a34dea53127f26b4b51d964bf307103a57f3e5a5a4a9588dde605ab8ad11be9d

Analysis

max time kernel
145s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
06/09/2024, 05:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ceb903583678fb5dcf6b36c53e4ad304_JaffaCakes118.apk
Size

8.6MB
MD5

ceb903583678fb5dcf6b36c53e4ad304
SHA1

88670d65fe2ded015879cdecac4122ff7c824bbf
SHA256

a34dea53127f26b4b51d964bf307103a57f3e5a5a4a9588dde605ab8ad11be9d
SHA512

96d5d41c6a2ad9d88de568fe8362ab8a5280fe521cabd63582c5af1f20eae23b496728cd73f9fea12362cd1a06e0727a54b7c7ff11d54e20fa9a5d7720a8cc17
SSDEEP

196608:hDJMy8pcju2o226R0GKCOV9QSi8kEEoCtYYkMmJhD6R42P6lh3Co9qnEEFfWi:hDf8pcj7cV93MSyYYkRDDkat9UEEFui

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.fai.shuizhunceliang

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fai.shuizhunceliang/[email protected]	5068	com.fai.shuizhunceliang
/data/user/0/com.fai.shuizhunceliang/[email protected]	5068	com.fai.shuizhunceliang
/data/user/0/com.fai.shuizhunceliang/[email protected]	5248	com.fai.shuizhunceliang:channel
/data/user/0/com.fai.shuizhunceliang/[email protected]	5248	com.fai.shuizhunceliang:channel

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fai.shuizhunceliang
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fai.shuizhunceliang:channel

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.fai.shuizhunceliang

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fai.shuizhunceliang
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fai.shuizhunceliang:channel

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fai.shuizhunceliang
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fai.shuizhunceliang:channel

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.fai.shuizhunceliang

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fai.shuizhunceliang
Framework service call	android.app.IActivityManager.registerReceiver	com.fai.shuizhunceliang:channel

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.fai.shuizhunceliang:channel
Framework service call	android.app.job.IJobScheduler.schedule	com.fai.shuizhunceliang

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fai.shuizhunceliang
Framework API call	javax.crypto.Cipher.doFinal	com.fai.shuizhunceliang:channel

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fai.shuizhunceliang
File opened for read	/proc/cpuinfo	com.fai.shuizhunceliang:channel

com.fai.shuizhunceliang
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5068

com.fai.shuizhunceliang:channel
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:5248

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fai.shuizhunceliang/.1/.suuid

Filesize
72B

MD5
c399cc79fa530a2a4b87525d59973b47

SHA1
60c2d4b7733f69bea8f7a9d39898e07068fdac65

SHA256
8311b7cac7f56d7bc87dffab2859bcadad0380ac396f9a7673c468e45fed724c

SHA512
403e0f6cc8db60ed1cfaf595aa76b855221471f40f72a225c7ee4f4bfe05ac195690e5c2b558a3efe6490be1a93aa52e3535882ce126c5baee39fbdd8b391be6

Download Submit
/data/data/com.fai.shuizhunceliang/.x86lib/libbaiduprotect_x86

Filesize
744KB

MD5
0b52ba1ef6f7318e7a95cbf7fad64686

SHA1
6d1d14b2737b1b61af1b4da1983f7ba39f4015b8

SHA256
c0ceab6728e697c33bdeba5325e22a5e8c243c55424c15d48419dba9dc04a8e7

SHA512
0a67f0fa9f3f39d83332b3d0698a675a980b69fc83a0a0113539d22530b0ef58c64ac7a797a10b68f20cea334204b775a41655772ab79b4feeb496f339b398e5

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MessageStore.db

Filesize
36KB

MD5
6639b4938f89cbbad406e26ea2ae2f01

SHA1
4463dd480a95651a01bd2645ee8b4cac75c0d3a6

SHA256
9bdca16e3805cbbdaf4734e74a7abfe531cede5b5fe9e090466a042b03eb6dbf

SHA512
0adee850dff5f8909ceb8c789d40d84e26f77939262f680d770c50b6a7c0d05391cbdd2b36b5fd6f6ea7736251af853d7bd44effae74dad2043b21d75369adef

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MessageStore.db-journal

Filesize
512B

MD5
0e9fbd80353fc65cdc3e25386f9e4543

SHA1
1799164efc90b36a3212e970e8617fa1704f068e

SHA256
e02edfe3f0205c0b192d75b8915f001c81ff3f1f768f8c762dd0acf007b1e1d3

SHA512
c338e9ac9aa8c7339c69f6141e2f1a6a6fc13523a9532567862e0b78a1b816b3464e0e0ae556eb7da9befb2f3ff51a35403437f957383556ecf5d93053e2ae3e

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MessageStore.db-journal

Filesize
8KB

MD5
7c3b672da938fd48b3fa266535003600

SHA1
f8efc3b15f2372543261e1850b9a3ba7b909474a

SHA256
2ceb91ee8f1b274ec83668967ee31dec282c27114bc1a8e41081abafade388a9

SHA512
a87b969deec7c5a6badfa32f9970baeb866277c85e028078a277cd5355616686db897610634386ceb12850c257462bf91caf2f86818d23342989c9de3256494c

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MessageStore.db-journal

Filesize
8KB

MD5
c3eb11f51b6913fd89513ec039bf28ed

SHA1
eb53c8af4306869b6612b427f6db0385e06cc4ff

SHA256
00cc2a2fe5392198328f7322f69c04e25f39c0e11f288d8512104abece3feba7

SHA512
c58b252a6c1c9b1b3309b881e61facf14fbe673b7b888bafdee36ed2d08645d8b9a3dcf643f083941432b6a927bc2f4457f6983e308a8c7fc646241e3eaafe5d

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MsgLogStore.db

Filesize
56KB

MD5
9cec591e3ef91ae568f4cb6e7c2a8745

SHA1
ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7

SHA256
05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c

SHA512
f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
d32b1a0baa9c8265ef3a033a7f39a803

SHA1
9f80c433316e696d5273eaecc04d8affffa7ea3c

SHA256
2d0c637d472e16452237f4a8f6ff12738154ff4735ed5d5b2bf4e716af4a4bf5

SHA512
bef63c4c82fc3df808e76b463683ea5519ea0b67e9ad4c4a5060e978ffd78a297e659c8b6943d05816f0e169f85b66818d234bc06cdc0503252fb31f95c2db89

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MsgLogStore.db-journal

Filesize
512B

MD5
e2cd9cc9af6312d452f174170c17bc9e

SHA1
5068bfd5e3cdca9613c965b18c5a8773e1f45fce

SHA256
66096635ed7dc2f279685253d6d1b9467b807ac7718d41fee4574403a4b2ea16

SHA512
981f62f8a2f35261640d731bfa76a75c288843435685e12fe33f4994c70cc8094dee58b6d03dd50a874a4fc252465aa6d5cbaa5bb8592499af53c9d4b2031ccd

Download Submit
/data/data/com.fai.shuizhunceliang/databases/MsgLogStore.db-journal

Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/com.fai.shuizhunceliang/databases/accs.db

Filesize
20KB

MD5
d95e1280cc553509d7b5b7851398db12

SHA1
121eb76ea37f3407d0f3b56392f6f67893fbe649

SHA256
58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c

SHA512
f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

Download Submit
/data/data/com.fai.shuizhunceliang/databases/accs.db-journal

Filesize
512B

MD5
e488d94c5c476a22525583d4bf88c389

SHA1
3f47ecef1fd0cfeb78b3d1d82edae319cc01aeb0

SHA256
ca3d3c99ddf6eaadc7012aeecb926c4726010e3215ad486fdfc2d9f5cdd7c6c1

SHA512
7d204c608699502aba869b3a653263b82717faa5d08ee258567da36037a0ffb85e68085ec2f59e5f2f7bc7a89482b53935d2cb81d97be74b9295f4ea34fbd29c

Download Submit
/data/data/com.fai.shuizhunceliang/databases/accs.db-journal

Filesize
8KB

MD5
b930e9500c45285b1ad7e775782f60cb

SHA1
60017db377e19881f805bdeaa542f2451ed4fe03

SHA256
03f3aba0e6a65596fe3dba9e8512f173aff4bc152a2a37fa44d12c9a36bc41c8

SHA512
da948dbe7be8ca8e6e91b2572e93bad4e17e76bfd705cf47e56a9d985c5b5ac693d159c7ff352c830e657edbdd2f9b5c05bee695fa076efd325d9a4af59de579

Download Submit
/data/data/com.fai.shuizhunceliang/databases/accs.db-journal

Filesize
8KB

MD5
3c4397981e630eaa8292b590f7308b7d

SHA1
34dd99d8a2de19d485ec292d6d1f382f2ab2b03e

SHA256
b9ecbcb510eea33890e39020719e4e3cadac3ac5f60cd64b6b459d669906fcfa

SHA512
2f41b5f77fe303ccade8a7f8940943d30600455c15cbf8d2afc302eaf9eeeb8e1e33aff96633016aa0ec71bce6bb6ec2e027340f35eb62e98e691c07a30c47de

Download Submit
/data/data/com.fai.shuizhunceliang/databases/bxshieldh.db

Filesize
20KB

MD5
5aca50d6f3b5f8c14f6aa96819d53cbe

SHA1
66dd20a51b4bdbd996d76e3d25682acfb9c0eb81

SHA256
e913d7543cf16d7270bce4adf8dd2efe2b6dc8346f3d09eb28ced25be119c4f1

SHA512
00ab86c15bbff866c5c996d8d7e3741814d90c3c93463500c0370496f24f21f1a09ae595cfc808421ab9e2f0dc25c5b20578dcc407092ac5f2d7c7d33c27d0ae

Download Submit
/data/data/com.fai.shuizhunceliang/databases/bxshieldh.db-journal

Filesize
512B

MD5
6eea066ccc30cab92adb502dd7acb737

SHA1
acd1eddae6fef3e45c48ec14ac123420f6367c64

SHA256
41190672c9bb5510f2221745d6b0652842854fdf12ea8cf4e10912dab06d3f46

SHA512
68477d02e6eff2c31779e5146702f4c3137b7a5f7a4461bfc6513210fb6c1a10055d1cc5d3b1b5a2ead621c043bc5d0c1c744a19f80c385fc0d2ddd35a1c514c

Download Submit
/data/data/com.fai.shuizhunceliang/databases/bxshieldh.db-journal

Filesize
8KB

MD5
8d6c89ec207c93a258e9a2ab94276b6a

SHA1
18088c8b21e19a2476a1d7ec56a4bc1f0803a6e1

SHA256
2891555e9f0d5e67ae164c10eb31c1598a6024eee7b8756c96b9b2fac4877d74

SHA512
8333399e5bdc63a4d3b1031fea96477bb815074ccaad66ae47b0abf78be69ad7525f78db89f8b1de63e99daac5f99ed16c6ece4e68c1c7ae177094f9b286b23c

Download Submit
/data/data/com.fai.shuizhunceliang/databases/bxshieldh.db-journal

Filesize
8KB

MD5
3d83f4aae94409bcb538505c38849d0e

SHA1
6afeaf69f9b0845dab73cfeb9056e066827b1379

SHA256
6fe41b23e1206248ee1ba791d5d5a63dbea5f74451b61c8ccbddaed4faa3a5e3

SHA512
12c39d57da0d52c4920d78535975f24a3f8293054ff98b2f4ac54fa56335ca3116d7bc3a65468365a4abc8a8273bd0a2a938b460d9ec930a9ed499c34da6f1f5

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db

Filesize
24KB

MD5
7d1c056c16a6be06fb8ccd9892f5348e

SHA1
258a236755c4b31071f9d40ed93ac3a820ce903f

SHA256
5e1549e1e7c5cb1e56265a5225f1ce583c48fa1c9edbfebefaed1d2285c0ff72

SHA512
05a11d54b2f8c757379517b69ac0dadfb3cb73bc31bf1fb0689fd8639cf87a2f1c6201231e8f68a98e014062c19f155602a189c1e5b5dec1c021104b0b47de1e

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
512B

MD5
62cb39b95a518ae8821d10b62e31695c

SHA1
7c0102a0ab753d97e583410ad3a0373518737713

SHA256
fa051845810b23e0336fbcda75407d8ffec679fcd4cb5c847eeb74637457674e

SHA512
87dc936de8bde258a4325b5327424d9d1ab6a6f2e0a82f76c131a07a07a875cd656aad8d3288a7642e77f1c4da4c3afa10eae7d180a202505239eecbf248dab5

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
8KB

MD5
3ef3d2bfa80c69c76950bd3da3633876

SHA1
41dc6fe0d0d0084564a38399a72898ffd273f405

SHA256
0db94be76b494e0b8fc3bf32cb69749d096ff2e389136cc5f55fc1d532f3ab2a

SHA512
47effaa29bf251a33e1905e3d98e076f3a100ef4b7e07bee8c878316e0afa32fc8ac4821321d00ca889cb3a48720a8baab226061a918f4f153903dc71cdc33a5

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
8KB

MD5
5178d77b7724647254627b8cd80a7f4d

SHA1
879eb0a74fc918d3f85ccca4bf4c9ef79746027f

SHA256
c443388a1b2d07d5dad2563c4f5bf549e0ef2d0e3d6e2376cdd39c437669e7ac

SHA512
f18cb8bc7fbd3285493c5df040414731d4aa43801b595e37ade135176de0a713aff8f49774005b599f73fe586c36a2eff19fa4ed6ee1a62d34ef29eb9f83cf2e

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
12KB

MD5
396c332bbce18dda7372a4b5a769506a

SHA1
0d9451449276459812a95d236b64d947c6db79c7

SHA256
57907ecc6876a78d4e09dd106890164b42a3d176ab3642afc514a6e41ee4095f

SHA512
e7e0184f0b9485679953973a12ef3c0b834296272a77568b4f7303a110f7ad0107223fe9a1206482c480402d6c51c7f2d4f56a1fa797e5e8653b745b654bd8ec

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
12KB

MD5
5e76d34dc9166da52c8d6ff9524cf96e

SHA1
fa03f24d786f0a9cff66c0cf998cd63d363a04e4

SHA256
b6ccafc55d5cdd1c930ccd11c243c3801cfa22b1d640c884768d75cd9fc84849

SHA512
81b2a0963bdac4f8ca49dc5a612da733e41c7ebee6071d269e63eb4bb662ab2ed057874a011542cb7fb5c3fad2b8b3d92cd6853af8a3040c246e715ca3e3a6a9

Download Submit
/data/data/com.fai.shuizhunceliang/databases/xshield_d.db-journal

Filesize
12KB

MD5
24397b6f61f966d96c411c2b495573ac

SHA1
9c02e597c7f3aec471a4c2eb7ef3fdcc76d04cf4

SHA256
3e4d7d96e4bdb363b6c7dc933a6ee0624e8f64e878d8daefffd6fe951bb32d1c

SHA512
e134bf3209a1d175a68de23001d05eac50539d2f7fcc62cb927369ff66300f67eafbac3f43673933aef774c1e3a5f3ac21444fb6248c5cfea80ae95b5e7fa11c

Download Submit
/data/data/com.fai.shuizhunceliang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI1OTYxODA1Mjk1

Filesize
1KB

MD5
ab9910c92a0f86b8d99a4d70e8160a1c

SHA1
b0cc8ed705a3e565b78663b4725ef0a59c5b35d3

SHA256
e0d2406cb294f3fb060f7602b8a0978d5f99f186e894b039b3e9f4d55eab3e8b

SHA512
f7d934da95a092616704de6e1b55cc9123229fc69a663c3efeeb826b4094d88825a9252d90f857e68ddb36eb13a73ac4c5e2ab1aad0f9b51bdba1f71154ffe52

Download Submit
/data/data/com.fai.shuizhunceliang/files/umeng_it.cache

Filesize
433B

MD5
e4cc89cbf7a1e98481475e33450a5d07

SHA1
4fc6f29d07e28a622698665ff9da5520fd7a5503

SHA256
435414f9c53efdca6be22018e0bc136bc7ff148fa8e430d15c97ee3d01a00825

SHA512
aa4f37d5749f15e095f38630436ac72cc85c7709f33cf50568769ae7244e17b07f259ebb1ae48f0a8e84624491d51a35197498b166677917a9b5a77e7b628ccc

Download Submit
/data/user/0/com.fai.shuizhunceliang/[email protected]

Filesize
5.9MB

MD5
59982b6941e25fd4f686ea57d8797182

SHA1
5f27176f9b7749df3f7776f9a5dbe8f893d058ba

SHA256
237bedd9e05e2893f42dbe8a731cd9963fefde4636b34cba058acc1275ab529a

SHA512
a7f2dcf3059c02818e79cbae6d1ca20a78f241cd52788b9b284ead52dce6215263a0a16de419d8e95527ffbe2230c4f05575570073ee6212cc58f643b864a372

Download Submit
/data/user/0/com.fai.shuizhunceliang/[email protected]

Filesize
177KB

MD5
de1ed0cfcb6b34834aaa131475fff7cd

SHA1
15e4ef8cd94be46564124a1d638e8d769906373d

SHA256
1113b01e3cb73beabbb6ef38fd1fcd8bee21e28784b5f3c9a729baac4023b6d4

SHA512
e92ff3fbabb5beed576b7ffce22bd868825885e25c209be5c37883f1553db0b4c56c2909ecc4088d2aa2823e1535b3da3ead477a46882d9a67495f8082645524

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
20KB

MD5
7f5298ca5961e92634ca4dfe4d4318a9

SHA1
620afd666d7fb361ba77865c50668edea4fae8a3

SHA256
cf4c9b622e0d756e78f24a7a385133882b89ed2ae5e3a607a3385d083a56a7f2

SHA512
5939b038d7fe34d74ce65680896c0ce158a7eda0189d439121c20f327daab05e167447ce47844346e1658cfb8b9c6507ff2d672cb0da9e13ff83543654d78b65

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
12KB

MD5
1a2ea8f8b7f4a7e62a7833a444a8c38c

SHA1
1fa99aeb08d0aafab06b05d5daaa10e0b822355b

SHA256
8c2b9ea3dc456034501a4ce4467c7e514ed735a7b7ce5c83a7bb38c69cae49b9

SHA512
33beef5e5451f9cd880b016b0c800f0916b861dcc0bb77c9f0aae93ead3c5ff0d8242bc255ff8871369a0b594bd464e3e37390d0d757b91f89f0abdf62596421

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
b7c87536e337a627983aa76b128031c8

SHA1
771149661b10af767326b63a2f13266a64c0128e

SHA256
6fe09ed73a97a83d7c53fc92c0bc83cdaba6340334b95301675ca66db627d10e

SHA512
c627094964b2c8c8d812d46c54293b15ac7694995a15b27bbf39280deed092c70a53d317342f13f9d747931cdacb75278241cd29c57ae92e6bf0d98c4bae8548

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
8KB

MD5
9dd21c1b421e6c87d2faa7378ef1dc08

SHA1
7fdf810811e1ae05ddc6b45c4b07b7a89634b3d7

SHA256
db844ae7cd25d34879c4325f582b77b2791222810dfe81712e7caae96ef71692

SHA512
48ce2a49e2e54fdb7ee7199284525b82802ba76345b768d95e458ea3bc15affc01c5b1fcf0d67c29025b4f41fe26e12830c1f9f2cfac44f01c168ee6227bbc6d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
8KB

MD5
3e4bc1a8328106dff3bf97263037b28b

SHA1
043fa94f27bbd5844fb90b5c574873f9e97931e6

SHA256
bc49f9c7d2425d0c697c9755574ce5bd92f0b9cc1251ac42c2e7fcb286b62f8c

SHA512
c5333c30dfab31b1abe1cc15fb076dfa22030037b7ae8d6bab02b86a61779a0a4aba0eeb30a9ebe1065e7a864902abdc451f78f25aa12cffc4417e2f2a6213da

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
1953d8a6a5c961b44774e8c4dae79519

SHA1
0001c5a7a5961d80aca3d0b9c3995de6e3cfc181

SHA256
5c97ab4607465736d4346f057ef5ea39298aaca9cb748c10350318041fe02139

SHA512
e506ccf4a9545f394c02fa63ab3214c5385e8babc499a726e42a8a98a487604aa94e3e8caf25ff98d39ad7d670f25fb8965d7a7f4999cb54cfdeb752361afb13

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads