Malware Analysis Report

2025-08-11 07:08

Sample ID 241017-sgsdjsvhnm
Target 527473de054d2338803b9e138cd89d5b_JaffaCakes118
SHA256 fa81a8e0e91b5a4b75107ddfb093763d5f0fa8d44beeecaf6db65eddb05ec37d
Tags
banker discovery impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fa81a8e0e91b5a4b75107ddfb093763d5f0fa8d44beeecaf6db65eddb05ec37d

Threat Level: Shows suspicious behavior

The file 527473de054d2338803b9e138cd89d5b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery impact

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 15:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 15:06

Reported

2024-10-17 15:08

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

131s

Command Line

com.longyou.haitunpay

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.longyou.haitunpay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 disan.xboyy.com udp
US 1.1.1.1:53 pc.2018kk.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:443 hmma.baidu.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/backups/system/.confd-journal

MD5 c47db8466fc6965f2a6dd1b4ca60c4e2
SHA1 e46dd9311fde225a6c9d718565f8a64e83c66996
SHA256 d0343a7659e98960880faa9b75eff2a5034525033785627a576c865beae4a6ec
SHA512 3703d3e080d5f61255245b67e43d4b08c0a29b5fcccb016ee7f633b66f0407f0170edacb1801055dc5bb65107c1e1890584d55c8cad2795b602a5750a9792e96

/storage/emulated/0/backups/system/.confd

MD5 048c73f536f234f0ad0d2fa8bdbda899
SHA1 dba2e666721e0b0988807b8bb3ce0452dad3448c
SHA256 f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07
SHA512 6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

/storage/emulated/0/backups/system/.confd-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/backups/system/.confd-wal

MD5 0487c2b314c109009e9beb3f018afadc
SHA1 556217b8d30edb17b4525d1f097064362a87531f
SHA256 79d64ebd47826f1501ef8c87e0c7fbee61e4386ed51eba9b852ff3e854f01843
SHA512 8fcf45a8d4f102399d03362fd1e7d68d16f85031df4edca0825a449e7e10eb9f142383333420af1178ea8cf3a879a0e9963cbb5fd3c631b0f075ead58c182aa3

/data/data/com.longyou.haitunpay/files/libcuid.so

MD5 f59aa3cb42a2e3b553c470925abb675d
SHA1 4b2e7f3241adb9b24d2a7cf6ed62669f0a7b7c9e
SHA256 ce84cbd635cb02680cd55cd64968869790328535783907df1d8fa2503ae38d74
SHA512 ef99447add21ff2619c1d9ecb4121a4a1f3c2b506daaede81f41dce8ec64ad3489837ee5f465d81bd36e3246fe9020b0aceb41ffb670ad6fa461073b81830677

/storage/emulated/0/backups/.SystemConfig/.cuid

MD5 9ae6cf845012394657e1621f5edced5f
SHA1 56609945a588e6c7463464b5a893eb07381a457e
SHA256 085fec3455858a3680856755ea658d663b2ffb09eef3cc662b8a3356042ce4e1
SHA512 79e3326069d05731828c543afa6b24fc8c7974cd365228fbd9969a3163b2963d003e259826820fe7a47b38a1e39840723c3ba902c9e570ed7d30384bdfe1baf8

/storage/emulated/0/backups/system/.timestamp

MD5 81f527f6e42341dd126ab862049d3d01
SHA1 924bcf46355f701f075ebb2c8c68b6bc9f86f81b
SHA256 6eb0e035ab4b12518a84b45ae2a888fcf7d84fdad1e7df76d8fe9c6f7e9c97e1
SHA512 6fbfa1d7ec524f5f1529ae3611217c5e0e9384dae39d4d55b96b93f05f9f467d7145c549367170c8959ea26f83a45618ae181082b884184a66bfd08cb5aeca6b

/data/data/com.longyou.haitunpay/files/__local_stat_cache.json

MD5 ac7479cdfb27f54d3220d26c1a1c370f
SHA1 2e0f850d0c228e784ced6cf6926dd6b401a8846c
SHA256 233d301cdef6f0172819227b5f832e875d5069fc6bc729ceabd61f0c0746673b
SHA512 7b1d6d7ccc3e7c5176e738bf04f5af103c2c43abd6820a6505b3c1893dc0fa4061c0b7ec967c9ce028df5cb9c03a0185ec678711a99ef24dd982389981901497

/data/data/com.longyou.haitunpay/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.longyou.haitunpay/files/__send_data_1729177579118

MD5 f6d1883d43050dd860a307d4f8fae773
SHA1 4c0b96a9452573f043f8a3d62e0765a1cef5ff46
SHA256 000fbfd59ffe43bf4a20a193bc6b550f41fa55e15a73406e4704652afb33d475
SHA512 7323d6392c16c2810439cd56b814b32ed28ba83cd57b6e96e391c0defceb96cadf6a153402155d722361ea1c27a4b7d268f7d65becddc0df1583ad0f829e0e86

/storage/emulated/0/backups/system/.confd-wal

MD5 dcc309df0f85ad4c38db2cf7cfd39b63
SHA1 a1f9c3ab3ea50883e26e4e5ab4b61c02de75e8a1
SHA256 5634fefadad3fc59312e7dca2547483cfbbbb099c007a7aafcd0b9d70eb16211
SHA512 17866a7be8a44fd28fa11f828d16ee846c4f7f2d5355404e8aa8e5e11e0e2a8ee4da43985df72bf07937b6a8e12b9a6e6d60d435a584a68fec1b7ee79e6ce8e9

/storage/emulated/0/backups/system/.confd

MD5 20b4c5a4e7944c6575524b67929456e8
SHA1 8c00624e72d53734b11bbd36d92523e4d80ed5b1
SHA256 269e0fdb977c639320baa5a0f88db814d17c1058fe5aaffdfb723764e5029f69
SHA512 c4d54bdd070a8c6b8e8be330700b75c278cbebe6f2325337dbd958b2604b81f9d23e27a537352abf1c628e35a88818efa0c37b6b796b16619754db62f9481cfa

/storage/emulated/0/backups/system/.confd-wal

MD5 a375b415103e85ba5ef68b7a844d1e63
SHA1 2347d88d52aaeb8d0695a6956637214c875cdb47
SHA256 9e8f8ae16fb8d243d01f9fc9b3885557975c5964e9b98163ea7adc2caa91f6f4
SHA512 fb922b88833151d4e86ca0b34b2001e3bf99cbc0c6db5fbddcb05cf9dc152ff080ef00e6eff383313cb270fb5dcc3164dab2f1333140bacaf34c7cb17cb6820c

/storage/emulated/0/backups/system/.confd

MD5 17b1f5fc1800c9e4c3e856541e0040b7
SHA1 14d72e27d470507e35e8bcec643c901f3663e6e1
SHA256 f181d91574b68307e877d51f9ac9820601bef527eca3e3362df9d44191c59b05
SHA512 39f2f755702757b2c03fc9b0d5a6bbbb9c81159dbb50eef306e41d72319e1538cabf8b71ad3a508df5115c8dca5c7a1a83e948287d037343a645c337ff0be6ba

/storage/emulated/0/backups/system/.timestamp

MD5 2ff6c4624541ef5e182cdd46e3a926a8
SHA1 b41394443e072fa4391e074b5a98291799f5c06f
SHA256 0ff36d7e23c7d5d030585a06e8b216c87848cf44db63860840882e082e6c5763
SHA512 5e13a8641f4211142e8434e5f41be04e491dd9cc598eb953d2cadf8836702f09016f96746c005aafc80bf0a1002620fa8654f9cf5624dc3de7559bcb67ed21fa

/storage/emulated/0/backups/system/.confd-wal

MD5 f37186a1191bfb923995445f72596162
SHA1 b50016f6a1fe1308888b2cd1252e112c11426e4b
SHA256 730c1e21981cfd47b2b006cd5c99946cf6112309b9f88b5807e65b44c9f429a6
SHA512 adec52e400ae4a2446ac75acdc5dab220df046d3ec528f5983871381f6e0adbc20d84d5f35143ac044bc631b1903091fc1cc0ccfacd40df1a517bbb640572b82

/storage/emulated/0/backups/system/.confd

MD5 5359881f99361887ab6818198ede58d3
SHA1 2859ff9aeb34cac1007652d4f8ff79595867f518
SHA256 5658c4e68723864e5aaddc4d926d7a3076c18f88b9148e2e07cdc123e7203150
SHA512 b4f16a9554ccb50fe19eb48a80e4d8d5ce665afd903b02f79cc5c713058c09bac0d73350e7009cf113cc121139bebbb6d592b05bc412eaa07e812e9b402390ac

/storage/emulated/0/backups/system/.timestamp

MD5 80a308c6a6c2c91ad4445d2bb5e8bc52
SHA1 660fe2c01774f12a972b16b5997a457c2a511941
SHA256 8cbf729cb4ac7155d64f1852d348d3071c60761af1df9ad5c48e37cfc072dace
SHA512 4fa77325719ed53f79fb86d57781c2e09c6e43fa4e3f7db4de12db6f0526f2882eaad5aaf03516de53028e525d4cfa1c595748c95cf14e4cf0ac6b59c443997c

/storage/emulated/0/backups/system/.confd-wal

MD5 19c9a9b9b4bceec2b59c3d1d3439e87e
SHA1 1e4218d7968862e82a86baacabbe0bb4e32cee5e
SHA256 38126be562d7398d9da20b7241b727de8cac6448fe2a82ff8f5181a99eed39e0
SHA512 b2cebac3a6c0011e4b76c1932e0e0588e8cb74b9e96d0b9a6622817dd3e8d3e0d03413c510b359e82a48bfcc0d3f170f2e2c49dd115dee2d03c418077fbe835d

/storage/emulated/0/backups/system/.confd

MD5 1f899373c07adb372df01d5a421fc29a
SHA1 213df324f60ad70431a2bfaa82aeffce2ff61b3a
SHA256 10103c8f8999a755bdaea0d5d4e1950173c16b4d4a17fecf3279227cc3439827
SHA512 5fce6bd52d3551d62db1db28f04b058f337a0250bd0ec88a45fdcc294a64f818236b9dc3b6951159f490c360354efd0ebaa7cbbb62b10ae72addf1d96ad1ed2c

/storage/emulated/0/backups/system/.confd-wal

MD5 95d9d091b8020b66371b8034300392e0
SHA1 b2ca62690213a8c773223b2074e91c2c71335814
SHA256 04e8d56229aa56bcc574cfcdb80d635d02d75c9dbde9773efdf5e2f181a3a1ab
SHA512 6f02379117c8f6ec29c387a53ffbf509241c3e459d50200c1146827d91f0bb0d80e228560c4beb36064abcbce3604eebc6e3247e1bae16e5fca52185f7d217cc

/storage/emulated/0/backups/system/.timestamp

MD5 c6794756f0a09de03f6dfa2343aaa2ce
SHA1 9df060c086bdbf42b1f6e8bfa9998fb7b03700a4
SHA256 29c4efbcf52286763b80c2ac645ca7c07e327175e4d28d9d2a0ae32fa7e5d8a8
SHA512 eb73e41f5b4231316d2c58ea99cc2543f935bf681c5a23c90f7bebf175f89fb18f79ed56ce3b7a68dabdc7d8a4ac6bd58eae6c68213fb7ad1b6b03af6425b19e

/storage/emulated/0/backups/system/.confd-wal

MD5 f873ee4943b9b558b578d78dbe80c5e3
SHA1 e359efafe1bd15755e6e3f1674cc336045645102
SHA256 1b7fc447d49bac98dd97bb520558a4e6a6ed3127b4897da759e4a037c9d21e00
SHA512 2c67322057804515943dc1c2798fa598294aa17ef1a082e964ce3aa8d54166b6192e23392b86d0dfd31a5546c83771f95add9708c84444c55e32f5c0629a512e

/storage/emulated/0/backups/system/.confd-wal

MD5 742a50b84f02d37d93ecd993b8dd8330
SHA1 b002ec4a6ef8a2f985a952afb514dc38c19b64df
SHA256 b156446bd9738aa7f1e68f1ed8b3056e996ba4482fc57afb95e1749175dbc3eb
SHA512 199659e6503410a4de74b2f0d0f5eb6a2a1665efdd2cc7fbfa70d7d3858b1d3c615ad97f9a685ce6b1b320b4078f93f5633657d99a1d479bf935406d87141b72

/storage/emulated/0/backups/system/.timestamp

MD5 05a1066435e406492c663edf937472fa
SHA1 1301814a6db6e664235f2f6f30a9a3997dc7803d
SHA256 7e700a49de2843f0b939641cc9f0eb9d714608ca849c042806d5faf98a9a6e89
SHA512 59931d2c1cfb94e8d60746607ab19cf5ab09337abf8e552c84197132d3b731738b60039ccbac655d2f6d3a58213ff8a4283dba39b325551d5ef3fb693bb63725

/data/data/com.longyou.haitunpay/files/__local_last_session.json

MD5 f1c3deb3387875207e871059ef7b666a
SHA1 b485a7c323a02fcbe5d9dfca54201c469e93723d
SHA256 f3e65740d59a4b66998fc5c1b5efbb0a00eb0f7e6700e7e31a44cb406469a03b
SHA512 c0973aee92dd6a0bb05a8db0e0eec6098fb0264a310991c1bda06935da39690583711c6174f75570152509d2779d11c06d979d8057253962f632132a3f9a3c08

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 15:06

Reported

2024-10-17 15:08

Platform

android-x64-20240624-en

Max time kernel

148s

Max time network

157s

Command Line

com.longyou.haitunpay

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.longyou.haitunpay

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 disan.xboyy.com udp
US 1.1.1.1:53 pc.2018kk.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:443 hmma.baidu.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.longyou.haitunpay/files/libcuid.so

MD5 84407dbf3d444ba0554d00186fb17e88
SHA1 3834c8603d96f37e441724b4a889a7f5466a3b44
SHA256 4ab7e786456b51091dd048f75376331f58428506dfe21141a01f53a0bdd92c8a
SHA512 ada062a1cdd27f99d15254ca28976aea692dc67c4e7b3c9aedd9aa6b3e7e2127ac0cec5981ca865a937938fa2ab5a48f18626fe14e0e3015db42bf2950c3a215

/storage/emulated/0/backups/system/.confd-journal

MD5 926a25521b84aec281ba6d513ddaf0c5
SHA1 87d53cc9c7f5db2945ed501427c21895b463cc0b
SHA256 a7954aa4df1c6890747a137331431414f2ec60ac4c28d8878fb521cd2ddca832
SHA512 97c6cc7196dbbf5eddc6f5db6c2b7a5bf053a6d5072c21a947ff0877682c8158471fa5d42490fc4614374d602147a375420c225b4a4abb07ad6b400ad0be0a91

/storage/emulated/0/backups/system/.confd

MD5 826d5e706922799591873ad10d261b23
SHA1 01d46a29ea4a338669f7753a50a19d6ab54f5c4e
SHA256 2418a7e344c022770996b8db13d3bb83ab784ad167c1c1f40f2689a4c2c30028
SHA512 1b143edc7b49f7289fd3e7a52ee0a90c72bbdc8fda7825b3d854f94232528e6c8f920470ae7552881a32c3f4f2275e670e4836f3bface35fd3150edfb1c3e815

/storage/emulated/0/backups/system/.confd-journal

MD5 bd1a0173ea7aacc0b85e2a3dcfa4191f
SHA1 0dbd0f6b9537fd7186be78073c6edbf061de183f
SHA256 5ff6a2743868f79a6413273cc048148d07bb144544c051dee4834a600bc688ff
SHA512 28430b45ed73cf3cb2bc6deda253e6255b3341c051e7965077e7ca13167606eed5b83d27da694befe5894569d03a4a4aab174c5c5e0918fa55986b534eb84a69

/storage/emulated/0/backups/system/.confd-journal

MD5 0685e552412d1e179b01bf24ba88a097
SHA1 193c2c07e8de51c6bc4a59831f492d5f0493e54b
SHA256 0c428a2c6f69485ecb055af3986ddeb664944e7046ee776ba37b0e06bbd59d92
SHA512 3ed8ff83e58c67f94b05ed2f7e3651f726d518a566e4d425686ebe9e7e335e294d562ae15ac4af5e93c046a7c2190ec58165ac90c46523e1963efc9092ba08d0

/storage/emulated/0/backups/system/.confd-journal

MD5 957a0328d754e6030d586dbbeb5790cf
SHA1 d0271d0ae4c064ca8a4b64f4d0f35443b62a5221
SHA256 755988402a0e4f24e193e7c43d86019f170233a187b06b9693b81bc82f5535a1
SHA512 2ae103202f7ee19baee542c30523639f59514d47f43cb0d56e721f4cc7903139b69e137816622039a339003007412ca6d1f2b6ad330fc01d2cb774c03dff7c8c

/data/data/com.longyou.haitunpay/files/__local_stat_cache.json

MD5 4b00fe9f1f5fb61e13d37d464df46e94
SHA1 b27e39626837f284c46c53b3c069524f8a2e9b24
SHA256 ac4d0c70b5322828b39cb01db688429517e021679e32e2095edbadc562be0a25
SHA512 6dee7e5e6a72c08ba94b24c442dbe73fe2259c7dd0d363c0bbbe6de2955f72126ac6e15b4d0619c0971cdb4adcd1f3c8f8a80f20d0d624332b51e24f08b2ac3c

/data/data/com.longyou.haitunpay/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.longyou.haitunpay/files/__send_data_1729177577971

MD5 4d59f62305c55e48b76623d206a17f5e
SHA1 5e90fae5d9b0823afcab1368c6040e871a183464
SHA256 0dd79ab3a9fc3127550aa21fa23011829b1b833f1c9473b10dde459f8e296486
SHA512 afbc02ebfb4af3ef03575f5f9ea296d396d3896096686c5c3f6ba1db37b947d68605713f3410dc194f2bb836fedb49ff4a27f152a82ba75126866a113c90fa35

/storage/emulated/0/backups/system/.timestamp

MD5 244af2cc5ff8455f6ddff8000850def6
SHA1 d65c2cd09168a0b0ea20667fbddcf3660c2ff82c
SHA256 ff205e37c790f143178dbeee91519ec73902c5a3d15ede8cef6fe9abe12d29a4
SHA512 4d7188c49e8b76318be6c8be4f71c69220d06111e005333aa4eb47063ec7e49a9d503fc4ea0a0aa029736b5c877624c82a10042cfe49c181a8c0ec3db37b27b4

/storage/emulated/0/backups/system/.confd-journal

MD5 527fd3d2c423c9765a183f5d6efcb6ad
SHA1 f7db2cbe372688758f8ab472903f033177d2ba5f
SHA256 1282eaeb25e9024432879f6645146c2f71c6c98c39506e54f0a94920ec9b34b7
SHA512 da9e2cab1bcbf08d9e770921a0660f7d0a6dfa8e982ee5bbc9af2269d9cbe7ca4d844c4cda7fe11749c752262f903f88fc75f71fc6b44aa89e444aad3a5e0921

/storage/emulated/0/backups/system/.confd

MD5 e833300dd2e1df29b95a9139e1e6bca1
SHA1 e0158acfa7495e2fc2bca567d0a4196c94d0ba9b
SHA256 67e386e6ca8398d959d3dbb45f5dc06f205c2cc4f68958d1e4fedfb5c423cae9
SHA512 4c14c4e57ed780de2e8a1e921ac090c4e84068552c47b6e260b47b84bfdbba047a7b84e1e6a77dc4b8ce7a934ef9cc7ce31bef72edf9b2c6493378c7210800b8

/storage/emulated/0/backups/system/.confd-journal

MD5 466fc3c9e2dd6a3cf189743671b9f047
SHA1 2da5bfe58eba233bc791e68bed008685cc80895b
SHA256 6cf6fd6055bec00c73009a34f73d10b6d19f08fa435474636474707bd3c9ed8b
SHA512 2947df1319c66b29cdb6830c30ea13940c49b120b1b65fb5d50c07405d99056008eb32c54fa91cb897072cd92980cd3b88d03aab0c757b440a2cf330be582114

/storage/emulated/0/backups/system/.confd

MD5 4795d93fc02cbb3efc1c0942a92e12c0
SHA1 9177b4762ac39bde72fa64bec5e82370f7b7e1a4
SHA256 7e6359508819458271d1b9c2856039f2cfbb587e4bbe3e0e388376368b8e2e52
SHA512 59d18c1c5b5f8d33d3c0fde92264b581c2b48acf80a289500c449c47f7a94859d5803dc306a55530063998b079a5297e4061a5c0dc0a8648c45fcf2028330c7f

/storage/emulated/0/backups/system/.timestamp

MD5 1c3c1e1fc4c4734ae172fdb88d7ad1ce
SHA1 d920b069606ce7389428b5bae03c4d06aea1ed71
SHA256 81a46ddaa6c2371c56bb80133b0311d9939b5561536a7668d86d5f087df45f42
SHA512 f5eda4b122b28df8ef66a6034943f24f425dbe4ba3c4031450b3088f95c86efd859bea3c3947ccd83034104083e6e257b4d25ec5ccfe567b4358abc378269682

/storage/emulated/0/backups/system/.confd

MD5 4bbd89a1ae21b0b0a0bb9db7535eb36b
SHA1 d1185045ff81d1f560e886f0a34791dd6685f38d
SHA256 1a0c140f4d4bf51d09449fefd34c36ef1da1ffd5939898a942bb0fe269246eff
SHA512 e0ddbf3503328dd187eedad62ac499a8139cc709033b3c475d3bc5bb51b23423997d46f5d58858352956e83ee497ee3d03bf549d1fcfaa87115db7dcb9087007

/storage/emulated/0/backups/system/.timestamp

MD5 91d8e69e5665a74637c7f8f9ea117dbd
SHA1 0bbee13991f597beeb846aefaf0f3620883a2ed1
SHA256 b5e42c0e2031843f9bbb9290e036d8361d949c6ab345a2c85dbe3d57f4da2d63
SHA512 2c2355c0f491fd5f4daa2295c6d4414dbe55deabf869620ac7019be16f596c83938d14842b8afa41aa3c4a506d17ef766df3cae12881f46057ceee28499303d7

/storage/emulated/0/backups/system/.confd

MD5 96008062c2a46f7455ef910c6b7a16da
SHA1 ad9af6707654003a7b557831fbdb8a99f8658cb7
SHA256 ef33cf88610ce1a143c3f3178ec3aff69720903902f646e3d3a80d404fa20b61
SHA512 1cbab748c53400f2645ec1f557776a0cc392154ff7dceb3a32d53b7687b35091061c11fcb0f021dc8012e9cf9268becd7670655c721fb2c0ee37eabd47bb4182

/storage/emulated/0/backups/system/.timestamp

MD5 f7c2d45632ffb86982fbf4a4a8a68f8d
SHA1 a8398a1f44b12134bc9c60103a0cc9d3fb1bacb3
SHA256 9caf697c2445c74a97cca6d19cb4bca235abc055fb2d4028321206ab5be8ceb6
SHA512 ea80995795f4fed53bd64981de1bb7b371f7eb1e6108dc0b21c5ee6b096313ca3a33bea1e2b9a4d64bfd3d4f5629226dc0b98db2a51a456dc102c2d56bb75d05

/storage/emulated/0/backups/system/.timestamp

MD5 f045c41d46f753c7e2d076a88aef433f
SHA1 725ce4f3e217086f8c109ade4cac6466502110e2
SHA256 cf4ef482532261b8ccea45f4dc12d100efac5a4b1d8b7e045a7f4cf097334d14
SHA512 4f9f5ad693c1d28096e5fc188a57e98b05847e9cf7159cea8daf1a418d24c5cb9516b0fe465d8da3baeea38486061103fb7bd3592c32dda4af46084897526ae2

/data/data/com.longyou.haitunpay/files/__local_last_session.json

MD5 d62234acb548f41d5f5aa290de40a234
SHA1 4052820b56d0a9c81390a5aea416deb01e7fd3b6
SHA256 7b014a3efad5aa2f6611f3e8c4041b4a49d51c0fc8782f6cb163e683f0bcf56e
SHA512 09a3ed23dd7198acec7258741a9bbd37d55e7c80238d91e5e0c8f34a0bf4ea3bbaf91ffc9aa6f88c5e446429010cf69a6c2b23e2beeed4df83ab9d65050426ed

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-17 15:06

Reported

2024-10-17 15:08

Platform

android-x64-arm64-20240624-en

Max time kernel

149s

Max time network

132s

Command Line

com.longyou.haitunpay

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.longyou.haitunpay

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 disan.xboyy.com udp
US 1.1.1.1:53 pc.2018kk.com udp
US 1.1.1.1:53 hmma.baidu.com udp
HK 103.235.46.195:443 hmma.baidu.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/user/0/com.longyou.haitunpay/files/libcuid.so

MD5 c80f07148df278f5342c8be24164d4cd
SHA1 1ca25db53fc3ecc0651ebb75bc4579efe2357843
SHA256 f3cfda51d3d3d338a16429bed62dbe141499d38c019fef7018c11f4f06280eef
SHA512 7392c700f86a436b1ce714c833e7aee3bc9e7af1de3a57f957152d5ed8dd526e40a26189e060015eacd4f9a77d12b1acf06358015c530f2fee9bf4cf40baf4dd

/storage/emulated/0/backups/system/.confd-journal

MD5 982058beeb8931fe69bc3a2a6a7bbfec
SHA1 bc939a8ce7d0e39785efb2bea2d684fa2dd4237a
SHA256 214d61e1a38c9d9cbfd99080c6143f8d67abf71568e225c1b1eceb56bb6927a0
SHA512 c6c21dcdbd831b05907de410058ef20dccb0c77f4c131b8e2f91dca6a9fe97a563f924b0030b444dbf4805842680af70fc9320d70d8b1f22a081c364a8dbec34

/storage/emulated/0/backups/system/.confd

MD5 9d73df871bac42a97c9c7fa5fce9dd46
SHA1 6c8cbbeb4e548aa27c2414025b80d4bb4d1b3882
SHA256 f28f2c419c15e644f68dfbd92fc222caa883e64c32ab6e0db7ae650098c84d4c
SHA512 600dbd8d41585116f1998df8cbf08ed66cdc25c9c590b55f6fa4065708bcfaf79bf631f67c74f40e5b17c98257304cf56956b1e14441abe9252e6982dbc0aaea

/storage/emulated/0/backups/system/.confd-journal

MD5 ec7ed56f3785d7f8634b1d13e3a7eaa8
SHA1 e63b711c4b44671d5213da7bbe5fdb6ddf0e9eac
SHA256 ba3ce24bf7da273eb093e34178e42c0d767565e074a2d5b1ac66792708bf414a
SHA512 f473d07d9c7b4104e5870ee6fbad2433d1549eb4841b9b0116dbb25153f5d47ec990cba1ee5041eabd019e32961283030006235afeaa97e3cbfa641f17491596

/data/user/0/com.longyou.haitunpay/files/__local_stat_cache.json

MD5 9f3cfcda7ed63ceca67fa4557ecbe2ed
SHA1 cb9c18a9cb0f93d9b40f47f86533564572b8c9e1
SHA256 8c8dfd53d36251c248f68240534ead52c2df5a15e48270e97707a71f3c054f24
SHA512 e41bc3613255a11cfa0563d0ffc0b81c099b1bc7856507a2084eec87418bc2f93f90eec58d96c11fe70b6ee69aeacbdcf9ab912fe889d8a6498eb8a94f26fbec

/data/user/0/com.longyou.haitunpay/files/__local_ap_info_cache.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/storage/emulated/0/backups/system/.confd-journal

MD5 4b41d47f94924370756b956ee87a4cb6
SHA1 73db3a7013b77eec2dfc718f4797e2b7f060b9dc
SHA256 dee37a100bdeecea2dec805b8b05735a39218d569677c99f07427fb3a3ae136e
SHA512 a3646c3def2caf81f9a4c95adff14d90c7bd2af6e20d44221e5a84946e0f89fb7c32dd3f4ad334b4445b5ba9f92b443e6de09f75030aef7451e6fcc751376fb8

/data/user/0/com.longyou.haitunpay/files/__send_data_1729177579741

MD5 0ee3270ffb9efd2a0d42aa25f997275b
SHA1 0e8d8d23cd9faf46e652b43df97593950915a1e5
SHA256 b84af7f643e2eb565611f58bd3ca8100d648a8849f9f545ffd0f99d102b21004
SHA512 1f832d22393278e308394b423260404033b9f31666cb89fe500757ad4cd45b0c0592c5ffe88ad3fbd9558fcd6bd5f5ac0e7f66cf288d9ce715bfbcba09811465

/storage/emulated/0/backups/system/.confd-journal

MD5 a8b8b086c066eab3f4019f5c3e5317fc
SHA1 6efbb372cee705eca02ce6357da470a26342201d
SHA256 0b9e3e1d7184677b80cdbf487a08465055da3098794d1ee2586b23796ec8e716
SHA512 d65326a31f4e7d740da742d1e019c48eae82da5111e01150458131e9d4e40d045376d1b691c83a42d92242bfdca55f10818bd4b65b7088e86b8e110e11aa218a

/storage/emulated/0/backups/system/.timestamp

MD5 daa2c424c637265b26b8b1b29198825f
SHA1 d536460828607aff57770ad94c12fe87d6a89342
SHA256 02d03172fd9ebca8056e398169de04a79c9b0396d5eea86637811e184104f1e4
SHA512 7cbb9953d7f92bc018e248fb3fbe847c72d0a46e18e850a391e0d5abb6e8a983b25b8e64b4347064d7c341d75e8b82eaed04cb5220b874773918d538ec00e010

/storage/emulated/0/backups/system/.confd-journal

MD5 fa62bea6d1eecfdb1b212384bdd3d619
SHA1 f7b0b8afcd56459b345261c09a5b60896151f042
SHA256 2b36b1ecc0dc0e70a3c1040c68d2e957112daedcf0740cb5e69b704a19d628b8
SHA512 c35b577fb3ad5b4619d02f42bdc06f7242df51f2bae0b23f8f1259659b63928da091388516de20933bae052efa697c49470291d4f6fd1bfeb803e79f747bf0fd

/storage/emulated/0/backups/system/.confd

MD5 5ba8172059b1385bd3c8fed16dd91543
SHA1 7a9abd5be7fa334a203359f5dc6f986460f124a9
SHA256 144b82e2730266a25c0e9b35f6f6c7420d9344d6386be59a30791a2bc455fa2b
SHA512 2c46d42453dc740b74b0d99c1de26d389db4e8829bdbcbae11489b934fcef281daab7a5e53c6ced0c997711d3d5d08b0006e3ddcbedd26bb4f68dcc97f51ab99

/storage/emulated/0/backups/system/.confd-journal

MD5 04772b9e7ef845970fec54addef530c3
SHA1 27ea50d7ac856d3467232606619db5965a49a0a3
SHA256 f0e4d6fd36571e12a78287db7e94b9ba4bebf071f0aa9459897fb746202c1931
SHA512 2900ef4e8971644f95048321843fe1dc06b9babe7e759accb03e0811794230f794afa19019f7f61cbab28d614b9d2e55635bef7fbd80f79cfec0af8179720329

/storage/emulated/0/backups/system/.confd

MD5 340df521cae74a112e097e8c060d0f6b
SHA1 0c9e864c8cce9bf6ddb88236d926cdcb84e3167b
SHA256 7ebc3102a73e9806d620cde27f4d4be482461a32cc0189a0f9acb6045b2112a5
SHA512 605d7b652b5c773f26725818ce7fb658ac59ce297dae99dd56e49ab6f6a3900bae7701cbcd6f5958939788196ee85d81adfb193852d158b94479327e5301a27d

/storage/emulated/0/backups/system/.timestamp

MD5 ba83092428642e9a9837777c281a5a4a
SHA1 c9e57b5319cec464aa1c63464102788dbf0b488c
SHA256 e86d8f5b614855a8eee8ea21260663b15cc100fc7b1c69196e341e5ad0f44af0
SHA512 246213b7dd99bda120af20b91ed0c2760006e5c9d854f4b777a999fd941e456608a2a0b995c60f67d4dd1ed13d0e0aa26492eeb930a2c3cbda50528a3fabb651

/storage/emulated/0/backups/system/.confd

MD5 d46c1be4b424db132ef5161f5780e0a1
SHA1 553de15019ca5d70df7bb5f1b3aefb83119237e7
SHA256 aa94bcf75478e236139305330c48f56fc7ab100e1c70bbb1b0c0ba5361e127a8
SHA512 22737d8e068ed801f3d30f692dac3d0304f93d2b3fccd761252202568829b89a909fb7ef1a6353c3840e62435c29b41a13cb8650efad526c71e0a960a3f6b403

/storage/emulated/0/backups/system/.timestamp

MD5 90280ad61b161ecce4d26ec4361791ab
SHA1 1f0700a48e761622e1b0a6513bc49d1e883065fd
SHA256 466fa04649875e8f871c6763cdc4953bfbea5965378a73413eb459d18283a287
SHA512 5cfb6ec2ccb58bc0df3e937cf5eaed567d884c1077fdfc7577cbce68451418359e26c47b7c14936b4728da7a0458c64cb2f8836429da09025f41de9cc0783c14

/storage/emulated/0/backups/system/.confd

MD5 67de4df9703eb2bbec9cd15f5521b2dc
SHA1 ae3505692807f286d7fc4b57a910e40fa255d646
SHA256 932e711044c4925aad31761abe4bd1c7d5cfbbd0e4aae68184b0714366df870e
SHA512 a13e5f20a8d233bd315d7285a6664ee0d146b50931d98c5626361923335cf459283ec2a3da0137a12d7f4dd062a6b148e2c73c17787b0438196e7a220c1540c2

/storage/emulated/0/backups/system/.timestamp

MD5 fdb940a7b5c94182fa7e02fea68ba876
SHA1 4d7b03d1275ac0e31d204bcd30f12fcb1fa85eda
SHA256 5bbd26f18bd0b269dc4fb12a6a3ecff26926e00bdaa9dc295e1f43e479c56d42
SHA512 f19cb5d46d8efb5c5cead25961413c2851e02108d2d332c4187a551c37713e4c64d1cb4efe24743e8df389eeddd120a1d5b31766ca2082b362eebd3e10085aa0

/data/user/0/com.longyou.haitunpay/files/__local_last_session.json

MD5 c6289af07391cddbf1326515f2202cac
SHA1 e506d5e152d8c2ff96aac1ced069867ed5e232c1
SHA256 b2c43900cbb3b07e8bf8f4dbe7a5cacfd55ec6254ec75ff265068287a6bf6029
SHA512 362835906768620bff5641fb13bedd45a69d686ac249b08fa8e21963b157e012cc41694f3b4eac7f88df1a4cfb4b627b48d969875232eb3b7e658e0cabc5c033

/storage/emulated/0/backups/system/.timestamp

MD5 c6c0e52324ab435c8c35ff238473a061
SHA1 efb9784a585e06d6651dc3acf66657429027a335
SHA256 fc8eb9a55badd5923e87227e28f066c625ac4af82330300c8cf2dc6c8363f830
SHA512 33ec2dbb65417adbc92207d97680984a7ab620eb91602235fb92dc9fe4ef3e2a33a723750155f3831aba13289880bdc6b17d51bb361a64609e0dee8fcc98af99