Analysis Overview
SHA256
f511bd33d3242911d05b0939f910a3133ef2ba0e0ff1e098128f9f3cd0c16610
Threat Level: Known bad
The file Magisk-v27.0.apk was found to be: Known bad.
Malicious Activity Summary
Antidot
Antidot payload
Antidot family
Loads dropped Dex/Jar
Legitimate hosting services abused for malware hosting/C2
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-10 12:02
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:06
Platform
android-33-x64-arm64-20240624-en
Max time kernel
24s
Max time network
209s
Command Line
Signatures
Antidot
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | topjohnwu.github.io | udp |
| US | 185.199.108.153:443 | topjohnwu.github.io | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | newsstand.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | newsstand.googleusercontent.com | udp |
| US | 1.1.1.1:53 | social-magazines-prod.storage.googleapis.com | udp |
| GB | 142.250.200.59:443 | social-magazines-prod.storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | social-magazines-prod.storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | social-magazines-prod.storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | social-magazines-prod.storage.googleapis.com | tcp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 172.217.169.42:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 172.217.169.42:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.59:443 | social-magazines-prod.storage.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | gnpfesdk-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | gnpfesdk-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 1.1.1.1:53 | topjohnwu.github.io | udp |
| US | 185.199.108.153:443 | topjohnwu.github.io | tcp |
| US | 1.1.1.1:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 104.18.187.31:443 | cdn.jsdelivr.net | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.204.67:443 | udp | |
| US | 1.1.1.1:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 216.58.204.78:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 185.199.108.153:443 | topjohnwu.github.io | tcp |
| US | 104.18.187.31:443 | cdn.jsdelivr.net | tcp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |
/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof
| MD5 | a77991b1f29a11ff32aceb05999d0035 |
| SHA1 | 4f86483f11069e3c4d83079b940b64cba46d4df3 |
| SHA256 | 97b76d1e067b092ecdd2072b1fdcd4296b177205110a4e7b2332c9caa842606c |
| SHA512 | 85d380676abd69e91c7badac920beb9579e62a0d7c6ceab164ae7c87d98fa404023bfe9c3fc6cf8d06f5e4d9c0c6aca32c3aa6b1a42958d4d4daeec25eb85795 |
/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f67fb31a08a22fd9cb6aba042d50c0c2 |
| SHA1 | 195cfeb0d06d4f83b1bc5baf6f78c3dc4fe93650 |
| SHA256 | 21cdafdfecfbc6d96d51d18867bd16742d56ba3d51be496f475a24c0f88e1086 |
| SHA512 | 4d17988a24aad9398f2e4f17c90a308377899516d202e8e5ae0efde6c81a4c64bed5c7e2fa761acf7e0183d9006a3fb93dc48edddec3041adafd3c54935e0554 |
/data/data/com.topjohnwu.magisk/files/profileInstalled
| MD5 | 5f80e35e81ad5e38fba471791118beb2 |
| SHA1 | 45a54d35cb1695256712a94fdd17f3c162ddfef6 |
| SHA256 | 01bb7e6a356f0f76b5f1467adfda2c33a8a2112248b1814a526b832ac965d9e6 |
| SHA512 | 9cf6453f38ad2b987397cbb16f1ca952a3f295750bd8bb99abc3652e9e4f1387a34d346ab890a37f8f19dd9a9d00509ab8094d25354bf1f3731720d30a1e57f7 |
/data/user_de/0/com.topjohnwu.magisk/cache/main.jar
| MD5 | 803d520477442e45318b1b0fc76c6c15 |
| SHA1 | 68e0102a3a91f7a050cda807889b3ffa0e25ba18 |
| SHA256 | 4efaf47682fe8bf49c1aaa9ee7b907ced7246277ca996086da2284324fc8a9ab |
| SHA512 | 2523395f82258842bce3edd4033af92c0b1e10d664ad8817f6622b9ea701851ca0ba03bb2c06b9bc956f5e8ee988eacd41e9042e5873045449dabe78d6dcd913 |
/data/data/com.topjohnwu.magisk/cache/okhttp/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.topjohnwu.magisk/cache/okhttp/journal
| MD5 | 27279c7eed6ceb8dd74db05e82447754 |
| SHA1 | b0e6fc64a3bc7a945aa5f4bb5f4ea77f5937a91e |
| SHA256 | 5d253c28f2b42fd951ee48363cee4b12cfe608c6db7c15247680e0cc02127396 |
| SHA512 | 19bdbb4a65a2b9dc6268bbfaa96af4d33596f243b79c7af431573b7d476f36ba6454e2ab18a536023c8cd1da07dd18a98ede288f239f4b2d4fd4488b5d356840 |
/data/data/com.topjohnwu.magisk/cache/okhttp/b5e19eca1e184690a6d76eba4376f625.0.tmp
| MD5 | 05f20befdd81a20aceea708ebae2cb82 |
| SHA1 | 70f66c41b293baad666b1fb28b085b1548fe3b75 |
| SHA256 | e1e21612e4a237847138fec3b1941513a3276ee7312e954d07f1d91fd74f7cdc |
| SHA512 | a1dc22a776095f4d7b9d480bfd9cb36944aadb50c4c09b8f604f7282030ab0578606cada95a054317f77d49d81ca4d095195c789b9d3d8f587d33db9227a713b |
/data/data/com.topjohnwu.magisk/cache/okhttp/b5e19eca1e184690a6d76eba4376f625.1.tmp
| MD5 | ca8578487ba4126d8d2f212098555cd6 |
| SHA1 | ec3489766afe24d0c23caeb3fb48e8b3ff932ae6 |
| SHA256 | 5af2d631442481623f80eabeb040ca955ce15b2c4f61c7e44e2a8b3c69a40df0 |
| SHA512 | 7a2f45620cf315790c0aecbe8fcf43c9d45f830426246e0af8d7b79edddbf1337fa6663e2df65a95e4415c05450f695e1ac8f7d9dea390a2ba8110d4e6bb0afc |
/data/data/com.topjohnwu.magisk/cache/okhttp/f1b16c4fe89f35c71888b140b5437e07.0.tmp
| MD5 | 1f8a9a757f8351fc2196879fd67efb09 |
| SHA1 | 670d01db80758de3c3db41a4cd8d3963757e8653 |
| SHA256 | 49904be846d336c601e110f77bb9f93937d7b1854ea37fdab3f75d41e586fdd7 |
| SHA512 | 27343f7e67f7c398420dd3307ca4207897e2872e2379b8c4dc5471b37847dbba4a10554c71459d04fc6bde772ac26e867a1eb719ca2ba533a90ebbbc95b14e27 |
/data/data/com.topjohnwu.magisk/cache/okhttp/f1b16c4fe89f35c71888b140b5437e07.1.tmp
| MD5 | 211a2dc3b495b9ff1cd83266720ef315 |
| SHA1 | 34cdf653badd5ae2a56d80d329683ecfcef44ee8 |
| SHA256 | 7b76430e0f8fd383b7cc50f5acc2bd1956f173141480bc822ee03bcd895acf26 |
| SHA512 | 0a864432f9fa2b529a9dea6bbe50bbca48e03409c366844f69fbf90665d5f3ea84c03aa1aae4dc1b9b4989f37eadfedd1a4c63194991ae7e003f6c0a02e13b9f |
/data/data/com.topjohnwu.magisk/cache/27000.md
| MD5 | 5f079604cc5bb6962b33c36d8e0b2ef4 |
| SHA1 | 04999bdb0f990b7c39d0f72c3deae92d635a0f66 |
| SHA256 | 960b98b8b26fb64586d6c7ce6c916591b1d3087bf58d412664327945403d31d6 |
| SHA512 | 135a39579b705f678cbde71e8b8e09e944f5ce62d76205860e0d65d98879c2063a9478a6ccc07fc646cf9cb00d074805c42ab85fe132d6dcba9daae88938e050 |
/data/user_de/0/com.topjohnwu.magisk/install/util_functions.sh
| MD5 | 487ae2ecbd4bef647a2c428c970c2e6a |
| SHA1 | cecdf531c4905b4d3f786ad68a6564266581be5e |
| SHA256 | a4dce9fa5bf4e0f35e495fd43680b6c361914ae1255cdc84b6f82f7516a0431e |
| SHA512 | 75be2c1406a70c5e8b0a2e33ca96c840819eab3aaaf38a0703a00572bfb9bfab7cc7f3241ac0d50dbe640a97412c1e05564a9eea93a84fed81f84d569f59b459 |
/data/user_de/0/com.topjohnwu.magisk/install/boot_patch.sh
| MD5 | 3b324a47607ae17ac0376c19043bb7b1 |
| SHA1 | ed9b8e74a2d1522d03bbf33355b1c0189ec3c303 |
| SHA256 | 3f8f975fe20bdba9c506118032eebf230ad2214f09e70022c7308cfb0b0ebee5 |
| SHA512 | 88ca6321301de4c8a0851634605306f039e9237fa6183720a0fe145bc6407049f80db6bf91084f373f3d4632e2686bbb5f1135bfd03006b1bc1b0394e4991b32 |
/data/user_de/0/com.topjohnwu.magisk/install/addon.d.sh
| MD5 | 471483db1f25c972b4e3205531139509 |
| SHA1 | 6ea1ea1fcaf064bfffcb33c95a88aaf8eda4aab2 |
| SHA256 | 9a61e919b71b73a4ffbb41c00e6a9631c09de289b589b77f421ef5f7a43a55d2 |
| SHA512 | bd37319747e398fcec2158b165e976b5b2efeb2c253f866383788f61397a781f878c2d5d03132a58d67a88f470369a9f70a0811c830c340b1a12219f14f07727 |
/data/user_de/0/com.topjohnwu.magisk/install/stub.apk
| MD5 | 2e705f24df00d854a7343bc3f7d692fb |
| SHA1 | f352b6e27dd1daf86f3d541707c4cf75d26f81ef |
| SHA256 | 7b6388c2574a3b320a7d086ff3464ed816f0ab1b14ce07ecc9e96760ed08e22b |
| SHA512 | f1a19c62aabb8ed08ee0dc7d77f143664f2e163cf895bdbeb27eed47af5cf6b7f66bacc3dbd2d01cf0483459917d6fdff456e4598bb9cd57f117ad2076b2f89f |
/data/user_de/0/com.topjohnwu.magisk/install/chromeos/futility
| MD5 | 03e93f99bbf7f29993b2ce6e533eea20 |
| SHA1 | 12f779f878b4a7a3e4d4f57c292821b5a93d09d7 |
| SHA256 | 2b18aabff02b5daf5b7efec3d33bfffb8721ba7bf24fde5882db7f61020e4e45 |
| SHA512 | 43c4ca1929121770cbd08e83eef672aa2f54c84cd8801194624c9f1d4dad42b8fdcdfc4eb78c11f04efd0d91446cef9833a470b23071623782cc195c12eee4ce |
/data/user_de/0/com.topjohnwu.magisk/install/chromeos/kernel_data_key.vbprivk
| MD5 | 584777ae88bce2c5659960151b64c7d8 |
| SHA1 | a0b906e30ff91cb6fb7deb3e9174e49a69c8858e |
| SHA256 | bc9e707a86e55a93f423e7bcdae4a25fd470b868e53829b91bbe2ccfbc6da27b |
| SHA512 | 143dea30c6da00e504c99984a98a0eb2411f558fcdd9dfa7f607d6c14e9e7dffff9cb00121d9317044b07e3e210808286598c785ee854084b993ec9cb14d8232 |
/data/user_de/0/com.topjohnwu.magisk/install/chromeos/kernel.keyblock
| MD5 | 61c5ff73c136ed07a7aadbf58db3d96a |
| SHA1 | cde89256dfff246fe0734456d39d3b6446985715 |
| SHA256 | 4e708c9ec43ac4a5d718474c9431ba6b6da3e64a9dda6afd2853a9e9e3079ffb |
| SHA512 | bb6718984a7357c9b00c37e4788480e5b8b75018c172ecc1441bc3fc5d2d42444eb5d8c7f9d2e3a7d6fed6d03acb565e3c0559486e494c40a7fe6bd0570c9ede |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:02
Platform
android-x86-arm-20240624-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:05
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
133s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.topjohnwu.magisk/code_cache/res.apk
| MD5 | 0ceca4909997838abf3479eab0fa4191 |
| SHA1 | eb3d31c96ca0fb5ffa0d792fbb82a0b944a46a93 |
| SHA256 | 815e384c1c9ebd188bceded7c07c7a3f08d3091435bc7f32e5a7ea2cec645941 |
| SHA512 | 340af0342e6666188b49feb809179229641821d3340754797b32baa8707efda07f6e79981be63a7b5be0cc875f6d6aca3c0e6ebb29ed9638b77c0a4d07759e05 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:05
Platform
android-x64-20240624-en
Max time kernel
7s
Max time network
149s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
/data/data/com.topjohnwu.magisk/code_cache/res.apk
| MD5 | 0ceca4909997838abf3479eab0fa4191 |
| SHA1 | eb3d31c96ca0fb5ffa0d792fbb82a0b944a46a93 |
| SHA256 | 815e384c1c9ebd188bceded7c07c7a3f08d3091435bc7f32e5a7ea2cec645941 |
| SHA512 | 340af0342e6666188b49feb809179229641821d3340754797b32baa8707efda07f6e79981be63a7b5be0cc875f6d6aca3c0e6ebb29ed9638b77c0a4d07759e05 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:05
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof
| MD5 | 1a6b66bb28fd3cd838884f168b48ddcc |
| SHA1 | 902524d1db3ef9be7d5a42fa59a679ae9e342820 |
| SHA256 | c26a72bb48f7d06d6d16b660802a1af72615722f79bcfbd17af9a0d08ed50c65 |
| SHA512 | b11bc9814178970547255a99a3fbc51121e16871b4b717ad0066299d00f0eb6f7f9599ca5af7a759e0262c3d82c2f26ea4be6784fe8238ab880aec073176e41c |
/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | da782ff4711d5973260280ca3b080476 |
| SHA1 | 333b11cd12cc2f4e87df76920a8d63654c22841e |
| SHA256 | 2b1c2e753eb0a5b68e4b47ae3a9edff04cf38e58ef995931f774e301ddde0ede |
| SHA512 | 01de142b6cb441bcd549fbcba72a67922a387b368f73b084ff44376982aa51ccf3c21a672780a5db9c0bb26cd8404fc1c2cb574ebd9b94070abaf4829216eada |
/data/data/com.topjohnwu.magisk/files/profileInstalled
| MD5 | 0c3533ba1ebac7ac942815e1e7103d0b |
| SHA1 | 26673dfacaad2dc1694eccf9bbf35643484760ba |
| SHA256 | ad7495d24f6921c31e961ff54efc2c10e09d8e5c82407d7fdb9c0a78ae6566bf |
| SHA512 | a516b75eb9bf4351d843f762177b28d91a577bcaad4a68d00c6332d8c9e09d6053658413514127c94b3e4f438cacd3b81e600283af009f558ca75fbe999a6093 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:05
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
134s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:02
Platform
android-x64-20240624-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-10 12:02
Reported
2024-07-10 12:02
Platform
android-x64-arm64-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp |