Malware Analysis Report

2025-08-11 07:09

Sample ID 241017-qnae7sseqq
Target 52354a200ce30fb3090681a62757be30_JaffaCakes118
SHA256 0002604f9aa167ee58757e61d3cbbd1052c71e57d5258ed1f315f540a2feb3b5
Tags
persistence banker discovery evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0002604f9aa167ee58757e61d3cbbd1052c71e57d5258ed1f315f540a2feb3b5

Threat Level: Likely malicious

The file 52354a200ce30fb3090681a62757be30_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

persistence banker discovery evasion

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 13:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:24

Platform

android-x64-20240910-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

148s

Command Line

com.skymobi.pay.wxplugin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x86-arm-20240910-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.179.228:80 tcp
GB 216.58.204.67:80 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-20240624-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-arm64-20240910-en

Max time network

159s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 216.58.213.10:443 tcp
GB 216.58.201.97:443 tcp
GB 172.217.169.65:443 tcp
US 216.239.38.223:443 tcp
US 216.239.38.223:443 tcp
GB 216.58.213.10:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x86-arm-20240624-en

Max time network

149s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-20240910-en

Max time network

155s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 216.58.201.98:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-arm64-20240624-en

Max time network

134s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:24

Platform

android-x64-arm64-20240910-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 216.239.36.223:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x86-arm-20240910-en

Max time kernel

6s

Max time network

157s

Command Line

com.skymobi.pay.wxplugin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x86-arm-20240624-en

Max time kernel

26s

Max time network

143s

Command Line

uUcYa.MRSx.YaGiNfF

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar N/A N/A
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar N/A N/A
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip N/A N/A
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

uUcYa.MRSx.YaGiNfF

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/oat/x86/WkIrrol.odex --compiler-filter=quicken --class-loader-context=&

chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.data

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/data/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

MD5 0c2e19956411d8713c5e5f6d48c5f61d
SHA1 0452c731f9998952213187a199e949dc110f34b4
SHA256 4e1bccfbc5dced4cc24e4640573105b1d97e59b5fc23d5d8bbd1b136cedd22ec
SHA512 d985afe4a06e274175461cfc3af73a4a0cac0632c9bd47e22057c7739a7aee20e6a2daaf292e635a6adeda7214fadc3a9c39615f99b3cf99340d376848f5c372

/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

MD5 eccfaded8c2391e45d60188f4bf19d60
SHA1 c3bfa41bc912ba9dd6f623d86e722d84fa46c17f
SHA256 bed93afb93828d884106a47aa40971b879a5e63ecba267c9df53445dfcbe9d82
SHA512 f95cbb22270e4ea54c080d2b86eaf648592f889cf06b0996889f351e1991c20c96f34ba22676550b447e678af85713547f30667aa73757382dcb9199f45e1485

/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

MD5 7c5010549bad81bb14068dae5e2de47f
SHA1 84ae0f16756a173c8762b0c2c890db6b2f1c6d0e
SHA256 5ac746dd35fbb18a7f6f84c7180a2bb26c85cfb6f3946489b5a50015e768ec68
SHA512 0307195d8996ae081682d340b5db9504d261b382fe64fe4f59dde6fc2338d42edb9afddbb58f7c9b4b43957a98145bcf0b30ff1045b400ce1757692aa5123b77

/storage/emulated/0/Download/channel_conf

MD5 84650374b6526aeab39b489f2622673a
SHA1 7f8e6a153c28f94d7bcdab583678fc097d3fb37d
SHA256 b4e7329e133808103bcb5b336735976bc8548fef1e3f66f823733dcdf74df5bf
SHA512 60f6ec3ea7b42df365b103417f95561812bbcebdfae135d57d1aaeccede2c0bcef9624dc36acc2dcd92ddcd01fc848ba34915882c44c6d4748f4a31c4d09b789

/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.data

MD5 4fe57f0dbc1364a52f9616aca9623ee8
SHA1 d3fbaaafd79ff09ec88ad343e46258cfbda4139b
SHA256 c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49
SHA512 e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d

/data/data/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

MD5 e5c7a2493cfcc1b10a320783c64829ad
SHA1 5d5de62c4e6452edd09943657565f42dc8fc43c4
SHA256 d89d8625402783e416ea5225d1cece21136ccbe725a639f33ff1778971be3202
SHA512 c6dfee50d510bce6e413aaa2dc81849964ec80c90def49d993842c9cd0a8d2d53c90f348e21839402718ae971ed035ebfefcd0083973d850d44694a5897cb58a

/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

MD5 4345f43f2fc52fbe20e12b82d8e31bf0
SHA1 dcad5abd9cfc51d2f464fbb87785030502f9d6d5
SHA256 7cf51ec8e9adddbb737bc9cf487a7d4fb3d9f0a274a9c5e7ca785289736cd302
SHA512 c2b1ce1a623453eb35646daf1f794589974ed69510e1a8a0c956419217127290db1ca04a7cd1d0d338b4ab2156b2e9e4aa4f77d4d5a7e72be3b41c20e4a2e4f6

/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

MD5 7a641640f741fba907ae2cd40dcd6e7a
SHA1 4480dbc586c07a8ce2d08181e685db60639c768f
SHA256 6e788c4501f82820a6c4032f830eee7d4d3c7096092bfa31b466da83c3a4d3d3
SHA512 68c30f03b7a98de5e7d2b05d195981fd8dfbac87e1c601360b87e95d80046aac5bb36736b62985e3a62afb454098375e60d3714ee7eea2cd270082f864529ef4

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x86-arm-20240910-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-20240910-en

Max time network

158s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.226:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-arm64-20240624-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:24

Platform

android-x86-arm-20240910-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-arm64-20240910-en

Max time kernel

5s

Max time network

159s

Command Line

com.skymobi.pay.wxplugin

Signatures

N/A

Processes

com.skymobi.pay.wxplugin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.78:443 tcp
GB 172.217.169.33:443 tcp
GB 142.250.200.1:443 tcp
US 216.239.32.223:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 13:23

Reported

2024-10-17 13:26

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

140s

Command Line

uUcYa.MRSx.YaGiNfF

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar N/A N/A
N/A /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

uUcYa.MRSx.YaGiNfF

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 216.58.213.10:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
US 1.1.1.1:53 sb.niukk.com udp
US 1.1.1.1:53 android.51mrp.com udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

MD5 0c2e19956411d8713c5e5f6d48c5f61d
SHA1 0452c731f9998952213187a199e949dc110f34b4
SHA256 4e1bccfbc5dced4cc24e4640573105b1d97e59b5fc23d5d8bbd1b136cedd22ec
SHA512 d985afe4a06e274175461cfc3af73a4a0cac0632c9bd47e22057c7739a7aee20e6a2daaf292e635a6adeda7214fadc3a9c39615f99b3cf99340d376848f5c372

/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

MD5 eccfaded8c2391e45d60188f4bf19d60
SHA1 c3bfa41bc912ba9dd6f623d86e722d84fa46c17f
SHA256 bed93afb93828d884106a47aa40971b879a5e63ecba267c9df53445dfcbe9d82
SHA512 f95cbb22270e4ea54c080d2b86eaf648592f889cf06b0996889f351e1991c20c96f34ba22676550b447e678af85713547f30667aa73757382dcb9199f45e1485

/storage/emulated/0/Download/channel_conf

MD5 84650374b6526aeab39b489f2622673a
SHA1 7f8e6a153c28f94d7bcdab583678fc097d3fb37d
SHA256 b4e7329e133808103bcb5b336735976bc8548fef1e3f66f823733dcdf74df5bf
SHA512 60f6ec3ea7b42df365b103417f95561812bbcebdfae135d57d1aaeccede2c0bcef9624dc36acc2dcd92ddcd01fc848ba34915882c44c6d4748f4a31c4d09b789

/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.data

MD5 4fe57f0dbc1364a52f9616aca9623ee8
SHA1 d3fbaaafd79ff09ec88ad343e46258cfbda4139b
SHA256 c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49
SHA512 e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d

/data/data/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

MD5 e5c7a2493cfcc1b10a320783c64829ad
SHA1 5d5de62c4e6452edd09943657565f42dc8fc43c4
SHA256 d89d8625402783e416ea5225d1cece21136ccbe725a639f33ff1778971be3202
SHA512 c6dfee50d510bce6e413aaa2dc81849964ec80c90def49d993842c9cd0a8d2d53c90f348e21839402718ae971ed035ebfefcd0083973d850d44694a5897cb58a

/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

MD5 4345f43f2fc52fbe20e12b82d8e31bf0
SHA1 dcad5abd9cfc51d2f464fbb87785030502f9d6d5
SHA256 7cf51ec8e9adddbb737bc9cf487a7d4fb3d9f0a274a9c5e7ca785289736cd302
SHA512 c2b1ce1a623453eb35646daf1f794589974ed69510e1a8a0c956419217127290db1ca04a7cd1d0d338b4ab2156b2e9e4aa4f77d4d5a7e72be3b41c20e4a2e4f6