Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-dl1hdstflq
Target 4b27e176442efa3700cf6a6d8e957264_JaffaCakes118
SHA256 4e5c78ca2ff01ccbe8eb04335a2fb9355efec277ef69d59c42c65119093d5f48
Tags
discovery collection evasion impact persistence ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4e5c78ca2ff01ccbe8eb04335a2fb9355efec277ef69d59c42c65119093d5f48

Threat Level: Likely malicious

The file 4b27e176442efa3700cf6a6d8e957264_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery collection evasion impact persistence ransomware

Checks if the Android device is rooted.

Queries information about running processes on the device

Reads the content of the call log.

Loads dropped Dex/Jar

Requests cell location

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Changes the wallpaper (common with ransomware activity)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:06

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x64-20240624-en

Max time kernel

13s

Max time network

156s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x64-arm64-20240624-en

Max time kernel

13s

Max time network

133s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x64-20240910-en

Max time kernel

143s

Max time network

152s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 pandahome.sj.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bcs.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 13.248.169.48:80 bbx.pandaapp.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
GB 216.58.212.202:443 tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x86-arm-20240624-en

Max time kernel

140s

Max time network

153s

Command Line

com.nd.android.pandahome2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Changes the wallpaper (common with ransomware activity)

ransomware
Description Indicator Process Target
Framework service call android.app.IWallpaperManager.setWallpaper N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.android.pandahome2

com.nd.android.pandahome2:hilauncherex_start

com.nd.weather.widget.WidgetService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 pandahome.sj.91.com udp
US 1.1.1.1:53 appuse.sj.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 103.27.6.115:80 appuse.sj.91.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 hltq.91.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:80 www.google.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
US 1.1.1.1:53 m.weather.com.cn udp
CN 120.52.95.235:80 m.weather.com.cn tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 218.12.76.167:80 m.weather.com.cn tcp
CN 103.27.6.115:80 hltq.91.com tcp

Files

/data/data/com.nd.android.pandahome2/files/channel.ini

MD5 890bf11cbb1c951863165804c85b1934
SHA1 8b19717d286a0e73eda16b71a9d782a6072e8f2a
SHA256 312320631b49c37b499398a8409e361cd03af54cc59d4bf3129bfc6aa5ed14bc
SHA512 d2c2882a0e77b70b76e4221f63a024c0edc421e4f0fa5311a68c14619e4cf57e1ecd366aa3fae16ea1b8ca399de118a6d45418ae264b76c49992c44df0ce11af

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 7bd38487a75d79c3801f2c1abe777e25
SHA1 9d0759a735525f520ba321d8535d83f11009c651
SHA256 29574ba67c858a3f58f4c3890fa7f3ce872fa42d3f8a323cc75cc9109c1ca51e
SHA512 a9b84a9bf3f91727f37a22f8295a22c0d83cc8d6966a53f9571859e9024534b21e8abe1d685be05320e176d3ceba3550abb5e524c55922c214ec8a4974f7e6c8

/data/data/com.nd.android.pandahome2/databases/app.db

MD5 9584ebc23ee6cd5d04d4127f7499c75f
SHA1 7150cce3ae9947b0df48badce7ebd06ff1e430a0
SHA256 67693ddd403e31787cb5efa26d1d49023fcb36078b5f07308ea5cd49911baa85
SHA512 d501d083ff60726476592785055cf9f8df8cbfeda2a719acc634a71416d69090a76a08dd3d74d6b6774a27c712523b878496faf72fd2dccd60427e9901979136

/data/data/com.nd.android.pandahome2/databases/app.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nd.android.pandahome2/databases/app.db-wal

MD5 cd9b54c38c402d55c164ae899d37c635
SHA1 35e21f54d1a6eb2d18e102f8bac47e473cf56ba0
SHA256 5fffe55a33a65fc20cf96654a14e68686d1a7ad36e466c2ee7b75763fa7bdd4a
SHA512 68f4d8fb114675e260136694989854831adbc73357c34abb1bb36da480614b30d034d65fc34a292602dfaadd1a777d7905e2af6d4f512e1b72979e83a2a0e4ad

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

MD5 c50ea11fcec34dab0f739e2e971f64eb
SHA1 6f3b62dee30a765d1dc2c2525dcfbcd5691100ff
SHA256 1333ffbc55ccd6589f5be7230b254aec804a2ba7fdb56f2fddbfd17613686dd3
SHA512 0145e01742921e2cf42a585274df52f721684ce403dfb262688a28d2c585cec736921bbe0b5f16e8a2da203fe0cd09c0c73c0f4e83bfc3b36bbe4f2489ee64ed

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

MD5 e64c00a97a024b691c0941adebb532c7
SHA1 1ca8b9b3537a8bfb0903bf72e9506dda71caff69
SHA256 f1c65a4fbafd0c141804b4494712d18aeb29d3f493ee6a0f88761c5e178b11e2
SHA512 132905d686e7acca2e51485afe5e6a156f47a8979dd4bc164b855e6b78a236e3e77fbe659967840d8436171bfc87c40838ad99eea3a40ddcc6e2e07046df8794

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-wal

MD5 cbfd83bc2fa82c839b029aab0855b531
SHA1 a911289c75c497b47653981d8c94ec611f6702d7
SHA256 26d4032501cf9bdd985c5397ad63a83b736275283720a1d64231519f5376ab9c
SHA512 c800c81483598ea07c24338f8186da7c8bcb74039b1e9589729fd8907077a57a14c33af3f9a835b89a3e3b131f19ba5a0e2eb79d249fd89a2615d8da54323a4b

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 bc644b1e083b38e8ed848fa9cfd266b7
SHA1 27eddadfa02ee174be66cbd15a7ff92e9f183751
SHA256 914c783626c10883688c42fcf8609e5681b827c194274c64390b331440f4d995
SHA512 82a6d07d5e91a449b1bc67498f20191ce0606867584ec692496e01f86c72c71253bb19fd059beee9b900715347890b93dd3828eb457345a45dfe287fb65a2c6a

/data/data/com.nd.android.pandahome2/databases/config.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nd.android.pandahome2/databases/config.db-wal

MD5 7619b760331b53e3aa2c2c7b6a2569ee
SHA1 8f05081f15a5150cfbc9037a09e06d7bb47da98c
SHA256 3ced6da9056c1019ba11c64292e64c537cee3770f284a51b6d64d2ee650bb5b3
SHA512 60d62fd24cc54d27c7b7e9f35f3e4a333491fe15baa6c1a1d8a76fb067a7d42fe11c9c6752a2a59e4ee883bfdbf201a48c5c38b1f48df76a4ddefc5b05e060ff

/data/system/users/0/wallpaper_orig

MD5 e4cfe1c067de70ab221cfcb793f39fa6
SHA1 4b5dbea3cbf0d0fe6e475d1806fe918ce9a42646
SHA256 8c0d9254067906cfd57ad2b47757e9a5149a9d0990f172226a91f74be6253ab3
SHA512 50401c4c111501635583e0c3d2c1e55f5b871b0143c2f705bf7c0891f443abcc904ae1a6070f571018a2599797f343394c8e96e4b01a23dd7d42f95f3d575188

/data/data/com.nd.android.pandahome2/databases/themes.db-journal

MD5 bc1110f48c51c205a6ca14616af8c9f5
SHA1 4a20f123b67c7b13334c95daafa4fbab65eb406a
SHA256 48aaa8e31ac0fe7531bbb7c9d5a543297e0dda9f40eff83f5685ca574d31914a
SHA512 f1a2458db2f7ffc48250f7ff639536d21ff18a1d188f08b3b4593aea49a27857d3ef827f64997fa9ebf36f40625fff46d66d398bf420c8cf2951230114951d6f

/data/data/com.nd.android.pandahome2/databases/themes.db-wal

MD5 8c1f79ab7e76d55b9d2f9c4c13470d61
SHA1 1235a165187f9812e3410242d01e92dd60bd08da
SHA256 efd369423c63e531c908998693c0915ea6a25fc0b1c2f1542e38dff74158e26d
SHA512 71e3adf378ff65cecdec639c9c4dd02e84f881fd74fb76e208f0165ac6ec5e6a9990ca25e71c0cc4364b6fc8f7f8b6a1f4769b96772e713286e2bde0ccb6bf20

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-06-56-1729048016653.log

MD5 1c95a3e0b1fe56fca8b291770f326d08
SHA1 333fa836cd9586ba97e8efd66c28f5fcf366c949
SHA256 d9d1643bd23f453a795e63a660c970d478356433e2c4489fe97a4efdaf3ef606
SHA512 0e5e3e2fb1d7ff486f977dd8c9902afefbeaabde432c7493f14c5e98b1d1a70bd32fa30a3b2b0b18144148cb367830394ff8b0e02ab5e78ec09789219a346292

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 f909d1f695198745491e3d663f59e8ff
SHA1 3a38fbd49edba1c494b192cec61072f3ea8bb055
SHA256 158fb08a78448310fe604dd9af29cc89aa920073de3e78488e6d5bd989f6c54d
SHA512 eafac5b96eca21d755b1985dbc8b3a0cfb7b111461edbdbad3c7f58119a3763e7a8a0da4cc225a34ad391b42a3ab5d9420a09593579c3b9eac9c522e6bd8861d

/data/data/com.nd.android.pandahome2/databases/launcher.db-wal

MD5 835e199a9755a386c36b3b8909658548
SHA1 5cc63ad43eeba06ce98f661c8e12fce5b4781648
SHA256 d5200187dfe9aff4b0e930924ecd5236522d2461acd8528da3dc95a4e68526ec
SHA512 d9a80c1a109e017ca3ac065769a93431e3dbc90deacdf703c92d613ae22b5b5b033fe6f8609966ab592f51ae544b35d28836eab2c1c41a67e8a01ee492d78c1a

/storage/emulated/0/baidu/.cuid

MD5 1adda89fde45c9f8727f35463b7abba2
SHA1 745f259f1aa520e9bc8385ab7ee3dd42acbd4959
SHA256 5a672296f2a34546f120e31a0cbfb483f31496c5647cb087727c63be53784544
SHA512 892b7b6ad5806ce3c4c27b4f3efde68eb4469ec6910b465739e293d4f6730c0e19772ffd62ec3be77076fda8c66329afd9bdf49aca7c647f557a76d1fc8f8bc6

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 07a164a37b7e286ca1226e8d3ee58cbf
SHA1 9cde6867d9e53767add2c53a03cfc0421010c4bd
SHA256 e36ee2cdc4045f32f24657051f5ef89fd3152703c5a3f7b096566a1531c6db2f
SHA512 8cff0fbc2cfb3ec03969f21df22ce6409450436f1c2bd61cda29d630f6fe32c63a51453a28801d27e7c1660f99fa224eae6fc7ab68a4e8fe0617149cd9509ab9

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 ea0f3a9d6c543dc2264aa030885cfba1
SHA1 af88830f82600cba5af2de65e4b6c83ba7f4b8cc
SHA256 6da1ccc90c91c890652a20dbb91d03597357514562546d528717acb005bd6046
SHA512 48e4a1fc8716597fa8f43e65871189023558692a965e9cc3c5ab8e87de21a141279cb34e68e3c329895b2c8308fb98da1bf9aeb8599fcae0d876d286ea3faa56

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-00-1729048020184.log

MD5 c1b9e7ce706cec9a6658dc5ff2612de0
SHA1 fe3bf923a6088bc133c097bfc41fa21db27bd55e
SHA256 80d6ddcb636f1c7b2c8d55442b8a4ea9c0706eea6f4cd75e71e3e107bc4767a0
SHA512 3751720be2afba1840267949c889f8fbf49ae5dade65790d20a64995bd2da2f3db7fc8e4ffde7da21a69cdb25724fe51a63a4cbf490036d470d53888937f2c6a

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/data/data/com.nd.android.pandahome2/databases/data_center.db-journal

MD5 96104e519be88b487824f3dcf2e03b94
SHA1 e6234c277c72a1082db3e06e489f4b9200a1bb4f
SHA256 645a34243afe4b51b47d27d573e5ffe84c029cf430111bc4e606ecb2a95380ba
SHA512 ad59e9a498249688e7bf6b0a709011c796f0e1bc8ecb853de17c20601fa831ba2e11b32fb6a3286f3243b503fc28b76b3dede9f6eeffb7ce949dc2d7e1c180e3

/data/data/com.nd.android.pandahome2/databases/data_center.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.nd.android.pandahome2/databases/data_center.db-wal

MD5 0cb4ad70a09177744989a5e8a069a8a4
SHA1 3ebb58a90ff3151ed546558e1bafd8a7146dba15
SHA256 d76419d032c015c49df336a25a510b03e01d8d8efd08423e7ac0f6d0db9cfd92
SHA512 69cfceceead26fae786321e02ca5302d57a8e63e42ab33c1e02a8dcb0e729d1efcf9b5b2867390f297505355001147b466284507c8e95a469188e6d5da98950b

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-03-1729048023867.log

MD5 943e6da5525843a73a2d2a4d30478b4a
SHA1 4c0b0bb45fe4b1808419d8919a66b83ff954f6fa
SHA256 973eb6c10d6ad648b57375dc493ec5a70ba5d4e3062ce7750c924887b45907ef
SHA512 b7051cfb28cf61554d59aad926b724c6db1dac18d53d356e692bc2889d06f7c26a958d83f8e9456761509d573565037c7abfdd916d7c2945f8b3f7805f3f82ca

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 3bd696c321796a47c66e5e2db269ea87
SHA1 b044d67e60a819013e84e6ad9b46d0f22080cc45
SHA256 4d70d32b95afff51025b0e7273289ecf603bc12617be52a1f90485f7bd5a75ae
SHA512 a2795a87fef6ecbf1ca024e2b4cd066a5bc40b21acb278f5dab0171de9cdfdab60cf78c84ae07cdaaabad8fb421a0120fe10600c85a2aa4093936ac2f053484b

/data/data/com.nd.android.pandahome2/databases/User.db-wal

MD5 92580f450b22c9d7b29cdfb7842e9327
SHA1 0d8bd7941cdaddee1c40514e7fb7862d9f469cb3
SHA256 4970b4f19850cc3da14f8f07395155bb0f2833118cedcf2558314712b9f6c296
SHA512 e3873f5155875ab101e5b00ce6237a5fc9934ac3ec4f47e6a36f5c28511e2fd03fbb82a4fbe1f3d9eeffeeb53301b3364e78a114d6e1ad407b27fdcd0f3f2419

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-05-1729048025370.log

MD5 36926fd8620b3aaaba587764aab516fd
SHA1 bc529608138041fa597096a945f82eff14956058
SHA256 14a5358f5423815aa20a7277e3478f45833c7bb6e8e80485b22bb851d9148d5b
SHA512 f7689aa9e21f3ee795da2bcdda16830e06e5a048871d5d67f6008cc508b5254a21a36c46c990930034f9c168a453798c39980a301a7661bf481146c12a53acc3

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-wal

MD5 d614ac206e4ead70783d77313c595e48
SHA1 2dc2dd393a4350addbf4fb6ddcbe9fb594ef2a2a
SHA256 cf82f89a27c5497edd46311b7f0161de930f4c8004ca27cb440c9784b275f150
SHA512 d798a25c6f33d528074e2591713ff4c421dc0a4715f8ffe5f2c5b6a74e287afb837f438b36243b4757d394bc8084b2396ae7fcccc3d37d3e15bcf5dfc843000a

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

MD5 bce410149da7a4e438bf816bbabedfdf
SHA1 032fb12120682109ba9ede462f9340a8e051d88d
SHA256 39b578a56e97e18475691e0843c68e70db13bc488b4fa62443d2f59cc92fa0fa
SHA512 15f5d9c68939321bc5937d026b5679971306342b58750eb549ab2607232dd1eb2a7c0497fefb2160368d25fbfc27b660c36e0b75e95d856a416185c8611e62ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x64-20240624-en

Max time kernel

142s

Max time network

156s

Command Line

com.nd.android.pandahome2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Changes the wallpaper (common with ransomware activity)

ransomware
Description Indicator Process Target
Framework service call android.app.IWallpaperManager.setWallpaper N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nd.android.pandahome2

com.nd.android.pandahome2:hilauncherex_start

com.nd.weather.widget.WidgetService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 appuse.sj.91.com udp
US 1.1.1.1:53 pandahome.sj.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 103.27.6.115:80 appuse.sj.91.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 hltq.91.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
GB 142.250.187.196:443 www.google.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 103.27.6.115:80 hltq.91.com tcp
US 1.1.1.1:53 m.weather.com.cn udp
CN 120.52.95.235:80 m.weather.com.cn tcp
CN 103.27.6.115:80 hltq.91.com tcp
CN 218.12.76.167:80 m.weather.com.cn tcp
CN 103.27.6.115:80 hltq.91.com tcp

Files

/data/data/com.nd.android.pandahome2/files/channel.ini

MD5 51b8ac68029cb1a9d6a499950e800b73
SHA1 cc7bbc8c65a9a3b7d24d3b6f89577355952a2914
SHA256 d0a3a26f3339589ae0c2db0505f4cf1d8b7b64afe5d253f3d4a0c3f807ad9417
SHA512 687e207c2a4973ccffe455532b869ab487e6947c658e7109286329f5d1336750becd49d2cf5c13d30e9adc95450aff605750fc9fe760acae13b2bb65fe462370

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 f2e2d00cfb25555d2acb63b2cf591bc6
SHA1 aeb409ca36c78e6c5d56b8b551bd7fc3f41d052d
SHA256 ddd57278a6c761579bfedadaaba40365f2432c3d1623760df682f42585160c33
SHA512 88b5c0e22a42f7e32e32aea6a925d12e887487d19e20739634cf62fa3a2e7d4571d1a36756f5c620e7c34ced7fa0235eb5f43e7dd7cbca0bbd344114725f27de

/data/data/com.nd.android.pandahome2/databases/app.db

MD5 fb1a4ae0a3f8fd1a3650f42db5e367f6
SHA1 204f123e903b93a7c13976ee56d3fcde11939e03
SHA256 ad915aca3407344023ae6d3c877e6a0e6007931fc779612c1260483be0da58f2
SHA512 326768a24fccea844d0c60a9d696c42a0662742894da9efa0f9025a66b77911f2d3d7e5398935c166ba57d7bf713abb69122b7af16a1311dd15130c506b73be0

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

MD5 3f92d27de12670e553221c4559d5243d
SHA1 cd95e41d88219eda772e81d36216c99e77a1667a
SHA256 99ba015409b373dbc199b02a6c1755e248fb4e5a75910a9aea0e498d74b65067
SHA512 c1dd3370fa5c576ee1487c873a4a3d101ee4eba6ef7bb477da49f1300ed147c961ae21ed2045eb8d84c994f6c1abb4a7713cd1a97ba0ee4797452b3b2ebe9fa1

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 eb731cb7e71f18ca12bb92ed410e7f26
SHA1 4ab5133a5b606a27ca25ef7e3ccc24d251a3a845
SHA256 ef3e19b6e8a23fa205968f49b920d40a1cff836ed15b30dcc79d9a2a9a8a1aa9
SHA512 aef08c160b0f9ca32778a59e40914416bf864cc81c3fc95e94da663397be6cd7e95b55de905602beda61772c046ddc5450fb0caf2d0b5bad77fe094d1d4dd0ea

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

MD5 b93e2bd22f3def0c3937bd691cf31715
SHA1 33edff509969da25fe04bce46cf1eb1ca5eef9a2
SHA256 34b95cbb5a23f5bca8c19d9dd5deeda8543cb3da67a57c1e744d8509b6475cb7
SHA512 53451efe8eedaff2c0f27cc5ff2bdd59d4b2b059c449c5c1d4ab70166f8267cab327b9dc8e78787fe7ae4a417cc1cdfbe5f0307de6dbef6c2051bed8a1de374a

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

MD5 16f3d471cdf1f94a2fe968e79bdda1af
SHA1 70dadead7402880d0746aef1f5e19fe293c8a0f9
SHA256 b87998d419253e289059ea20a5885654a29aa3b8f368515a3fac370ece181295
SHA512 8614baa69de935a4002c72911d4b5581e5bccb7f95c552bc7162f4dc937c0add6f5fbd616669aaa2c8a76b291e0b1fa57d1c9a8f32db47e4ee8cd94d9e8a65af

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 17384ee66bb74eedd3854fe11220fa9e
SHA1 341585325a9562bfd39a3937ef10f0fefd11540f
SHA256 f8b43d81b0e63a7a036793b14a2e5b28c2053bebb050fd70ea800a3c69b8f3a7
SHA512 de34d2a15d49735f32189310650f4975e1df6c1d2144d7478ad38e265ab267eeb8741e43a68fb54c3d910c4602237011836cc74c1379722d2056522d2c6dc7d5

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

MD5 517fbfd652af563927579e8c09a4f8e7
SHA1 da20074bf9caa7a22a1fae09bdcc3e35c90d43d3
SHA256 b911c3e1eac245a8c9c51d6ec5a19707f70bd10cc5faa975fbccfb5578ea8140
SHA512 615367670551e256b7d4c78b517ce973e4acc126581509288a12e2b06fba87c8cd3460fc1e6796e5ca01048921c14a3fc5d92a860edbbc14ef0e4d4df8fb9d7e

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 8f5da1e88ae6829ffd37f2c06fb93ee3
SHA1 423e4dcc6f3c2a922beca761ad65bfb95bb56056
SHA256 0ca30384440b57262d652920f84104b13260cd88244a0ead5433875544628f26
SHA512 c27e01d9e95af9254c14b648064ea6881a691dba70a91edb620da0046355a06d073030ad58b6a05ee313e61087bc2b1af8c061661d40f075356b3675b0e4a084

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 646191c91a295cea75b53b1b1ce1b963
SHA1 dcb7d1c00278a4b0981651b65c4e68aa962514c5
SHA256 c73a1ca56c85716444ead8e7cecf29d9c80c6e7b387ff4e2174164b3a00995e7
SHA512 9898cd039deb3c389c6b9d8dad6c8e763aabe6ba551d817bc5a5a8d4b05899fe0c6fbb6fbc084a7f07fc770105d6b789ca30d7ac72ad13b5e1e0289076102c6e

/data/data/com.nd.android.pandahome2/databases/config.db

MD5 377bac4c0e8412d40a721155d235f8ba
SHA1 bb6726595e9575110caa6dbbf1516a60c37b9387
SHA256 069dcf45de34770e750bd1cef4521d768a04a7ae9cb9ed94e9dc2d52fab3a910
SHA512 70e2c5cafedabe2e0444198b8b7f517da14c2575698d340d3ca5529f96e7d758a9274c30277125cd6bd0c0215ef73d4875a1e273239dfd912e3533017001aab3

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 e6285ad702c18cadc5deabe4f2a4e7e8
SHA1 2996c6abe8f09ede57c6c658c8e401082bf9c393
SHA256 a8a66e8ec84ca6a4e6bcb1962dc740319d54a9f4e9ef88581a80a4658c45243f
SHA512 bca0359b60a24b94834577da5ad456c1e40d3c9447bc622d8e634f822d416db2cdeed507f947d18b1006fba7b7f2eba462e5b03714756f4bfac2996c6f30afa0

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 72213b41c2090d5dbf63a72bbc469421
SHA1 c4056ad1558d2bb08b3ba731a9b35bb3464cd139
SHA256 416a79653569e587d509f2d8ae3077d65c6f49cc24447d8bf3a834af93949119
SHA512 f191d62a6fba8c5ec382248b68793f99723d9ecf206cabcff01ce9239cde08871f277c07ba29d56f31dc5e5ba284c6a1c650554be06e0eb7d4148154c6651f49

/data/system/users/0/wallpaper_orig

MD5 e4cfe1c067de70ab221cfcb793f39fa6
SHA1 4b5dbea3cbf0d0fe6e475d1806fe918ce9a42646
SHA256 8c0d9254067906cfd57ad2b47757e9a5149a9d0990f172226a91f74be6253ab3
SHA512 50401c4c111501635583e0c3d2c1e55f5b871b0143c2f705bf7c0891f443abcc904ae1a6070f571018a2599797f343394c8e96e4b01a23dd7d42f95f3d575188

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 1fa3c9f36f9ed93aed11450aa9608d63
SHA1 7b2c53b6270ab8805247cd2e4462324cd25dc2ea
SHA256 5ea79fb76cd0820b2468c117f340eb4cf33a0e71c1d3d2745f11f85d312f07ac
SHA512 43ed35c02d22f4898ba44b37097aedee6742e62c5d0560fa8fbd4d0fa47791aaf375d3fec8af614463ea37d744d2ea788ffadff6997c21da844dc2e2b4ea140e

/data/data/com.nd.android.pandahome2/databases/themes.db-journal

MD5 fa375fb5595f3c1e173fbb324e2af8b4
SHA1 da5cd308e20e6f9f2fd2411a12f167715931b197
SHA256 0d497b9ebaf0565e2a544a2151be3771596f9d8aa772db3f55bf92822e25cf4b
SHA512 bf1f9f5e54cfe069c412a821f4e8c6a8e661d83876af9df37c6f8bccc2eec2fca40e238dad04b0f159aa399e7e808958256cb9a929ac8fc5d148d004a56e5b9c

/data/data/com.nd.android.pandahome2/databases/themes.db

MD5 bd231e8a7cb365b76a22423973962585
SHA1 1ff0cb53f85c51481a82bd645c87f7912ff1ee79
SHA256 16009632d1c981efe3468cead01b275a4fe3a783f02c4b45d48d58916008d872
SHA512 ffe84f5597c4369044aff0ba4f46f35dd79981ac3a1aa2b5be1c38a058243e71fa22aac0522f931a22375b036e6ce9674b994745b9a0da72c768f7cdddc81fb3

/data/data/com.nd.android.pandahome2/databases/themes.db-journal

MD5 60a3e3a9b1a23e7baa30f25d2ce8d7b7
SHA1 2e94b8968afff3ee7aa0e277bc6b45a0dba87022
SHA256 8cf3c20a4b171907b08a66459d43428575b25d93c2de1cce8ea2be0b1cdfebe3
SHA512 7b29d2c46bad737759b43febd28c92236a8b94305f65a59cd50a720bfdd23fb604a76ea354e7bfb2d37e0ce525f1f442696b6bad371748b3f507d8b23ac1aa5e

/data/data/com.nd.android.pandahome2/databases/themes.db-journal

MD5 a6e01e5a1e83194b0cd6d5092b562871
SHA1 3d1b5c41f416db00384a24d95e9b0d9edfd1807b
SHA256 325fb784a99c8b13d6e7bcca84870811f65be8e6c51c966dc3d17630e166c263
SHA512 f3d83c2d17284ec5e35889a254a34741d8a23b55919905279619d0dd6785482c4024bfd828edcb79bb02262dae506fa04cdc871f67c167f1024148fe712ec434

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-06-58-1729048018252.log

MD5 22923bd9c4ec27650d217f8624778cef
SHA1 b87a0985e2ade2fdb6226b152b21c7c49436a1b3
SHA256 1c15cc1a37b145049ed29f4608c0790a63663f2b92747a7fdcb7d788754dabde
SHA512 f0a0cb9ae8827594ec9ac1e33ef2c7026efdcd290466671bf08fe742dc92d5975f928a5bfde9434607cc228c8b7f53621845bd45677c5dd7bed260ad5cd1e908

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 13ea996ceb0b4d991d5143102f13fd8d
SHA1 03ced206dcb079251f33111f0faddafc7426dc1f
SHA256 f62ca6efd45cdd08536f306a2308f86d41830704c368bbeaf939cf4a053ed67d
SHA512 47d27dfe83949ab06b8f0452ac9ac98d1f1e4c731fe044236d9da963ad7d73b7bfcd651c28c418f2ac69acd5488c5716c6814b4562ed46264619a5284fc57668

/data/data/com.nd.android.pandahome2/databases/launcher.db

MD5 0a27cebd7679649c2cb7616bcf07ca03
SHA1 b0e6a8e170b467935f88d332b8694d1be2e19e30
SHA256 f0ce6c73979b7d3ddcf5ec017b3ca8d7ba9256d36e0a1c23e422286dd96af590
SHA512 5d5d6abc4f373279243c9a99e3da90d2c1d197adf01b0da410d2a18b9a62ddd1e37fad15f106da165343130becb116f2658c76dff7aaa2f9d5559158d6201234

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 762d84aec65cd74378b2b28d357ef877
SHA1 abf965f9266c89ad528ea0773a6d6ea314f3c3a5
SHA256 6f5efa55284b2af142ac68c84e33e77ec646fbfbaff15e5e6a9645c3d02b0161
SHA512 16fddc4afda0dbeafa1fc3fd54061d3cac7f266c5e25771839bc71666c52e6ab36791801bd6f7739ebb31066df35fbb6cce92eaefeb06c6efdfaa1a9c58e855b

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 71405c3fcd0940019bd4baf54381d824
SHA1 63624251c040be3eca6a3ec28f77c6dec5b14e6e
SHA256 dcf033e143dcedf68436ac94cc6ae0a93bef73ddd58b707285b9cfe135cbd550
SHA512 119f802480ae919b428486576ab9d31848658247386a68a4c27853b9baa353b04f13c0a40b564d976e058fec51f0d92bc29edaf1fac5083e9e9e524346d593f8

/data/data/com.nd.android.pandahome2/databases/config.db-journal

MD5 da51131a7032ea75d26fac113488bcf8
SHA1 348403eb12986447687ad53750314a97785ca0a2
SHA256 e3e0bbdc1e675a7d60474a575374e7809c688ff6419344dd00de707f8bfb1573
SHA512 e70e89ec9cea0da96e0d681f24997c1fe76beca327376580af26611f6b69028aaa3716dcf69ec8e7e780122b82c9c547288b00c6b790c397f8694ee17fced6d5

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 07a164a37b7e286ca1226e8d3ee58cbf
SHA1 9cde6867d9e53767add2c53a03cfc0421010c4bd
SHA256 e36ee2cdc4045f32f24657051f5ef89fd3152703c5a3f7b096566a1531c6db2f
SHA512 8cff0fbc2cfb3ec03969f21df22ce6409450436f1c2bd61cda29d630f6fe32c63a51453a28801d27e7c1660f99fa224eae6fc7ab68a4e8fe0617149cd9509ab9

/storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

MD5 ea0f3a9d6c543dc2264aa030885cfba1
SHA1 af88830f82600cba5af2de65e4b6c83ba7f4b8cc
SHA256 6da1ccc90c91c890652a20dbb91d03597357514562546d528717acb005bd6046
SHA512 48e4a1fc8716597fa8f43e65871189023558692a965e9cc3c5ab8e87de21a141279cb34e68e3c329895b2c8308fb98da1bf9aeb8599fcae0d876d286ea3faa56

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-02-1729048022479.log

MD5 3b93bbc3d3e833284ca44ea0fa12e245
SHA1 6bff98f275cbc550a404be6bcf7548d71a7cc20e
SHA256 0ace68230093fe765a476570dd82ac22976050bd1b33e90fb3fa44230e34a934
SHA512 f8af6e49b2008a5f0cee06afd59e345d3c3729877f3ed694b8fb55bcb795959f6f89c75c6bd0594fc29c9787e9475ce8e18eba857945d0df11b44d8623eee780

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 59c7273b95545551823b7af13634d278
SHA1 fb58da182d761a9a67456f32bcd493d1b813b191
SHA256 b1063b6c80638f1a3253553152862e7268b2b08c6d7f1ec3e4ada51536484594
SHA512 35957dcfbb7e75f0cef83efc5a80df239b921b77768769752b4aee9a1c717c3e9c2563184f5066ef61558d854741970826eeee096e830cf9d2f7d357c9957e66

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 ffea1341bfb288a10c99ce67f5f04f0a
SHA1 2e4436e0dab4cb75e81ffe257ac6370d4c1a574d
SHA256 c4ece15449f50c765d794a83b04b0bda81e6662722fde3a7c3bdf63a28c49861
SHA512 66b8f1f7c428ceb27458f1dff7887ca749bc8528b89a929e295c79e9f8dd19f8086ffb01089675b87827ce82762b7c24a02eb9ab04d98cf568a626fc9832ab6d

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

/data/data/com.nd.android.pandahome2/databases/data_center.db-journal

MD5 11b8467e130dd3b3721026346e289ab4
SHA1 afa7eb66abb446886ab0433a5518fc9745142352
SHA256 9b977032d267b7c8dd75bfa90e40831d1432337d5cf8aa02d4f3b9e36b570614
SHA512 16dc6fb5d7a6b543d02219d1e6b110c1195c5102aa6c2331d7f6ccc6a16d55299ff5ed065254df2edf09dbbd9746c33aab6dd5f27dfc72df447491024aaca469

/data/data/com.nd.android.pandahome2/databases/data_center.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/com.nd.android.pandahome2/databases/data_center.db-journal

MD5 5c46df8043f8de1d13c61d9eb77dbd24
SHA1 22cc6dbade2ee2011c4ba4901e15a2aaf4d37aee
SHA256 b606c75e6f1c237ad72d5a71c1466bf8aa028f3fafa09148ada4c93b6f46ad38
SHA512 775e33eb4ac5437cee6666010158315ebc1c606b5d4a31dbc8746d5c9710d4f856471def401d27d041a992f39fe6418344ffe78739b848337170780c55ae4e19

/storage/emulated/0/PandaHome2/.cache/icons/v6_small/com.nd.android.pandahome2_com.nd.hilauncherdev.myphone.battery.mybattery.MyBatteryActivity

MD5 e6b343cee7e79b548c492a7d1d16e6c2
SHA1 806d0e65e229bdbf2b0bec56efea492f19919c9f
SHA256 37a6a29fef6a194913fe8627de98db694a30a6dd4e8435cedd63cfc30b53c110
SHA512 02b60da5e598d586eeb45be032d18325625ab3b8f0ab23c6f2b4e75bbd2e5796c441f0771665796578bcb8b6a657b207bd0b8642569235fb5b135fd34a80f402

/data/data/com.nd.android.pandahome2/databases/app.db-journal

MD5 d8704c00bb52af8c3eedeb5bee540378
SHA1 a2f5595c01d247345bb14f68e4ea90297a01098b
SHA256 3671360dcb3e6f2bca2314e6b900e7fa04df711e21eaad1511346d82552f331a
SHA512 0a4496f4f4e27d5d7974b13d6bc8f9bc37b9e69c37fae83db71f39c5bc709fe780a02f3c75844f27144874679645d377f269f9d006c33e7179f032c1b35f416b

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-05-1729048025965.log

MD5 2f66d00fb0e25e08344689d2278e5e85
SHA1 7209f6767e22b87339f20fb7b97d59d470256eff
SHA256 9b16d8ceb1acc04ac2b64a733cf30680c088ee301152c0d7d36b4bb8fbc8f70e
SHA512 eaa87bd2ece655038b298cbb4250decd0c53be972742b0aafa29705c55c6a07dafded4631e40b1f57b3c4364b1ee553d3ebf34199a6ed29262b8601781e0ae99

/data/data/com.nd.android.pandahome2/databases/launcher.db-journal

MD5 944a77ec6c7a52e3889cd7b861d0f530
SHA1 a335db77ed3aa1b68fcf4b46076ed315bf08319d
SHA256 11f599b784af51ecdc886817579a0bdee721eb408e624287d06f2391c3d6bb54
SHA512 128b4e671ef1dcb47bb2c29df443259c03fbb6214e1291a53a9c75aa2c5647e4de3e3233aa473d0aeefc13f48218ff5b0d3eaf2818b4cbfb4be5493ead616e01

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 6ba67777e3bc67d8bc21ce72c872a2e7
SHA1 17a2b1b87a6dae29f54ebc9253456374f4a7f210
SHA256 f6a7523f8a7b8650b5fde8f12ffe6ddd7260742b06dafab6ee75bc31652715d6
SHA512 e1be7c0654685edc30d9bf669b5199e3abb33f41b6d2f3085a881cb98e204bb4b2b1864e47869d84918174d47706a8bd0acf485bbf9f07e7581b64458d79a048

/data/data/com.nd.android.pandahome2/databases/User.db

MD5 910e98ddad4bc834bc29f27e6ff04aa1
SHA1 ba496b22f43e2466c851f5a0db3ead9c97948462
SHA256 470dd9a72ff311a0b62ce035873dcb30acdddc539b449eef5b95c524a1d11069
SHA512 03b5885ef1ffb64ace37c8685bbc85f251afc7bb6db001ae7646d63afd82e2714d54fbd7125dd4092d10204a51db6c4cc13f8dca737e606dbafeade4247816bb

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 b5b892a7738c6cca99d9374a86defb64
SHA1 a2bffe694c6056a9480d12a497236fb1aac7a9fe
SHA256 7e1ec669df2b884624a1d541f9e93b658ab242b9027c270326dcb4ab5c1f6c35
SHA512 7d708b45505853d80eda981ac9216fba71eda66681b881a65fbc28b079e98ca61373c0e83ed2ceedbad0363390e42762cc52fe6e0c24baef46de6ce5bb31d843

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 bda55623f99f395ce1dec7e1a923a42f
SHA1 53e6e093da73042c465c9f6fc18e81401c27be3b
SHA256 014f8a6d314b13ca17726c7bca4d7a7e314bb4b7b7c2e6b51cf1f1d05f19ae62
SHA512 77b8da3ec407b45efe18ce7b174dcbe5796f0d8a8f3253f0e89ac4b773f58ca21aecad6c5b91c7bfc591df17a5e3b4e9967947a0a1fb649391d7d73ee13605cb

/data/data/com.nd.android.pandahome2/databases/User.db-journal

MD5 fc40da157dc52e81721e2eb388e064b8
SHA1 4ecd8d032994a8112c971f7ae5766606a8cc7237
SHA256 9942fddab7a0aea57cab71c91fa6c13e748a58ec2d61b75fa846ef5b099bf776
SHA512 837d1205dfa4db9c3321be8d51f146d45b4d930f463919d16e11fba8f5f507c8e937bf5c10c270aa06771f6538e0d987e853fddc0062620c8d799d488a30aa16

/storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-07-1729048027726.log

MD5 fa44395fa01d05fd87b62c947e1f4e97
SHA1 0817b2f993b35d62527b7a04b8272c087b269c16
SHA256 9088596f3ef6ef12363ab91e1595dad00cfd37ab4c100ac72cad081542e7d33f
SHA512 95aeb2d6c99f90ef904c4834280d837ab286f2b813ff8e472e57c6ea21dafa2b0702b761e27578dfa1f8dca73333b9d440df443cee9b43667babaa4a1eb87185

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

MD5 81d650b945a25f0026338086fed43abf
SHA1 20f0991af96f9c456f1d74f959c3564e54eb8fcd
SHA256 5d4a204fec2a9774c8b935e507e5e65c02640905fb07f9fac093897f8f8a47d4
SHA512 8c60e7d13bd0faf8b03794d3b1e9cab74d8d1771afdad8c702323c0c9a429f814190620597899b4e0f61517303ec0fdd3453e10e9288def52b273f82fb07a0fc

/data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

MD5 5fc1f51500b50fb7b5ca33ea8d764c67
SHA1 f25e85a704429b5ea4559bf90ab1a7a031fe6218
SHA256 203c16e42f422dba4f7b1818cc37f015c9f8cecdf3c87cef6e762ab70573ebd7
SHA512 010fb3316ee61b78e438c528769ce5bb46b2de0467a3578433f8a3d50b49c9d8da4e488fe9cda1ece45ed041104ff26ed5aa023c716fee9618f533b3c58bbf16

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x86-arm-20240624-en

Max time kernel

145s

Max time network

154s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 pandahome.sj.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bcs.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 13.248.169.48:80 bbx.pandaapp.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp
CN 45.126.120.230:80 bcs.91.com tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x64-arm64-20240910-en

Max time kernel

143s

Max time network

150s

Command Line

com.nd.hilauncherdev.plugin.navigation

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.nd.hilauncherdev.plugin.navigation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 pandahome.sj.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bcs.91.com udp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
US 1.1.1.1:53 bbx.pandaapp.com udp
US 13.248.169.48:80 bbx.pandaapp.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.4:443 www.google.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 117.27.146.36:80 pandahome.sj.91.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
CN 45.126.120.229:80 bcs.91.com tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.32.223:443 tcp

Files

/storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

MD5 14adace71e0e91482a993c6bf1698756
SHA1 614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256 eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512 b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

/storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

MD5 75762b1d4cf1f49bd6b036b4a4d3d6ed
SHA1 65ebf30194b63374e40d81b40839bc694a6c8a91
SHA256 046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512 b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-16 03:06

Reported

2024-10-16 03:09

Platform

android-x86-arm-20240624-en

Max time kernel

12s

Max time network

131s

Command Line

com.nd.android.widget.pandahome.flashlight

Signatures

N/A

Processes

com.nd.android.widget.pandahome.flashlight

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

N/A