Malware Analysis Report

2025-05-06 01:31

Sample ID 241103-wrcydszhke
Target 8cceef6859cdee6be42adbd542de77db_JaffaCakes118
SHA256 f97141d8d2262d927c34db678fdaf9ff6960c264e715bedbafac7f783d7499ea
Tags
banker collection discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f97141d8d2262d927c34db678fdaf9ff6960c264e715bedbafac7f783d7499ea

Threat Level: Shows suspicious behavior

The file 8cceef6859cdee6be42adbd542de77db_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact

Requests cell location

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Queries information about active data network

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 18:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x86-arm-20240624-en

Max time kernel

122s

Max time network

133s

Command Line

com.swanfly.lobdwjyx

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/ncache/afeq34u312.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.swanfly.lobdwjyx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 csapi.adfeiwo.com udp
CN 42.120.63.167:9006 tcp
US 1.1.1.1:53 zp.veegao.com udp
US 1.1.1.1:53 ad.veegao.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
US 1.1.1.1:53 zp.veegao.com udp
US 1.1.1.1:53 ad.veegao.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
GB 216.58.212.206:443 android.apis.google.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp

Files

/storage/emulated/0/Android/data/code/ljk.dat

MD5 2b53b6b030d7bdb5da6ea0d501b6a165
SHA1 fa4e9e8d724d91963a3fa3def11790559cac11c1
SHA256 d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc
SHA512 dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128

/storage/emulated/0/ncache/afeq34u312.jar

MD5 ce8bb67556e0b26dc28ecaae54476bb4
SHA1 8adc1899753a24d2028959a63a1e9ef98d5fd91a
SHA256 eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827
SHA512 d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea

/storage/emulated/0/ncache/afeq34u312.jar

MD5 12719079037e160d993cbc122cef5ee2
SHA1 260a575f54b79624ae822b4caffe5bc25977ba49
SHA256 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51
SHA512 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 51ba78c29e880574f95603a30c6759f1
SHA1 473edef891b4e021bca043b6355d6c964dbbad50
SHA256 b7bb6a05374458363bb7be8be137a6b1f20e78dd9a3c83361de0dfeba67f0ea1
SHA512 2c336ba46dd6c7bed37d3e1cb71db416338e36fbd78ea72475ce58823c5e9ae927ab1c89fa5a2345cbe367e60e0609e6494ed9b83f4e817e8261fe3f0213c061

/data/data/com.swanfly.lobdwjyx/databases/vdownloads

MD5 f5caecd4d0feba797eb54a06f01c1012
SHA1 7671a267afb8fe5fdd28a8eade9aa9d5aeec711a
SHA256 8221cedc03b2457c8800965a5001f084511e3ef0cc6e7cf63ffe235330dbfedc
SHA512 83f7973b709da245b82e57ac6266f3f72e6c6a6fcb8704d5b134a8c323e0d9634e72364dc69838e5a409a59ad16bd81ba1dc684c4ebefa5192816adcff1ca8de

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-wal

MD5 55220d48b28e29e0451f0689e2b07b6a
SHA1 cf71244f1b5807234fa903915c8538248424f86e
SHA256 65f44c8e1d007fea33846c243889698c96054cb9255a75a79e990028d4d75435
SHA512 55e20571b11c538ed3b2d24dd3b2fe09641756f860a5e7458a2f8bfdac4f0b6caf60c9522c77f3648d159293e8625a1768d79b86c94a45307593ddbb32f4a641

/storage/emulated/0/Android/data/code/.vapp.dat

MD5 741fd87a8a9ba8eae387dabd17f907d4
SHA1 1c80ab063ff2b308120d7e4bd1d68423153c3ca2
SHA256 674bc5f6f6362bd5bc2096c182729803f5fc631101f6ea681b35ac0370509cc0
SHA512 8187cb51753fdf114ce53943f8513934c1e2d4f6c16553f1e12b93343b04dbf56efecde1a88f9fb4082ce983058b1f9069675ee7c04f719f0db2c6160aeb87dd

/storage/emulated/0/Download/vgp/clearT.dat

MD5 c95cfb0ad189b04c48ad9ac77e629a61
SHA1 eddebc3401997d53ea90370512138be287dbf024
SHA256 d14db32e91db77655b327f136d839db837e5235b47d33adbebc5fb2b1ac0f264
SHA512 f83d3b91b08155692b76bd5f2d4e075c84612738b0a491f130dbd73ef5d2a44402f64de08fa31e22e27376f38103574e7d20d47ae43f5e5bea678ef4fc545fc6

/storage/emulated/0/Download/cp/time.dat

MD5 39f3ef1737f6ba2485a4b2b68bdaefd8
SHA1 14c4db5d40606f6aa59062686d6171a46f0391b0
SHA256 5c48f84b438c21cbd530e73fac331bf2c82ee878cf965d33fedc1a9e1a189504
SHA512 8c296a2d3311451eafe9313d93c6ae96a384428d253044347a543120b5c0d549bc10b65a204e46e4d23c3bad0aa6e7a36b1ae342b2de67e3d61a28850a934ded

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 29bba90518c9921fc34856dda8803989
SHA1 6bcdd8a45f795350f8ff7af7478c8d4508371e4c
SHA256 683bf8f66b4c6910268e7014ffbf8e4103123f15f230853a1d4d2fdc9fd22ba9
SHA512 ffd12b9ea61a46e3fadbedfb706b1b3b3c0e379f5ee7afb4135ca0a1454ef123caa7136be19994c4851a6ade86f748b85583057c3fa3d0bb1775e34f98c01f7b

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads

MD5 c24ad6a897ed9afc6f6a525c81572db1
SHA1 b907b6a07dbe7b88e1be3cf6c50096703a1b58b9
SHA256 ebb371bc7e91e49add5517321d6c7f02dc4638e6c0b9c51f57ac03e92f036762
SHA512 fc5d5a66f1ecceb52f034443f1bcfc738f5871436bf6dfe2e568bc2dc2e40a37f61042317261fa1a4d8dcc577d78b95123970e4f8d5aa199be732ed23229bc1c

/data/data/com.swanfly.lobdwjyx/app_jc/tc.jar

MD5 4c04c839c4c1663e740e6b9a6f2b6938
SHA1 727f1d98bcf6619fea747d1e0e1744c8a79b04d7
SHA256 a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e
SHA512 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-wal

MD5 7371e4fc75a4b42e376110b1b72415fc
SHA1 910d4cdc98f297684c9219a983130c1c99e7e97e
SHA256 a89755ff7684eefbf9f55c3afcc81aabbcd11c6ce13ac51a78095e9c2397c2bc
SHA512 4e06fde16c8e927ad20234e27b304fd7b4995f573bfe5fa5fe8751dcaa5d2e62bfdee38469c8ad12e7d85caa0e820f84a652c954f62b31bba308c0ae0977b375

/data/data/com.swanfly.lobdwjyx/app_jc/dc.jar

MD5 17e76adc46244c2eb8240f6fa60ea08f
SHA1 1b3f04099dbfaffd44b175f2c70443d64652c02c
SHA256 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e
SHA512 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c

/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 8a9c2992813d5b3a2493607e78c2f744
SHA1 1c04b3c3dd7ecfc45dffbaa47eb3b54b58644ca7
SHA256 a7ec3aab56304d19e034371dd1803b0858402f0c1834cbc2de426dcb7ee8a575
SHA512 d7341238e1d7a8032a7cd174554c067a9fd90343847b1d238ca33a6e5a5025929e94c0510b4c7703e59b793adf6f9e2507fabced51489e6540649853412d9dbb

/data/data/com.swanfly.lobdwjyx/databases/sldownloads

MD5 2750adac9317748db4174d805e7dbf27
SHA1 88df93ab99971a0aab9d9b16f309a0109d72c3ef
SHA256 0da0ffda3419a83ddd919ba7605d052aa267961f9cb6cd4f14ad15e1e4c92f22
SHA512 b7895578ce975ce0a9416fcc403547afe873bc52519667a0c441e6f16c32a8bbbbfd5111b3a22e1ee5a9d32070c03bc6a4037bb4d85fc8b289ffd0c5944a4945

/data/data/com.swanfly.lobdwjyx/databases/sldownloads-wal

MD5 6744f7773cba4d59a3670f4ce894565b
SHA1 0952ff3ebca616ec4bb2543036d3e6f857d0332a
SHA256 cded3e1624f69e9ba93cfe4e9633a35ebbe1f588ae99ab742d39f02cf440eed6
SHA512 d8cde83ef7b02be5b3f111a9a0f4b4fb2e96eee80bd0819c4e89ad1f49da1c7e76088c68e2a79c9794f3af38fbc714d254180c2dfcc465f1cac08589ed149dcd

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x64-20240624-en

Max time kernel

149s

Max time network

157s

Command Line

com.swanfly.lobdwjyx

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/ncache/afeq34u312.jar N/A N/A
N/A /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar N/A N/A
N/A /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.swanfly.lobdwjyx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 csapi.adfeiwo.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
US 1.1.1.1:53 zp.veegao.com udp
US 1.1.1.1:53 ad.veegao.com udp
US 1.1.1.1:53 ad.92mh.com udp
US 1.1.1.1:53 alog.umeng.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 www.google.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp

Files

/storage/emulated/0/ncache/afeq34u312.jar

MD5 ce8bb67556e0b26dc28ecaae54476bb4
SHA1 8adc1899753a24d2028959a63a1e9ef98d5fd91a
SHA256 eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827
SHA512 d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea

/storage/emulated/0/ncache/afeq34u312.jar

MD5 12719079037e160d993cbc122cef5ee2
SHA1 260a575f54b79624ae822b4caffe5bc25977ba49
SHA256 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51
SHA512 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 73b3452db36f2ce1e3fe9732c1a90986
SHA1 638cb89e37b371a589ecd54972631936cc5d1222
SHA256 7ffec3aa229b426d5bd29a7e6ec76337e247413cae98230f5b1d4684d06fbaf2
SHA512 114ab3b526fd30b80962464535b907d522544251e66ff5076f2c4440ce97009dc5834ec09255f7a5ffc2766ac69fd23cfb0f3e9c3e1eedb8c45cd7031cd8d44b

/data/data/com.swanfly.lobdwjyx/databases/vdownloads

MD5 9337adc71beac340e3e77473f69535b1
SHA1 3d5fddf046af5edbe15a2b7df1fff12aa65fd461
SHA256 bd4279c5600507ebc3b9ddea96bbbfdb59d171b46aa94c033954c89488548fe3
SHA512 acfe24c9f945f02074a37173a0ca7d3598c0393ea8c016b573bc4d408cd8bd7582fd91fac7a292c2d3cd12cfb399946d3af8a4c4dfec36c2f0ccd34a37e424dc

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 d6966c34373069944c0854d272c23a7d
SHA1 73e8f00f2760b1f308136b3f123ee6a64ee9b991
SHA256 c1e1397eadd8187f776bf2060cfa80b11562b590578c51b3dcc91404473e7b50
SHA512 73b717683f7ca3a83147b60e1ac0866ab44d66bc4b4403708fb99f9c55abc7235016aa11ec2dcec335e04450adf70eb6b616ceda88a6fdc962f5dc57e5fe3e93

/data/data/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 c0e6ae85baf4826164a1c892e701eaea
SHA1 e334685a4f8cf111ae0260c2d500684f4f50d943
SHA256 6ee789b4d55fa74a6b6a55183bedb408ad6ea2aac4d0a4127ea28814f60cd18c
SHA512 dd2b5d6961f89ec49af0af4274e462dce027ac2c1f87f6675d40472b1ae569ba8ee1e01a5c3d65096f1da0cd9c9a74205c11ad72a8d9e664c6e4a5149b393e04

/storage/emulated/0/Android/data/code/.vapp.dat

MD5 85cc7fd869a82010dc886fcda0c2458d
SHA1 4e629d76d14a72379bc7b8ba60cb6a2799e054fa
SHA256 82aa478a713500d13b9734ee26c359e7bf9198209eee87f9fc4b3cce34939e01
SHA512 b2947f82e5010f75cb26213f541c6f86c09d46bd059fc4f94fa9fdf1df42b03d6fbd897ce1247af0d2278771b2e0e0abfe3b25ea1280e714442b83cb4c9bf3ec

/storage/emulated/0/Download/vgp/clearT.dat

MD5 c3e7642b31696b39a582cad83cc459af
SHA1 962e157c96db5d0ba203f0daae88be3ee4a88c98
SHA256 2ac74ee07f3a351d52e4ace5ee316368178233ca610b51ef2b3dd28af44a72be
SHA512 a915e829ed3b4cbbf15361664e7aff766b445f95d135b1c1e0c7e1e2e8e9106a9e7d0e042e35fa4f4cbd26a9986bf32ec9dd5e43c1054549eea98512fecec8ee

/storage/emulated/0/Download/cp/time.dat

MD5 b8fdcb4c12720e8389c2012be5f22ea1
SHA1 2cff8b9f393f2108817b859c16ec82bac85e5c51
SHA256 baf6ff5c4968cba9439ead4c1c57b0ef235c61bd5b2612045751d683073f29c1
SHA512 29b731fff301058329dbf2bcc1cc7b99a9ee3e24fd0f2bac7365d591d986fc2d3a73ac17ed8f9631ee2716373b183443f1ad1a6a46e8783425a03db9ec081323

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 b98f4e8a799e3af2fe5a8d616fca5791
SHA1 13727089416bc5d1980cca234e4d681a8e448a7b
SHA256 092df4565721e5c6db67a3714aa3321a2ea86bb2ffc5b50425044adede33f135
SHA512 83781f0a37acabfc5dd4b2dc3f173383b10b2d91282a64d3a67b4a727f0081b7cf05768366d9078c2e70625433f2ade3393829e002cdbfd75be56533b49b94eb

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads

MD5 836c017001d5ac97e3b54dc2f3b12978
SHA1 d64f6dd5da45b5c5c0447b210f832a0d7869ea0c
SHA256 2366d651331a36023b6c4626317ee2be80e923a4ff1c31b3d862cbea43cb23ff
SHA512 a972af0e002db2aa9f771037222da8135e86a44e2119e5e1aa1748fdf3c981921c7b703860819d72ee62671f0ae5c07354128aca411b2fd71a285c0acfc03816

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 b2b91b17f75c88bb4e687aade4465f86
SHA1 a270b4d5010afd630730596b0a7239016208e959
SHA256 50a5c5943c304e4e9e282d758e89dbd511706d84d39f73c47423ea024355d62c
SHA512 4bb3350424453754082567caf8e256b77206688cfec3197d8eb3868b7ae281e1bf39ecee10205f5a11cc08fbb971cf90718297b1db82b21431bd8810131113fa

/data/data/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 4bcc3b2f64f769c8ceaa61c395f64a76
SHA1 5fe70846ab662d33c2e2c6f75b66fef5efc892e0
SHA256 7551b2f6eb350447e53ebbda4908a046d2447ab51094b22aec6d95baeea0fa4b
SHA512 83e97439101b67777991e0ded10d961eef322310db010b121dae6fdb2de88581ae6706604bfd8e79adccae7bce8a399befe97b191cbda216818ca0e81b32ed4c

/data/data/com.swanfly.lobdwjyx/app_jc/tc.jar

MD5 4c04c839c4c1663e740e6b9a6f2b6938
SHA1 727f1d98bcf6619fea747d1e0e1744c8a79b04d7
SHA256 a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e
SHA512 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb

/data/data/com.swanfly.lobdwjyx/app_jc/dc.jar

MD5 17e76adc46244c2eb8240f6fa60ea08f
SHA1 1b3f04099dbfaffd44b175f2c70443d64652c02c
SHA256 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e
SHA512 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c

/data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar

MD5 47156cf1a64f54cfb14fe9b28d58e589
SHA1 286284ed2e5dc22d30d1114cc035251c54d63924
SHA256 fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269
SHA512 dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2

/data/data/com.swanfly.lobdwjyx/app_jc/tb.jar

MD5 1ba088e6a5c9179048c6f0dcb9126b9c
SHA1 1654ede1e7d91aefd6284a26e80fe1810233fb5d
SHA256 d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138
SHA512 218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff

/data/data/com.swanfly.lobdwjyx/app_jc/db.jar

MD5 e6b5ce59b96d66f7e496bbd7c9c9a5fd
SHA1 8207be6cdefb7d5e05867b6b9dd63572aa118c30
SHA256 4a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47
SHA512 9d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96

/data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar

MD5 2e005187eab28668da44a87ce47551ca
SHA1 4b81ef675d8b1e285716b3879320bd298e4a6293
SHA256 efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de
SHA512 111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 d4f31e4840668863f5043aa3f12dc67d
SHA1 3b6de50905145ebae3c6974df4c8299deab9cebe
SHA256 82f66afa89d5d8aa3b949481d4a9ceab2f1425de596f934213fecad64fddc17a
SHA512 e2320d60aad28b6ba3429688b3b46377df596277addb17b3b76486e6ad062465a05bf776abc11466fe6be2e80591381af9d55807e3436f51c7f7cc320079868e

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 5851311e22834ac729a1a5d75eb5d05c
SHA1 6095b1fc7703aaf9bbdf939090ce1bcba8138e91
SHA256 e9c46143925c3035add920c0e7ad2acbf33062ed5ab3980bc431df3d79e13854
SHA512 6c0713085a0523a2251bb0bf9d744c5737b62e36636f9045a470e6b3de406c9799a83c00152d9d1b87e153a8247b020450c54d6296cf7a7717b40bd21a5af5b0

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 c43333ddecc82078a23696547a78252e
SHA1 4a8108cead72a6a71c1a70086f2f80ff8406d4d8
SHA256 73b851710e1d99b9eafadeae3454c58ade7d9707bf7d2c1a4897b75f54608b3e
SHA512 8dddc15f3bb10b03954024745d2ae38552a5977610516bf9d10ff98e617f5d9074f50d4efc44a78f36e92c80544e6d5424552b8b7cd61ea3235f2b3868baee79

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 1396b34c0ba363ad24fe2c5690da8648
SHA1 24f928cc29e73dbfc7e58b1908bdfdb63fbc2975
SHA256 95333af9a2d60933474a506d365f0ac4aed54260d555a83040038b8c2effb078
SHA512 d53b0b5b74d619b4a0045723b1270c7593e7eca7ab4baf627d8086f27dd938785c7096c06142f13be12b4a5180c474955975f0efef14208c21c32a71a980bf3a

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 715334f098358e4e0b272058d94b76bc
SHA1 8a02187453239f848fea6c0d48e98a02d693a272
SHA256 93b923ce2f507a4fa431f9530299adfa27e7ca6e84bbcf0269fc52ded72cbc03
SHA512 642c28c784b9a63d571ab180cca53f2003851efad4853386bfebb9666eb3c3cf46a4be5b10e9800ffbac08ab98c1eda559deeab498ec6eb55850de6b474cdfb9

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 d956ba30eb5089b4a7a5afc787d1bcdd
SHA1 4864477f7d5ff33e122da80431e3f11bde0b40f8
SHA256 f60a5e3ede360ea32c900ccea423a9a3b695c26596009026ba4378f8fad070fc
SHA512 2c9d6cafa6943784b956721a96964d6f71beac0af918af3e61ada73a17ab3ad5e5acb31565e4ef34ae55509dbe20d2953f1737706e001cc0fa20d07c8b6e18d6

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 5fa8df6f354cc40efe96c370c35faab4
SHA1 e5e87ccd0361494234ad6c62e0502ed26bfd4b63
SHA256 8ea32ccb4ee7e1123d1eb9869380b156c7238eb4bcd74ea0fbd0057885256bc4
SHA512 7cca16c27992b1c3ffd30917339026e0bc0838a8df57ee6e14891656a667c7efdbe8c537b0dc84e627347e63db1bfcb799324eee40512d231e8f2bc879b7af36

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 92f7285aa715a2cc741e8546e9c0c98a
SHA1 9e06b9ed238964a698d427306a127f676d2e9861
SHA256 79d58f6bcca991e71cab76432c8a25570c7230ee4ff25eaa5a6d2b27421beb95
SHA512 c0c54ba58f39b4d76815d82b9e39e5701c2de456b958660d7440caca9a6d0776d8faec6c9344394514880dcd1ef24e50f3387004bdd105a145bdfc87b7263b1d

/data/data/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 cb44816a94597df8cc4dbf771d55673f
SHA1 cc51bd49812e9f937e213baa88d35b9b03a2019d
SHA256 823f7ab5ca1b7d25de42eb9417c55a2f51a069095ccf9aadd8e53546b3ed318e
SHA512 b71e151d33d3b8a5c1ccab5e9c2cfab2ed8b7d6cb7ced317f4883f1cc76ba2bf2539b9b1b8b9cd61eccb32b52c5cdcbd52d7e4e4738059f1a0cb560afd97ff18

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 b8c821ebe129ad926ff820c152c547a5
SHA1 d22241fe98c5d774689c0c656ba7db4fee0c0635
SHA256 45d0f15c0b48a8f365638fae728d4feb5bcc52e89378420963d450c61956513c
SHA512 60d52504798cd28fcdeb04a20a46cc5d48aa0f08b069201f242ac156088289646ff07184ba0d6e05042050f29b6f1bee9fb9ac43699cff1a0bbe8185ff1547cf

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 bf6bcfc39cbd34468ac7b8a0811b217c
SHA1 033a1909d31ae58973e9064590f85e7e4b0e49d5
SHA256 979c9674686f9eae6ad0c5b984b690bbcbe127aee9eb24c72620e38b8b9a4846
SHA512 14290d48b6480fd73067562744d64f1a116ecb5358b80155dcb0fe22b46c087e93605317249f3937b9e169e73e865625031dd6252f1a40908a14f5998f299367

/data/data/com.swanfly.lobdwjyx/databases/fighter.db

MD5 b40932ac844959e1ecadc327a77133db
SHA1 52b783d163c057180c2ebacc340cffb027441648
SHA256 cf5b1dca39dc951f1a6f97e8e968f2e5220996cd1df5a65cb7efaa280f47114b
SHA512 b781a97d4bed572a36ea55b9941528a257410148d9e9de4360ce5cda831f73f3768661343bc379db6655a1db62415f03a285cd4403260552b1d34a352a135902

/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 309a3013d4e391f43c9cb600b0ba4271
SHA1 ec8c007b7271ef6cd126c369b8ff00f95e3a69f6
SHA256 2791d5109c1585484e018e7a02108792a92c8c4412ecffbb424062110ae2d0b2
SHA512 4caee921ed7f69b71ea2c3b087cfe9b8280f3c3adbd8f80957fc2e6afe6d6cffe6376e4399cc4a4a1aa30412d7fad82c54373d485f75e41bf2cd751840a5afab

/data/data/com.swanfly.lobdwjyx/databases/ad.db

MD5 828a3377f8f4e7fd850edb810b63b1b0
SHA1 3e65cfc37a562650b1fc8d46bb477f197f50ad46
SHA256 ee34b7110ffaf02a8d776f8722d57b89bca9c2d7f968a6492def1485ad16b0cc
SHA512 db8419ccf538fc4df35dbc91965ac6db3fb0cda0a6d1e38d7084e390c2d9105d3001ce80dd485992757e1e37b23c8b5704d3e6dac7a9d093d2d8ba532248a8b1

/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 4c0c5c8af415505984cf3e4c36c55cf8
SHA1 1daad045c0c5f83d92ba4d02469f3f4ee0a4cecf
SHA256 791e467d949762b409dc7259313e7d6ef85a608262271282ba832201beb13a40
SHA512 81f9e1fc55d3f45fe904f42c45563f998a837319ee0a58b9cdc1aedeadd3f0ad23a941f9bb830f0f2fbc4c276518ed1ad91e48491e3f99a6647594b215f6b152

/data/data/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 b576d29ac9576a70487a6c9becc6e59d
SHA1 af123313e1cfc1b8dd23d10e3b66cca1863509e6
SHA256 a3f1c6bd8b80d04ffbd29e4b464994fdd941a0c36126383e319a357d426b6f25
SHA512 887a48b4bdfe7ed35e1f71ff06e14a1f21f4d275b8197b392a49b2a91837a444d8a4461c2f38f7ad5bf9f7d64258a02a374e461c9591717549b6ba79ec36a926

/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 3215bfa0c0acc85c5f94f4e7884fcfd4
SHA1 5298a2041ea412119504f53f614772b9042d8e33
SHA256 9061317f4e2d1cb663b086d70b5bcb59d17aee1071224fc138c63f4475d0f22c
SHA512 c627d51da2f0ba246db1f3aaa08965287461f4f51de58208a4c78eed180ccbf51e4c6960ccf6a28c5ca94e2aeb2e8d6601b8285943d25488fbc0255c5fa3721d

/data/data/com.swanfly.lobdwjyx/databases/sldownloads

MD5 0dcc5340a1ac5d879635dec84942e38c
SHA1 4d7665573eb63e711041ae9e7b2768dc44f88579
SHA256 67d724ab3ac680718a3a7ae115d60ce6559e4aab87f0f3ee6f74d515871b7734
SHA512 7f0f2396d2cc5a2efee302147a61b5c447a3847e788ca8aad877f376a3e4787ea32cd43f18652a5a5d6cf1dff26c1f809a1fbd4359314443626a8e4bdb7a6872

/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 b5870593ae1f52ea67905b12d555f87a
SHA1 5b5b6ec209226870d0cb120da60d855e02e872e7
SHA256 c1233523d304d177dca7e7ac132aaaab6bb73d4d04688b797fc1b6fd7c855006
SHA512 229aa01117b829ba2e98a76fcad294aa8fa09a79191ee3a7b0bae2ea3e8b88989aa018860e3280e9b9951699710968e93cda7733d976702b5d6b4a2b84ebecfb

/data/data/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 606af2b2ad022fd81132e18f86b45611
SHA1 4ac5ef87aa3e12397e6d6eaae1807b3f27676d8e
SHA256 812a6bd798f262e20dfda3b1d1e719216264cbe87e76310862ab5da978c34c12
SHA512 baad372618f3818c6ee5fe1a9fdd59385085f36150aafd770c6f5f3d1f94421d235c004bd97329c714a79ee99ab6448075cd0fb30a3345ff065a43e311e64557

/data/data/com.swanfly.lobdwjyx/app_jc/oat/b.jar.cur.prof

MD5 b1bda862c8a7c92de02f8b292f238e72
SHA1 b2f2f103d29e397386707c589fe8efddeb588983
SHA256 ab014b44f98c2c13f32ace2a29dca468bed50eb93211900bff210debe201d0b6
SHA512 e2462b18bc10ca58098c3c352fe98944e9f6e36b9d2c660a7ecabb990adf46befd1f32c5e3789492041bc18791743003a1a423516ebbad9aef20d12833558efe

/data/data/com.swanfly.lobdwjyx/app_jc/oat/c.jar.cur.prof

MD5 b266ef76f04079c5cb73592e366ae0fe
SHA1 ebf19d5c56ab379ada8b0a163c3be5b5a649585d
SHA256 4d7a66e865718a407bc72ecb76d27172f807270c88cae2e20f34528185c5db99
SHA512 d5a7cb18c1e1711c7bc86d0e7ca86029fa6d4ed22b94bdf1d81ccfb0831f882230ef490a39756d5cc4a434b614bdc7a9b5748b640b8899198f74e1925514ce3d

/data/data/com.swanfly.lobdwjyx/files/mobclick_agent_cached_com.swanfly.lobdwjyx

MD5 c21105ff16ac38b5e6422ccb8194f86f
SHA1 cb6bbf7a7993dfad788bedaafdad83dfa4d0dbf5
SHA256 c9358df6d8bcd4e25e794f0d7e27a1497dd721cfb3f48f98770fde619a0133fd
SHA512 68a51ee0765e0f944ef5ea2514383cb1ed0401518f20d57c9c6292c4b6227fae23113b04694a18d3da85368741b86eee59ff229aea8f842d7b6d4e212bdfba27

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x64-arm64-20240624-en

Max time kernel

129s

Max time network

150s

Command Line

com.swanfly.lobdwjyx

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/ncache/afeq34u312.jar N/A N/A
N/A /data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar N/A N/A
N/A /data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.swanfly.lobdwjyx

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 csapi.adfeiwo.com udp
US 1.1.1.1:53 zp.veegao.com udp
US 1.1.1.1:53 ad.veegao.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ad.92mh.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 csapi.adfeiwo.com udp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 ad.veegao.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
HK 154.86.204.72:9999 csapi.adfeiwo.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp

Files

/storage/emulated/0/ncache/afeq34u312.jar

MD5 ce8bb67556e0b26dc28ecaae54476bb4
SHA1 8adc1899753a24d2028959a63a1e9ef98d5fd91a
SHA256 eb099c07a453c2d97c2152d103a4efaa3c8b3e25c99bb3c0f943deabd6df1827
SHA512 d9cb81e8456f4164ae8d188e9a82627472004143842d33b80262fd4b09771359f75275af881420e7f44a25fb8b148255ed6840805eb942db77a0961b853ff9ea

/storage/emulated/0/ncache/afeq34u312.jar

MD5 12719079037e160d993cbc122cef5ee2
SHA1 260a575f54b79624ae822b4caffe5bc25977ba49
SHA256 54ac1093d6934779ac41fdf0ac91efbdefa782d10fdef9c93af7018d88cf3c51
SHA512 64fb047d12c44ddccfefb1c428fa2fd731f2ce77daa5868f97b325bbbaab2ee3654f09bd1414d41970c7e09d40465acbef2ab177ee1c748fb07f3004ad62da17

/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 cabf748b495355b1f36273de3ac9f55f
SHA1 1b33293be449712a9f7f5814fdf32947850c0a55
SHA256 9511397ad02497f8a68ef3d1811c9722f941430a9138afc7bf126cf88e08c467
SHA512 e89f59c7e7f7ac1a7b7354ebc51225ce31485b0b974b586cd6397249d4af5384ab52ee52f628c528ac7df39dc9762db19a299f4a66843e966efad1c7ca972e0d

/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads

MD5 39707f2da3cfad7b0d02d04d87b50e90
SHA1 882de7008060c51b1b431f3a2bbeac077d53b3b3
SHA256 710155a0978a808a919c5f3cc3205c0394575603df6d08ee2286bd8a0528fdfe
SHA512 0bc923fab2d09adab0e1da0e0a525c5dbb66c6c9c3839277eb576bed14863f69415e33e7f971697d2d70c34ee6f78acb7b04e295b2f8c3f3e6c2c4dc72a506b1

/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 8c5cacaacb90fc6a28acffe080aa01d5
SHA1 46075d7edd35a2dac6baf0bb26cf21b91686838e
SHA256 b5be1f86bffe742b076ae5eec56710000a30b0578d406861971e6aa292fb874e
SHA512 9dbd72d494cd3bb2566b2f74c82f71235ea72de9e511b4351b967445de371a2c0840eac99db0217d5320d3dc783e53217bd5de28741c635a294d9bb85fe8bf0a

/data/user/0/com.swanfly.lobdwjyx/databases/vdownloads-journal

MD5 4c3a4f0ecf381acf0e0ab6f03d8963f5
SHA1 f4024f9d921d93d1aceb031705244c89e96ea152
SHA256 ae1bcaae9bad87dd105836da1e605d3f5bcbdb582dadcb6f814cfb125145b61c
SHA512 0e104e03d757d17d2da862e2307b11cc129dc2a15875e328799beae847821042a1db683d2da4a071fccb3dfe7a940fa8e622d52eebbc4aabbc055c6e305b4792

/storage/emulated/0/download/vgp/clearT.dat

MD5 e2fdade929168c6bb9f9b3ce99677ca1
SHA1 2d861e42afe0dd88c5d8a2e066b57fa5026ad0fd
SHA256 20c7fabd0f36b0affd72dd3cce29e615548b6291ba1d13e842d984e27328b18d
SHA512 b7e6d35b93a17797b8c34e694939258666a316492408a2545f427d6476b06fa8047a5842b6383b968ed7e07045220104eb7c52415a7b1dba268a18efd435787a

/storage/emulated/0/download/cp/time.dat

MD5 54bbbc1fa8b9f11de83829f1153b0fdf
SHA1 87d64a022cd3b2543117cb90052130f7b71e42f6
SHA256 09c23687717931078626212ae30cc601f24635cf54b1019d882af1ca892e60cb
SHA512 197e6fe6db22e8fa0172aaf4c33f96eb6a44fe8acb5a2423ff876fb441478fc8419ccfec5fb2f4f3b227212b80b8781f4cb4e471b54639de3cb935dd1409812f

/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 336ef43128b4499a1935678ab51211a3
SHA1 749ced4d5dd1e66a96ceb3e1e2b793780e77189b
SHA256 dc96867afe2b34436bf4ac523b793a5240e2264765692947fbd4f05f26a7a660
SHA512 8f7ea59eb9cd40269a4be37553a2d879c3662208e1ea4a1f665ae81ad9d4119c9559944445392bd4dda7f8c69028671887fef05b808d5e119df19e2c0ffa9040

/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads

MD5 66d087265d934aff4e115f7d05d4e942
SHA1 e5ce93eb8300cd38e04ee643028c4a40ad206e22
SHA256 8aac13fd62e571f5006eac4bed36e68f83a0c541904b8d6ac0cded308bc65f2a
SHA512 1b4382fe657425c0b237406960b58deb3e7a63f51406b8c72c30fc2376fe4dca42ab562e6b84aee948b02b501b42d54c82307a08768b0fe150ed13aa56e32093

/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 5744d11b9140cb60277bbc7162712954
SHA1 67e767fa09a72150580f726369cb0906575e9981
SHA256 a4b8a9ac8c1eb94c6fd24e7dd5244550146a50992f4a6a24402aa48860c0c4b0
SHA512 600324cf2468904b934390d7efc4a3f3319cc5578d3e1499e69b0835f4d34a8d8e323d7a207c2d2506f811753a4075f13c064a88762b0b71e237eba4abd67ea4

/data/user/0/com.swanfly.lobdwjyx/app_jc/tc.jar

MD5 4c04c839c4c1663e740e6b9a6f2b6938
SHA1 727f1d98bcf6619fea747d1e0e1744c8a79b04d7
SHA256 a0f66d4a51dfe41f03e551c00ecc18b276b0af74c057f5af128ebc1751b1930e
SHA512 9fe91d59d0887f7fe99604610884be1a7bad463eca1bd3808a74a5466afac2549cf6d5d1242dfce0ba2999fe595ec7bfcf4ccbe6bdd3a1260beb020a457a1dcb

/data/user/0/com.swanfly.lobdwjyx/app_jc/dc.jar

MD5 17e76adc46244c2eb8240f6fa60ea08f
SHA1 1b3f04099dbfaffd44b175f2c70443d64652c02c
SHA256 8c237818675f2ab34fc3ab2a3b0123621bfb6986f9f3e51bc19bcbf53f40e19e
SHA512 110426e67ececa15a31214f06256aeb70e3984eb925becff6a9193600e52f3326939a1102b0e5f42ccc2c35ca5f35653668afda0c65409cfe5f1bde4eae5844c

/data/user/0/com.swanfly.lobdwjyx/databases/cpdownloads-journal

MD5 724272c2041a815ca92433b10142aa26
SHA1 e5fcff1060d60fd2465315bc0b9ab3745ec90534
SHA256 493bb3a841b3b8143e4b96b4d5ce8cd52279c9c33b7a3212bacf039dd4b234fd
SHA512 f0d475bed8b2a777daa099e0c1c64249e736b08cf89e788dc485cca0bc301301f6a6e9598f58ff0daeb35d6779337742e9946db604fe8068bb378cf74ed5d841

/data/user/0/com.swanfly.lobdwjyx/app_jc/c.jar

MD5 47156cf1a64f54cfb14fe9b28d58e589
SHA1 286284ed2e5dc22d30d1114cc035251c54d63924
SHA256 fba71019b75963133d4e7d02297f0e6957d7ee6ba834be995c1dfb4c67ad7269
SHA512 dc98f55434296871ccae9d5b87b6fc80e7b257dfe4a343c2d541bf473e0206db89b7d36be2b2bc13fed6f0c5867a58a37c7dd5fc0d89ab520d89ed519a2fafd2

/data/user/0/com.swanfly.lobdwjyx/app_jc/tb.jar

MD5 1ba088e6a5c9179048c6f0dcb9126b9c
SHA1 1654ede1e7d91aefd6284a26e80fe1810233fb5d
SHA256 d6f31817dd626f862daee2875faf3c2c6003ed4aa8b50c50704fd2babb127138
SHA512 218583cf2389bc8d5b849f5c15d06bd84869b616260f4770d3310ae2e17c44e76be1ca4f9b55aab3f13e71ae2cb4c3c1eb3399ead84bc8ec3813dfba8bd991ff

/data/user/0/com.swanfly.lobdwjyx/app_jc/db.jar

MD5 e6b5ce59b96d66f7e496bbd7c9c9a5fd
SHA1 8207be6cdefb7d5e05867b6b9dd63572aa118c30
SHA256 4a12d9ae2d8481b92e9a1d0413227b6c25b9b4182fa5efd60d9c4a5e682f3c47
SHA512 9d72e7cebd85958c39273ac41f57afdfe326ebd7001c25613de977a30be95435f90acdf0a4baa315dfa736e2e544c2d88040182aaaae3960aea93d27a0d3cc96

/data/user/0/com.swanfly.lobdwjyx/app_jc/b.jar

MD5 2e005187eab28668da44a87ce47551ca
SHA1 4b81ef675d8b1e285716b3879320bd298e4a6293
SHA256 efc89e94dad31ea2776b834478abbbec071851aa62127edbbd0e44d29c1884de
SHA512 111a7276bdc60f1cde5cf91bddfa517ed99c315a663a3270f3f1ecd7e4c8df44181ab2019ae2b493f6cb05061b2f0d96ea3e8baa679a34eacf8b94aac07b7068

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 311866b8c2655d935663fd8a0fdf8e45
SHA1 e5515f14aa1915c49e4a539ea05a9545bbe08c2f
SHA256 b108c88eed7c00b46267c549244ddd9a5a06d3af73fa32be44e8e83171bd69f3
SHA512 2cd0df6b037d86f43f6a239c4a2b00efda7dcb7b85a78d7041af6b3eabb220eb945ecd65bfe45ccac509ab5d534f5e79661e382ad2a1068cc7c613cf93e7114b

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 bfe7e926b6b988fa64897d3254eea58b
SHA1 4f61ca809629b70b79f474de9fca76a70e8e7e1e
SHA256 dc40c5bac576251ede36735ebe437d409a3b395ce89a1876bcd21ebea1a3fa9b
SHA512 85ef9117b777a01440ad9733b0e9f07635e07aeb93b0b38b78f8fd32ec738ddb5380a95458e285d45f408b8a667b926434992b8c2336a3201ebf35de3118243e

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 69e7e46b726f69e4c23ac07a07ff4469
SHA1 2168eafb8350383e031eec3d4c7b64fb49ea1c4b
SHA256 8dc96c097e13edd4658da6f5259d934ff7fa8058394a736ffd583deeeaa2e7a9
SHA512 8dd48ae9a621b6b0591aaab04f95f54281ce286555c7175a8c44406a445b82cf204ca45ccdf205b19402caca9aebaead1fe94ab03a54180291dee380f5bbbc0f

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 12646d68b69d4fefe6b5f78390c6173a
SHA1 291a73636da4cd2ebdd99729d3edc9e5fc9f3cb5
SHA256 39fa99e8de7dd56bfc399c3d40fe35cd6b2da20a61b570afa2ba8d3a0ca4c327
SHA512 96dc6d4f64359528ee41f89be2a5ef314ad2cc66288af2b76b73fe35db58657936ec135affe24b78cc8a130da970486f2c3d235eb955c49b4bf3fcc1d1fb669a

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 0c1c826d10594c643c16a526b1362e4b
SHA1 0b3581c5cad75ff331de7fb02aa2e8c8f5c9838b
SHA256 0c1e40d6a4b3dac6e525ee701eaf2e38340d7c3607d5fd9287ac1635039a7695
SHA512 0282fa0a233f0864e29270b36ba1a12b574aa3f1aae70f0dc1e32eef8be26ed7f6118855cf065f0249feceb42f38894f13aaaa78e1a83357340f686d19ba6366

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 2510ba71b1f0658de7c95a10e9d242de
SHA1 d8b79865d80affc313401eec8c2adc3791109d1f
SHA256 008fcdc34eff53c0ec7746ac091ae2db4753492f8e09653d96685b5717c03458
SHA512 bf67c4b8f44749eb3fb0e54e8c889b5095e19f3c439b51a3fb2b9a9e66b5e9d4811cdb3cfcd9e7fa3481057547024288cfc79e1292dcd83944f374cb33f7dcc7

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 7f3073d25c34626a5ebb3cbe8ccee143
SHA1 22a0c18aeed8d1b32b4ab5df6997864b7571a425
SHA256 f6398c3ab1a4f20029499dd5c0a5d4f089102d07008b2809469c74c42ddff458
SHA512 82cc35abb8b8e364967e71ec10c6ea93ee24824a15aa7a85e242b2080aa7099b972100c33b7633be73cd961fdc3a9dcc721a9684d4aabb6b4f27b1be7c826a7a

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 a09d8cf41db2b6a70c8e24dc3ae032fb
SHA1 ceef18a9444b47b49cf5d4aa4165ce1505b3da59
SHA256 1a62040aa2488888a81e3d64330b3830e70a9dfd733f8feacbdc5936f55074a9
SHA512 3d57f7a38103f39440b62a4ee537982cd935a2a3cad8583e5bf01b2575a4848adab362106e1b882ada3f6ab9d09d28eb647c21ce10ba81a2060a6095f613ebca

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db-journal

MD5 5580f2ca9b14a2ca5df3397ae32ef6ce
SHA1 ff516dd8bc38b68afa342439803dce754f70e745
SHA256 9a0a5d981ec19e11230755ab4239140e4b8e1fd56dc8fdcff402794447559142
SHA512 7d0f059caf1de771402051d7a778ddc9ec8c3b37eb03ede145e9962827b701ff63a14012b81f033ab4d5303517773621b48d5cb6d83dd2350026dacbf0d1c2c0

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 9840b286b389b2305038de206b9247c4
SHA1 887f58a38b53fd4dad03fca806e378096952d664
SHA256 f4054a41928f1eab01aa630286c1a9f6475defd5d7d83281d6e11c334eedea99
SHA512 78ecf75dfecff61d966f8887199fb2f439a05b49fe4ad140dbfd4baef270db88047aa90515b97b9005c2da7e1b4471879f45be109ab4ab2eaf39c40005524906

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 07a9e0cb4f55b3545faf001563ade433
SHA1 69e1af6af1ec9d049aa679399351b04b960b1418
SHA256 f8b7efef249bffb9db8eb26d3cb5e6917980c343777cc6c75aa35774bba6a461
SHA512 66c6b0454f76e8aa82cbe9a0b0bba9039ca6d625cf02adcfd1d4ad08ac3165713dd01bf1f4885df6034cf5ed24582f79b104093646f0a8abf6ebecf01b99a244

/data/user/0/com.swanfly.lobdwjyx/databases/fighter.db

MD5 9729c4c85d555c3d3d8661de3ff5de9f
SHA1 f0ebf83c2404447e23ec5c14af30c107fcf5e32b
SHA256 0d0b715cca732d38e4776e6f962609ce789e9c9ae0808030aa4e4201ea8a464e
SHA512 db6acfde5dcb196c8985f0adbb930757ec7f83b46fc84341b3cc1a03e3ae6250be44fc1c526b4dff2b437e9c1644792575960b3df66acf019fdf91cebaea1dcf

/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 78ac76ef722b56c66860add0cb61a708
SHA1 d29440e4f3a17e89870b8ce0842d8110682cc466
SHA256 6e9474454822990e638f4e4297f44e2e65052046ea24fcc35138b111eecb297b
SHA512 17bc3a55ae9cce67a354ac0ba0bb24e7614aa6d0f2e8762af4ff9f0a564b6f8ccd01fc5d09cd7a009210906d3d4108d4fd2bc82ade7e55afae32c904161968b3

/data/user/0/com.swanfly.lobdwjyx/databases/ad.db

MD5 8508b7d63a9c2cbb186220b68e949b32
SHA1 6488fa58b7bed1d2402e0b0cc317c08d58baa3fc
SHA256 8603e6c0266f098980e94eb4e57e5559de1ac8876bd0d7daf6d58d2573f5acab
SHA512 001caf049a4440e7e6eaf5e5a9237f5bd53d8d41af0cc80294b98adcb00675d2504dd736ece75cd272aeaff6cec07baa46db274ad837de4983fdaff91f9611d8

/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 7d6595b51045ca6e12df8e69bc8c1745
SHA1 5b14d879bba59980145edb4aea92bdd8ba1ac358
SHA256 840fd2096aee61c10fd95e323d919e3ca2b6261455625b227e2fa5b01e3e6afd
SHA512 17582d50316501e244485d3f06d3ee4f514dc60b272ed0544329d6b8d8e0828a50346bb78e0f7e310af1a41c9d744314160434c82bdfd97d6d7d32da941fe33b

/data/user/0/com.swanfly.lobdwjyx/databases/ad.db-journal

MD5 a8623889c99bb337bc626ba4b385b09b
SHA1 d56c6d778ee09c5fc1c66413bc530b45896f1523
SHA256 060a15f4b6b8af217c062e660e4c5b1a1f0b9ad533fcb104c493c76a5844906d
SHA512 acb2782b302ecd5215ea32dedb9b94c4007c978f596eb11f705ec859bb9d1893242193a4635cead99398629b6b2997a0df4f711f4c4ac2b61734a96d4739f0f5

/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 d984fe2d0f600ab3325ff8b6dfb8ab08
SHA1 1542a5b086beceb8adf85221081177ca48c56bd6
SHA256 6483046a3977fcb172dd18681d76cd9f57f6153cc9eacde41cf310989b97590c
SHA512 8ce6f6e4ad30045a6ecbf9388dfe2da0ba9744ef9a06850abc730d4ca0a821207c35302d77736bb52bda170e875e0414010b93399872551373f6ac18234f5d9c

/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads

MD5 cf8498895508c4e8e8c1713cc1dae98b
SHA1 793fe23a8c560631103c9ab9c95a5e6bf2d7e162
SHA256 1815b8d59fa14ba1707856e8496f7771a5751891ea8d5e6dbc5083182abff4e0
SHA512 cfccd5eca126c5f6b8f1f0df4db637acf0ae9209ea01a163139e40e8ba5febd72ad879ad51613be99275d0efe5a633a7c29febfb8ee0259374fa209a60a66fab

/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 c4efcad6682c985ea8dd635c7a0800ed
SHA1 413ceebfed8f91a5fc1c8b8c3b455ee4c4ecaed9
SHA256 bbbd8cca190f3f6645539f7a653637adf17bbdc5f757908a1acadba65736604e
SHA512 a0eaa830ec63fa0b060235e7dd44964d39f02abff9396d9476fa9454e12ed6b7e2a38ef8228f9ae37eb3c21dd7423fd4089a4894f6bceed95cadd9037de6fe6a

/data/user/0/com.swanfly.lobdwjyx/databases/sldownloads-journal

MD5 ba0f6a1ca84a6e2dc902985c073baf2f
SHA1 4b917177ca776cd0eb4720df838d9b92ddbe4ec9
SHA256 bfd70c3fd882fb760256fd486b0f1dc862981740c9833c38b69cf45d71cd96fe
SHA512 ac3b8c4250fdd9f008901ea490a55b0b1dd6efda9a785129ca03004007bc4f47f217df59ced35233d12ac6097239ebc326b77db0834b88f97b5a7abfe2bcb769

/data/user/0/com.swanfly.lobdwjyx/app_jc/oat/b.jar.cur.prof

MD5 392a834784e5d25321eb62ddd2d4f0ed
SHA1 7224a17c3568ef56adaa543a1750bdc8feea84e5
SHA256 36be2a45949edfffa0cc8c8d7c00da6e13b611b33928605cb9775e7c1e168eea
SHA512 207266f27849ad635191e93c65df35be4b32d4a112fc4774f28450d34c8eda19f7ccb9c074be5e931b43176add11b67305c17fa7afb5e8f35307bce6f0a28bf6

/data/user/0/com.swanfly.lobdwjyx/app_jc/oat/c.jar.cur.prof

MD5 9f3421d238f0f1602a47458605bfd743
SHA1 787933ffaa32520662392357e0f8a75d099e3b5a
SHA256 9831edc32b30dd1c486ad2d74743d6a53db9fe4d8a0a2f2d4be31cb94633ed4b
SHA512 ff06c3e17418524b0974851f734f4d9fd51cd9e19add5b3d596c1ad98dd0eba03c445e77f4941caa2b99a104f09d493470185849db17224418b46601a701d59f

/data/user/0/com.swanfly.lobdwjyx/files/mobclick_agent_cached_com.swanfly.lobdwjyx

MD5 b97846ccc034849505f8a849f49f33c5
SHA1 b0bee0f52ca53ae885a6f9d79298a121a02677f4
SHA256 3b8ec71cbaf24960782aa898bf6cbd0028b3c9ccd8411793a55dc2c2f562659f
SHA512 8f23143376be98d532a723e41da398555cc830e1a1726120440fafef5dc9839c0e8a1acfd34e62221efb0b2aef659902fb8c9231a5f2ca02b242787f548a4bf1

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x86-arm-20240624-en

Max time kernel

2s

Max time network

131s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x64-20240624-en

Max time kernel

2s

Max time network

144s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-03 18:08

Reported

2024-11-03 18:11

Platform

android-x64-arm64-20240624-en

Max time kernel

2s

Max time network

157s

Command Line

com.alipay.android.app

Signatures

N/A

Processes

com.alipay.android.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A