b4021224f94aa43d36f424762db91839b5c8862320d4c6a288926754eba09c4f

Analysis

max time kernel
149s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12/09/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcbaf2c9a505337dc7b76e88f5e60a3f_JaffaCakes118.apk
Size

10.4MB
MD5

dcbaf2c9a505337dc7b76e88f5e60a3f
SHA1

3d9c4e5706063798795bd4318fcdf1fe05a9f75f
SHA256

b4021224f94aa43d36f424762db91839b5c8862320d4c6a288926754eba09c4f
SHA512

a6c8cd5ac0302bd9f0ab6cf6e4703022a048db4ee972e98f9d64701633b437ef217370777fbbdadb540114365194b8c487c255e004c1815bae599038faf2937e
SSDEEP

196608:f/JWxA2uFSxGBvwx7yhx/vwFC73HyuoEUExjAJu40gwA:462uoxi7Rj73P1UCjAJuhgV

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	com.ddz.mobile:channel
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	com.ddz.mobile:message
/system/app/Superuser.apk	com.ddz.mobile

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.ddz.mobile/mix.dex	4211	com.ddz.mobile
/data/data/com.ddz.mobile/mix.dex	4338	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ddz.mobile/mix.dex --output-vdex-fd=48 --oat-fd=51 --oat-location=/data/data/com.ddz.mobile/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.ddz.mobile/mix.dex	4211	com.ddz.mobile
/data/data/com.ddz.mobile/mix.dex	4534	com.ddz.mobile:message
/data/data/com.ddz.mobile/mix.dex	4534	com.ddz.mobile:message
/data/data/com.ddz.mobile/mix.dex	4903	com.ddz.mobile:channel
/data/data/com.ddz.mobile/mix.dex	4903	com.ddz.mobile:channel

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ddz.mobile
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ddz.mobile:message
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ddz.mobile:channel

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ddz.mobile

Queries information about active data network 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ddz.mobile
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ddz.mobile:message
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ddz.mobile:channel

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ddz.mobile
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ddz.mobile:channel

Queries the mobile country code (MCC) 1 TTPs 3 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ddz.mobile
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ddz.mobile:message
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ddz.mobile:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ddz.mobile:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.ddz.mobile
Framework service call	android.app.IActivityManager.registerReceiver	com.ddz.mobile:message

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ddz.mobile:channel
Framework API call	javax.crypto.Cipher.doFinal	com.ddz.mobile
Framework API call	javax.crypto.Cipher.doFinal	com.ddz.mobile:message

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ddz.mobile

Checks memory information 2 TTPs 3 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ddz.mobile
File opened for read	/proc/meminfo	com.ddz.mobile:message
File opened for read	/proc/meminfo	com.ddz.mobile:channel

com.ddz.mobile
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4211
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4267
- sh -c getprop ro.yunos.version
  2⤵
  PID:4288
- getprop ro.board.platform
  2⤵
  PID:4267
- getprop ro.yunos.version
  2⤵
  PID:4288
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4320
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ddz.mobile/mix.dex --output-vdex-fd=48 --oat-fd=51 --oat-location=/data/data/com.ddz.mobile/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4338
- getprop ro.product.cpu.abi
  2⤵
  PID:4423
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4720
- getprop ro.miui.ui.version.name
  2⤵
  PID:4720
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4745
- getprop ro.build.version.emui
  2⤵
  PID:4745
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4789
- getprop ro.lenovo.series
  2⤵
  PID:4789
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4840
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4840
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4926
- getprop ro.meizu.product.model
  2⤵
  PID:4926
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4993
- getprop ro.build.version.opporom
  2⤵
  PID:4993
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:5086
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:5086
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:5165
- getprop ro.aa.romver
  2⤵
  PID:5165
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:5223
- getprop ro.lewa.version
  2⤵
  PID:5223
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:5279
- getprop ro.gn.gnromvernumber
  2⤵
  PID:5279
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:5359
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:5359
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:5439
- getprop ro.build.fingerprint
  2⤵
  PID:5439
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:5486
- getprop ro.build.rom.id
  2⤵
  PID:5486

com.ddz.mobile:message
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4534
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4566
- sh -c getprop ro.yunos.version
  2⤵
  PID:4603
- getprop ro.board.platform
  2⤵
  PID:4566
- getprop ro.yunos.version
  2⤵
  PID:4603
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4764
- getprop ro.build.version.emui
  2⤵
  PID:4764
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4815
- getprop ro.lenovo.series
  2⤵
  PID:4815
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4880
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4880
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4971
- getprop ro.meizu.product.model
  2⤵
  PID:4971
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:5036
- getprop ro.build.version.opporom
  2⤵
  PID:5036
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:5142
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:5142
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:5200
- getprop ro.aa.romver
  2⤵
  PID:5200
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:5266
- getprop ro.lewa.version
  2⤵
  PID:5266
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:5340
- getprop ro.gn.gnromvernumber
  2⤵
  PID:5340
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:5419
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:5419
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:5471
- getprop ro.build.fingerprint
  2⤵
  PID:5471
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:5522
- getprop ro.build.rom.id
  2⤵
  PID:5522

com.ddz.mobile:channel
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4903
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5015
- sh -c getprop ro.yunos.version
  2⤵
  PID:5061
- getprop ro.board.platform
  2⤵
  PID:5015
- getprop ro.yunos.version
  2⤵
  PID:5061
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:5117
- logcat -d -v threadtime
  2⤵
  PID:5533
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:5576
- getprop ro.miui.ui.version.name
  2⤵
  PID:5576
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:5601
- getprop ro.build.version.emui
  2⤵
  PID:5601
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:5626
- getprop ro.lenovo.series
  2⤵
  PID:5626
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:5651
- getprop ro.build.nubia.rom.name
  2⤵
  PID:5651
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:5676
- getprop ro.meizu.product.model
  2⤵
  PID:5676
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:5700
- getprop ro.build.version.opporom
  2⤵
  PID:5700
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:5726
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:5726

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ddz.mobile/databases/MessageStore.db

Filesize
12KB

MD5
d78d9f9bc42f773d7d46792ab987b4d1

SHA1
5ae90cd4d3500c5f5c9deb5820528cdd3a2b45e2

SHA256
01fac1f9d61c211d4fbcb04cb6021c4a37fb1f1ac09dd3889e19fb105f7cd92e

SHA512
84c39e6fb0426a4f55ecb5311927cdd34c56bbcfa00a3831adfbe0466c67e6e8272f88d01a5339cd79fe903b63d492949087330842b5b475a4d1f792583b902a

Download Submit
/data/data/com.ddz.mobile/databases/MessageStore.db-journal

Filesize
9KB

MD5
8067c587ed8d770392f62847b31f846a

SHA1
c4bc4e7a4918c4123e432c63ef7d8dfb48ae4179

SHA256
eabb718489446bcd224bcbadb5761a251011396e38d8fcc05f23f8936bbfb0cc

SHA512
94d4641baff3c1bc8a090c2da65cdfdb24d4220e5e138228ebfe8de80699e084838d920e9509d85b7e9506ac762ae3948cb62483452c9525a6fce90a6abf3e97

Download Submit
/data/data/com.ddz.mobile/databases/MessageStore.db-shm

Filesize
32KB

MD5
6262c8f9018e5ab7751d245c4dcd9fb4

SHA1
c64825a77034c6cc596b4dace5325ce9a748e8e1

SHA256
6546348bc553e9e00f3159be82b33d986e77ad8d752d2e95e00a63d86d6d6656

SHA512
df4e0c96877a2d941e3474e5a4ff01a073b054d75942c9b54dfffeafa6de92383eda2031c05151ee7d6a121897baf6c0204fd7f640e8c0fc76330450fbd8ccc3

Download Submit
/data/data/com.ddz.mobile/databases/MessageStore.db-wal

Filesize
72KB

MD5
292515c495774488cfaf1727ecb1c6db

SHA1
05e19931440900b52a502f3eee70305951dda808

SHA256
efd25d4e4984b34e1f56cd707dfb94404150b33e79ade3017bc75e3998d9cc49

SHA512
5a96eeae2b4dfb17941b7ad4cdec1527999032cafd91817be251001912a749b7921658a99c727179cd7a34af8307beb018e46a385c6de692a4a8fe42d09ddceb

Download Submit
/data/data/com.ddz.mobile/databases/MsgLogStore.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.ddz.mobile/databases/MsgLogStore.db-journal

Filesize
512B

MD5
8f068f23769da35370ea85cc07d4bcd3

SHA1
eca7a696fe2b8ce299a2470935b94cfa512102e5

SHA256
a6e9a8470c0bb59c63617dbf21318ddaf947c708d29e9a10f1c0cd142ad2f953

SHA512
8dd3e776167e2968f3b65dae8349848f73cce038e4d99983fbe1eb5ea865626aa61d5fa85db992ca3e3779cfa226dd6a47e0178b14e4ac9452e7d63426a0fa6e

Download Submit
/data/data/com.ddz.mobile/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
cd3deafeef1d4c4ea45521057e8a849d

SHA1
df269a5093aa720258fe3af7974c1fa59fe39a85

SHA256
2e61366d4e4c5753ca3dcc08e1864831f0b14b8534e3da867f926e6f4ae97140

SHA512
3ad7fe08770fa3d51be10e57f0fee9a4a2e90216ffffd4116eae6b1a0b5dafeb6bcf0696d35d9eea63f4e7876d560ad05b4ea2085d73b2ab839c09446c42cdbe

Download Submit
/data/data/com.ddz.mobile/databases/accs.db-journal

Filesize
792B

MD5
3e2c9ed8d576a304827c905f485ebf28

SHA1
efbed51104d1c74e5720a1b9235d643b056e9ea5

SHA256
b9b9aa0b036dd97a715fe4d3f3ce1986c0a259762305ff2a3aa718cbc87a8fe2

SHA512
21ab4e6200d7990d6b331cb84612b45fec57a223c3ec8de970ec0139fc02bd5bebeaf6e4802c1c09d04a9783137c875a03426ab8139811f6c76ccdc014694616

Download Submit
/data/data/com.ddz.mobile/databases/accs.db-shm

Filesize
32KB

MD5
a1187ecb72fa73f763a50bdd0ff8059f

SHA1
acae9ca7e7322e4aa8383edf7635db3b218f8300

SHA256
e99c3b31b30f28a4a131c13df4e17961693968b533cdfdf71d8d2f58f3f74225

SHA512
7e81570e643530d183189e77a398fc45a57faaec7b2706e84f664a063e40586bca984314ddb64740d5dd1b228778e33f91996d1a58f7d3d5676e8ae63b1b72d8

Download Submit
/data/data/com.ddz.mobile/databases/accs.db-wal

Filesize
32KB

MD5
22c57e20b68a378b0eb5a640dab74e5f

SHA1
8a65bce4b475010ce4014112a62541fff997f521

SHA256
bbea6c33e7a58690c19e7e6555a4eeec4de4718750f4f83dd8b373d1daac07d6

SHA512
807413d3131783df88d44116ac1a1e7009285579f3ad7fc6dfff06a2c2e2dcd6cacc3e33cb1c3be6c15e33e9e1095f7f7aa838606c6cbc7883ad21a6aa49727d

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
233KB

MD5
b9d6d71e8dce8e97bbb6792bbbd46127

SHA1
f4a7b60e7107c814845e6debed39266d773fcf36

SHA256
16a6ff52bf52111c785fc8c5f738d4daf39055c97cb13c2616e30cda834cff9a

SHA512
a891f7db1825f21afae35f5e99644941bc378ad4acd64ff219d00ef9b33beb1a25f3ce2d98d77c08189181c8db02d82b6ac0e43a116ac02e8343a0b2e6a1776f

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-wal

Filesize
209KB

MD5
8f042f3e44a9b9e3e7c0d74858cabcde

SHA1
6791540c072322d971984abaff30f5928f487007

SHA256
b6abd3edca33a4de9cb3a6aa7ff9652b03ef06ca1a40979383e6d994a648b140

SHA512
717974fe9a98e1bd9a4d232d8e51c51883ac81f15c97af7c6d6464849e57d5e9c58dba50dd73d474a67ce6c77b1d83ab18431e1aa9826476622826f35af7fb14

Download Submit
/data/data/com.ddz.mobile/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
4138a7930123ba6e2eaab33c5e3ffbc2

SHA1
03ed8a65dedf1abab1031d79d032f02a0857b656

SHA256
f677262836197c38039bb8b03ce9a68e0d8e93fe8d358b7168c98d097917b058

SHA512
4bf1b363bf5292bccd0a9ed21f5d8f4ce6e3e9cbf1e9467a63c21fdc4cccc0362920799b40f995e97fcebcc35c89bf2bbc95b411ce1f6d8ed35dfe65972e79da

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
651c3625709afacb0f54ce8901c7412b

SHA1
7b0f38d34c48c2a28687a1f57cc7b160ff2aac01

SHA256
b85c65e8864603b22eea4f9239ebcb2e84ba02823554e0740b54290a345caf4b

SHA512
f1961c0249d3e04eb33fb441c1d92705bb689986d9a59e6cfca82f444859cd7a131968e0b270a416ae1a3813a4687c7c57dd1f3d34478845ed2d6eb87b989efe

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a8caea66814948ae308e0ea308a8bc5e

SHA1
3d3dca3ca0f67354f4c2a2693d8b0c3603fac11f

SHA256
70dc43ba37fbf8ce9d1aa6210d910573d2d6b0cfbab466a857e2b2137e486542

SHA512
bdea5b15967d213e95ffb0374b1f9be335df376288ddfdca0a946f259e4a7ef2176ec9c5bceb271b0e020b20d99068738a9bfd8c8fd927bd8b54279bb6819187

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
1b3abe16fa0992327c8ad5a7d7801dd1

SHA1
14f7697ea31042122125b2e2ce3abf2541360bca

SHA256
72039b43279eb276e4e63e53af56e178502806c9d8f72cf7beed5428c1351867

SHA512
501f58a3446919bd6dfaa2f88cc6188f44fef03ac0075cd5584a6ef234d36513fbbbe21841999d6feaeb2121acbe12cd2e33a267d43d04bb42e4129203541092

Download Submit
/storage/emulated/0/Android/data/com.ddz.mobile/cache/980ebf7b4c824291a88212e385a3d29e

Filesize
1KB

MD5
4013f922d6e2b5127df7532c533abfa3

SHA1
d2c113e1b1527a8525d50ac571499d2cfb04eb1e

SHA256
8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e

SHA512
99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4

Download Submit
/storage/emulated/0/Android/data/com.ddz.mobile/cache/c29886fb648e46fa835f9209071e2db8

Filesize
5KB

MD5
5d40ef2127e17ccc43a6784de48f43a2

SHA1
f1e1f6fa4e80a815245b13ad8f33bad5c793d274

SHA256
58891a896bae43fbbbbd860a948e92054539e6ce13c1e10d24525ae0bc069b08

SHA512
4a7a59dc6e5412967e922e53b1635759ba3530b39d038ce22dbfa3421714ad85241dd677569c97f9c10d5884eda2cfbc9f7e2b538854157fe1ffdff142a90f96

Download Submit
/storage/emulated/0/Android/data/com.ddz.mobile/files/tbslog/tbslog.txt

Filesize
6KB

MD5
627433b21d47f7389532cf8b0aa26f42

SHA1
18ef7a66259fe4e3fad9677e04fd1d69239d820e

SHA256
714ed353624476c32bd3436980aa4361efc5879c864198e50c039761a69e2275

SHA512
8cc1c10748913cd70bf0b7fe66a02ec4a6548e834f423527ed75cadf32d1425a36677fffd8e1216425285d6afb96de97a3456e09357f548d8b3436eca40f69c3

Download Submit
/storage/emulated/0/Android/data/com.ddz.mobile/files/tnetlogs/inapp_20240912.log

Filesize
76KB

MD5
a994643add8c0c1287c8c586a085e32b

SHA1
7eee1c7f4b0bc0c60cbea0286bd11ebf0c3566f1

SHA256
d0a7b739433ca0e1dda2a06427f090aecaa03cc48532ad98ff846f6d184eb834

SHA512
37165bc9238d33a464ed5f441564ae3980af9758053b8bf9263446746f4cf82cabc41ed70b105d487782844a00ed87353cf7dbda8a9ad00353627444edb4a465

Download Submit
/storage/emulated/0/Android/data/com.ddz.mobile/files/tnetlogs/inapp_20240912.log

Filesize
71KB

MD5
2cf126c2bfcae99821ad422c9926db2a

SHA1
2773df3e318dcc07bcfd5ca91a8700c96d72b24b

SHA256
fb14520f149fdc2ca65b0d2b23b1680403680dfde1510fd34ef0e4e1173874a9

SHA512
92218325c97213294da36ee15aa2ffdc1bad6f2d0440500b1a00ee6dd992442c9f9828d15efc82156b0fbf97eea6bc7516b0ed12de2447cb9d69eb27e62b1823

Download Submit
/storage/emulated/0/ddzliao.txt

Filesize
16B

MD5
4b75c50754c47755bb6178f186fe81d9

SHA1
052f5e320f526cf3cb4ce981fe49b8e1f5d6464e

SHA256
db76e954e8a83bf685d0ae8f4d80a14ada31d442f60aeff7423457a2474931b6

SHA512
51c5d86f35f4cf6fad0753e03ece31b7d17f1e2be8e63e013dc91b9ace99b1ad92608791495592311d71e53a6f377b0e7eced23ea91be2ed1a19f20420d3cf9e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads