861a7bc890ec06bcbf2fdb07fec58e4

/data/data/com.qynpz.jmfx.s/app_plugins_v3_libs/AkSDK_REYUN-10-10-105/libttEncrypt.so

MD5 f9695536e6bacbb5de184d29fba97b6c
SHA1 a4e7dfd8009c9385e696186fb484ca6d827df93a
SHA256 c862f1f4c49b3d8d6039fd5ac4c1e93a91d21797a2f0e53e1afb051459d3e51d
SHA512 7a873a04b513e1286d9972306698adb5436babd30ffa44765433b18f4251f9348fc78e5cf449d9d8a8eebef07de595cd110721d12b3c4e912f90268eddaeba91

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_REYUN-10-10-105.jar

MD5 f04353f1ef31952954be6bb98bb6cbd9
SHA1 f8f70b49a35643f81eea4e583d6cb187a82f8f96
SHA256 54a3479ca20895bc091337e752113fc3a308d49faa8368bb1ab66038100194f0
SHA512 6295525327718a0350e0bf319fae5b11c483e1d2c5504b8fff9d1673e4f3e5ba992974b62199c90ec72d532a1738bce0f29f164b517c359b03532e393aa21aa2

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Push-10-10-105.jar

MD5 23770fc4a4338b907b9eae74cd404b3f
SHA1 e54ac3c16704a8df7fa2ec0376548efcde4b1b10
SHA256 b08604ca25b32fa8f0d8fd58ce0dbcda3f6d03beca66466ce6e380e0b0c11f87
SHA512 f866a5c62fd2812300d12b493bcb310c2a98ed2beeda8569b73d23d4d7ee1c0d051c8262a85e019b0d92d2e5b7014f37492b168a1fba796273f51533347d95b3

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_Push-10-10-105.jar

MD5 451584a09f2b5c609b756db090a0d191
SHA1 f2c1ef6c54522fb74515e2f3cc3403867b3e01b2
SHA256 00952d20951685964c32483da2ef0dcb223f0de38518e2cdf4b0202d50947630
SHA512 05e6c8d9aa6930f9e564ae5757018034714225b9a3a180b3d41e77a50a8a36ec8add5d24c5347900be64676d7882a8ba519a44ddc30cf66f745c670f4f735e20

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendOne-10-10-106.jar

MD5 94068b4e7313e7b9948ea32388acc383
SHA1 526b93a64fe7f15a20a47df2ff230a6da5798a1a
SHA256 fb062e2cef195dc7238c986821bafe8137d3463e666bf6d90ea1ce967e68531b
SHA512 3673b7ae5070d0f0e641ec3ec0b43afec8a168717598d1b374c3b43eba58d34b9d9674fd505241a2ce6f3a88507917c7554b62fec203ab658fead36b8a1c08c4

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendOne-10-10-106.jar

MD5 3379f656f5545fc0e081033dd835de0f
SHA1 338d33f91c96dd45dfc191f5c6bb4971781f3da3
SHA256 480a9e0cc224986aa68557fb653c421188c8c1d4616f3dd063c7734a05df9a0d
SHA512 5c24b2f80a93b27a388027d276502e32b40c8110d09024e4a12d0b247ae07c5bd2a53a3c113b41f3503ba3d21037eb1ba00655c5e1086a45d54fa17544743973

/data/data/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendTwo-10-10-102.jar

MD5 f7d429860e3de5da06f4259ec61da1a4
SHA1 bc9cd5892154778efe4a3b21fa5f44317dc89cf7
SHA256 6bb2fb0e35af65a58ec551e17afd314e7b8a47cc82c1621d63f4ad01a7f744cc
SHA512 6781c52ffd23db9f7f44c1592e728ff30bff97dc6954c0a16cf6670dedec310b193b5749f4eff005cd78dd34e00a04762ef7e0799cf7895951f3f7433685cc84

/data/user/0/com.qynpz.jmfx.s/app_plugins_v3/AkSDK_ExtendTwo-10-10-102.jar

MD5 11d3d39937cdb03bc37b994b627b2e9f
SHA1 6a7dfa0d265fb02d452bbf21b5723f91251466ea
SHA256 f1f592889db9d65f315f0c3ce6724ad6f55bbe92de459811c1a41c5ea1094201
SHA512 274208fbee68f7df15ec827dbfc9ea11d1ca579db18e862f447df58f2ca0cfe916107cbbde48dbc0a8298baa42be3d065e9f027aba46b15d3fc66eae7351c8ab

/data/data/com.qynpz.jmfx.s/app_userData/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 79f1322eedc1893e713856c28bed97f1
SHA1 cf2f1604deba95b1076312d239e905674b41bde9
SHA256 9a52af74c64ecbb870a8229c37cf7a2a5b55b3ae25670abf3a4f799c939ab72f
SHA512 e682dcd8637bc12cd9abbade6262e2bbf154fa526484c59b67781cead0e925372d28c603e99d8f247d466017070b93261d62fcd78a246ac30ffe5eb5201ea88d

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_ExtendOne-10-10-106.jar.cur.prof

MD5 6b98fcf967313654043ede7e85eb3b55
SHA1 b890b0a507085d719fa71c55e20a295a01e18e96
SHA256 46faa4a7fe3acac8083f650edc28814d870b7c612fd58abaad2b03cacff1adb9
SHA512 84e8fc75d2ba0ea06cf83d6d0840b02e663ef661b4beb420289278fa6d8b74c3376e49b803fd2e28feeb158bd8e107bb2083db390998369a3fbdd17fac25965c

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_ExtendTwo-10-10-102.jar.cur.prof

MD5 f1963af08402f9164116a1956ee3db41
SHA1 ba6299ee9435fa50131a8f0b6b5c00cda609a0dc
SHA256 a0743b82c13cb523404ae79835ddd563cf0f7cd1f42f1df57d3471e7d984d4f5
SHA512 1ccfb1bc1e832edabbba82449f72eb18089a1c9f4f8ebd4630e11eb12de9a227392dd59897a1cc10b0f5ff35494e922e76ba19cb356c5cacee59fed727deb944

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_FloatBall-10-10-111.jar.cur.prof

MD5 48fb5bd2b0dacbdb222f1c1a521e0521
SHA1 d09eb9ca74233fe631f497a7ce88df53ce1af7eb
SHA256 a0e302ad9b68520a39bc1e1d09e86fd000e9f02a5dd65d3b06416e48540a7933
SHA512 458ef6323a35d2c5d8bf0ae50c52f81bdceb8efd4ee1350c348c4ff90210f590fc0a6a94abb712db854328bff2986e476294d0e2eb4d230b3990aa34fd81a9e4

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_Notice-10-10-104.jar.cur.prof

MD5 fd088935f618336289395acace462d33
SHA1 10bfc899fb7c4cb7bba6578391439e3a7a9c6981
SHA256 8074511430ef8c85704845ecdde1f6be0f91d811b13eb4b0c5c618f07d8f650e
SHA512 ab69a1c02805639348358865201e3136047b73d9ac027f8d2c42466934a403d24589460ee0afa246d4c8370e4da373c37cb448fb811fb28e0566899aa3731720

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_Push-10-10-105.jar.cur.prof

MD5 5c26ea6685ad21ecb80ee6da698431ea
SHA1 d4dc26cbd938c4736c04cc86b54551a0b57582f4
SHA256 10401aa277e7aace17ed9ecb22c859058e63aba159851bdee77ac44319ddef13
SHA512 80b9b63f92512b59ad614fc264bfa2355800e0896ed3035b7152e991b789015e811f21c9480af1e1c442c63413292d3467934d7097ea068f4bd54298751d9179

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_REYUN-10-10-105.jar.cur.prof

MD5 43861d777216cd3191b6bb43bc4bd923
SHA1 c3569e1cb9703c946de94625d703b49bddc7731e
SHA256 fda70418400f11039e59f4631a7e9d17852bacb0d272fb2b013556d2dd4d9670
SHA512 c87c4991f615bceca307fd0669e4ed6c8ebc076f6f2b92aeeff61189c0ea2311dc52ce499bede2a52484c97299805bb59bc59360a28100d6b54194a3d3b2c2eb

/storage/emulated/0/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 8853e51bf51e89b26bf3572c69bc48b2
SHA1 be2850178ba824ddeffaf98fbca9c20d65a75845
SHA256 ec8aaf3710c261953edc975339e16c01b06c27c8f6e60dd9b4d53aef7c51d9bc
SHA512 e78403185027cb5d2f6024f8a14e73689b8e80af77adb6fae75b2dc86560f9c851b10c41b754f77d81dbc59f5f7de246ac67893e55a26a153ad2bbc66743f878

/storage/emulated/0/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 da2269b55d0f6f58906ff31a5b704402
SHA1 5f3abd183b8837b1bed705306e6280ba1cabb73a
SHA256 918b21d118f2c3c543c4019ddc98d3e482b8dacd17d501ab020a508215dcb41e
SHA512 e576193f14e92567eb38dca7fc9e2b654fb1330ba6265ee2005f5927dd07930da2c37e4c91655706c715a35a8e84608dea1a133fc2e160e4d5f7676f1478b903

/storage/emulated/0/Android/data/dkmGameSdk/Config/dkmAkGameSdk_config.cfg

MD5 b4050a48bd6580b12b5246e05b007a40
SHA1 647ebf4b5a5173caf3570b1d046fad619fdf6353
SHA256 21485191f2511380b30c38a4f7987b820ffb4f350a8609c8818f35d01a71524a
SHA512 44c792ac16199c332c9a73e0d7b9ae7b5e78d0b0d828a2bcb18932c5adcc139cbc81e0b0d5bee108b26d2bd298f7f4f329a5d812679eb949052878baa58bb4a7

/storage/emulated/0/Android/data/com.qynpz.jmfx.s/files/tbslog/tbslog.txt

MD5 1c716f7c78829b84578ecbfcf0ceb7f4
SHA1 bdb558a1740397de3f171fe5f14e7097fdedeff9
SHA256 425635d200058200fc5f727658c6bf9d8d80c26a1aea12d1d63835451fadca36
SHA512 a4ae446894b45c6e5df2d5fead10f4a723fdbf4aaf69cde1afdeeac2a6edda8eb636d1aa39f2fe4413b3897f9a1ebd58f0a638be91b1219b70a46af71b1e655b

/data/data/com.qynpz.jmfx.s/files/mipush_country_code

MD5 7516fd43adaa5e0b8a65a672c39845d2
SHA1 aa3093554472fd113135bed5b63e12f84c2e9fe8
SHA256 9b202ecbc6d45c6d8901d989a918878397a3eb9d00e8f48022fc051b19d21a1d
SHA512 8a76767d863acf40ab29d713e6979f1e8568449a14227f8ace9f4b67eebaef85b25ae8082738ad3704bc483a5a94ccfc24f659d1492e0215c77513c0ac04a117

/storage/emulated/0/mipush/lcfp

MD5 ac76c852876a2797fc74db9f09a6be40
SHA1 de9ab513c31a2342142ea1f21e173403623b4fe1
SHA256 223b1039f59a8bbee875d5559d4fa8dc58ecd2006cc6bcffacb8ad4ff40a4794
SHA512 a5523b92bd2d01048da0e7acd2a8c69a9ef9ec23229088ccde2cb1860c438454240e4ae8dfe644a5a8dac8b55d05870247d6176542aaa822552450f9fad1c44c

/data/data/com.qynpz.jmfx.s/app_plugins_v3/oat/AkSDK_ExtendOne-10-10-106.jar.cur.prof

MD5 39ce2aaf7bbd0833fe4456f779d9fb53
SHA1 3ec8037ba40870e40628382b272c649b57e3bb78
SHA256 d2a920f460c6d8c902b82be71334404aaa23c9298cb1911e8ddc5171e5921f94
SHA512 b4b3df3a7e4ca9add024522094c4a1983adf72c35d4979bb730cbbe0bc8693c6296959059cc21835d4ec9da89219620187466c49ad5ab93ee85d9154d8cc3569

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-20240611.1-en

Max time kernel

9s

Max time network

154s

Command Line

cc.dkmproxy.extend2

Signatures

N/A

Processes

cc.dkmproxy.extend2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

135s

Command Line

cc.dkmproxy.floatball

Signatures

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

cc.dkmproxy.floatball

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

153s

Command Line

cc.dkmproxy.extend2

Signatures

N/A

Processes

cc.dkmproxy.extend2

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

135s

Command Line

cc.dkmproxy.extend2

Signatures

N/A

Processes

cc.dkmproxy.extend2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

140s

Command Line

cc.dkmproxy.extend1

Signatures

N/A

Processes

cc.dkmproxy.extend1

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x64-20240611.1-en

Max time network

187s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
GB 142.250.200.46:443 tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.74:443 mdh-pa.googleapis.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 mdh-pa.googleapis.com tcp
GB 142.250.200.35:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.200.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.201.106:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.180.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-18 10:03

Reported

2024-06-18 10:06

Platform

android-x86-arm-20240611.1-en

Max time kernel

35s

Max time network

133s

Command Line

cc.dkmproxy.push

Signatures

N/A

Processes

cc.dkmproxy.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

N/A