Analysis Overview
SHA256
f97141d8d2262d927c34db678fdaf9ff6960c264e715bedbafac7f783d7499ea
Threat Level: Shows suspicious behavior
The file 8cceef6859cdee6be42adbd542de77db_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests cell location
Loads dropped Dex/Jar
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries the phone number (MSISDN for GSM devices)
Queries information about active data network
Reads information about phone network operator.
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 18:08
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x86-arm-20240624-en
Max time kernel
122s
Max time network
133s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/ncache/afeq34u312.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.swanfly.lobdwjyx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | csapi.adfeiwo.com | udp |
| CN | 42.120.63.167:9006 | tcp | |
| US | 1.1.1.1:53 | zp.veegao.com | udp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| US | 1.1.1.1:53 | zp.veegao.com | udp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
Files
/storage/emulated/0/Android/data/code/ljk.dat
| MD5 | 2b53b6b030d7bdb5da6ea0d501b6a165 |
| SHA1 | fa4e9e8d724d91963a3fa3def11790559cac11c1 |
| SHA256 | d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc |
| SHA512 | dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128 |
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | ce8bb67556e0b26dc28ecaae54476bb4 |
| SHA1 | 8adc1899753a24d2028959a63a1e9ef98d5fd91a |
| SHA256 | eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827 |
| SHA512 | d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea |
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | 12719079037e160d993cbc122cef5ee2 |
| SHA1 | 260a575f54b79624ae822b4caffe5bc25977ba49 |
| SHA256 | 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51 |
| SHA512 | 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17 |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | 51ba78c29e880574f95603a30c6759f1 |
| SHA1 | 473edef891b4e021bca043b6355d6c964dbbad50 |
| SHA256 | b7bb6a05374458363bb7be8be137a6b1f20e78dd9a3c83361de0dfeba67f0ea1 |
| SHA512 | 2c336ba46dd6c7bed37d3e1cb71db416338e36fbd78ea72475ce58823c5e9ae927ab1c89fa5a2345cbe367e60e0609e6494ed9b83f4e817e8261fe3f0213c061 |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads
| MD5 | f5caecd4d0feba797eb54a06f01c1012 |
| SHA1 | 7671a267afb8fe5fdd28a8eade9aa9d5aeec711a |
| SHA256 | 8221cedc03b2457c8800965a5001f084511e3ef0cc6e7cf63ffe235330dbfedc |
| SHA512 | 83f7973b709da245b82e57ac6266f3f72e6c6a6fcb8704d5b134a8c323e0d9634e72364dc69838e5a409a59ad16bd81ba1dc684c4ebefa5192816adcff1ca8de |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-wal
| MD5 | 55220d48b28e29e0451f0689e2b07b6a |
| SHA1 | cf71244f1b5807234fa903915c8538248424f86e |
| SHA256 | 65f44c8e1d007fea33846c243889698c96054cb9255a75a79e990028d4d75435 |
| SHA512 | 55e20571b11c538ed3b2d24dd3b2fe09641756f860a5e7458a2f8bfdac4f0b6caf60c9522c77f3648d159293e8625a1768d79b86c94a45307593ddbb32f4a641 |
/storage/emulated/0/Android/data/code/.vapp.dat
| MD5 | 741fd87a8a9ba8eae387dabd17f907d4 |
| SHA1 | 1c80ab063ff2b308120d7e4bd1d68423153c3ca2 |
| SHA256 | 674bc5f6f6362bd5bc2096c182729803f5fc631101f6ea681b35ac0370509cc0 |
| SHA512 | 8187cb51753fdf114ce53943f8513934c1e2d4f6c16553f1e12b93343b04dbf56efecde1a88f9fb4082ce983058b1f9069675ee7c04f719f0db2c6160aeb87dd |
/storage/emulated/0/Download/vgp/clearT.dat
| MD5 | c95cfb0ad189b04c48ad9ac77e629a61 |
| SHA1 | eddebc3401997d53ea90370512138be287dbf024 |
| SHA256 | d14db32e91db77655b327f136d839db837e5235b47d33adbebc5fb2b1ac0f264 |
| SHA512 | f83d3b91b08155692b76bd5f2d4e075c84612738b0a491f130dbd73ef5d2a44402f64de08fa31e22e27376f38103574e7d20d47ae43f5e5bea678ef4fc545fc6 |
/storage/emulated/0/Download/cp/time.dat
| MD5 | 39f3ef1737f6ba2485a4b2b68bdaefd8 |
| SHA1 | 14c4db5d40606f6aa59062686d6171a46f0391b0 |
| SHA256 | 5c48f84b438c21cbd530e73fac331bf2c82ee878cf965d33fedc1a9e1a189504 |
| SHA512 | 8c296a2d3311451eafe9313d93c6ae96a384428d253044347a543120b5c0d549bc10b65a204e46e4d23c3bad0aa6e7a36b1ae342b2de67e3d61a28850a934ded |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | 29bba90518c9921fc34856dda8803989 |
| SHA1 | 6bcdd8a45f795350f8ff7af7478c8d4508371e4c |
| SHA256 | 683bf8f66b4c6910268e7014ffbf8e4103123f15f230853a1d4d2fdc9fd22ba9 |
| SHA512 | ffd12b9ea61a46e3fadbedfb706b1b3b3c0e379f5ee7afb4135ca0a1454ef123caa7136be19994c4851a6ade86f748b85583057c3fa3d0bb1775e34f98c01f7b |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads
| MD5 | c24ad6a897ed9afc6f6a525c81572db1 |
| SHA1 | b907b6a07dbe7b88e1be3cf6c50096703a1b58b9 |
| SHA256 | ebb371bc7e91e49add5517321d6c7f02dc4638e6c0b9c51f57ac03e92f036762 |
| SHA512 | fc5d5a66f1ecceb52f034443f1bcfc738f5871436bf6dfe2e568bc2dc2e40a37f61042317261fa1a4d8dcc577d78b95123970e4f8d5aa199be732ed23229bc1c |
/data/data/com.swanfly.lobdwjyx/app_jc/tc.jar
| MD5 | 4c04c839c4c1663e740e6b9a6f2b6938 |
| SHA1 | 727f1d98bcf6619fea747d1e0e1744c8a79b04d7 |
| SHA256 | a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e |
| SHA512 | 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-wal
| MD5 | 7371e4fc75a4b42e376110b1b72415fc |
| SHA1 | 910d4cdc98f297684c9219a983130c1c99e7e97e |
| SHA256 | a89755ff7684eefbf9f55c3afcc81aabbcd11c6ce13ac51a78095e9c2397c2bc |
| SHA512 | 4e06fde16c8e927ad20234e27b304fd7b4995f573bfe5fa5fe8751dcaa5d2e62bfdee38469c8ad12e7d85caa0e820f84a652c954f62b31bba308c0ae0977b375 |
/data/data/com.swanfly.lobdwjyx/app_jc/dc.jar
| MD5 | 17e76adc46244c2eb8240f6fa60ea08f |
| SHA1 | 1b3f04099dbfaffd44b175f2c70443d64652c02c |
| SHA256 | 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e |
| SHA512 | 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | 8a9c2992813d5b3a2493607e78c2f744 |
| SHA1 | 1c04b3c3dd7ecfc45dffbaa47eb3b54b58644ca7 |
| SHA256 | a7ec3aab56304d19e034371dd1803b0858402f0c1834cbc2de426dcb7ee8a575 |
| SHA512 | d7341238e1d7a8032a7cd174554c067a9fd90343847b1d238ca33a6e5a5025929e94c0510b4c7703e59b793adf6f9e2507fabced51489e6540649853412d9dbb |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads
| MD5 | 2750adac9317748db4174d805e7dbf27 |
| SHA1 | 88df93ab99971a0aab9d9b16f309a0109d72c3ef |
| SHA256 | 0da0ffda3419a83ddd919ba7605d052aa267961f9cb6cd4f14ad15e1e4c92f22 |
| SHA512 | b7895578ce975ce0a9416fcc403547afe873bc52519667a0c441e6f16c32a8bbbbfd5111b3a22e1ee5a9d32070c03bc6a4037bb4d85fc8b289ffd0c5944a4945 |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads-wal
| MD5 | 6744f7773cba4d59a3670f4ce894565b |
| SHA1 | 0952ff3ebca616ec4bb2543036d3e6f857d0332a |
| SHA256 | cded3e1624f69e9ba93cfe4e9633a35ebbe1f588ae99ab742d39f02cf440eed6 |
| SHA512 | d8cde83ef7b02be5b3f111a9a0f4b4fb2e96eee80bd0819c4e89ad1f49da1c7e76088c68e2a79c9794f3af38fbc714d254180c2dfcc465f1cac08589ed149dcd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x64-20240624-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/ncache/afeq34u312.jar | N/A | N/A |
| N/A | /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar | N/A | N/A |
| N/A | /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.swanfly.lobdwjyx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | csapi.adfeiwo.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| US | 1.1.1.1:53 | zp.veegao.com | udp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| US | 1.1.1.1:53 | ad.92mh.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
Files
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | ce8bb67556e0b26dc28ecaae54476bb4 |
| SHA1 | 8adc1899753a24d2028959a63a1e9ef98d5fd91a |
| SHA256 | eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827 |
| SHA512 | d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea |
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | 12719079037e160d993cbc122cef5ee2 |
| SHA1 | 260a575f54b79624ae822b4caffe5bc25977ba49 |
| SHA256 | 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51 |
| SHA512 | 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17 |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | 73b3452db36f2ce1e3fe9732c1a90986 |
| SHA1 | 638cb89e37b371a589ecd54972631936cc5d1222 |
| SHA256 | 7ffec3aa229b426d5bd29a7e6ec76337e247413cae98230f5b1d4684d06fbaf2 |
| SHA512 | 114ab3b526fd30b80962464535b907d522544251e66ff5076f2c4440ce97009dc5834ec09255f7a5ffc2766ac69fd23cfb0f3e9c3e1eedb8c45cd7031cd8d44b |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads
| MD5 | 9337adc71beac340e3e77473f69535b1 |
| SHA1 | 3d5fddf046af5edbe15a2b7df1fff12aa65fd461 |
| SHA256 | bd4279c5600507ebc3b9ddea96bbbfdb59d171b46aa94c033954c89488548fe3 |
| SHA512 | acfe24c9f945f02074a37173a0ca7d3598c0393ea8c016b573bc4d408cd8bd7582fd91fac7a292c2d3cd12cfb399946d3af8a4c4dfec36c2f0ccd34a37e424dc |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | d6966c34373069944c0854d272c23a7d |
| SHA1 | 73e8f00f2760b1f308136b3f123ee6a64ee9b991 |
| SHA256 | c1e1397eadd8187f776bf2060cfa80b11562b590578c51b3dcc91404473e7b50 |
| SHA512 | 73b717683f7ca3a83147b60e1ac0866ab44d66bc4b4403708fb99f9c55abc7235016aa11ec2dcec335e04450adf70eb6b616ceda88a6fdc962f5dc57e5fe3e93 |
/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | c0e6ae85baf4826164a1c892e701eaea |
| SHA1 | e334685a4f8cf111ae0260c2d500684f4f50d943 |
| SHA256 | 6ee789b4d55fa74a6b6a55183bedb408ad6ea2aac4d0a4127ea28814f60cd18c |
| SHA512 | dd2b5d6961f89ec49af0af4274e462dce027ac2c1f87f6675d40472b1ae569ba8ee1e01a5c3d65096f1da0cd9c9a74205c11ad72a8d9e664c6e4a5149b393e04 |
/storage/emulated/0/Android/data/code/.vapp.dat
| MD5 | 85cc7fd869a82010dc886fcda0c2458d |
| SHA1 | 4e629d76d14a72379bc7b8ba60cb6a2799e054fa |
| SHA256 | 82aa478a713500d13b9734ee26c359e7bf9198209eee87f9fc4b3cce34939e01 |
| SHA512 | b2947f82e5010f75cb26213f541c6f86c09d46bd059fc4f94fa9fdf1df42b03d6fbd897ce1247af0d2278771b2e0e0abfe3b25ea1280e714442b83cb4c9bf3ec |
/storage/emulated/0/Download/vgp/clearT.dat
| MD5 | c3e7642b31696b39a582cad83cc459af |
| SHA1 | 962e157c96db5d0ba203f0daae88be3ee4a88c98 |
| SHA256 | 2ac74ee07f3a351d52e4ace5ee316368178233ca610b51ef2b3dd28af44a72be |
| SHA512 | a915e829ed3b4cbbf15361664e7aff766b445f95d135b1c1e0c7e1e2e8e9106a9e7d0e042e35fa4f4cbd26a9986bf32ec9dd5e43c1054549eea98512fecec8ee |
/storage/emulated/0/Download/cp/time.dat
| MD5 | b8fdcb4c12720e8389c2012be5f22ea1 |
| SHA1 | 2cff8b9f393f2108817b859c16ec82bac85e5c51 |
| SHA256 | baf6ff5c4968cba9439ead4c1c57b0ef235c61bd5b2612045751d683073f29c1 |
| SHA512 | 29b731fff301058329dbf2bcc1cc7b99a9ee3e24fd0f2bac7365d591d986fc2d3a73ac17ed8f9631ee2716373b183443f1ad1a6a46e8783425a03db9ec081323 |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | b98f4e8a799e3af2fe5a8d616fca5791 |
| SHA1 | 13727089416bc5d1980cca234e4d681a8e448a7b |
| SHA256 | 092df4565721e5c6db67a3714aa3321a2ea86bb2ffc5b50425044adede33f135 |
| SHA512 | 83781f0a37acabfc5dd4b2dc3f173383b10b2d91282a64d3a67b4a727f0081b7cf05768366d9078c2e70625433f2ade3393829e002cdbfd75be56533b49b94eb |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads
| MD5 | 836c017001d5ac97e3b54dc2f3b12978 |
| SHA1 | d64f6dd5da45b5c5c0447b210f832a0d7869ea0c |
| SHA256 | 2366d651331a36023b6c4626317ee2be80e923a4ff1c31b3d862cbea43cb23ff |
| SHA512 | a972af0e002db2aa9f771037222da8135e86a44e2119e5e1aa1748fdf3c981921c7b703860819d72ee62671f0ae5c07354128aca411b2fd71a285c0acfc03816 |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | b2b91b17f75c88bb4e687aade4465f86 |
| SHA1 | a270b4d5010afd630730596b0a7239016208e959 |
| SHA256 | 50a5c5943c304e4e9e282d758e89dbd511706d84d39f73c47423ea024355d62c |
| SHA512 | 4bb3350424453754082567caf8e256b77206688cfec3197d8eb3868b7ae281e1bf39ecee10205f5a11cc08fbb971cf90718297b1db82b21431bd8810131113fa |
/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | 4bcc3b2f64f769c8ceaa61c395f64a76 |
| SHA1 | 5fe70846ab662d33c2e2c6f75b66fef5efc892e0 |
| SHA256 | 7551b2f6eb350447e53ebbda4908a046d2447ab51094b22aec6d95baeea0fa4b |
| SHA512 | 83e97439101b67777991e0ded10d961eef322310db010b121dae6fdb2de88581ae6706604bfd8e79adccae7bce8a399befe97b191cbda216818ca0e81b32ed4c |
/data/data/com.swanfly.lobdwjyx/app_jc/tc.jar
| MD5 | 4c04c839c4c1663e740e6b9a6f2b6938 |
| SHA1 | 727f1d98bcf6619fea747d1e0e1744c8a79b04d7 |
| SHA256 | a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e |
| SHA512 | 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb |
/data/data/com.swanfly.lobdwjyx/app_jc/dc.jar
| MD5 | 17e76adc46244c2eb8240f6fa60ea08f |
| SHA1 | 1b3f04099dbfaffd44b175f2c70443d64652c02c |
| SHA256 | 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e |
| SHA512 | 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c |
/data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar
| MD5 | 47156cf1a64f54cfb14fe9b28d58e589 |
| SHA1 | 286284ed2e5dc22d30d1114cc035251c54d63924 |
| SHA256 | fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269 |
| SHA512 | dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2 |
/data/data/com.swanfly.lobdwjyx/app_jc/tb.jar
| MD5 | 1ba088e6a5c9179048c6f0dcb9126b9c |
| SHA1 | 1654ede1e7d91aefd6284a26e80fe1810233fb5d |
| SHA256 | d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138 |
| SHA512 | 218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff |
/data/data/com.swanfly.lobdwjyx/app_jc/db.jar
| MD5 | e6b5ce59b96d66f7e496bbd7c9c9a5fd |
| SHA1 | 8207be6cdefb7d5e05867b6b9dd63572aa118c30 |
| SHA256 | 4a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47 |
| SHA512 | 9d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar
| MD5 | 2e005187eab28668da44a87ce47551ca |
| SHA1 | 4b81ef675d8b1e285716b3879320bd298e4a6293 |
| SHA256 | efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de |
| SHA512 | 111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | d4f31e4840668863f5043aa3f12dc67d |
| SHA1 | 3b6de50905145ebae3c6974df4c8299deab9cebe |
| SHA256 | 82f66afa89d5d8aa3b949481d4a9ceab2f1425de596f934213fecad64fddc17a |
| SHA512 | e2320d60aad28b6ba3429688b3b46377df596277addb17b3b76486e6ad062465a05bf776abc11466fe6be2e80591381af9d55807e3436f51c7f7cc320079868e |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 5851311e22834ac729a1a5d75eb5d05c |
| SHA1 | 6095b1fc7703aaf9bbdf939090ce1bcba8138e91 |
| SHA256 | e9c46143925c3035add920c0e7ad2acbf33062ed5ab3980bc431df3d79e13854 |
| SHA512 | 6c0713085a0523a2251bb0bf9d744c5737b62e36636f9045a470e6b3de406c9799a83c00152d9d1b87e153a8247b020450c54d6296cf7a7717b40bd21a5af5b0 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | c43333ddecc82078a23696547a78252e |
| SHA1 | 4a8108cead72a6a71c1a70086f2f80ff8406d4d8 |
| SHA256 | 73b851710e1d99b9eafadeae3454c58ade7d9707bf7d2c1a4897b75f54608b3e |
| SHA512 | 8dddc15f3bb10b03954024745d2ae38552a5977610516bf9d10ff98e617f5d9074f50d4efc44a78f36e92c80544e6d5424552b8b7cd61ea3235f2b3868baee79 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 1396b34c0ba363ad24fe2c5690da8648 |
| SHA1 | 24f928cc29e73dbfc7e58b1908bdfdb63fbc2975 |
| SHA256 | 95333af9a2d60933474a506d365f0ac4aed54260d555a83040038b8c2effb078 |
| SHA512 | d53b0b5b74d619b4a0045723b1270c7593e7eca7ab4baf627d8086f27dd938785c7096c06142f13be12b4a5180c474955975f0efef14208c21c32a71a980bf3a |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 715334f098358e4e0b272058d94b76bc |
| SHA1 | 8a02187453239f848fea6c0d48e98a02d693a272 |
| SHA256 | 93b923ce2f507a4fa431f9530299adfa27e7ca6e84bbcf0269fc52ded72cbc03 |
| SHA512 | 642c28c784b9a63d571ab180cca53f2003851efad4853386bfebb9666eb3c3cf46a4be5b10e9800ffbac08ab98c1eda559deeab498ec6eb55850de6b474cdfb9 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | d956ba30eb5089b4a7a5afc787d1bcdd |
| SHA1 | 4864477f7d5ff33e122da80431e3f11bde0b40f8 |
| SHA256 | f60a5e3ede360ea32c900ccea423a9a3b695c26596009026ba4378f8fad070fc |
| SHA512 | 2c9d6cafa6943784b956721a96964d6f71beac0af918af3e61ada73a17ab3ad5e5acb31565e4ef34ae55509dbe20d2953f1737706e001cc0fa20d07c8b6e18d6 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 5fa8df6f354cc40efe96c370c35faab4 |
| SHA1 | e5e87ccd0361494234ad6c62e0502ed26bfd4b63 |
| SHA256 | 8ea32ccb4ee7e1123d1eb9869380b156c7238eb4bcd74ea0fbd0057885256bc4 |
| SHA512 | 7cca16c27992b1c3ffd30917339026e0bc0838a8df57ee6e14891656a667c7efdbe8c537b0dc84e627347e63db1bfcb799324eee40512d231e8f2bc879b7af36 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 92f7285aa715a2cc741e8546e9c0c98a |
| SHA1 | 9e06b9ed238964a698d427306a127f676d2e9861 |
| SHA256 | 79d58f6bcca991e71cab76432c8a25570c7230ee4ff25eaa5a6d2b27421beb95 |
| SHA512 | c0c54ba58f39b4d76815d82b9e39e5701c2de456b958660d7440caca9a6d0776d8faec6c9344394514880dcd1ef24e50f3387004bdd105a145bdfc87b7263b1d |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | cb44816a94597df8cc4dbf771d55673f |
| SHA1 | cc51bd49812e9f937e213baa88d35b9b03a2019d |
| SHA256 | 823f7ab5ca1b7d25de42eb9417c55a2f51a069095ccf9aadd8e53546b3ed318e |
| SHA512 | b71e151d33d3b8a5c1ccab5e9c2cfab2ed8b7d6cb7ced317f4883f1cc76ba2bf2539b9b1b8b9cd61eccb32b52c5cdcbd52d7e4e4738059f1a0cb560afd97ff18 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | b8c821ebe129ad926ff820c152c547a5 |
| SHA1 | d22241fe98c5d774689c0c656ba7db4fee0c0635 |
| SHA256 | 45d0f15c0b48a8f365638fae728d4feb5bcc52e89378420963d450c61956513c |
| SHA512 | 60d52504798cd28fcdeb04a20a46cc5d48aa0f08b069201f242ac156088289646ff07184ba0d6e05042050f29b6f1bee9fb9ac43699cff1a0bbe8185ff1547cf |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | bf6bcfc39cbd34468ac7b8a0811b217c |
| SHA1 | 033a1909d31ae58973e9064590f85e7e4b0e49d5 |
| SHA256 | 979c9674686f9eae6ad0c5b984b690bbcbe127aee9eb24c72620e38b8b9a4846 |
| SHA512 | 14290d48b6480fd73067562744d64f1a116ecb5358b80155dcb0fe22b46c087e93605317249f3937b9e169e73e865625031dd6252f1a40908a14f5998f299367 |
/data/data/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | b40932ac844959e1ecadc327a77133db |
| SHA1 | 52b783d163c057180c2ebacc340cffb027441648 |
| SHA256 | cf5b1dca39dc951f1a6f97e8e968f2e5220996cd1df5a65cb7efaa280f47114b |
| SHA512 | b781a97d4bed572a36ea55b9941528a257410148d9e9de4360ce5cda831f73f3768661343bc379db6655a1db62415f03a285cd4403260552b1d34a352a135902 |
/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | 309a3013d4e391f43c9cb600b0ba4271 |
| SHA1 | ec8c007b7271ef6cd126c369b8ff00f95e3a69f6 |
| SHA256 | 2791d5109c1585484e018e7a02108792a92c8c4412ecffbb424062110ae2d0b2 |
| SHA512 | 4caee921ed7f69b71ea2c3b087cfe9b8280f3c3adbd8f80957fc2e6afe6d6cffe6376e4399cc4a4a1aa30412d7fad82c54373d485f75e41bf2cd751840a5afab |
/data/data/com.swanfly.lobdwjyx/databases/ad.db
| MD5 | 828a3377f8f4e7fd850edb810b63b1b0 |
| SHA1 | 3e65cfc37a562650b1fc8d46bb477f197f50ad46 |
| SHA256 | ee34b7110ffaf02a8d776f8722d57b89bca9c2d7f968a6492def1485ad16b0cc |
| SHA512 | db8419ccf538fc4df35dbc91965ac6db3fb0cda0a6d1e38d7084e390c2d9105d3001ce80dd485992757e1e37b23c8b5704d3e6dac7a9d093d2d8ba532248a8b1 |
/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | 4c0c5c8af415505984cf3e4c36c55cf8 |
| SHA1 | 1daad045c0c5f83d92ba4d02469f3f4ee0a4cecf |
| SHA256 | 791e467d949762b409dc7259313e7d6ef85a608262271282ba832201beb13a40 |
| SHA512 | 81f9e1fc55d3f45fe904f42c45563f998a837319ee0a58b9cdc1aedeadd3f0ad23a941f9bb830f0f2fbc4c276518ed1ad91e48491e3f99a6647594b215f6b152 |
/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | b576d29ac9576a70487a6c9becc6e59d |
| SHA1 | af123313e1cfc1b8dd23d10e3b66cca1863509e6 |
| SHA256 | a3f1c6bd8b80d04ffbd29e4b464994fdd941a0c36126383e319a357d426b6f25 |
| SHA512 | 887a48b4bdfe7ed35e1f71ff06e14a1f21f4d275b8197b392a49b2a91837a444d8a4461c2f38f7ad5bf9f7d64258a02a374e461c9591717549b6ba79ec36a926 |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | 3215bfa0c0acc85c5f94f4e7884fcfd4 |
| SHA1 | 5298a2041ea412119504f53f614772b9042d8e33 |
| SHA256 | 9061317f4e2d1cb663b086d70b5bcb59d17aee1071224fc138c63f4475d0f22c |
| SHA512 | c627d51da2f0ba246db1f3aaa08965287461f4f51de58208a4c78eed180ccbf51e4c6960ccf6a28c5ca94e2aeb2e8d6601b8285943d25488fbc0255c5fa3721d |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads
| MD5 | 0dcc5340a1ac5d879635dec84942e38c |
| SHA1 | 4d7665573eb63e711041ae9e7b2768dc44f88579 |
| SHA256 | 67d724ab3ac680718a3a7ae115d60ce6559e4aab87f0f3ee6f74d515871b7734 |
| SHA512 | 7f0f2396d2cc5a2efee302147a61b5c447a3847e788ca8aad877f376a3e4787ea32cd43f18652a5a5d6cf1dff26c1f809a1fbd4359314443626a8e4bdb7a6872 |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | b5870593ae1f52ea67905b12d555f87a |
| SHA1 | 5b5b6ec209226870d0cb120da60d855e02e872e7 |
| SHA256 | c1233523d304d177dca7e7ac132aaaab6bb73d4d04688b797fc1b6fd7c855006 |
| SHA512 | 229aa01117b829ba2e98a76fcad294aa8fa09a79191ee3a7b0bae2ea3e8b88989aa018860e3280e9b9951699710968e93cda7733d976702b5d6b4a2b84ebecfb |
/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | 606af2b2ad022fd81132e18f86b45611 |
| SHA1 | 4ac5ef87aa3e12397e6d6eaae1807b3f27676d8e |
| SHA256 | 812a6bd798f262e20dfda3b1d1e719216264cbe87e76310862ab5da978c34c12 |
| SHA512 | baad372618f3818c6ee5fe1a9fdd59385085f36150aafd770c6f5f3d1f94421d235c004bd97329c714a79ee99ab6448075cd0fb30a3345ff065a43e311e64557 |
/data/data/com.swanfly.lobdwjyx/app_jc/oat/b.jar.cur.prof
| MD5 | b1bda862c8a7c92de02f8b292f238e72 |
| SHA1 | b2f2f103d29e397386707c589fe8efddeb588983 |
| SHA256 | ab014b44f98c2c13f32ace2a29dca468bed50eb93211900bff210debe201d0b6 |
| SHA512 | e2462b18bc10ca58098c3c352fe98944e9f6e36b9d2c660a7ecabb990adf46befd1f32c5e3789492041bc18791743003a1a423516ebbad9aef20d12833558efe |
/data/data/com.swanfly.lobdwjyx/app_jc/oat/c.jar.cur.prof
| MD5 | b266ef76f04079c5cb73592e366ae0fe |
| SHA1 | ebf19d5c56ab379ada8b0a163c3be5b5a649585d |
| SHA256 | 4d7a66e865718a407bc72ecb76d27172f807270c88cae2e20f34528185c5db99 |
| SHA512 | d5a7cb18c1e1711c7bc86d0e7ca86029fa6d4ed22b94bdf1d81ccfb0831f882230ef490a39756d5cc4a434b614bdc7a9b5748b640b8899198f74e1925514ce3d |
/data/data/com.swanfly.lobdwjyx/files/mobclick_agent_cached_com.swanfly.lobdwjyx
| MD5 | c21105ff16ac38b5e6422ccb8194f86f |
| SHA1 | cb6bbf7a7993dfad788bedaafdad83dfa4d0dbf5 |
| SHA256 | c9358df6d8bcd4e25e794f0d7e27a1497dd721cfb3f48f98770fde619a0133fd |
| SHA512 | 68a51ee0765e0f944ef5ea2514383cb1ed0401518f20d57c9c6292c4b6227fae23113b04694a18d3da85368741b86eee59ff229aea8f842d7b6d4e212bdfba27 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x64-arm64-20240624-en
Max time kernel
129s
Max time network
150s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/ncache/afeq34u312.jar | N/A | N/A |
| N/A | /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar | N/A | N/A |
| N/A | /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries the phone number (MSISDN for GSM devices)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.swanfly.lobdwjyx
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | csapi.adfeiwo.com | udp |
| US | 1.1.1.1:53 | zp.veegao.com | udp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | ad.92mh.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | csapi.adfeiwo.com | udp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ad.veegao.com | udp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| HK | 154.86.204.72:9999 | csapi.adfeiwo.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
Files
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | ce8bb67556e0b26dc28ecaae54476bb4 |
| SHA1 | 8adc1899753a24d2028959a63a1e9ef98d5fd91a |
| SHA256 | eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827 |
| SHA512 | d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea |
/storage/emulated/0/ncache/afeq34u312.jar
| MD5 | 12719079037e160d993cbc122cef5ee2 |
| SHA1 | 260a575f54b79624ae822b4caffe5bc25977ba49 |
| SHA256 | 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51 |
| SHA512 | 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17 |
/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | cabf748b495355b1f36273de3ac9f55f |
| SHA1 | 1b33293be449712a9f7f5814fdf32947850c0a55 |
| SHA256 | 9511397ad02497f8a68ef3d1811c9722f941430a9138afc7bf126cf88e08c467 |
| SHA512 | e89f59c7e7f7ac1a7b7354ebc51225ce31485b0b974b586cd6397249d4af5384ab52ee52f628c528ac7df39dc9762db19a299f4a66843e966efad1c7ca972e0d |
/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads
| MD5 | 39707f2da3cfad7b0d02d04d87b50e90 |
| SHA1 | 882de7008060c51b1b431f3a2bbeac077d53b3b3 |
| SHA256 | 710155a0978a808a919c5f3cc3205c0394575603df6d08ee2286bd8a0528fdfe |
| SHA512 | 0bc923fab2d09adab0e1da0e0a525c5dbb66c6c9c3839277eb576bed14863f69415e33e7f971697d2d70c34ee6f78acb7b04e295b2f8c3f3e6c2c4dc72a506b1 |
/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | 8c5cacaacb90fc6a28acffe080aa01d5 |
| SHA1 | 46075d7edd35a2dac6baf0bb26cf21b91686838e |
| SHA256 | b5be1f86bffe742b076ae5eec56710000a30b0578d406861971e6aa292fb874e |
| SHA512 | 9dbd72d494cd3bb2566b2f74c82f71235ea72de9e511b4351b967445de371a2c0840eac99db0217d5320d3dc783e53217bd5de28741c635a294d9bb85fe8bf0a |
/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal
| MD5 | 4c3a4f0ecf381acf0e0ab6f03d8963f5 |
| SHA1 | f4024f9d921d93d1aceb031705244c89e96ea152 |
| SHA256 | ae1bcaae9bad87dd105836da1e605d3f5bcbdb582dadcb6f814cfb125145b61c |
| SHA512 | 0e104e03d757d17d2da862e2307b11cc129dc2a15875e328799beae847821042a1db683d2da4a071fccb3dfe7a940fa8e622d52eebbc4aabbc055c6e305b4792 |
/storage/emulated/0/download/vgp/clearT.dat
| MD5 | e2fdade929168c6bb9f9b3ce99677ca1 |
| SHA1 | 2d861e42afe0dd88c5d8a2e066b57fa5026ad0fd |
| SHA256 | 20c7fabd0f36b0affd72dd3cce29e615548b6291ba1d13e842d984e27328b18d |
| SHA512 | b7e6d35b93a17797b8c34e694939258666a316492408a2545f427d6476b06fa8047a5842b6383b968ed7e07045220104eb7c52415a7b1dba268a18efd435787a |
/storage/emulated/0/download/cp/time.dat
| MD5 | 54bbbc1fa8b9f11de83829f1153b0fdf |
| SHA1 | 87d64a022cd3b2543117cb90052130f7b71e42f6 |
| SHA256 | 09c23687717931078626212ae30cc601f24635cf54b1019d882af1ca892e60cb |
| SHA512 | 197e6fe6db22e8fa0172aaf4c33f96eb6a44fe8acb5a2423ff876fb441478fc8419ccfec5fb2f4f3b227212b80b8781f4cb4e471b54639de3cb935dd1409812f |
/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | 336ef43128b4499a1935678ab51211a3 |
| SHA1 | 749ced4d5dd1e66a96ceb3e1e2b793780e77189b |
| SHA256 | dc96867afe2b34436bf4ac523b793a5240e2264765692947fbd4f05f26a7a660 |
| SHA512 | 8f7ea59eb9cd40269a4be37553a2d879c3662208e1ea4a1f665ae81ad9d4119c9559944445392bd4dda7f8c69028671887fef05b808d5e119df19e2c0ffa9040 |
/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads
| MD5 | 66d087265d934aff4e115f7d05d4e942 |
| SHA1 | e5ce93eb8300cd38e04ee643028c4a40ad206e22 |
| SHA256 | 8aac13fd62e571f5006eac4bed36e68f83a0c541904b8d6ac0cded308bc65f2a |
| SHA512 | 1b4382fe657425c0b237406960b58deb3e7a63f51406b8c72c30fc2376fe4dca42ab562e6b84aee948b02b501b42d54c82307a08768b0fe150ed13aa56e32093 |
/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | 5744d11b9140cb60277bbc7162712954 |
| SHA1 | 67e767fa09a72150580f726369cb0906575e9981 |
| SHA256 | a4b8a9ac8c1eb94c6fd24e7dd5244550146a50992f4a6a24402aa48860c0c4b0 |
| SHA512 | 600324cf2468904b934390d7efc4a3f3319cc5578d3e1499e69b0835f4d34a8d8e323d7a207c2d2506f811753a4075f13c064a88762b0b71e237eba4abd67ea4 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/tc.jar
| MD5 | 4c04c839c4c1663e740e6b9a6f2b6938 |
| SHA1 | 727f1d98bcf6619fea747d1e0e1744c8a79b04d7 |
| SHA256 | a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e |
| SHA512 | 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb |
/data/user/0/com.swanfly.lobdwjyx/app_jc/dc.jar
| MD5 | 17e76adc46244c2eb8240f6fa60ea08f |
| SHA1 | 1b3f04099dbfaffd44b175f2c70443d64652c02c |
| SHA256 | 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e |
| SHA512 | 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c |
/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal
| MD5 | 724272c2041a815ca92433b10142aa26 |
| SHA1 | e5fcff1060d60fd2465315bc0b9ab3745ec90534 |
| SHA256 | 493bb3a841b3b8143e4b96b4d5ce8cd52279c9c33b7a3212bacf039dd4b234fd |
| SHA512 | f0d475bed8b2a777daa099e0c1c64249e736b08cf89e788dc485cca0bc301301f6a6e9598f58ff0daeb35d6779337742e9946db604fe8068bb378cf74ed5d841 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar
| MD5 | 47156cf1a64f54cfb14fe9b28d58e589 |
| SHA1 | 286284ed2e5dc22d30d1114cc035251c54d63924 |
| SHA256 | fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269 |
| SHA512 | dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/tb.jar
| MD5 | 1ba088e6a5c9179048c6f0dcb9126b9c |
| SHA1 | 1654ede1e7d91aefd6284a26e80fe1810233fb5d |
| SHA256 | d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138 |
| SHA512 | 218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff |
/data/user/0/com.swanfly.lobdwjyx/app_jc/db.jar
| MD5 | e6b5ce59b96d66f7e496bbd7c9c9a5fd |
| SHA1 | 8207be6cdefb7d5e05867b6b9dd63572aa118c30 |
| SHA256 | 4a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47 |
| SHA512 | 9d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar
| MD5 | 2e005187eab28668da44a87ce47551ca |
| SHA1 | 4b81ef675d8b1e285716b3879320bd298e4a6293 |
| SHA256 | efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de |
| SHA512 | 111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 311866b8c2655d935663fd8a0fdf8e45 |
| SHA1 | e5515f14aa1915c49e4a539ea05a9545bbe08c2f |
| SHA256 | b108c88eed7c00b46267c549244ddd9a5a06d3af73fa32be44e8e83171bd69f3 |
| SHA512 | 2cd0df6b037d86f43f6a239c4a2b00efda7dcb7b85a78d7041af6b3eabb220eb945ecd65bfe45ccac509ab5d534f5e79661e382ad2a1068cc7c613cf93e7114b |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | bfe7e926b6b988fa64897d3254eea58b |
| SHA1 | 4f61ca809629b70b79f474de9fca76a70e8e7e1e |
| SHA256 | dc40c5bac576251ede36735ebe437d409a3b395ce89a1876bcd21ebea1a3fa9b |
| SHA512 | 85ef9117b777a01440ad9733b0e9f07635e07aeb93b0b38b78f8fd32ec738ddb5380a95458e285d45f408b8a667b926434992b8c2336a3201ebf35de3118243e |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 69e7e46b726f69e4c23ac07a07ff4469 |
| SHA1 | 2168eafb8350383e031eec3d4c7b64fb49ea1c4b |
| SHA256 | 8dc96c097e13edd4658da6f5259d934ff7fa8058394a736ffd583deeeaa2e7a9 |
| SHA512 | 8dd48ae9a621b6b0591aaab04f95f54281ce286555c7175a8c44406a445b82cf204ca45ccdf205b19402caca9aebaead1fe94ab03a54180291dee380f5bbbc0f |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 12646d68b69d4fefe6b5f78390c6173a |
| SHA1 | 291a73636da4cd2ebdd99729d3edc9e5fc9f3cb5 |
| SHA256 | 39fa99e8de7dd56bfc399c3d40fe35cd6b2da20a61b570afa2ba8d3a0ca4c327 |
| SHA512 | 96dc6d4f64359528ee41f89be2a5ef314ad2cc66288af2b76b73fe35db58657936ec135affe24b78cc8a130da970486f2c3d235eb955c49b4bf3fcc1d1fb669a |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 0c1c826d10594c643c16a526b1362e4b |
| SHA1 | 0b3581c5cad75ff331de7fb02aa2e8c8f5c9838b |
| SHA256 | 0c1e40d6a4b3dac6e525ee701eaf2e38340d7c3607d5fd9287ac1635039a7695 |
| SHA512 | 0282fa0a233f0864e29270b36ba1a12b574aa3f1aae70f0dc1e32eef8be26ed7f6118855cf065f0249feceb42f38894f13aaaa78e1a83357340f686d19ba6366 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 2510ba71b1f0658de7c95a10e9d242de |
| SHA1 | d8b79865d80affc313401eec8c2adc3791109d1f |
| SHA256 | 008fcdc34eff53c0ec7746ac091ae2db4753492f8e09653d96685b5717c03458 |
| SHA512 | bf67c4b8f44749eb3fb0e54e8c889b5095e19f3c439b51a3fb2b9a9e66b5e9d4811cdb3cfcd9e7fa3481057547024288cfc79e1292dcd83944f374cb33f7dcc7 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 7f3073d25c34626a5ebb3cbe8ccee143 |
| SHA1 | 22a0c18aeed8d1b32b4ab5df6997864b7571a425 |
| SHA256 | f6398c3ab1a4f20029499dd5c0a5d4f089102d07008b2809469c74c42ddff458 |
| SHA512 | 82cc35abb8b8e364967e71ec10c6ea93ee24824a15aa7a85e242b2080aa7099b972100c33b7633be73cd961fdc3a9dcc721a9684d4aabb6b4f27b1be7c826a7a |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | a09d8cf41db2b6a70c8e24dc3ae032fb |
| SHA1 | ceef18a9444b47b49cf5d4aa4165ce1505b3da59 |
| SHA256 | 1a62040aa2488888a81e3d64330b3830e70a9dfd733f8feacbdc5936f55074a9 |
| SHA512 | 3d57f7a38103f39440b62a4ee537982cd935a2a3cad8583e5bf01b2575a4848adab362106e1b882ada3f6ab9d09d28eb647c21ce10ba81a2060a6095f613ebca |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal
| MD5 | 5580f2ca9b14a2ca5df3397ae32ef6ce |
| SHA1 | ff516dd8bc38b68afa342439803dce754f70e745 |
| SHA256 | 9a0a5d981ec19e11230755ab4239140e4b8e1fd56dc8fdcff402794447559142 |
| SHA512 | 7d0f059caf1de771402051d7a778ddc9ec8c3b37eb03ede145e9962827b701ff63a14012b81f033ab4d5303517773621b48d5cb6d83dd2350026dacbf0d1c2c0 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 9840b286b389b2305038de206b9247c4 |
| SHA1 | 887f58a38b53fd4dad03fca806e378096952d664 |
| SHA256 | f4054a41928f1eab01aa630286c1a9f6475defd5d7d83281d6e11c334eedea99 |
| SHA512 | 78ecf75dfecff61d966f8887199fb2f439a05b49fe4ad140dbfd4baef270db88047aa90515b97b9005c2da7e1b4471879f45be109ab4ab2eaf39c40005524906 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 07a9e0cb4f55b3545faf001563ade433 |
| SHA1 | 69e1af6af1ec9d049aa679399351b04b960b1418 |
| SHA256 | f8b7efef249bffb9db8eb26d3cb5e6917980c343777cc6c75aa35774bba6a461 |
| SHA512 | 66c6b0454f76e8aa82cbe9a0b0bba9039ca6d625cf02adcfd1d4ad08ac3165713dd01bf1f4885df6034cf5ed24582f79b104093646f0a8abf6ebecf01b99a244 |
/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db
| MD5 | 9729c4c85d555c3d3d8661de3ff5de9f |
| SHA1 | f0ebf83c2404447e23ec5c14af30c107fcf5e32b |
| SHA256 | 0d0b715cca732d38e4776e6f962609ce789e9c9ae0808030aa4e4201ea8a464e |
| SHA512 | db6acfde5dcb196c8985f0adbb930757ec7f83b46fc84341b3cc1a03e3ae6250be44fc1c526b4dff2b437e9c1644792575960b3df66acf019fdf91cebaea1dcf |
/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | 78ac76ef722b56c66860add0cb61a708 |
| SHA1 | d29440e4f3a17e89870b8ce0842d8110682cc466 |
| SHA256 | 6e9474454822990e638f4e4297f44e2e65052046ea24fcc35138b111eecb297b |
| SHA512 | 17bc3a55ae9cce67a354ac0ba0bb24e7614aa6d0f2e8762af4ff9f0a564b6f8ccd01fc5d09cd7a009210906d3d4108d4fd2bc82ade7e55afae32c904161968b3 |
/data/user/0/com.swanfly.lobdwjyx/databases/ad.db
| MD5 | 8508b7d63a9c2cbb186220b68e949b32 |
| SHA1 | 6488fa58b7bed1d2402e0b0cc317c08d58baa3fc |
| SHA256 | 8603e6c0266f098980e94eb4e57e5559de1ac8876bd0d7daf6d58d2573f5acab |
| SHA512 | 001caf049a4440e7e6eaf5e5a9237f5bd53d8d41af0cc80294b98adcb00675d2504dd736ece75cd272aeaff6cec07baa46db274ad837de4983fdaff91f9611d8 |
/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | 7d6595b51045ca6e12df8e69bc8c1745 |
| SHA1 | 5b14d879bba59980145edb4aea92bdd8ba1ac358 |
| SHA256 | 840fd2096aee61c10fd95e323d919e3ca2b6261455625b227e2fa5b01e3e6afd |
| SHA512 | 17582d50316501e244485d3f06d3ee4f514dc60b272ed0544329d6b8d8e0828a50346bb78e0f7e310af1a41c9d744314160434c82bdfd97d6d7d32da941fe33b |
/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal
| MD5 | a8623889c99bb337bc626ba4b385b09b |
| SHA1 | d56c6d778ee09c5fc1c66413bc530b45896f1523 |
| SHA256 | 060a15f4b6b8af217c062e660e4c5b1a1f0b9ad533fcb104c493c76a5844906d |
| SHA512 | acb2782b302ecd5215ea32dedb9b94c4007c978f596eb11f705ec859bb9d1893242193a4635cead99398629b6b2997a0df4f711f4c4ac2b61734a96d4739f0f5 |
/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | d984fe2d0f600ab3325ff8b6dfb8ab08 |
| SHA1 | 1542a5b086beceb8adf85221081177ca48c56bd6 |
| SHA256 | 6483046a3977fcb172dd18681d76cd9f57f6153cc9eacde41cf310989b97590c |
| SHA512 | 8ce6f6e4ad30045a6ecbf9388dfe2da0ba9744ef9a06850abc730d4ca0a821207c35302d77736bb52bda170e875e0414010b93399872551373f6ac18234f5d9c |
/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads
| MD5 | cf8498895508c4e8e8c1713cc1dae98b |
| SHA1 | 793fe23a8c560631103c9ab9c95a5e6bf2d7e162 |
| SHA256 | 1815b8d59fa14ba1707856e8496f7771a5751891ea8d5e6dbc5083182abff4e0 |
| SHA512 | cfccd5eca126c5f6b8f1f0df4db637acf0ae9209ea01a163139e40e8ba5febd72ad879ad51613be99275d0efe5a633a7c29febfb8ee0259374fa209a60a66fab |
/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | c4efcad6682c985ea8dd635c7a0800ed |
| SHA1 | 413ceebfed8f91a5fc1c8b8c3b455ee4c4ecaed9 |
| SHA256 | bbbd8cca190f3f6645539f7a653637adf17bbdc5f757908a1acadba65736604e |
| SHA512 | a0eaa830ec63fa0b060235e7dd44964d39f02abff9396d9476fa9454e12ed6b7e2a38ef8228f9ae37eb3c21dd7423fd4089a4894f6bceed95cadd9037de6fe6a |
/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal
| MD5 | ba0f6a1ca84a6e2dc902985c073baf2f |
| SHA1 | 4b917177ca776cd0eb4720df838d9b92ddbe4ec9 |
| SHA256 | bfd70c3fd882fb760256fd486b0f1dc862981740c9833c38b69cf45d71cd96fe |
| SHA512 | ac3b8c4250fdd9f008901ea490a55b0b1dd6efda9a785129ca03004007bc4f47f217df59ced35233d12ac6097239ebc326b77db0834b88f97b5a7abfe2bcb769 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/oat/b.jar.cur.prof
| MD5 | 392a834784e5d25321eb62ddd2d4f0ed |
| SHA1 | 7224a17c3568ef56adaa543a1750bdc8feea84e5 |
| SHA256 | 36be2a45949edfffa0cc8c8d7c00da6e13b611b33928605cb9775e7c1e168eea |
| SHA512 | 207266f27849ad635191e93c65df35be4b32d4a112fc4774f28450d34c8eda19f7ccb9c074be5e931b43176add11b67305c17fa7afb5e8f35307bce6f0a28bf6 |
/data/user/0/com.swanfly.lobdwjyx/app_jc/oat/c.jar.cur.prof
| MD5 | 9f3421d238f0f1602a47458605bfd743 |
| SHA1 | 787933ffaa32520662392357e0f8a75d099e3b5a |
| SHA256 | 9831edc32b30dd1c486ad2d74743d6a53db9fe4d8a0a2f2d4be31cb94633ed4b |
| SHA512 | ff06c3e17418524b0974851f734f4d9fd51cd9e19add5b3d596c1ad98dd0eba03c445e77f4941caa2b99a104f09d493470185849db17224418b46601a701d59f |
/data/user/0/com.swanfly.lobdwjyx/files/mobclick_agent_cached_com.swanfly.lobdwjyx
| MD5 | b97846ccc034849505f8a849f49f33c5 |
| SHA1 | b0bee0f52ca53ae885a6f9d79298a121a02677f4 |
| SHA256 | 3b8ec71cbaf24960782aa898bf6cbd0028b3c9ccd8411793a55dc2c2f562659f |
| SHA512 | 8f23143376be98d532a723e41da398555cc830e1a1726120440fafef5dc9839c0e8a1acfd34e62221efb0b2aef659902fb8c9231a5f2ca02b242787f548a4bf1 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x64-20240624-en
Max time kernel
2s
Max time network
144s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-03 18:08
Reported
2024-11-03 18:11
Platform
android-x64-arm64-20240624-en
Max time kernel
2s
Max time network
157s
Command Line
Signatures
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |