5d0569a973a3484e07593949106a2c8afbb175551764fc79cc2473a151514752

Analysis

max time kernel
94s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-08-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c8d7dcbdf7b85f49d5587992ec5259_JaffaCakes118.apk
Size

10.0MB
MD5

81c8d7dcbdf7b85f49d5587992ec5259
SHA1

ebb90557b03889944955b918e7d2eaad500893d2
SHA256

5d0569a973a3484e07593949106a2c8afbb175551764fc79cc2473a151514752
SHA512

8f822ea6771cd1e9120964c8f809aa102ebb937b06077cc2951583aa9d70aa2dfeba38f38816b9e2ebd1e62d5bcb6351f16de4958b12bde4a95ab2e00f3351c6
SSDEEP

196608:Idj0sDa1SHYSAcPVTks5xtgaLMABH8wo1dkB8FmRDnsHjgtX:Idj0kcJSf/5jIC8wo1yiER0oX

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/su	com.example.zhongnan.travelapp
/data/local/bin/su	com.example.zhongnan.travelapp
/data/local/xbin/su	com.example.zhongnan.travelapp
/sbin/su	com.example.zhongnan.travelapp

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootmode	com.example.zhongnan.travelapp
Accessed system property	key: ro.hardware	com.example.zhongnan.travelapp
Accessed system property	key: ro.product.device	com.example.zhongnan.travelapp
Accessed system property	key: ro.product.model	com.example.zhongnan.travelapp
Accessed system property	key: ro.product.name	com.example.zhongnan.travelapp
Accessed system property	key: ro.serialno	com.example.zhongnan.travelapp
Accessed system property	key: ro.bootloader	com.example.zhongnan.travelapp

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.example.zhongnan.travelapp
Accessed system property	key: init.svc.qemu-props	com.example.zhongnan.travelapp
Accessed system property	key: qemu.hw.mainkeys	com.example.zhongnan.travelapp
Accessed system property	key: qemu.sf.fake_camera	com.example.zhongnan.travelapp
Accessed system property	key: ro.kernel.android.qemud	com.example.zhongnan.travelapp
Accessed system property	key: ro.kernel.qemu.gles	com.example.zhongnan.travelapp
Accessed system property	key: ro.kernel.qemu	com.example.zhongnan.travelapp

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex	4257	com.example.zhongnan.travelapp
/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex!classes2.dex	4257	com.example.zhongnan.travelapp
/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex	4257	com.example.zhongnan.travelapp
/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex	4309	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.example.zhongnan.travelapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex	4257	com.example.zhongnan.travelapp

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.zhongnan.travelapp

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.example.zhongnan.travelapp

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.example.zhongnan.travelapp
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.example.zhongnan.travelapp

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
14	s.appjiagu.com
26	b.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.zhongnan.travelapp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.example.zhongnan.travelapp

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.example.zhongnan.travelapp

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.example.zhongnan.travelapp

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.zhongnan.travelapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.zhongnan.travelapp

com.example.zhongnan.travelapp
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4257
- chmod 755 /data/data/com.example.zhongnan.travelapp/.jiagu/libjiagu.so
  2⤵
  PID:4285
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.example.zhongnan.travelapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4309
- sh -c ps
  2⤵
  PID:4388
- ps
  2⤵
  PID:4388
- ps daemonsu
  2⤵
  PID:4413
- ps | grep su
  2⤵
  PID:4432
- ps
  2⤵
  PID:4471

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex

Filesize
4.5MB

MD5
a0f53ead6a24759425875edb31c00bbc

SHA1
4b11b08b5bb0b63e4e4ae9350d7ff98fef8c6fa1

SHA256
ce347b12ac8156d04778f28d1cc5990f1d93e4e61bb6de95045dceb1b0db18a4

SHA512
93a8f7a34f3dbeabe30f7f7d45d23ec14cb1ac22f5ae0fd48709b25621ec72d47e547d933566ae70af81e5672f6223a3813e0c7018b91379e2e60e412a5a0b4a

Download Submit
/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex

Filesize
6.0MB

MD5
448479e0d9fd74b901ec1ed87891fcde

SHA1
295567c0f7a19fb6bcdac66248be7e651d17d8b5

SHA256
cbec7e908ec864c2652a447054e76f60e5a34cd1893dda1b31f13c16056a4f0a

SHA512
70e649015a6e1a732e64b344b41c1805b912c6d085f2376579e185395678d87d265cb405b78e72005a95b749280456530063cb31e9522bbc6e9acdfee8d72cd8

Download Submit
/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex!classes2.dex

Filesize
4.2MB

MD5
6008fd26dbe96659fc47dc8bb2ae4b81

SHA1
40a37438428d21c8350e829d3d0aa59d030ea266

SHA256
d95900c29c34735f81840902dba54b13f05b31b720629660d3e64a6e5ab7b071

SHA512
4cab7d4043c9faef827ce49ae261f347d3aa5ba7033919bc9319360a30c2e6b6eaea6a1197b03055dd2005b131e811b7f56c28929cf09ce86e1e93da0406a103

Download Submit
/data/data/com.example.zhongnan.travelapp/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.example.zhongnan.travelapp/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/browseHist.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/browseHist.db-journal

Filesize
512B

MD5
75276d951e236ee1d2cbac2b03b90ef8

SHA1
77f5a28b95598a829e813f7f580ad51a46756037

SHA256
2b482d8cb1d547e171b600da2a895bfe1a12bbe3eac2e7dbd36f33641b8c2a48

SHA512
33e3735192eb644018c18a62a51b4ff62bf47f2cee3bb9fea21454ae0f33c2ef5ca7f0d2ebdb35e9e89a7404cd57c5b979750ebc5221f10578593dc81e8a74aa

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/browseHist.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/browseHist.db-wal

Filesize
36KB

MD5
286ff3328fd4a98108b4807d6888ab25

SHA1
40c83fb11c18435f07c930c76078bab6fa271e0c

SHA256
4de0f70dfd4a49e1a63f96379323fbef95bdf57bd029228030770acfcaf1dd82

SHA512
85860b5056af1c37628faeb2493650608b8f28c46918e483d6180ba037d2913a6ce2b4b4e5b172e0e224bc5e05d583aeda0e46d0685e92aa79af1aaac30671ea

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/hmdb

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/hmdb-journal

Filesize
512B

MD5
42a741eb1b2fe44acf41f3804023ab7f

SHA1
3a6ff63ab46d22d7244240e25b194f0df784d592

SHA256
20a0ba8762610b1d92b2c769be964785dc781909d8c2ea4d30d280fd1c9c8c5b

SHA512
c151d17b9300c8984131f0bafec69a695711a6ac629316c6e5be6f28763749d5d69b1e0c9ac7c15b7d6274474932064d639452a34e11042e5a58327ed0b047d8

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/hmdb-wal

Filesize
16KB

MD5
22fe9421fe1b796c9a2c6a233a1b2395

SHA1
81dcf227ac1e49ed241ef6f518b8325824b3c231

SHA256
e79dca559ace3805f12bcce1aed69dd2ee6c9a05b06ba67dc19f6f5a2648c2a2

SHA512
10e72c82e86bdf8eac48d9b5b18230bd45e3f7b72234c5293023193cc1fa141c214fc3be51dd38daba8fd877daf5c5c87f4bb8ac3a98b39edb83c6cbd310dfcf

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
36KB

MD5
a7b5debf648af8527d38065f285c6754

SHA1
ad8513c878ca1483a2472c7f8dfc8a416418517e

SHA256
0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5

SHA512
c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
20KB

MD5
43e6fb71a53646f62a7aba022b253aab

SHA1
2a7ac1cc33bf44a50e9d897a26df401bc37a6dd0

SHA256
bac7a36c3aecb036179b30ac22edd26d8cece8218190e8b86ebf38273e5884b6

SHA512
7bc5bd42e8fe6507df04c2d94f3dd99d3665325c882bd6285ce2fffcc817731c89cc474521423c5455f01ca6607e213b79d9634c975126d4a99882bf48cad177

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
36KB

MD5
60e918a66670488ae5e111bdcbcfa95d

SHA1
ee81e2f5ad9a7301adfce5999095370e532a43d9

SHA256
0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313

SHA512
1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
28KB

MD5
ea8985a75b326163e0c57f365935a741

SHA1
65ffcd52aacf9bcdb776149626cfaa9c9556f147

SHA256
b096245a8bdabebe026ddc838db0b4f9eac5f0219101066b318c024aa3a50421

SHA512
a8a6489f1825e71a73d4d96d27d0759b410b78684c190511b2b98ed4741b18cc6d03412ac994bddadb862c5dbc433a2e7ac34419ee50d2b0179933a72866943c

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
28KB

MD5
959177b652430ececcad3cebf98ab4b6

SHA1
e10289fea59894e0f876657d735314b46bfb9f3d

SHA256
da3b572632962dc0e1536124c3eb87d509e05f72d7f734d81816593979d4d03e

SHA512
6389bc2c4092da1a7bfa969e6d855a91ab840a9b358b5205428fc5de5e8dc87c7369d925c16abda5d409e54c3c7389c9ce63b72376d0354a3a7815da310aa551

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db

Filesize
28KB

MD5
19d9a140951c56b6c1569cae45bbea7f

SHA1
6b38ef2e8c036064cc070034238c950ad3841a26

SHA256
fc2a02497d3a15ab7804d6b0e133816768664a773869aef97a296bb95a19253b

SHA512
fd2f2fc08880996f97c6bf4a86f3b98fe5590143468ccdb42c2cbee7a74de2952be20bc93a1ea2aacd8213c55f8b753b3be0bf594f01855daa15b279e5166498

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-journal

Filesize
512B

MD5
735aec666cca15ad4f6e4e42d30779c9

SHA1
c1383a02df098f2e7f879f32fcf6952f49793154

SHA256
8c9f013e6dfe9c09b7b6ac30b01b0f7f491739757b69a04eb54cff48602be846

SHA512
b14ca95d8db56f7b2f8a6b3d85a77cb92c9c2cd8fe85fd362d7bfab398f4dde949350fa0b76643ddf2d7005a93e04221fa240f9d67784326f0398c49849d5926

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
48KB

MD5
f8933d9aa9e266f83b103d2440e620f5

SHA1
df18f82f01ecaf3ceb0b6354f49960d40c5a5e2d

SHA256
b6d5e62f28e2f673e936080e2fc3039b7d76b9811ff55b9381af91f63ca6b5e6

SHA512
50cce2c40a08628be2f9e39710e48f87cca27a2eaafefbe9ecd20c993f706dd1fca895450a0c655fc8893be14be04fb605bb30270c87ff440d36c896516305a5

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
8KB

MD5
b279aeac3aafb948650c454dbf007f25

SHA1
b3d62391b72f335cb8410c091969edde4f8eac11

SHA256
ca61b1531955501e48aff24a919bdeb2eb2911b6bf263c8d8ea046ff9a2e6666

SHA512
22237c2dd06a97d12170ea732adea6b100cdcfa1dde16325ffa85ba53b98ef510d1aabf69be032302ef9ac6af3e75b80a6d1c80543aaf1c5ecf1872a148d643e

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
8KB

MD5
675c8e72850ad3f7978d7b388098ad52

SHA1
3a7c3b95dc1fef978dd8515d5acfec223d63ab74

SHA256
16bfe83a41a1abd1f748d3b30bb458cc9e6d1e132a6d091b8ce5f9c92e0befeb

SHA512
19a2cd33947fbb81e28a00f9a929e687111b511d8d6a64f9ac016cd32f10cfb3d1bd16a125450621ce28e35b5026f78c92c639ed0200a945d5fe96a98ece1f8c

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
8KB

MD5
e3726829a98a0c99b7be50d38dace1be

SHA1
43e0f3039bdbe3e27fe4ab9d82131a84ab40316e

SHA256
9fdbbcf658235ba89f826444f30582574c605c9749834dca35655701b3550d70

SHA512
da47779ce0b1e50ed596b920e94ce9ce2bd9bebc72360b5d5378767740536c3ecfe0fd8633cf35e665bb5dc1d278738052e811b8642c700bad9e273102990b07

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
4KB

MD5
33086b15e809c73f16a4ba57eabed15d

SHA1
d23ed2ebe4da61d349c6dd1fb7f6454aa878ad5f

SHA256
11f3e91af6ef7ed6595aab9611b46220e44d974708b342239f800fec3fdaf076

SHA512
d96b1e446279d61534922cc859fe00fa98d95cf96a55a6d8808d19becb6ea73638c9f406f38d4f2992db29ffa2d17d0b3ae34ffe0255d9149800897aaab31fca

Download Submit
/data/data/com.example.zhongnan.travelapp/databases/logdb.db-wal

Filesize
8KB

MD5
4da8ea5a4487de209a01ce47176d5557

SHA1
dfeea36bce003d2a3c98a24efc59e4690a888b21

SHA256
857080a1247e900c387d339bd54d6f9c3b27e29b505b5020cca41de72291cdcf

SHA512
82f194ad219e7ef072686f5498492acf7820bfb3f118430136dd9d9d60b12134bd6facd41e9b122bd7ea38c675c4767f573005f6b4999b8f905abdb2481b37a6

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.ac

Filesize
40B

MD5
2131686a77a1125da762fb92c68aede3

SHA1
b700ae3a58c9509942fefa52f819755eefa984d2

SHA256
514b0ba4c648f15b7e789934b476504befb72abde5c66d9431e49f4b19465785

SHA512
9c6e9157cfb27ddab0c8154ee80cd438d0a5b9380928091fd2ec86a22bfc6754f55472c4a1a2cfb67dc630469b6ac674f3fb738d7e12a655c5715dd4f7dd7511

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.ac

Filesize
40B

MD5
8a450e5c6f44c0ec76c1802172d06457

SHA1
c9f9887a11fd7aea0a621fde43f210c8e779b65b

SHA256
fbc275b494f01754f850e24f74f2295177c884a08bd536ab098dcbb6d7853e94

SHA512
341b084b063fb7172cd6822f14064731467c17de88bae4b5c37ba1b6437022394eef1d66d214ae347d21a6a534ccd5e608a35cb5c17ae52a9c9933ba4dd4c8cf

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.di

Filesize
340B

MD5
2eee69889f8f7703c06aa141e83349f8

SHA1
028f45de08740be5cbddb1b842ef0df8c5b462c3

SHA256
45ab212dc97b44226b0e820c08b80d97f3730b9293a9b4bdb15653e2643ad774

SHA512
aa2ecd05c6da3a177bd1c14795eb4ab56401af1164cafc7802366aec3e791f7b0c6c38022f3e51e3386d85b2f6689632d96a6b986916f97451d1d98fc9f766c7

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.di

Filesize
340B

MD5
6ad39e533f15731d34dce57b5e4b924e

SHA1
a836b80002f144829eed2ed22c90b6d180efe005

SHA256
adcf3e91c1f12aa16cdc96e2c572257e603c9f04f908ee12379eb1ab071aea48

SHA512
608aa155fec742dc88f07996b3b66153b8cbfd9ade21dbc8b9c5251a8dfd5f1fd993318e2b1e403387567d6fb39ef61815290f59e1135f4a3b3472bf285366ef

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.ic

Filesize
40B

MD5
d2bf049b3ca0f6495599c30677355bba

SHA1
e3174f294bc72ba05a55535620a5fe19510b30a1

SHA256
d91787ac6e887168bfc842ddc829eb78f92d14ab6a8036055fe2ab909129a30b

SHA512
6cbcac12b8ea577102b53c3ca9cf1260997022a9f1b84ba2a2f8700a3eed5468a6e7ec51a597045968907ad67ac7253372e86e5ee5c416581f804764b3d642b9

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.ri

Filesize
314B

MD5
c5dd617bd9c4bf0e0c52a13c70a3d849

SHA1
e4351cfd949f4a84d6d40c46a29bed2281b69915

SHA256
9069ae8e22664a575562d1ff84e2a872114c5957570c298416f825098e254a53

SHA512
25bffcb558c40e1d243b66bd0797ab26ad71e8b5207b209b6bae7081073be047990f54123b2f995bba3369f7045265864fba2f12603ea9f96ca16824f90d08b3

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jiagu.lock

Filesize
27B

MD5
cbdb846f715c15d5f93062dbfc116654

SHA1
bf3c66b2227d86ba0bff291a336a75d218cb57d3

SHA256
dcf6b0c108968ecb92b4c2b04db7dac35ff4ff99e86ff11ac57bbe8f030887ba

SHA512
942b8e8d6b9318152a3d25128f351687153d217b08d847ec91e62f61551cbcbf185d0c82cefe23cee38eecc5aea8487c6308e9223b9e2f766b5ad49f03b0eb5f

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

Filesize
564B

MD5
1203031fd9092dee3c77f6f989a83b53

SHA1
e35bcad390e4f11deff7513c656f6b1f735e32b2

SHA256
f58224b245a550ab604470f1dff4e66f3b641b27884d1a7741196dd591ad7216

SHA512
8ed8cd033d33bbe6a39e207ae88ce6b1b7094b0abb56a3cb38c5f9da1706ad58c1538ef09b8378cd329a4f5748ba04b492b34f23bb0b8a5de8aa8c60cd3e3015

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp

Filesize
564B

MD5
93135154199c8187e4288feb051f5333

SHA1
4d4edff7abe9d12577b46f70a0e85e749aba786f

SHA256
8093bb2ddac9331e6d8aa0d22b35ebfd14558b26043bb570d6bdda68908523b1

SHA512
e0abc3f459a4a550dfc578e566239f7c1685fcd2c3533d3f57979154b45f3ab9223c8e07d12c4063a6f67f68bef669072e35cd9b32bb4ce3ca29453bd377146d

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/journal

Filesize
113B

MD5
adf74c6eeb18424ae96792f31795a85e

SHA1
2a1791759434831de0bde90fb1016ae02fb44875

SHA256
9dfe39523699289bddc58b5d35346e131916607ca6cba18336133700429c065a

SHA512
e39604cf92527f820533f60fb94ec3bce2a75d5192e9009bf1218b6a570fe53c791a0d23860ffe33517431d00d7e98763f9c930992b68ef430a9d7f72ec0a5ec

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/journal

Filesize
38B

MD5
5e35c852bb1cd4d3321c28193e135856

SHA1
27b0569d4b298eeacb67d0399428c0eae5490b79

SHA256
54fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364

SHA512
3ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/journal

Filesize
233B

MD5
f4a98020a103b00e74abadae06f2445c

SHA1
87d6ee6ff238b968e5ae9dc6acf4f355cf9859af

SHA256
b1ec2833f6714dde2630971a9eebcd2c043b55652180dfa5b3d9c3570f108483

SHA512
75942fd50b9616e5034128b48f9fa6b6f757be238631a0bfcba4ced2704bf9d8cdc7963e88502ba23f6e48e7de924be0b9786fe044f6222cbed83b16bb53a167

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/b/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/e/36117375522740.0.tmp

Filesize
180B

MD5
62ca7bc0107429705c380e930d5b0086

SHA1
22ce108f1698ae1c081118ad071d3de1e4c0922b

SHA256
bf6d64a32c29be6f1ae36c9fdfa79f1e1767075256bdbd25d72659aefc7b7a84

SHA512
ff65d12256c7031a97e76884d7d0aa20621071495ae18bcd39d7bfe89a33d3daf7190f60f76d714ef9c61c6b9754dfe0183a43864ae9f918fa6fadb6a003ece0

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/e/journal

Filesize
77B

MD5
e61101cff1ff02792fcd6dfbb3b1e8ae

SHA1
5a6787386b768519300c0e29dd668ce6b71bdf41

SHA256
c318edc557967937f8e4c9188a67b7a81849ef8f4ddaf4c0c3990c3269550401

SHA512
ee32396db2e25269d5a981c32eaddff5216e156c1c23bcce3ac02283d123258fc5fdab7ddb3fa61fd0935c2cef108f9463b6ae97d6d9c3862782b6c83c8b63f5

Download Submit
/data/data/com.example.zhongnan.travelapp/files/a/k.store

Filesize
32B

MD5
be85c66e11bd48c183d169d7c3b7a386

SHA1
06c3055858497fd1a02851f6b200f82135793a2b

SHA256
de18056686e2712ab2d7e580a197d60a173abd8ed445209d4f1e36aa5262e8cf

SHA512
40c21d40050302c766a92aceb812fdcfb7ebb2ffc60ad40d03c15b9c82f1a304418f6c8bca9c746eabba2cf1a47f969ba3e757c8e18fd3b53ec9f86fcf92dd4d

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
0d4e27efe4acc1242cada429c1b1a4dc

SHA1
8b2ac2dba88a5ef5a0e0e7dddc32ed3ad312641d

SHA256
20efeaa66c01bbfbdc4acdde5d807d5f08342d1bf89f1f6db23f24dc93af96f3

SHA512
2b1207a4dfdd5a714c239675546c584e34920ae5653aa33d5c02823a5396f4d5a31d3d04b456bb63b52a3014f873883fbc8149e97978e18d73e27e2765f11bf2

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

Filesize
20KB

MD5
731fba9d21f23915576ea5dc2ea3ffb8

SHA1
d1fdbc209db8b71d1b4e5341e75b8cc88647146a

SHA256
87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab

SHA512
b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

Filesize
512B

MD5
067d9ce899ee5bb74c1d78f4688022bd

SHA1
27a4c9c41a8c83bb7ede34487fc597af6faacee5

SHA256
e82ac72e9401e93b785cfd9210c64fa1d3abca09390467928c573d3fc2fb4044

SHA512
c54a95fd9ebd9e60ba8c82effa0ea4e1ce93098e59fea8be9c18757bb23559e62e0200c74b1c035ac63f09b2b5833a2e7267550785fce5f7ad3cb6c3c6f71e95

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal

Filesize
32KB

MD5
085ed8ac48ba577c07e6301466c84ceb

SHA1
d86cb3f4597928da9e658d2afd3e57e73abfdd3c

SHA256
3aa51d1b8586d9ce061e97edf74df96137b227f5d2f8c34b75ed10897f3cc4b0

SHA512
97d848894ce36f16a63506c8effa6d8df986ded3b88c207ca81990ee2eeaf4a2fb4c53b9f6164f6cecf000a1feb0ca5304eb230332723b6480026b8972a3040b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads