Malware Analysis Report

2025-01-19 04:51

Sample ID 240618-nctcts1cpg
Target bba367a7b0717a629f10afaedda34708_JaffaCakes118
SHA256 7ce1f44aa82ec9771593698b0415eb0e5dc5df6d3cc111f9cb50ce308eee9c1b
Tags
discovery evasion persistence collection
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7ce1f44aa82ec9771593698b0415eb0e5dc5df6d3cc111f9cb50ce308eee9c1b

Threat Level: Likely malicious

The file bba367a7b0717a629f10afaedda34708_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection

Checks if the Android device is rooted.

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 11:15

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:19

Platform

android-x64-arm64-20240611.1-en

Max time kernel

9s

Max time network

132s

Command Line

com.gunmaker.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Processes

com.gunmaker.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stat.anquanxia.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/storage/emulated/0/data/.systemid

MD5 361ebf223ad3ccc50331613214f32166
SHA1 b2d927102a37bd14c2a84a787f6829a64f1b1206
SHA256 206e9c5e4b9277dadcc68caedfcaf7d47577b0ad77cffd6c404cb05415f92830
SHA512 0182c4b0e3ff2ff5b07826bf5ab2b354ebb88cb8dfae24433a390778a3051006788fc23153a38d0da6a7b1e54f488959e06da184a60bafa9d1bc416648bb9c61

/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

MD5 7219500f857b0c418b074759ba44301e
SHA1 07f557bc3d839260caf921852618ac762fef262d
SHA256 d8c32e40ba04065dd62cae8495eb47d1c251a6bc830778f80eb06ae07f04563f
SHA512 6086cfbeb32e3ded98d89c0f0bc01fac10e6036874e1c8e0ecb41864e62b00df5a32f9a3aa7bf126f6b8f1393db48abaf94ce528cf0686a3946b139bc50c8a68

/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

MD5 63425c66f0f75213b749622795186076
SHA1 0246e8104a8e5f97ecc2a30ca48b60cb8c10abff
SHA256 12279787d7df147ab2112cfa402f93edcb205334f8d08b0ebcf49c19f7ee1507
SHA512 28530981b932cef52175db72fa68aeb0d44d852e7aebc13d9b848d6313109d7ece366369eddda264a4ca08b46814b3f966271367ad0205a91d7d67a29862756f

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:18

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

190s

Command Line

com.muzhiwan.market

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.muzhiwan.market

com.muzhiwan.market:mult

com.muzhiwan.market:mzwlogservice

cat /sys/class/net/wlan0/address

sh

cat /sys/class/net/wlan0/address

su

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 apiv6.muzhiwan.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 23.225.90.86:80 apiv6.muzhiwan.com tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
GB 142.250.187.206:443 tcp
CN 124.71.170.130:19000 sis.jpush.io udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7002 im64.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 113.31.17.106:7000 tcp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 110.41.162.127:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 116.205.165.66:19000 sis.jpush.io udp
CN 110.41.162.127:19000 s.jpush.cn udp

Files

/data/data/com.muzhiwan.market/databases/notes-db-journal

MD5 82a120fc921cf578bfa578583c693328
SHA1 45a600b1fc03633f0576f63168f20cd2c4c50be9
SHA256 93a30e271b18a94a80a719f387d59cebd95f7d85f40de3354c1fef918a4f03be
SHA512 d11f47f3bfc79e79f31e83b2cb4050649053cdfdd5b320d1db8a666412714ec88d1094c19cc33970e39f032de9accbc62c32e8626ede6c8320a2c227195ac8e9

/data/data/com.muzhiwan.market/databases/notes-db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.muzhiwan.market/databases/notes-db-shm

MD5 43cabe6ff77bbdd04224e0cd9e776f8e
SHA1 c45f26220707f42a3a02d3915f82e775bdad9352
SHA256 bdd2cf9b9e5dcc988da4210c7af4e11e158b35394135ece9d6b587ff34079148
SHA512 18decf6885c9191a3d141b470c6e8d5176ea8fa2388f5a11641a9dee3bdb4a6e11ffc41be2d305ff074def103451f5945bfa02c342899c7bf02dcc6f36744edc

/data/data/com.muzhiwan.market/databases/notes-db-wal

MD5 45b0d79905435eff9ae7e222eacd4df9
SHA1 0917a7f97468cbad88cd3588432e9bdd3d01c5aa
SHA256 4181ba18a36736c6fc74aba3a7c850f06d09bf159caa802e629bf7c963ea6898
SHA512 19778e4ad92f786490e1ae37f3c9dc9de6ad4351e39685ef0f55cf16ebac1583973081df6315a0794fce7f6b11603e92f81f5b77189960bad7d393687696058d

/storage/emulated/0/data/.systemid

MD5 eb4279af0d2d8d99b32a4f8453bf7097
SHA1 2d65ebd5bf280a954cb86d3cc5cebadbac954c96
SHA256 96be0e9f0f921141fe061b972d1c1637d4b8d1521316a72a646069c0cd642225
SHA512 888c59462e7fea3b8c8529f4c649619140d3a1bbc801abeae92c916ee4eb8470f91d588e5d3e0f2c7033066ef7d061f39345a60e766fced9e42c643f9d04c808

/storage/emulated/0/data/.systemmac

MD5 7bc525aa5cfd71cd4d2ad570fd72a906
SHA1 b411e1b345b5e9e4a0e4f603b46277278981e921
SHA256 14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00
SHA512 5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

/data/data/com.muzhiwan.market/files/install_file_dir-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.muzhiwan.market/files/install_file_dir-wal

MD5 becf5b86bc3fb33f391eea78ccdee800
SHA1 7013413c171a1823cd8beb762c32469343afb13a
SHA256 740a40e33af0ce47c68e3694d2774b6825933d731a70af085cf7591c27d91ab3
SHA512 87390e136780723980550fd1e4aa92eaa2702a39e0512ed6998902997318ee22fc7f383e07d1af5ef219075a2877f9aa67335f848bd9959553e844fe74fd9fb4

/data/data/com.muzhiwan.market/files/install_file_dir

MD5 2d3a579b824de834fa63e4d5d17a5ad1
SHA1 cb210fa3d48f5325acd4106c13cd61e820c65ec5
SHA256 157a7c528ce710578c6f8945d4cadd7b6192ed62fa203afcfdaeb2ed5f03b8b5
SHA512 47cca74ab0daf6e35893702979fac4ef8b5d1abb7ca4e6f99aee45d19676091d420294665374eaf0b21cd60b19e0b47025c6f96b48fe368a9c1f288c79d0ec96

/storage/emulated/0/data/.push_deviceid

MD5 c303ee8b8b2532e2c59ae7c3ca19ff3d
SHA1 a3d8bfd1ed8065ee54d440e75cdcd7562ce90602
SHA256 7cda56893b89cc7b67246e245cab672c5e31775ef85116deb00afb5c6386e60f
SHA512 0c4f02ff50bb19f95abcd7e8fb8f3548d2d6112d0d0610d2d497291545b71f5ff06e433cd52c667b0a1b67024b86b6cbb619e0735e811bee727ae4362aabb983

/data/data/com.muzhiwan.market/files/install_file_dir-wal

MD5 a8a6a538716c8e4c3b9f3b3da9484250
SHA1 5ae91a582bf57d2799bef22a840d66d56dc14aae
SHA256 bc08c266ba5ccd327b57532b4bb628a2b8cff1de9865e24a618203eb2b1561c0
SHA512 64f96041e94ea1aa7402dc2d9166eb1043a59237e76a1b409b42517a0902f82486be4314969628415ede51dac3408c6814640c818eaa8c5bf1732913d55520ba

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 e65188742e10046597a4c648d045699b
SHA1 37b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256 d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA512 3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 d1a020921eff5f91e5900a64bc558eeb
SHA1 f03fec1fb79a3b528aced885a8e95fb0a7eb01ef
SHA256 de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6
SHA512 17f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:19

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

175s

Max time network

192s

Command Line

com.muzhiwan.market

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A
N/A /data/data/com.muzhiwan.market/data/mzw.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.muzhiwan.market

com.muzhiwan.market:mult

com.muzhiwan.market:mzwlogservice

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 apiv6.muzhiwan.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.53.90:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 120.46.131.222:19000 sis.jpush.io udp
GB 172.217.169.36:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.187.195:443 tcp
US 162.159.61.3:443 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.195:443 udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
GB 216.58.212.195:443 tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 120.46.131.222:19000 easytomessage.com udp
CN 121.36.205.81:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp

Files

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 7bc525aa5cfd71cd4d2ad570fd72a906
SHA1 b411e1b345b5e9e4a0e4f603b46277278981e921
SHA256 14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00
SHA512 5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

/data/user/0/com.muzhiwan.market/databases/notes-db

MD5 cecd02eff55973896bd98843ebbb1871
SHA1 da145bab244f53a7fd72d6df86ed262a391baa3a
SHA256 4dc3a0a01bf2e0076f64b8e45ca34602f24fe02a59bc06cc7c6549fe4de0452a
SHA512 93ad6a78931eb7478abc2940e00bd65e9c00fafaa8d042ca76ee3462b668ec4debc0e963b15c8758f390ab7bb7c155a1e986c98d16825ac421adfb7b67330ce4

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 9f7eb25011139ef9703a333bbb2143d7
SHA1 35dcb4e9f50a28e5f4ab18ddecab0158248b9bde
SHA256 18b81030f5ff6f122e812b4f150b51609f66e812f3120c664ac0fb2caef6a1f0
SHA512 7db20612eb770b92061c7c0bd1c96cbacb5480f6dadf8db5ac6dd165e6b09d7393e2026cf8b6c2cf2f4797bf8de50cc062ec357c0455f386e7aac232358848d6

/data/user/0/com.muzhiwan.market/databases/notes-db-journal

MD5 e5cd89b2fe0832052acac5717140959b
SHA1 e9f6285d3bd64b9046c9286b9cfe84717a2912f8
SHA256 5e82d557dd9a324602bc9c36b1488c46cbe1e409e795d97ad3c689144564d502
SHA512 040cb2bc06af4ae229ae1a23026808ee96202c04f5d3a87c5a49eaf4c8b2835aeb01a4c3f7c2846494b41edd4769b55df2bb4a242e932ad19e8273075e3d5620

/storage/emulated/0/data/.systemid

MD5 841a896539d4c7ac7741e1d0595a6769
SHA1 6dcacb91228e53dfa6fd2979404bbaad0c9fec11
SHA256 98cb02436d73fb6b70f7b716844517732d5aded0089909883616b31627f66db0
SHA512 3d85682b278df00a8657a97300c3608aaeab7ce777a2ae3c86b54835da51273f531c692e673fa1815a92cbdd7ad461eaf94f4da6a1e6cfcfb9d936f8118fcb57

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/user/0/com.muzhiwan.market/files/install_file_dir

MD5 8378a9dcd1c20c2a77639fa406ffcde9
SHA1 1dadb7f1dfd0b3a7c3a6607e7feb44913349b59b
SHA256 473e9169fdf2af40f61d45f33ce7cfb6437744b4db5799cb18e4087c91d3b7e0
SHA512 bd8fa14f63647bc29086f9464f1c98d1a56a218ac9c26e8e2af5cbf300bf2a3170968c90cb84edbf11ddeb75a0802bfb28b8dacbd4a053a1fd426590b40d1676

/data/data/com.muzhiwan.market/data/mzw.d

MD5 b2a8fd2dba92c8f75869f79c70d441da
SHA1 faaf88b3c3653fc205a3a125ccb77fbc87b76215
SHA256 2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02
SHA512 a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

/data/data/com.muzhiwan.market/data/mzw.g

MD5 c04d422c5a4bf58a127bbf2bf014965c
SHA1 3b1f3f4ad21fe0febe567e5a56996a7e61658cf9
SHA256 7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978
SHA512 6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

/data/user/0/com.muzhiwan.market/files/install_file_dir-journal

MD5 8e772a137206ac4d19330e25613acfac
SHA1 64df6147f83724f8e82ae7d5c60d49a4eb8453b9
SHA256 d3250e297705d5dc7a883cab0ca36af17023d6ae7c0ab8a660f414e6a55a8bc6
SHA512 96c5675ab8a681fbd1299b6a128d66ddd36dba12fa6f5cfe4b448826b115d1ea5c827c18e4c67a21bab9306fa6a269121bf1da6e4bb9df5d4f1836e53261c338

/data/user/0/com.muzhiwan.market/files/install_file_dir-journal

MD5 29027c0e8dae679b978250f89a4c41a9
SHA1 84febdc60fb778f9a869efc4478c8cdb89905327
SHA256 3139d63b43d8643d616575fc952c7003bcb24a97f33ecd2168f2947a027adede
SHA512 f09503806478eba3429568e640830cf4eca24d6c878683dcb591d85733cedb91f551dcd568d69261ed506d274b2826e3b5357f39094b64fe9e36cdecbb0ae549

/data/data/com.muzhiwan.market/data/mzw.apk

MD5 e65188742e10046597a4c648d045699b
SHA1 37b2f1e3e89d3b0d8683737ccae2ee725e82a312
SHA256 d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b
SHA512 3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

/storage/emulated/0/data/.push_deviceid

MD5 225530c4c3f1b3ba8316fee217c28f9d
SHA1 975268b81973ebfbbc0114f34250c1b946260065
SHA256 bd586f468321f49133825d5bf5ae317e65942cc8cd8a3b1939e44c6ea55235be
SHA512 86dcf562a28f1977919e792913b3a5ea87e1cc52777ded7bd87f75648a71357d6c74f9e4416d90f3c312d49cfea73bd251391853061a30c713ee86e4cbb1e9e6

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:16

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:16

Platform

android-x64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.227:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-arm64-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x86-arm-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-arm64-20240611.1-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:16

Platform

android-x86-arm-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:16

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x86-arm-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:18

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

178s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 82d0933b952c0633305be45987769a8f
SHA1 fb8e56f0b8ae0f35e7119444189432db19036ac6
SHA256 5828121818789fbd92e843f02abcbbd47ccdb41e9ddfe7dda4c7be4ba346a0f2
SHA512 948fdf371c0eae32272381fe7f2240da6e1b389938c0859a36242d8d3cad85536f630df387f80903ef748973b9be432e6cbc3e2770c855a73d414f40a5fb1c47

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 75aeedef7a4f56ed0b279d47a404ab2c
SHA1 cb45bacec758a54683c8136bcb3395862708f4b6
SHA256 f8164f4b428440ad0a148eafa3e3f654919d8484f7dcf50aec07077423326b5e
SHA512 338e696b620e56c7dda8de0869409e30743cf399436aff1bceca3f5f17fe91a21570405f3a548f670f88356a786dbe02c95d40b9f3896b6ca5a11fe6c76ecb6d

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 3c850ffec5bdd850f123077ca210a411
SHA1 1c1ae4678b8a3b65640f047cb1bd72bc70d66f97
SHA256 516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e
SHA512 aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar (deleted)

MD5 3b03eec661933f743a701ed7427bf211
SHA1 3acc343ce80139bdae798af8ddf3c97b4b7e15df
SHA256 df32266e457bbc1a347549679c66d2a99a4647a8455e204656dfe8ea10cc0bf2
SHA512 5cd9528bc217dd2f509052e013b32c1cc3c0f682e6fc8d3d086b928ab104166166ddf704fd14df00792147feee8042f8378b8a4cad0952cde239342417b8fd83

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar (deleted)

MD5 2f51a19c0b517418706df9a37beee13d
SHA1 e2deeb111b6abfb95c8bb30a746c23a58f092ee3
SHA256 d510f0bf1dafbbab6e921ff3ae0248925223cb6e0c1976d352c4a8b69143ac5f
SHA512 587d1abd7d1a51b372bc4133b22dcca75f61af0956db7456c00a850c0785b970a3955d266a1b47dd3ccd74427bfc518c34c61592e31e5fbf12af584061bcfdb6

/data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 8ac0f6e404323d80b3aa5d7132125463
SHA1 547b41a4d04b4448a57a26ce9a4a612743153523
SHA256 1cc33691b0bd133bf03839ada68ee4edb4e9ab3e06621e4473a4a9fc34169a0c
SHA512 50b539515417a0013b1d02d19d58721c6f0613d5009ee5d879f57454c650691cd995d9ce11c293ec95426821fcdc0f91b5a49481eb27d5e30968b87939547566

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-20240611.1-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:19

Platform

android-x86-arm-20240611.1-en

Max time kernel

13s

Max time network

158s

Command Line

com.gunmaker.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar N/A N/A
N/A /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Processes

com.gunmaker.android

getprop ro.board.platform

getprop ro.mediatek.platform

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/user/0/com.gunmaker.android/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.202:443 tcp

Files

/storage/emulated/0/data/.systemid

MD5 abc02bc4e11bcbb8364e341fbf66621d
SHA1 94987bc276fa81d5c1de3c818996005dfee3cc89
SHA256 3bad04c62e2e912026363e3fa5e1d97d30384141c1f6828e1e81bf6a2fa53a8b
SHA512 ff12c886a9717d683eb7340da1d11b6169a21d0dcdc08ec3a1ee7f3ecadbe58ba9ca365c4ff0c2d41226c489d28d409d022908febf0ce85b5ed2379162cab121

/data/data/com.gunmaker.android/files/stares/updates/sta.jar

MD5 7219500f857b0c418b074759ba44301e
SHA1 07f557bc3d839260caf921852618ac762fef262d
SHA256 d8c32e40ba04065dd62cae8495eb47d1c251a6bc830778f80eb06ae07f04563f
SHA512 6086cfbeb32e3ded98d89c0f0bc01fac10e6036874e1c8e0ecb41864e62b00df5a32f9a3aa7bf126f6b8f1393db48abaf94ce528cf0686a3946b139bc50c8a68

/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

MD5 63425c66f0f75213b749622795186076
SHA1 0246e8104a8e5f97ecc2a30ca48b60cb8c10abff
SHA256 12279787d7df147ab2112cfa402f93edcb205334f8d08b0ebcf49c19f7ee1507
SHA512 28530981b932cef52175db72fa68aeb0d44d852e7aebc13d9b848d6313109d7ece366369eddda264a4ca08b46814b3f966271367ad0205a91d7d67a29862756f

/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

MD5 1895ebc4a529cfdff88439d2140f1c41
SHA1 3db0c02c9734c4e212e1c491a92006281e904034
SHA256 c2d2e925a001babc6f5d2a274e1f88664be2a888e8fb689bec2e635f8022cbc8
SHA512 61412d92c5077933c63f50adaa0059343ea4d4056598847a69d8d815e9828a7ecb964856c7d3972f2baa813b0b2f979129adf3b2402901c50e55e43811ac0df3

/data/data/com.gunmaker.android/app_plugin_lib/libabcdefgh.so

MD5 042246eb7c48a8cda97de99465e6a177
SHA1 f71816c4a80fbb7b63bfd6425d98db513aecb00a
SHA256 9a712cb778e9d43f8f4ea9fa2b9f4b8cc29daf74984d04f0c938dff21c118342
SHA512 2d201619998113c5d2990c92c28c973d557872bc4bbde153b5fca39bfe0b799ef0e9bf8c29d1304847f8e6691d55649d04c6a82fe8f03e621c9e8da50c50faa8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:19

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

152s

Command Line

com.gunmaker.android

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.gunmaker.android/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.gunmaker.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 d1b04e686031873f5d63b2355e58c303
SHA1 f9db9c5ee99c8cc400d74c04df1f6f73f9ff6bff
SHA256 58f9f5ddf857f4b3582ae93a7077e0636c556613ae23bb01ed7040f18491283e
SHA512 28cd1e2da6f0a97cf9cf286efca144dd0401e8271e12a38ed6182d25eb040bde3fce5215071d78f6edc36cb763d1937f832636107e6ee1f198a66250394c994b

/data/data/com.gunmaker.android/files/stares/updates/sta.jar

MD5 7219500f857b0c418b074759ba44301e
SHA1 07f557bc3d839260caf921852618ac762fef262d
SHA256 d8c32e40ba04065dd62cae8495eb47d1c251a6bc830778f80eb06ae07f04563f
SHA512 6086cfbeb32e3ded98d89c0f0bc01fac10e6036874e1c8e0ecb41864e62b00df5a32f9a3aa7bf126f6b8f1393db48abaf94ce528cf0686a3946b139bc50c8a68

/data/user/0/com.gunmaker.android/files/stares/updates/sta.jar

MD5 63425c66f0f75213b749622795186076
SHA1 0246e8104a8e5f97ecc2a30ca48b60cb8c10abff
SHA256 12279787d7df147ab2112cfa402f93edcb205334f8d08b0ebcf49c19f7ee1507
SHA512 28530981b932cef52175db72fa68aeb0d44d852e7aebc13d9b848d6313109d7ece366369eddda264a4ca08b46814b3f966271367ad0205a91d7d67a29862756f

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:18

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

177s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 mobads.baidu.com udp
CN 182.61.200.101:80 mobads.baidu.com tcp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.204.78:443 tcp
CN 182.61.200.101:80 mobads.baidu.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 1bb14464ec497fd2006b8b4d2ce0c65f
SHA1 3d275c6fd455d530380872b1755dc682ec9dffb9
SHA256 1110fcd8236f35a0610ca208b80212c0f1ab5761d327b417bf06c2c3bdb02ef7
SHA512 7ba185ec87130680f3d5864525be409439f9663b8fb163078a824922d4f86822b74d1e50db72822728d2cd6b32c6fa0c975d223ca264980509ad275836f7d128

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 3c850ffec5bdd850f123077ca210a411
SHA1 1c1ae4678b8a3b65640f047cb1bd72bc70d66f97
SHA256 516023ce55fff40074d3c3d9016c023b1fc7dfba2b59c172f89141f1484d418e
SHA512 aa3611687b6140ee9214392a84bc1ef55a6425a84a4e413dfcb2e936a931b9015e1e4ec53ad73539d26622427f9e6da0eae5c58ffc18285de42fc15639d786dd

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar (deleted)

MD5 8aa4ac905d8e474052926a5bdb16c3e4
SHA1 4c0ce9c9d5af94e4e38664f282e442fe01e381ab
SHA256 3ea27b8cc7d1c1c0e24296f8da3c8393fed4d84b29b35faed28ad82f0a940c19
SHA512 71bdbdc23eb2bcdb32831303fa601e9959c6b23c2d7225dd7b1e20fb4f5ce433e07146bafbed2eb6129b6067bb5bdc2fe4de58ff999a10473109ede96634e0c9

/data/data/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar (deleted)

MD5 3af3af0621933b63d761dc5112bda7b6
SHA1 cb54f4c125ac9e19fad4d4743ce37190c3383988
SHA256 73e7d984e71cf983c0303b0449bc0ae26da441423ad14305fe65c6c7091b494c
SHA512 7914a12bc47548a62520824a3d87806b3a64e1d0e465702389bbc0ae78f81c6f8add623b34ff27aaa393b5ec188f9d78d562f3593e3502aab6221153411d2ba7

/data/user/0/com.dbgj.stacore/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

MD5 8ac0f6e404323d80b3aa5d7132125463
SHA1 547b41a4d04b4448a57a26ce9a4a612743153523
SHA256 1cc33691b0bd133bf03839ada68ee4edb4e9ab3e06621e4473a4a9fc34169a0c
SHA512 50b539515417a0013b1d02d19d58721c6f0613d5009ee5d879f57454c650691cd995d9ce11c293ec95426821fcdc0f91b5a49481eb27d5e30968b87939547566

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-18 11:15

Reported

2024-06-18 11:15

Platform

android-x64-arm64-20240611.1-en

Max time network

13s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A