Malware Analysis Report

2025-01-19 04:52

Sample ID 240618-m34qtazhqe
Target bb94141d0a56275a3a18611f7b1ca3f0_JaffaCakes118
SHA256 ad713c45a10941f5ac45f3d7468ed13a126053b286b33fa9767367699ff23a30
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ad713c45a10941f5ac45f3d7468ed13a126053b286b33fa9767367699ff23a30

Threat Level: Likely malicious

The file bb94141d0a56275a3a18611f7b1ca3f0_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests cell location

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 11:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 11:00

Reported

2024-06-18 11:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

174s

Max time network

182s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.xgbuy.xg

chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.xgbuy.xg:pushcore

cat /sys/class/net/wlan0/address

ls /sys/class/thermal

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 log.reyun.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 a.xgbuy.cc udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.9.210:19000 s.jpush.cn udp
CN 203.107.41.32:443 api.sobot.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 1.94.9.210:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 1.94.137.180:19000 sis.jpush.io udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 1.94.137.180:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 1.94.9.210:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.9.210:19000 easytomessage.com udp
CN 124.70.128.38:19000 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 8f55d5deb281d8aa1a0b9f72f7185e58
SHA1 5ce262af6a74a11931bf4b1e92a59b9acab27f37
SHA256 b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944
SHA512 4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 7a721ae9582f8c3dd4d25e2f850bb3f1
SHA1 603b497c3a6810192ffeb78ae9f8134bc5686702
SHA256 5333d3967ddd5ac789b4544ffcd80d2661202c01c04f01d9319813cfb0ceee50
SHA512 1c2d397e59956c96d41478473447d9f846c8eb6ef2a585322f98adc6cc4f3273605fc5728f608e8140bbe19c4c3f83201c09c51e85c90f7f6ac428f7f76d6ff6

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 8294f2f81db54ee61aacbd082fd565ce
SHA1 0c726749fb05c8f687bb5274e097e0d33f4e3394
SHA256 f7e28f4705fcca718a9d973763928039e8f7df1bac4088d8b08cf356d366c115
SHA512 d3c45de73a5b8ce733dc29f1c390b7a14678079d67e94f4915b25f65bf538b206df3ccf5cfacbe4d0e011aa06a6dc0159fad407ca16af87b2bace230c54c754e

/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

MD5 5321485d5bc4b58bced4df4646e66c6f
SHA1 aed5f5694b4d1bddbebd77bff43e5c75f8b4f555
SHA256 44276d7e3c28fe84fe0de44f11124016846d0620be4be1ca82ebf835c6cce139
SHA512 29f57b81af94feca855d8af4191714e053de9f0f974246b32cf4856c88596fed0f7a31f47eb0fd2d48dd35f0f0f65eb6b9e596d2029f791346d923853469b2c7

/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

MD5 c89a7bb0027122b831fcc546fe65183d
SHA1 7b0e11c1141539623648a051b6de07f3152045c9
SHA256 f6672688f527dc0e45ddfb3137055fe21029ac3124c50686c95913f8daf58f54
SHA512 1cf1bec0ab53d44c177f51e081caff59bd1a9e1fb4e020295a6d5d6a5c76e222b9ffaebf707be70ef328aa1d0ddc2e3ef87eb52ae68e88eb94f40116c3757166

/data/data/com.xgbuy.xg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 bad0bd1a47e89c40fda86a751c155da9
SHA1 2c3846b238e13355266581b4ede08dce07e7fbbc
SHA256 1d75db740861e5279a2f52cdef41f676151d63c547140c24c358a0daf730ed74
SHA512 f75752caa143516f7a116e84844f9e9d857e98a8b70bd8ec0e95ddfa464d4b7f2007ffe4c445eb52797bf661d54b6595b82fd05dade18b259d79ad2ed3c6e627

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 00161c126de433fda9a31a0f587f36c5
SHA1 76e3e2d008ddcea107b84023150b1966699572e5
SHA256 3d1d130e50fbc28aa01bc8b63ddd3bedcc8a3d9d59fb2482df72f33dea7e82bd
SHA512 fc9eba9d541f3258b940a7fbd946e06317256738472dcedd8a4cdf4f2addf6052d667fdd85b04186233668c9e4a2238634a5d7487abf67dc67e96406973d7000

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 1264f30db5bc978090c891fc9ba97820
SHA1 22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA256 6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512 f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 9afbf0dc0b4a4fd0a874cfec2c55461a
SHA1 a42766499eef11be1120ff87588b7f715c1b2a7f
SHA256 75c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37
SHA512 863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/360/.iddata

MD5 a28be37d818fc0e42acf6fa2abfdccaf
SHA1 7288b53842d42c16ee68ebf12abbbb8a0f7b34a7
SHA256 a64113f175a8ffaf5d37d78a9a11d20eb3cc2d87aa7f664703fd27754482cc60
SHA512 9f6b0ac23538d70267855d6c31b00cb80893842559263a34ed65bbae674e233e523eac74e562a6bcbdc2603deafdc0bdee455082d5d6afa3fcc444b8d7225393

/storage/emulated/0/360/.deviceId

MD5 aec0ebfa904a51996644781a781ebe91
SHA1 6a9e624363ac932a5914082e3613d5262d5a33ef
SHA256 33ef13223e41e3e5680b5f4fb8e2447a40dfd10f60716152de01123536c72222
SHA512 c747497c50683f88b6f215884451a026aacc66ff1c70a5fed90f2d2d725958f4ca1dc2f1d1a0160161ace90f773c3baca2361264a615a30dd14b7638d392e92b

/storage/emulated/0/Mob/comm/.di

MD5 acc2a2f5cb76c41d2e97e0d409b53bdd
SHA1 ed06f22ff10e0912f50d53bc775ed2ae70f85d5a
SHA256 12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448
SHA512 faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240618_log.txt

MD5 d5c6ffae56e2a049e4ec2d85394d8435
SHA1 0ddede99f97b39a66b31a9ecde366faeeda892e4
SHA256 15e30d231f19fb7b5178196fb1a159ed02f750fd2fd422294c55c410c05edfac
SHA512 a3712b88bd3c045f970d3e59bbe08df1fd09978e83394c755111d8f00b7ea192f22a6d9043415539f87fd8f0843d2f540a64c351884a8629d872e93ccdecf6ce

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 056219a98b312041971cf9452ffa2087
SHA1 9101f71cf8e6b7dc44a069b0cc377700284fd464
SHA256 48872b616f65e83b1d5f1dfaaf11fb25003276ed132ba087b05152a8e36be6d0
SHA512 381355aa7d69c027504f2f1ba405a64da2de3e208d1bcec2d61f2869aeb17a9ad8537172de0f85fc723babfeeeba9e893ea77f0f308ba3f99315c2f7bc2ebaec

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 413c23145deaa4cbb1bfb9fc2899fb86
SHA1 6a60fb872e7f766de449960217269c5758691c23
SHA256 693f40dd99fe1135ea51d5b2709bc5ff679e712f3d532234f3ef96061846d21d
SHA512 eb7adb89fee4870fd5a90dbe5231d07dcdc2e6a73a8aa25ca73863ac9ba7d16229e698e6dede3237fe29c22f215c8365b6abdce8174f2cdaf1101c106659b8e3

/storage/emulated/0/data/.push_deviceid

MD5 57f6e34b22b0652da441ca322ef78c9d
SHA1 13f2820abd4c5960864b8acdc2b8f4d1415325ca
SHA256 bdd8e831fc21c9638adb5a39a898fdc95524128600e7bbf52a558ec7436b4c08
SHA512 7c9e539f8b6b029e3fff8569033d29d1f8c011ef6cc94291a475c95548f6a7b28248d52adb2b369ae2b723841ea8f51e88140419f4f31cd596a0bc6eb9de127b

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 11:00

Reported

2024-06-18 11:03

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

137s

Command Line

com.xgbuy.xg

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/[email protected] N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Processes

com.xgbuy.xg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 8f55d5deb281d8aa1a0b9f72f7185e58
SHA1 5ce262af6a74a11931bf4b1e92a59b9acab27f37
SHA256 b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944
SHA512 4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex

MD5 7a721ae9582f8c3dd4d25e2f850bb3f1
SHA1 603b497c3a6810192ffeb78ae9f8134bc5686702
SHA256 5333d3967ddd5ac789b4544ffcd80d2661202c01c04f01d9319813cfb0ceee50
SHA512 1c2d397e59956c96d41478473447d9f846c8eb6ef2a585322f98adc6cc4f3273605fc5728f608e8140bbe19c4c3f83201c09c51e85c90f7f6ac428f7f76d6ff6

/data/user/0/com.xgbuy.xg/[email protected]

MD5 8294f2f81db54ee61aacbd082fd565ce
SHA1 0c726749fb05c8f687bb5274e097e0d33f4e3394
SHA256 f7e28f4705fcca718a9d973763928039e8f7df1bac4088d8b08cf356d366c115
SHA512 d3c45de73a5b8ce733dc29f1c390b7a14678079d67e94f4915b25f65bf538b206df3ccf5cfacbe4d0e011aa06a6dc0159fad407ca16af87b2bace230c54c754e

/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex

MD5 5321485d5bc4b58bced4df4646e66c6f
SHA1 aed5f5694b4d1bddbebd77bff43e5c75f8b4f555
SHA256 44276d7e3c28fe84fe0de44f11124016846d0620be4be1ca82ebf835c6cce139
SHA512 29f57b81af94feca855d8af4191714e053de9f0f974246b32cf4856c88596fed0f7a31f47eb0fd2d48dd35f0f0f65eb6b9e596d2029f791346d923853469b2c7

/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex

MD5 c89a7bb0027122b831fcc546fe65183d
SHA1 7b0e11c1141539623648a051b6de07f3152045c9
SHA256 f6672688f527dc0e45ddfb3137055fe21029ac3124c50686c95913f8daf58f54
SHA512 1cf1bec0ab53d44c177f51e081caff59bd1a9e1fb4e020295a6d5d6a5c76e222b9ffaebf707be70ef328aa1d0ddc2e3ef87eb52ae68e88eb94f40116c3757166

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 b264ff7516975e5a65db0e87b30c870c
SHA1 7672d9d531aeed2cf3a46c774e114438ab2d7319
SHA256 617ecf343ebe8e1a88ee9c0366fe505845d5533965dd1177389701d0354efaf8
SHA512 31e82f1568d1a1bf7097cd7ce1400e6c6a1250fabfef3c4bc2de36810e252af756b5046bdbbf49f639bb802f2854c48a6b69c16b0a85dd3c696590a895d3c4d7

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 261b4aa217296c72e88a00016356ae67
SHA1 578ca5033309ea199f077adf52a4b2e7356c53eb
SHA256 0f3320bc6756db73009167ef07f7ff4113bfaa608ac055a46bdc472d0a15f40c
SHA512 17d45970d6ffa8746096a990970ff1a66e9038f50407c0c8e5441ae02b70a29df36f579ff74978bf827d779a69f139a702a87a92d425b5a45f5ed18b51d2bb5b

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 1264f30db5bc978090c891fc9ba97820
SHA1 22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA256 6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512 f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 9afbf0dc0b4a4fd0a874cfec2c55461a
SHA1 a42766499eef11be1120ff87588b7f715c1b2a7f
SHA256 75c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37
SHA512 863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 bef02cd464d30a11f2081c865f948e87
SHA1 7e7dfb0ca6d56f6478e2f9c3c1ae9078d570fb0d
SHA256 759cbbcb63b053701673400143add155505aa404340c4340c3ab73ace69135d9
SHA512 86cbb8c36bd7702f6eed4e475eaf72d78301367f37752e8033fea6f1f1cb861307cec2b0aa135a877f311ff21761f7441ae2ac029a4a81c1b3caa2525cfd594a

/storage/emulated/0/360/.iddata

MD5 3b6b1810efdef52d6a493510a31c2532
SHA1 185a4da50b3e2d327daeeafedc687f36e89fdc5a
SHA256 accc1ff30559f080e4662a82c4dcdc499d3cf9ea4b2894870ce89046dbe73372
SHA512 c523f762f32cabe0d1c697cd5bd31233bbbb092c25b68cc1f64cf75938dcaad9d650569c6f2cc8782fbd4790a827b8d0b1740d9956a41362566fc9efc92a4b26

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399