Malware Analysis Report

2024-09-09 16:21

Sample ID 240710-n7eg6awgmk
Target Magisk-v27.0.apk
SHA256 f511bd33d3242911d05b0939f910a3133ef2ba0e0ff1e098128f9f3cd0c16610
Tags
antidot banker evasion execution infostealer persistence trojan discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f511bd33d3242911d05b0939f910a3133ef2ba0e0ff1e098128f9f3cd0c16610

Threat Level: Known bad

The file Magisk-v27.0.apk was found to be: Known bad.

Malicious Activity Summary

antidot banker evasion execution infostealer persistence trojan discovery

Antidot

Antidot payload

Antidot family

Loads dropped Dex/Jar

Legitimate hosting services abused for malware hosting/C2

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-10 12:02

Signatures

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:06

Platform

android-33-x64-arm64-20240624-en

Max time kernel

24s

Max time network

209s

Command Line

com.topjohnwu.magisk

Signatures

Antidot

banker trojan infostealer antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.topjohnwu.magisk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 topjohnwu.github.io udp
US 185.199.108.153:443 topjohnwu.github.io tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 1.1.1.1:53 newsstand.googleusercontent.com udp
GB 142.250.187.193:443 newsstand.googleusercontent.com udp
US 1.1.1.1:53 social-magazines-prod.storage.googleapis.com udp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 172.217.169.42:443 remoteprovisioning.googleapis.com tcp
GB 172.217.169.42:443 remoteprovisioning.googleapis.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 216.58.212.202:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.187.206:443 android.apis.google.com udp
US 1.1.1.1:53 gnpfesdk-pa.googleapis.com udp
GB 172.217.16.234:443 gnpfesdk-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 1.1.1.1:53 topjohnwu.github.io udp
US 185.199.108.153:443 topjohnwu.github.io tcp
US 1.1.1.1:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 104.18.187.31:443 cdn.jsdelivr.net tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 udp
US 1.1.1.1:53 encrypted-tbn3.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn3.gstatic.com tcp
US 185.199.108.153:443 topjohnwu.github.io tcp
US 104.18.187.31:443 cdn.jsdelivr.net tcp

Files

/system_ext/framework/androidx.window.extensions.jar

MD5 3056e1bdb7d4e19789d0319eff484bd0
SHA1 6791ae47aa9466fe0bca27ad6643f846853bbee4
SHA256 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512 c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

/system_ext/framework/androidx.window.sidecar.jar

MD5 29469324e59dfcc052f24b5af4e7b2c4
SHA1 10c1e17ac6f598037bb51baa07945663645de4eb
SHA256 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA512 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof

MD5 a77991b1f29a11ff32aceb05999d0035
SHA1 4f86483f11069e3c4d83079b940b64cba46d4df3
SHA256 97b76d1e067b092ecdd2072b1fdcd4296b177205110a4e7b2332c9caa842606c
SHA512 85d380676abd69e91c7badac920beb9579e62a0d7c6ceab164ae7c87d98fa404023bfe9c3fc6cf8d06f5e4d9c0c6aca32c3aa6b1a42958d4d4daeec25eb85795

/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 f67fb31a08a22fd9cb6aba042d50c0c2
SHA1 195cfeb0d06d4f83b1bc5baf6f78c3dc4fe93650
SHA256 21cdafdfecfbc6d96d51d18867bd16742d56ba3d51be496f475a24c0f88e1086
SHA512 4d17988a24aad9398f2e4f17c90a308377899516d202e8e5ae0efde6c81a4c64bed5c7e2fa761acf7e0183d9006a3fb93dc48edddec3041adafd3c54935e0554

/data/data/com.topjohnwu.magisk/files/profileInstalled

MD5 5f80e35e81ad5e38fba471791118beb2
SHA1 45a54d35cb1695256712a94fdd17f3c162ddfef6
SHA256 01bb7e6a356f0f76b5f1467adfda2c33a8a2112248b1814a526b832ac965d9e6
SHA512 9cf6453f38ad2b987397cbb16f1ca952a3f295750bd8bb99abc3652e9e4f1387a34d346ab890a37f8f19dd9a9d00509ab8094d25354bf1f3731720d30a1e57f7

/data/user_de/0/com.topjohnwu.magisk/cache/main.jar

MD5 803d520477442e45318b1b0fc76c6c15
SHA1 68e0102a3a91f7a050cda807889b3ffa0e25ba18
SHA256 4efaf47682fe8bf49c1aaa9ee7b907ced7246277ca996086da2284324fc8a9ab
SHA512 2523395f82258842bce3edd4033af92c0b1e10d664ad8817f6622b9ea701851ca0ba03bb2c06b9bc956f5e8ee988eacd41e9042e5873045449dabe78d6dcd913

/data/data/com.topjohnwu.magisk/cache/okhttp/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.topjohnwu.magisk/cache/okhttp/journal

MD5 27279c7eed6ceb8dd74db05e82447754
SHA1 b0e6fc64a3bc7a945aa5f4bb5f4ea77f5937a91e
SHA256 5d253c28f2b42fd951ee48363cee4b12cfe608c6db7c15247680e0cc02127396
SHA512 19bdbb4a65a2b9dc6268bbfaa96af4d33596f243b79c7af431573b7d476f36ba6454e2ab18a536023c8cd1da07dd18a98ede288f239f4b2d4fd4488b5d356840

/data/data/com.topjohnwu.magisk/cache/okhttp/b5e19eca1e184690a6d76eba4376f625.0.tmp

MD5 05f20befdd81a20aceea708ebae2cb82
SHA1 70f66c41b293baad666b1fb28b085b1548fe3b75
SHA256 e1e21612e4a237847138fec3b1941513a3276ee7312e954d07f1d91fd74f7cdc
SHA512 a1dc22a776095f4d7b9d480bfd9cb36944aadb50c4c09b8f604f7282030ab0578606cada95a054317f77d49d81ca4d095195c789b9d3d8f587d33db9227a713b

/data/data/com.topjohnwu.magisk/cache/okhttp/b5e19eca1e184690a6d76eba4376f625.1.tmp

MD5 ca8578487ba4126d8d2f212098555cd6
SHA1 ec3489766afe24d0c23caeb3fb48e8b3ff932ae6
SHA256 5af2d631442481623f80eabeb040ca955ce15b2c4f61c7e44e2a8b3c69a40df0
SHA512 7a2f45620cf315790c0aecbe8fcf43c9d45f830426246e0af8d7b79edddbf1337fa6663e2df65a95e4415c05450f695e1ac8f7d9dea390a2ba8110d4e6bb0afc

/data/data/com.topjohnwu.magisk/cache/okhttp/f1b16c4fe89f35c71888b140b5437e07.0.tmp

MD5 1f8a9a757f8351fc2196879fd67efb09
SHA1 670d01db80758de3c3db41a4cd8d3963757e8653
SHA256 49904be846d336c601e110f77bb9f93937d7b1854ea37fdab3f75d41e586fdd7
SHA512 27343f7e67f7c398420dd3307ca4207897e2872e2379b8c4dc5471b37847dbba4a10554c71459d04fc6bde772ac26e867a1eb719ca2ba533a90ebbbc95b14e27

/data/data/com.topjohnwu.magisk/cache/okhttp/f1b16c4fe89f35c71888b140b5437e07.1.tmp

MD5 211a2dc3b495b9ff1cd83266720ef315
SHA1 34cdf653badd5ae2a56d80d329683ecfcef44ee8
SHA256 7b76430e0f8fd383b7cc50f5acc2bd1956f173141480bc822ee03bcd895acf26
SHA512 0a864432f9fa2b529a9dea6bbe50bbca48e03409c366844f69fbf90665d5f3ea84c03aa1aae4dc1b9b4989f37eadfedd1a4c63194991ae7e003f6c0a02e13b9f

/data/data/com.topjohnwu.magisk/cache/27000.md

MD5 5f079604cc5bb6962b33c36d8e0b2ef4
SHA1 04999bdb0f990b7c39d0f72c3deae92d635a0f66
SHA256 960b98b8b26fb64586d6c7ce6c916591b1d3087bf58d412664327945403d31d6
SHA512 135a39579b705f678cbde71e8b8e09e944f5ce62d76205860e0d65d98879c2063a9478a6ccc07fc646cf9cb00d074805c42ab85fe132d6dcba9daae88938e050

/data/user_de/0/com.topjohnwu.magisk/install/util_functions.sh

MD5 487ae2ecbd4bef647a2c428c970c2e6a
SHA1 cecdf531c4905b4d3f786ad68a6564266581be5e
SHA256 a4dce9fa5bf4e0f35e495fd43680b6c361914ae1255cdc84b6f82f7516a0431e
SHA512 75be2c1406a70c5e8b0a2e33ca96c840819eab3aaaf38a0703a00572bfb9bfab7cc7f3241ac0d50dbe640a97412c1e05564a9eea93a84fed81f84d569f59b459

/data/user_de/0/com.topjohnwu.magisk/install/boot_patch.sh

MD5 3b324a47607ae17ac0376c19043bb7b1
SHA1 ed9b8e74a2d1522d03bbf33355b1c0189ec3c303
SHA256 3f8f975fe20bdba9c506118032eebf230ad2214f09e70022c7308cfb0b0ebee5
SHA512 88ca6321301de4c8a0851634605306f039e9237fa6183720a0fe145bc6407049f80db6bf91084f373f3d4632e2686bbb5f1135bfd03006b1bc1b0394e4991b32

/data/user_de/0/com.topjohnwu.magisk/install/addon.d.sh

MD5 471483db1f25c972b4e3205531139509
SHA1 6ea1ea1fcaf064bfffcb33c95a88aaf8eda4aab2
SHA256 9a61e919b71b73a4ffbb41c00e6a9631c09de289b589b77f421ef5f7a43a55d2
SHA512 bd37319747e398fcec2158b165e976b5b2efeb2c253f866383788f61397a781f878c2d5d03132a58d67a88f470369a9f70a0811c830c340b1a12219f14f07727

/data/user_de/0/com.topjohnwu.magisk/install/stub.apk

MD5 2e705f24df00d854a7343bc3f7d692fb
SHA1 f352b6e27dd1daf86f3d541707c4cf75d26f81ef
SHA256 7b6388c2574a3b320a7d086ff3464ed816f0ab1b14ce07ecc9e96760ed08e22b
SHA512 f1a19c62aabb8ed08ee0dc7d77f143664f2e163cf895bdbeb27eed47af5cf6b7f66bacc3dbd2d01cf0483459917d6fdff456e4598bb9cd57f117ad2076b2f89f

/data/user_de/0/com.topjohnwu.magisk/install/chromeos/futility

MD5 03e93f99bbf7f29993b2ce6e533eea20
SHA1 12f779f878b4a7a3e4d4f57c292821b5a93d09d7
SHA256 2b18aabff02b5daf5b7efec3d33bfffb8721ba7bf24fde5882db7f61020e4e45
SHA512 43c4ca1929121770cbd08e83eef672aa2f54c84cd8801194624c9f1d4dad42b8fdcdfc4eb78c11f04efd0d91446cef9833a470b23071623782cc195c12eee4ce

/data/user_de/0/com.topjohnwu.magisk/install/chromeos/kernel_data_key.vbprivk

MD5 584777ae88bce2c5659960151b64c7d8
SHA1 a0b906e30ff91cb6fb7deb3e9174e49a69c8858e
SHA256 bc9e707a86e55a93f423e7bcdae4a25fd470b868e53829b91bbe2ccfbc6da27b
SHA512 143dea30c6da00e504c99984a98a0eb2411f558fcdd9dfa7f607d6c14e9e7dffff9cb00121d9317044b07e3e210808286598c785ee854084b993ec9cb14d8232

/data/user_de/0/com.topjohnwu.magisk/install/chromeos/kernel.keyblock

MD5 61c5ff73c136ed07a7aadbf58db3d96a
SHA1 cde89256dfff246fe0734456d39d3b6446985715
SHA256 4e708c9ec43ac4a5d718474c9431ba6b6da3e64a9dda6afd2853a9e9e3079ffb
SHA512 bb6718984a7357c9b00c37e4788480e5b8b75018c172ecc1441bc3fc5d2d42444eb5d8c7f9d2e3a7d6fed6d03acb565e3c0559486e494c40a7fe6bd0570c9ede

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:02

Platform

android-x86-arm-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:05

Platform

android-x86-arm-20240624-en

Max time kernel

7s

Max time network

133s

Command Line

com.topjohnwu.magisk

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Processes

com.topjohnwu.magisk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.topjohnwu.magisk/code_cache/res.apk

MD5 0ceca4909997838abf3479eab0fa4191
SHA1 eb3d31c96ca0fb5ffa0d792fbb82a0b944a46a93
SHA256 815e384c1c9ebd188bceded7c07c7a3f08d3091435bc7f32e5a7ea2cec645941
SHA512 340af0342e6666188b49feb809179229641821d3340754797b32baa8707efda07f6e79981be63a7b5be0cc875f6d6aca3c0e6ebb29ed9638b77c0a4d07759e05

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:05

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

149s

Command Line

com.topjohnwu.magisk

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Processes

com.topjohnwu.magisk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

/data/data/com.topjohnwu.magisk/code_cache/res.apk

MD5 0ceca4909997838abf3479eab0fa4191
SHA1 eb3d31c96ca0fb5ffa0d792fbb82a0b944a46a93
SHA256 815e384c1c9ebd188bceded7c07c7a3f08d3091435bc7f32e5a7ea2cec645941
SHA512 340af0342e6666188b49feb809179229641821d3340754797b32baa8707efda07f6e79981be63a7b5be0cc875f6d6aca3c0e6ebb29ed9638b77c0a4d07759e05

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:05

Platform

android-x86-arm-20240624-en

Max time kernel

2s

Max time network

131s

Command Line

com.topjohnwu.magisk

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.topjohnwu.magisk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof

MD5 1a6b66bb28fd3cd838884f168b48ddcc
SHA1 902524d1db3ef9be7d5a42fa59a679ae9e342820
SHA256 c26a72bb48f7d06d6d16b660802a1af72615722f79bcfbd17af9a0d08ed50c65
SHA512 b11bc9814178970547255a99a3fbc51121e16871b4b717ad0066299d00f0eb6f7f9599ca5af7a759e0262c3d82c2f26ea4be6784fe8238ab880aec073176e41c

/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 da782ff4711d5973260280ca3b080476
SHA1 333b11cd12cc2f4e87df76920a8d63654c22841e
SHA256 2b1c2e753eb0a5b68e4b47ae3a9edff04cf38e58ef995931f774e301ddde0ede
SHA512 01de142b6cb441bcd549fbcba72a67922a387b368f73b084ff44376982aa51ccf3c21a672780a5db9c0bb26cd8404fc1c2cb574ebd9b94070abaf4829216eada

/data/data/com.topjohnwu.magisk/files/profileInstalled

MD5 0c3533ba1ebac7ac942815e1e7103d0b
SHA1 26673dfacaad2dc1694eccf9bbf35643484760ba
SHA256 ad7495d24f6921c31e961ff54efc2c10e09d8e5c82407d7fdb9c0a78ae6566bf
SHA512 a516b75eb9bf4351d843f762177b28d91a577bcaad4a68d00c6332d8c9e09d6053658413514127c94b3e4f438cacd3b81e600283af009f558ca75fbe999a6093

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:05

Platform

android-x64-arm64-20240624-en

Max time kernel

7s

Max time network

134s

Command Line

com.topjohnwu.magisk

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.topjohnwu.magisk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:02

Platform

android-x64-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-10 12:02

Reported

2024-07-10 12:02

Platform

android-x64-arm64-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A