Malware Analysis Report

2025-08-10 13:10

Sample ID 241016-f7fq8avdqe
Target 4b9890349ecbf121658f163fc3a5d2d5_JaffaCakes118
SHA256 f2d56bebf153ac998707ecc09bd6900aa3a4d13342fd2f1a9020b1971aba9c6f
Tags
banker collection discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f2d56bebf153ac998707ecc09bd6900aa3a4d13342fd2f1a9020b1971aba9c6f

Threat Level: Likely malicious

The file 4b9890349ecbf121658f163fc3a5d2d5_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion persistence

Checks if the Android device is rooted.

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about running processes on the device

Reads the content of SMS inbox messages.

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

158s

Command Line

com.ezgame.skater

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk N/A N/A
N/A /data/user/0/com.ezgame.skater/app_workbench46438/apk.zip N/A N/A
N/A /data/user/0/com.ezgame.skater/app_workbench46438/apk.zip N/A N/A
N/A /data/user/0/com.ezgame.skater/app_pload_odex/pload.apk N/A N/A
N/A /data/user/0/com.ezgame.skater/app_pload_odex/pload.apk N/A N/A
N/A /data/user/0/com.ezgame.skater/files/cnwi/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/WGEsSXNCEg5bBBQJ.zip N/A N/A
N/A /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk N/A N/A
N/A /data/user/0/com.ezgame.skater/app_pload_odex/pload.apk N/A N/A
N/A /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk N/A N/A
N/A /storage/emulated/0/Sonnenblume/res.apk N/A N/A
N/A /storage/emulated/0/Sonnenblume/res.apk N/A N/A
N/A /data/user/0/com.ezgame.skater/app_pload_odex/pload.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A
URI accessed for read content://sms/inbox N/A N/A
URI accessed for read content://sms/inbox N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.ezgame.skater

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ezgame.skater/app_workbench46438/apk.zip --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/com.ezgame.skater/app_workbench46438/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ezgame.skater/app_pload_odex/pload.apk --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/com.ezgame.skater/app_pload_odex/oat/x86/pload.odex --compiler-filter=quicken --class-loader-context=&

com.snowfish.a.a.bg

com.ezgame.skater:remote

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=92 --oat-fd=93 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 ltdt.i51fu.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
CN 121.40.109.196:8088 tcp
US 1.1.1.1:53 pay.tg52.com udp
CN 112.74.111.42:8000 tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 d.joloplay.com.cn udp
US 172.65.190.172:80 pay.tg52.com tcp
US 1.1.1.1:53 sa.91muzhi.com udp
CN 61.129.15.31:5284 tcp
CN 211.154.152.59:8080 sa.91muzhi.com tcp
US 1.1.1.1:53 android.51mrp.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.229:80 loc.map.baidu.com tcp
HK 180.76.11.229:80 loc.map.baidu.com tcp
CN 61.129.15.31:5284 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 117.25.143.67:666 tcp
US 1.1.1.1:53 int.dpool.sina.com.cn udp
N/A 10.79.217.129:80 int.dpool.sina.com.cn tcp
CN 120.24.158.136:6577 tcp
CN 121.40.109.196:8088 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
N/A 10.79.217.129:80 int.dpool.sina.com.cn tcp
CN 42.51.22.76:6898 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 api.upay360.cn udp
US 1.1.1.1:53 upayapi.piiwan.com udp
US 1.1.1.1:53 upayapi.upwan.cn udp
CN 115.28.225.12:80 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 120.26.106.206:8088 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 120.26.106.206:8088 tcp
CN 61.129.15.31:5284 tcp
CN 61.129.15.31:5284 tcp
US 1.1.1.1:53 sdk.qipagame.cn udp
CN 61.129.15.31:5284 tcp
CN 61.129.15.31:5284 tcp
CN 112.74.111.42:8000 tcp

Files

/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk

MD5 f7ac8045aed15eb38ffad345cf33389e
SHA1 c07acd8c9b82d029669e4befa08830df804f0d3e
SHA256 e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0
SHA512 267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83

/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

MD5 e2907c8af573a4a28e3aef0471130841
SHA1 8261ba6a9f729e98db7468ede647030155821375
SHA256 00ace623824b45b1db22a6bfe9245c840590030362a209646c31e671913413c6
SHA512 09220f455f263e46619cbb8dc4e09603e471f173c0596d1513dafe0a594873625fc22291a8f74e36f4d6270ece120a7db2bb5ed5a29a0146bfb57e6e94889e67

/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

MD5 21c7c675b3dc4ba37ecf2e58fec9ccf8
SHA1 16d524195e74f324010e7e5cf5a73e39bf757864
SHA256 7502952614e205d4d5605d0af83169fb70efedc52b0feaa1f9003cbfd830ea93
SHA512 ad3725129013e75c632b383999b7a936beed98418ed7d92d4dd4a5fb9ac7a1f518b4b6444324d5f366f422fe5099f6a54bc7ce62be4f8077ab4957b144b85482

/data/data/com.ezgame.skater/app_workbench46438/apk.zip

MD5 abe90291e4f468b82af909b88d1686e8
SHA1 f92d785cf11781c07c73c7d099414cc4b0a7d3e1
SHA256 62c743996671be3094b847c9a66c5d9a161c623478514d4181948103f54f9366
SHA512 2b7c2e8667d3e87289ea55d6ee7ec16100b3e5117975f5ee332d28b5a34b9d778782ed94ecbad0418420c90af15e9381005e4d8306101547f5b06f183366f626

/storage/emulated/0/com/android/system/uid.sys

MD5 131b44e1a0f11f1f34fbb847dd6238a6
SHA1 f4f5663063d4ff821b8e7faba9a36405126076e8
SHA256 b958b9eade8d0ed8f07e25d94de2863fc2680c5ddf5dd5df041ba0a59d24813e
SHA512 e62f25eaa8d51324f6f1ea9402292b8e2632cdaa50da008f11c1b96dc52ea69214ebefa9dd71a44fea18fad92dadb9fb60a7746a586b9fd37a6a69b71e32383c

/data/data/com.ezgame.skater/app_pload_odex/pload.apk

MD5 bf4c9f8b21242188babe5dc620b81b92
SHA1 3afb8bd604a157ddb45f7430436e0e634585adef
SHA256 8dd67c241ba66ef6d98dd25b0f95dd0819343bab9746c14576ed9dddcefc86b4
SHA512 23a16d15be882b251d062c9c54d96ade3b019deac252d03824ce540ef1b15e2d22207f0e39378ccbf7def4a3ba879140e0879fbcd4d3351e2446e60c7af67580

/data/user/0/com.ezgame.skater/app_workbench46438/apk.zip

MD5 e07d0ba749031dc06b2ec8c8be3daf76
SHA1 191d3b30f015c5a5f75c4e53f97d40f19b618c80
SHA256 9ce0496d9081164411c361d1783af1f5ba6b3bbd31001a4ca7c4df9180a79632
SHA512 0955d538ab2baa99118aaf714996f1cdd203b6504cb6d7e0cf87026426e95cc90ccf2ba17242ab8418a0c8968fbaabe2d3b1ecaf30212446189f2043fc3eee9c

/data/data/com.ezgame.skater/app_pload_odex/pload.inf

MD5 434513d092e9665e89b061bcb19a4045
SHA1 65fda92003dee783a2754269571d8f817b4ca828
SHA256 d1a33c11fc3ab6f0e9b41891255d33c7b3c9a92ebae831c913c0f607a65b3b84
SHA512 71fbe7645a2f85a2e48b40eb24e031c7aa4c081a89dd0efac6765aa1ef2f5742455a7c560d8025ec335d91c32958e33d133363fcffc4bcdf394c055e4b280f2a

/data/data/com.ezgame.skater/app_res_out/JMediaRes.apk

MD5 4f982f6022eeb8856dd7ab9b1fbe0d7a
SHA1 0de6e0b579fda36d43289bd92836de2e4225531e
SHA256 1a8eff68ef2c8766697b659d4c35b484b1871a4c21b52cac554962eff96169d8
SHA512 83954db82c798ca12c999822bcf90de2eafda7169e2856422baeee69f8ab3003bd110bd6e069bad206c2abadb859ab090ea0828785ef3f2b426368cf86c8551c

/data/user/0/com.ezgame.skater/app_workbench46438/apk.zip

MD5 9045925cd2530e09acacb52a86cbb3e8
SHA1 4ce104ac075add0be698d3b28a83fd7a45aab0d6
SHA256 81268f7045a383c4f5a922afd9dc9b0bf0b52b6abc12759df9f894ff596ac730
SHA512 deb84cb8c4cb9801def8b8ff863d3f2cc97604fa2875f1bb9f3c302d39dfe978c3b791f277ec264a0689a7b63a216607eaf884388e9af9ddf78e0273207b2a4d

/data/data/com.ezgame.skater/app_pload_lib/libbspatch.so

MD5 5b0e396d03f0412aa1e4dcb765d4b273
SHA1 da70f6cabbc32e50e20f9f37aa122d2f667589f0
SHA256 8af97bd29692d733a51d74f418478cbcf0ee8e21eb307c9f2758e012678534dd
SHA512 2577376cc6d0dde188201179883ce870d4d604e6f0d2e6248c3c19a83de3ac97dea2201f886b629d26ce8de3eb442b32688801343f6fe2d2774bd9f4adfbbf13

/data/data/com.ezgame.skater/app_pload_lib/libhelper.so

MD5 925f3dc9b254a6c5a21b3c0ac3214c2d
SHA1 4f753048cd9e6d8640f6d22450969a572c57486b
SHA256 fd4cd0cbc57cd62a440ec79abeef5a0742a5221f79910cbdbdb89682d5ee3063
SHA512 43cc483bbbc31bbb53a0b260f97767dc87f2a68f7246028ef81af251703e3b298938af20fc30f246cc7b78e58437ac810108d6d5dd8e2af9854d79ed6b696d17

/data/data/com.ezgame.skater/app_pload_lib/libhelper.so

MD5 102360b1ce41aaae293cc0402b6fa769
SHA1 136c26c101b18f0d26a4490bec6597d5c2cf8911
SHA256 f4dcab6a2184fe349edd6f87e48f92850a582b86ca7d519cbf5b5f9d89555c76
SHA512 46d0b4ba510edd775bdd67c47963ded171c31bc786708b73178b373e821c46c9cfdd83411016015dbf358e9da51c5bef06eb135fbc799c56e315df7a0001d117

/data/user/0/com.ezgame.skater/app_pload_odex/pload.apk

MD5 997871f0389ad2b93da60c2476d72f39
SHA1 c96a15d99aa7be5eff0c74539923e495b6b727e8
SHA256 9ce9d466c0d43a64984f689ba888af6a2da677e527aa94dafdcb6bd28a47e9db
SHA512 4a6c5b5126e864b6439f7a017d508c7d973bb2940f0ca097a6d387c6f1931e47539ffb28e0390860ed07d2d8819f907a5d037117d4fcf79bc82fb5b2e66565c8

/data/user/0/com.ezgame.skater/app_pload_odex/pload.apk

MD5 4e1788dc5197bec0a411d309c3d0323f
SHA1 7eb0df4fb29b1993437dee70ac848e7bcdf999e3
SHA256 9449ff49246a6feb1b690cecff649e08a99b708684768b37556a62e964c0d1ff
SHA512 fee45dfc5e848774123f99dfa9bd17070846bbe52434feacd21f8e9c19c5d1fdcf132793dea1266cc7cd779e19baba955f663668c69fe5bb650bd6ab3655498d

/data/data/com.ezgame.skater/files/cnwi/TzxVa9cImSXWY3-DX1e7lhQh2-o=

MD5 3bb2ee59906958b63b31570eb24001e7
SHA1 6978fd4149cf13c58af6f0f394866e0286341851
SHA256 d82456fe1be2c6a77089a9579f8a8dc184d940abedc05db247361ed3250b9461
SHA512 9d84b7609c7a2c0084f6a4bc8e35a7d9c331bc3fa486e21b30b3e5e4a29ed19beaeabf9fef17756cb861af7a7d136e496f50160f4b25b1112ffb755a3ea4e891

/data/data/com.ezgame.skater/files/cnwi/zImbgVVxT9gLotLoQo92Uf2GrgA=

MD5 768885bdd984b0901ddc469d5bd13e7c
SHA1 1a4ad1f942557a24693c471536e3c33d044598ce
SHA256 f1f5b020061188018541f98e3c471e345496b3086b83ac1830a57a3f7c74f341
SHA512 017c5c968efc3d78546f614962964ff26ef597c80c9faf0df2e62dbf2108c9f80810b2d871512e2b6033f53b830f551b83303885b8cc2cce5c25a16d46a77030

/data/data/com.ezgame.skater/files/cnwi/TzxVa9cImSXWY3-DX1e7lhQh2-o=

MD5 36d613f2ec9757caf640c2f6db6c9673
SHA1 4a391316d278beacbba64228cedacd582a291ba5
SHA256 7a642625b2e04880f61f7b7fcd18f775e4b7423f25e2f5effd161ebc5d99d52f
SHA512 075a3178772027ce2e97dad5921c3b29b942eb24231d1783bb8ebfb25eba7a895e95f7367beb16f48896c7fa2fe75d7ce073fb3df031d1e9f27c131adc6a661a

/data/data/com.ezgame.skater/files/cnwi/Gj9FCFCVDMZEpfFyXo2emNlosUY=/data.dat.tmp

MD5 8b6f3752085936e59145dbb40ed4deb6
SHA1 2687ac1155a6704a174b46efe48e031b06b78c0e
SHA256 844b4ef2a1051a76a9c02aa67a7cd418a551c24a245ed6d5dbc6ee64bcbd0ba7
SHA512 f056b0a67195ddaa8def3354c8eda99c8f65ddddaae9c7d0daaf6eb83de8e0e871cc5b6e85be6e8643e6727e0d73bfd58c79164af9b573dacf3f70540509bb15

/data/data/com.ezgame.skater/files/cnwi/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/e77DEMA7B7Csg5vqZqZvHg==

MD5 11f5d336138d0fe4cb2d939c00356941
SHA1 1f7cebaba76b4c98e793e23b594e66aa6f5f7c2a
SHA256 d442c57a3317657a4d4bd52e780383058289f0100b4b139ecfd8ef5fb8d49231
SHA512 69d437c284921a63f9d4b18908c466905e73523b4599a31921e9ed3210a01aa73930626b4ce44e1c01f6f337deac678fdbdb5ebf5cdb40c9d5613fd450665281

/data/data/com.ezgame.skater/files/cnwi/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/F4QcGqYUmtjt7nid8zzSqX68EgU=

MD5 00dbd539a8f3ad002dfb45d9c284956a
SHA1 4322cd440ab2a752fd1b9e6c4b0547631718aa0b
SHA256 859b272796a20d8e438e95092797a00d5540e489ef4aa5d3542125adc6d42d92
SHA512 1445f1af092eef47144f0bfe9df1572c28d2911baf6b5588ae68c72ab8b88cef4e5abe1e6dd0a394b753a76ace6c89b90e293467942ff5d70c52b783ba333c06

/data/data/com.ezgame.skater/files/cnwi/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/Q6SoI48vGt6E7NJX.zip

MD5 937ef33f66a85b5a1c660504aa4ba5d1
SHA1 781de2138b2f454ddd3d0242792fc4ece5b24de7
SHA256 7b8b7aefb21f0c0d5f224349759d4782e5c34a417feb41cab861aafdab3cc667
SHA512 0da142fb05ed1d1e7e5b8111cc7d6eca5cd4683f3eaa1fac08276b69c6a70e8e750b1335b4391076f8b35a1ac9a4d28719dd360c43da9a7863b46e7458edf7c7

/storage/emulated/0/mmt/widegets/data/droidinfo-journal

MD5 e0ea97b1c219e3082e24a06f5e2ed28a
SHA1 02e7a5ab7d738c40d7fda8ae760bf4315c9c38f9
SHA256 ff61fb4dffce2898d06b82fb83c7774780d2e6bcd3711f762509dd34a6d24685
SHA512 15dcdf8b91da40d8b6f7a0b142eaf353032715934a431773ab385c848ba34fcffb39a761f683078810aeaccb5ecac45ec8c6297ac79ff5d425472700a9a50dff

/storage/emulated/0/mmt/widegets/data/droidinfo

MD5 2ffbfee7ec0f38d6558043fd1f787290
SHA1 692bcccd800d41b4a67114ef764f8057d5f5c0d5
SHA256 36a7a826a30028f5b648272c2adc3e8543906ff4dd3015edab02fe6a7bf49a05
SHA512 871842e2898a7f451de6bcd6180e55dc431bb8327a3f8261eaf1c37a2038b99d4ec98250f373e9fe0acd5f4c74c6d7c1210db6b086f24a643f561e24df365846

/storage/emulated/0/mmt/widegets/data/droidinfo-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/storage/emulated/0/mmt/widegets/data/droidinfo-wal

MD5 a2b2b986f81ea741a2da068c1fbb36e1
SHA1 7b92601510c2005038e977d80e45dc9e1a3e2525
SHA256 5789b338b3ad93e772ecc1f4395efd544e8fb928312ee1b4bb13a96ab8144f57
SHA512 13905ef6937f08362e8c7d3136e42a52a4454a3e1eebbabc731bdf62d6ab801194a9cb64e22fdb1937b84505a694b8776e8530f86935a716aef72c25a5a3b842

/data/user/0/com.ezgame.skater/files/cnwi/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/WGEsSXNCEg5bBBQJ.zip

MD5 8e08b2043b87bc0b45b0e8fbfecf0639
SHA1 77ab3061ae96c8f28a6f4c75c4fe63926a63dc8c
SHA256 a81996c9134aa61051dd666ac936bf32febcb7b7afc60fdec83874edb51b420a
SHA512 d8b0bbd6e63588c38344b35efd4ba51f798cc0db1bccc47c88ae9597b6e1c350cf3ba1754e3226d2fd5ede1e3043d5f60b927332e3d8caf0c4b5e8120baf3ac0

/data/data/com.ezgame.skater/files/cnwi/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/lib/libtt.so

MD5 39b6ac5154df77bcc92c9cb4c76560d0
SHA1 b985bd345461490ee6c62548a87d648413faccda
SHA256 ab50dcbe107ba99a5065f674f1b4b48bf3d83ff3f0b256e68c502ae483dc72f3
SHA512 cb1dc48f50d9ed016f75b03917e9a66d2a2a9ac751e069063a9cbccc8c76f5c32223795c77aeadfc21989d700fcedd718c9c70e878a8a3962e1152bbce005e02

/storage/emulated/0/sys/driver/34e0203hg9678dh7ff238454.db-journal

MD5 8929c50b0b2713beed1f17ea72861ecc
SHA1 330499fc2d5af6ab11c463d22b6aea64d3170afd
SHA256 e4fb7b664d34ac8ec9f7d7f96e6866533e0f1b9cdfd32aef64a450e1fdd7cf19
SHA512 9c3219a9b5d807cf91093ff47361f54276964f22322d8f369c21416ed51a2f2c74d5ddb326ea193afe9bb572a3d172fa1a0b664e3dbd9f46c18208d0adf44be0

/storage/emulated/0/sys/driver/34e0203hg9678dh7ff238454.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/sys/driver/34e0203hg9678dh7ff238454.db-wal

MD5 4f3e9908da0828a6eaeff78d6e89384a
SHA1 d09c142916f9e51d08c9d0ca6b3ea7940feaee53
SHA256 45220c0d5e6d7b40c37cdbf9731bfe4538c12317e9efdfd5d4bd1762cec7c1f4
SHA512 84cd0d520081f887a558307e583faf0cd7a424aa6bf436080bdc34ea7a759f3b9085608a577de99b4683c8220cb96ecd9affd4fabff87e480d93486f6c9c9a82

/storage/emulated/0/mmt/widegets/data/droidinfo-wal

MD5 51165fb334a4402e1049149675a13d65
SHA1 34b8c0e741b37a2eb9e7d3fa120bc2b8d786d41c
SHA256 309a151c2f2d8d877cd400d71aa6f61d4bbf7b583754da721a57cef410aafd5f
SHA512 1e551b1170b4e1194f68dcc138ad976189580add9348bcfabf667f90e033c988bc0746b5ddafcfd8798d73f04ae266fff585a75abe98501d256a82dcaccf326d

/storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk

MD5 8e7387a025d55a6ebf8c4261bfa220dd
SHA1 dae3cb0192bcc5fa75a74489a7d09eb10f30946c
SHA256 826c6f5b411322ccdd48470d2716cda4a2197aa63369870333064030545aacae
SHA512 b3d7ac61e13980b2b06ac946a00163eaf1cb132d843ddd50291f7a4c7c9059e962129e7c92ca67d40ed637a3733cbce3bd6a4e6e99134eb2e2e8e4876ad65f7b

/storage/emulated/0/Sonnenblume/res.apk

MD5 a93ace8cca4dbae8c02b93717cdee73c
SHA1 2e1fecbfa5eb53e6c00791280c0fe1623eaed922
SHA256 30106f58be4664980796aa67f9d922896dda6591480761d8ffb65549e8753e77
SHA512 101b63fb0ffa6ca9a04bfb86a90da54a6da90d2b70eaa9f458d2e624f964b8d967e91c2ac39a039166c7ef5cf27da1ecc7a198bd81fa716fa7065858efc82341

/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44

MD5 b96d166fd6f5cce0426d7eb21d92c0f2
SHA1 1bee24f986a2742fc3d651753ee415594dd0ed3e
SHA256 90eba2da8baa10253bbc3a4471f7586e5a04262d3cc11977a1698ff5b4b0934c
SHA512 ad35b943d1b1ce73d2cfdc9952c3fc467bf038505f108f6a6c52f4c86bbc277ec1a9068edc4fe665cb3b4960d1d92e270551f68692278b9fcd019ffd4962a837

/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66

MD5 7b251e3809389ff4c595245f3f537f3b
SHA1 6c461bfc6b08f290182bebb779c537c096a5a5f1
SHA256 c0e42339a97818d09ddf2a9460f3f1ae9ab3385be7332e00ec9a6219876e6ec7
SHA512 e90c313cb46ef131498963a588a6c041ca4f010222ffcb62257a1a3a54eb5d1a61f2c627d79c5691973d4a1399c308d6f9e9a3225ce4a4b03087b5557234fa72

/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

MD5 6737b3190ff3c3a83f2491d2d769b2d4
SHA1 67d7e87d09192a0b42551a7bc4aec7c8c1864145
SHA256 b270b6e5e0b98adef1765eeddb17f735a30231e9d714896206bae1029749ac08
SHA512 aff80f4f8221efa01e55862ed3a122f5c363d8bcd2ef21f9ffa9a03378758bdcadc9d3b5c569b0364d2f2f8af8c00310f1794359075f8e979f6b1f5c6377b0d0

/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

MD5 06890cf12e098bbd4e8bed3ad5f7e655
SHA1 66b63e7e816c07634102fb3296cf48b8efc395aa
SHA256 0f55dde327617b4f581b130447093af938e68500986e15eb482603b4c91732a0
SHA512 d976b728a071b5f00792d92b044113fec025b1f16d956874c6bd25da87a1c3a6b6b690096315a4ca7d334ad67bbcac2253dc18531cd8f479bb8e20fccc0e020f

/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

MD5 5e753f7254376357e7d8d02605327985
SHA1 b1343e6f531a5930ce4deabf29602957f55cceed
SHA256 8752cf64c4560458f88843ae50ad6850f84eaa488a237cffa10211fc196e2d17
SHA512 05fa91bf1a6a0c77595cf96048a258ed68e93b7354f24b151e9bb75c1522270e61cf729da7b5a52d7ffedff33f0e677610d6d4b1c9cb98a77280a07ade0bfcb0

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x64-20240624-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x64-arm64-20240624-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240624-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-20240624-en

Max time network

155s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240910-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 142.250.178.4:80 tcp
GB 142.250.200.35:80 tcp
GB 142.250.178.4:443 tcp
GB 142.250.200.34:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240910-en

Max time network

161s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.228:80 tcp
GB 216.58.204.67:80 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-arm64-20240624-en

Max time kernel

7s

Max time network

135s

Command Line

com.skymobi.pay.wxplugin

Signatures

N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-20240910-en

Max time network

156s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-arm64-20240910-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.33:443 tcp
GB 142.250.200.1:443 tcp
US 216.239.32.223:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x86-arm-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-arm64-20240910-en

Max time network

162s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 216.239.36.223:443 tcp
US 216.239.36.223:443 tcp
GB 142.250.200.1:443 tcp
GB 216.58.212.193:443 tcp
US 216.239.36.223:443 tcp
US 216.239.36.223:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-arm64-20240910-en

Max time network

146s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 216.239.36.223:443 tcp
US 216.239.36.223:443 tcp
BE 142.251.5.188:5228 tcp
US 216.239.36.223:443 tcp
GB 216.58.212.226:443 tcp
GB 142.250.178.2:443 tcp
GB 172.217.16.230:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.1:443 tcp
GB 142.250.187.225:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.187.202:443 mdh-pa.googleapis.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x64-20240624-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x64-arm64-20240910-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-arm64-20240624-en

Max time network

135s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-20240624-en

Max time network

159s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:30

Platform

android-x86-arm-20240910-en

Max time network

16s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240910-en

Max time kernel

6s

Max time network

163s

Command Line

com.skymobi.pay.wxplugin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-20240910-en

Max time kernel

6s

Max time network

163s

Command Line

com.skymobi.pay.wxplugin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x64-20240910-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-10-16 05:30

Reported

2024-10-16 05:33

Platform

android-x86-arm-20240910-en

Max time network

152s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A