Malware Analysis Report

2025-01-19 05:22

Sample ID 241205-1xfzfstpct
Target db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198.bin
SHA256 db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198
Tags
otpstealer anubis banker collection credential_access discovery evasion persistence stealth trojan execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198

Threat Level: Known bad

The file db1dfa862113ee10429d0712b83095c22290c045aeb2454e22c61056f5f61198.bin was found to be: Known bad.

Malicious Activity Summary

otpstealer anubis banker collection credential_access discovery evasion persistence stealth trojan execution

Otpstealer payload

Anubis family

Otpstealer family

Removes its main activity from the application launcher

Reads the content of the calendar entry data.

Reads the contacts stored on the device.

Queries account information for other applications stored on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Requests cell location

Reads the content of the call log.

Declares services with permission to bind to the system

Makes use of the framework's foreground persistence service

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Acquires the wake lock

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 22:01

Signatures

Anubis family

anubis

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 22:01

Reported

2024-12-05 22:04

Platform

android-x86-arm-20240910-en

Max time kernel

17s

Max time network

152s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
IN 154.61.80.131:4545 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 mangasiso.top udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
GB 142.250.200.46:443 tcp
IN 154.61.80.131:4545 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp

Files

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 b24094cbf0d45039b14d4125fca5c6df
SHA1 97a54b2f0ecf064b141314c4af1deef45538a3be
SHA256 ba880bc8a0ebf23b18430fcdc802044955044bf78186093d9c8d784d1b4ea164
SHA512 44e329bd39e329364a530633cfbca9b12e579e3a81174d09410ede5e0723ec165ce7f9527cabf39fa1dd1a43e1e62868d76f76687889fc86bcff1ddea72bf7b8

/data/data/com.tencent.mm/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

MD5 c64c13ec953cbb99b8c2a957c8606b79
SHA1 d210c380383ec057f2a6cca39796bf1b6a492e98
SHA256 4db65f4fc17722d6223a9bf9887424c91fd361c416eaf23ff038b70497a177b9
SHA512 4a5fd452edfa2f02733b3dbe38403d15897e08f3b4828ffe5af96a5d85331cd1cd4e2e5caeb4c524e3facd06f2d20b1704299c4341d6b2e65206badf2b0b3af1

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/data/data/com.tencent.mm/databases/Dname-journal

MD5 8f90e0e2ee965d3dd1e4aff28be7a869
SHA1 8b45d11be647547142351f46ef4c4ff8bbe5bea2
SHA256 cd0670acf2376d69202bff5f0375bf16793bec3904786ec24d7926a8f928b239
SHA512 dd5d720d6cb467767ac64b68de0d13342ad51d77d9557c27e20b6fc12d29ccf52736ac61ed6831ca564428857342c6eaf16cb916d29573fe6139d95c15dab5f1

/data/data/com.tencent.mm/databases/Dname-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.tencent.mm/databases/Dname-wal

MD5 fc4d4979528d9c6b966fad6e933e855e
SHA1 5a2faf604361c32c9e623bdba231530f14a99bb6
SHA256 64cd73cf1369f662d1e0c7207611914265a9ef8ce45724589727afbcddee8880
SHA512 08ccd1a2a3be07b09a2e306b13731c2ebcde3f63c5ac092152f2adbe3f4d84ee95e1f80b55560a00b2e84a63621ac49de91427e628382e41726257ea350fd4a5

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 36c42b5e9d3ec3404863d226feb1ecd7
SHA1 65e1ec4939ddee5476726da8f166fd5ce623a2aa
SHA256 c6a7fd7b7f03b6883c61ff6ea557d917a83686fdbad6ec2ae7497c01a3f05a06
SHA512 be5ed10cce5ea602199424dd0636b651628d4d56e614d7e29923ea18991b7e71ac82500686541188bdf459d60dd78ba88cd874be6a5eb9285ac4dea9be5a30f9

/data/data/com.tencent.mm/files/Tree.txt

MD5 c4cfeea648acc8c1a62d101e6d4b6a5a
SHA1 9aa9abb19dc26f2749e9cceafdcd557f3ad35073
SHA256 c984a7b823635edfcb37eefce7c9b65a8ac07297dfaffd3ee7db231101cdadd0
SHA512 a819b19b1735af6cd1c1a605e6815fb85a3aa73090f2db96f175691c15e988525f9f57dadd632c03f7fce5edb285c68edbd0a9fbe7b9a286657cf3d51467f176

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 9857c0caa99fde5d0bf47c0ee0fd821b
SHA1 ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256 d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512 312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

/data/data/com.tencent.mm/files/GP.txt

MD5 f4d007ca8d6dedaf902b80481df15c9c
SHA1 543baf0e6aab364e08d33fa942c733c683d3edab
SHA256 afa613bb045dfdd4489238a4d2576397a7083e42b573db431b43ae00d2323ce5
SHA512 7be6bc46789004f8b85c2d1c8e012fd289b7e940822b8508d9b3f4f091c79a994ff552aa340a57db83842654dbfe3aa21bbf1b081824e9f3b85104a2b3d4dba1

/data/data/com.tencent.mm/files/GP.txt

MD5 a8bc587f72b6b509e483777bf348166f
SHA1 ac7ffa9490af0f70526de5d4943742027f22a9e1
SHA256 8702ec6627aece7db9f8038fe5e3f759dfd24544d7c7690e033512c28c544111
SHA512 b6748b36ddf395a230db23c6dc634be1776c433f498b3e1bd598f71761f4e7efa7766d062a42776a254992d5e7a3240616ec68334ae3d41736da6ec77a264781

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 2fea6fcd7b73787ea80ce21066f22bb5
SHA1 c31ad28bebaa4436e3f66b518e708fd60f145164
SHA256 917032a07f9e4b0e36b58f89001e310b87d6a3b8ba3b9249014026a0ff8d2113
SHA512 9cf2f442ea6a7b6057a7cf51c1546671e873c6c3bcdb5796e35aa66fed2c791de375ceb594abb83620c0c8a98ae5c6cf6d399e0647191aa7ab8a897d0e737af6

/data/data/com.tencent.mm/files/netinfo.txt

MD5 046df6732838109a3b420565031793fb
SHA1 f5a5912be0f5a5610bc00462292c759bdaba48cd
SHA256 165397bb6f9d762e7f46e70b2ccb656a769f3f5dc795bbab7346a1ce9ed700b2
SHA512 aef8d80c987806d1dd033563bfe2ece0880b9f61a75fba6b9a75a224f9c33c0d1427950b2b5c4d07693e7739d14ee7777178e6411a534745e79eb12edf7d4c59

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-05 22:01

Reported

2024-12-05 22:04

Platform

android-x64-20240910-en

Max time kernel

28s

Max time network

153s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
IN 154.61.80.131:4545 tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.98:443 tcp
IN 154.61.80.131:4545 tcp

Files

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 be15c7763985ee2ae1ae300fc955c6f0
SHA1 f5f4c1503127ed65322ef8757b8c9d62fed6cb32
SHA256 33079f6f0158967680be63224755a0ac2cb9329e206e1363828a520bbefb2a20
SHA512 02b901130877cdb7e39faf7d71b4bf3e8da24918654b86855847c619ce5623291ec70eea1494299be2fcffcda2fad68a61fcab33afc8ecbbdc491caf8be76d8b

/data/data/com.tencent.mm/databases/evernote_jobs.db

MD5 cf8a1273234f469b83cdc155f99b9f2a
SHA1 5408fecf16641c1c07a9e924018d055fab933b93
SHA256 5297a21d90e781a64d068104168a9f2ac535ffb37f53dd222378633cb03908b4
SHA512 98b5368f370dafb9765cae81a13246977d85042adc6d4133cf21d76b93cfa8a466dc13628daa3559fea4ee656034ad50def0d235e346c2bfb88dbd4bb9a64d5d

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 78eb5a62a9a6bb97c4aacb31bff90011
SHA1 f8c005a765afe06110e0bdbfd0a59a4da56943ad
SHA256 965893bb26f198676bda18025a26d9e111057b5e943c97ca26fd5fb8b51c88bb
SHA512 131cd512732ca35a640ca6787db20d5fdd1e330127e441e3848de38d1f6588f271646e8498eee48c2caba99e959ebf5bd2fd55c0e4ab3c778010f4dd8af0d7c1

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 80ecb7cc179b77e4612372cefc27c460
SHA1 fd7976e421e360d450a37eb364bcd8d61e27d0fa
SHA256 2cb7c4b4548cad648ba19ea80851a51b1e24c465cd2beffcfd97cb9ec00a5782
SHA512 8759d71bde56f818886a189424c5d0b09570d0a9503c04573611364b99940f414d4ca04bab3b66168b75213e35b543dc7e3df33317c0242df3c93867f70bfde4

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 75d4b4c7fd92f910895722f39ef09b52
SHA1 65ac0fd227b63b9715ec27b7a9ef747ac2536eff
SHA256 662e2ba9eda286f04a16c2bd2492aa70d8ef1097a6259052b84a53e2969f2fb4
SHA512 f75f6c44854260723245a17be1f5299d738a9c0a39205488b5a2df5bdf15a45e783a52ec427bc7b6e60692a419e11cc39ffebebfb752e86d4ba1bfd484b11772

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/data/data/com.tencent.mm/databases/Dname-journal

MD5 176574600e33d2f6a351cf12f02cc590
SHA1 5294269d2f5811cb4f35bc3c9d2be298dad0f747
SHA256 168e13c56890fad7ba37a4266b90e6729275783f81173f004a2b62a86240ad50
SHA512 8d09aa80c0298b7cd71e3a6e4810a5b98901b3b874e31ef63d1efceb47025903999b2b0978b71c49cc2df3087681772b215508c685287d78b9116a7644c63fac

/data/data/com.tencent.mm/databases/Dname

MD5 0ec8d5e24581e56eb01c45155efe2049
SHA1 4de2aebc5e22d0420e54cb553c2739e50481e50a
SHA256 5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616
SHA512 23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

/data/data/com.tencent.mm/databases/Dname-journal

MD5 cd73f2ad57ad7fb42d38ceb62706efa3
SHA1 082834f017dc5669cb697f3c3230d189b1bd588c
SHA256 63dfa559fa71fd2af4f93e0fc5d09c26ea1a72cd806b05221abc8552e0614328
SHA512 aa281fc0961db16ca0dd7ed1116e2d23492af03b457714b2ccb089a8cf06493f58a9b97cedde37225472f3b3bf2e2415b59422e4f3092a7547053e14735e6e84

/data/data/com.tencent.mm/databases/Dname-journal

MD5 0d4e7a8c211f7e514dee1b3da7bb4312
SHA1 4d2ab5874f6d53d2ca4c98ae20949c25890c531d
SHA256 4edaf1ac48e70400d1caa7500f7f35d05e10e91061a98fc00c471495379edcf0
SHA512 d0b1b3cc00c1897fdc13d3ac12201a80c2c8a289c97fbe89f7bd5118396fd09fcdbf57a1eb837c55d5574cf2be2d79c6e225b076c40fce6f3a691f16702c1f0d

/data/data/com.tencent.mm/databases/Dname-journal

MD5 a30b9fed2e25894a1dffdc32264b5b6a
SHA1 d68a2a8ca8f56239d722f9aa40e5e90571ee1915
SHA256 151254efc08c921fe3c4dcfd5378113d0f97661ccd8ea07b30d2447d908a22fd
SHA512 1fe7c94757113a6e86132bc1f0e1f3736e3643290005dd0dba13a6ac84408a965410f0377bbcc81844a95a035290a3457a3e136257a9e9bc42704d98498f12a6

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 375db91eb0ef4abc60750ac55c4aee4a
SHA1 180a5872a726855efbb67ddd429dfb4f58941e49
SHA256 c5bea58ef37289714bf4a9900b5513b3528f48cb48e5a8a67f3a11599672e095
SHA512 aebb31d7b5c9d912410c2273f37e32d95d2081e234647539a46ab2b6458e23c7b1b20131cf5b03f24d2f7060d5eca015f3445b48a8fa82126a3d6bbd0c2d79f9

/data/data/com.tencent.mm/files/Tree.txt

MD5 d3d628e2fa10bfee07b8887388fe5a5c
SHA1 10759f7fb194718ac1707fdd29dd63525453eb84
SHA256 e1080701316087c41f56c031de89c88ccf6be7e25cab94fb422c28acde3fa371
SHA512 0aac76e9107dc670e54ac7984beecd35eee50937e152da07762f0820a7547041b9d2b8ef277fe11c47548b75dc1416cc71f85b359f2a7cae710c341497c05f42

/data/data/com.tencent.mm/databases/Dname-journal

MD5 5f0a7334823b90ed9fbc0a17a82b12a7
SHA1 a4b09f4d212f4f42b1614c0985997049d34cfcb2
SHA256 de09d68ef777697fa5e3da30eb9ec11476b7c1a4686b3ced091ea2379fe9ff68
SHA512 c8fe55d97a1c1f0e0115263bc415dd4fd1d76b37562d9be99e10808cafc085d6d4378f9afeda2e02a4c89cbfc4f4ddbc46677ff1d177c87244f53d4fc00b78ec

/data/data/com.tencent.mm/files/GP.txt

MD5 ce796f01453ec63fe43cb601ae3ee57b
SHA1 a8ffb013048bfd1046ad0d7423240efaf448cabd
SHA256 17f721f29af85ede0460dd94b24f2f6d040bb73a7bada565e4e1e266b4eb31d9
SHA512 0e1c8b1064e4b84b41b9ee9d324b594a785fb75aef722504e615bdaa8c6e15dfb8d5d8767af2483af2ebf09f2db5800830c56b38d11b2c5e3a6221878b7e0d73

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 de42df6381f44c0dc45891054c656259
SHA1 5a76c1ad2ff42094034a18774912bfaa79489c29
SHA256 51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747
SHA512 700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

/data/data/com.tencent.mm/files/GP.txt

MD5 15cb8dc0cc173805a7c5ef9f60f1ed1b
SHA1 79baab9c0b3246bd4dd8c078141b65358ea35934
SHA256 007435ad346951daed9c14c7f0bfd091c17164ae14710869d75241b5681c7257
SHA512 dc600382f2cf04e092c2963a13568e57b9c257a9395a00f06409a7e3baa72c2b2c4abbc1a5135181f90d5231c527fc3513843c9442887b4b898c9bf0105b117d

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 ca83936d0c0ffdb4a991046e32ccc956
SHA1 6d34827e6fd5b8f716cc5f7d7843b581713aeab3
SHA256 b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2
SHA512 61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 f4ec0d8235b172e056f50ee8a96ddcfa
SHA1 0e782fde0f9dc67d437397ae06fdc98c1d775327
SHA256 6a8f80e4f1b741a93cd7183f88f7e1cf175465f149f8200c6f34a9f7bd59aa0f
SHA512 3dcd86e7444157ae104f9665cfdc07227d28db5a48879e875381cf1d436f5a68a0b31ab083aad078784365ac1b279b21c85b2487c0a1d7f83fd0c8ffd6b318e1

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 f103914006a3e4146a6d99d3cb57011a
SHA1 775a3abb25ad646520362544d51987d4cac0e92e
SHA256 027147dd2cb8247c77c546c98e435d6991c2668e0f84f2b1d316bc0285f63e74
SHA512 7d2e4ed6dcaba94a5f14c13aa7129efa5fcaac6e7d884dfa8029f4154c8ea0cd4478506cddac5b798398f3ce4009a664c5819549461979bc6e4b5a8435af97ed

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 a17dd0f4d638f2f6b33dfa4eb50084fa
SHA1 e53873570308884b7e57c62a67c9021b7aa0255b
SHA256 e843db98d7336e7938f5563001b07cfa843678f368966ebcb1957be18d525ca8
SHA512 49bd2016dd240a7a20eb0bed34aab8fafe7a8fb18aa4c86596dfcb29dd8564d71a8c92b9ed684b2b2ba9b5ca1ca5f77bff062600f716ea89dfe405553263cc8a

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-05 22:01

Reported

2024-12-05 22:04

Platform

android-x64-arm64-20240910-en

Max time kernel

23s

Max time network

153s

Command Line

com.tencent.mm

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
IN 154.61.80.131:4545 tcp
US 1.1.1.1:53 mangasiso.top udp
IN 154.61.80.131:4545 tcp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 216.239.38.223:443 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
IN 154.61.80.131:4545 tcp
GB 142.250.187.238:443 www.youtube.com tcp
IN 154.61.80.131:4545 tcp
GB 216.58.212.193:443 tcp
GB 142.250.187.225:443 tcp
IN 154.61.80.131:4545 tcp

Files

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 8c9169e933769145c48231be38bcf5e5
SHA1 308b4413a4b41ce28dbde2d33a6efee48156018b
SHA256 7037586b1ab02f6b971c94c743420bcc6f2d4cf9cec806ec993220f81cb3ce9d
SHA512 81e68340ded966483f7acd393f6a118b3286fbcf35e248b4dc504983e67cd99db97fe1aaafd4978529ddea1163897ea17cd5664d573335da39dbd8df15378551

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 7539688f3c4b2aa5df3821036d74160c
SHA1 fba241093b5e24512d40afd1dd4a5801b5afac0d
SHA256 76bc3db077e55ecc1d5eb957d73c9be09942ee246b565aacd2887a68bbd8d4c1
SHA512 6f93a523d05844c4599af7599d484791e4c647271fa0219070ff8b30c8231d7371cc00a6dab8f7af9e903db42a9a86d3ccebe5645355122d10c06db2a9b45752

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 ccb7613cf0b3f075c1f86893967e6b8b
SHA1 e995a6104fe7e931bc3351f1a76780f2ac3d75ae
SHA256 9c128b86f2d17c1af68ba3ac660749a0fdaf48bef5424c5b6f5fff5932b63c1e
SHA512 1d49ddfbe5d33c18fd351026248a92642d5d29ec6a0cfd6680c3aa146f57445f404ebdf36f0d728963dd935ee6453e82dd229170c53e05aa2cffd6abdeba1702

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 a04bf07a3d6bf5fd937702cdc13df17a
SHA1 44067a7d56990b2f684a2d021fa65ff318edc110
SHA256 c2c959bc227f08171a7e1eb56812fb681dadcb0068fc91416d9059db44e7bed5
SHA512 9d9ca74ac758d64ebc647d2d0485b0ecf2c2d89018c08ae5ccb33fc3542a49ede19f4cd132b0bb13b932a528dea2b57e9fe8aec5334a9987cb4c203cf059f2e6

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 0ad7fb7a3cfffe75f0217f94ae3ae517
SHA1 6d4d23c6eac46d7f6ef88b1c764bd7ed34ba9781
SHA256 0a66986b92351b185be1132634bd6c863e7778ab4913f7e822bfc38f464d9902
SHA512 8cb592fe7407607e0d7c16b3952ac54290e9c023de1d7adf92ad8e38c3b9f08bb957f21149af7e85ffbbd93d04bcec5ba11d8971c45f44c9cdccd4bff5d76a88

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 7be091659ce2272ab2e21d4bae5809d6
SHA1 e5cf637ba91ff541033a87a23083c45308366fd2
SHA256 4535db29bb5e85abc2464d42ba07941d2248395d2029fd187293307ad04bab7a
SHA512 bdf10047a0d617472ed863f0bf6923fb103acf1d7592e392f09d7a8ac0e18034fa181e9476f5626da49c06258fcc30c483b04d55365a8d32f6bc3b8edd0548a9

/data/user/0/com.tencent.mm/databases/Dname

MD5 1854505a3f6d683ed7eb81612934370c
SHA1 4f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA256 8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512 104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 b6af4fed2184ef6410f3a80df5ea1097
SHA1 954e96f3688db8a65ba16e55adafd1bd7c841d57
SHA256 e79dd06f8d7d0e8ddfdeeb81f77b0f06ac8ea2bcf1f0a2f676f6b50241b208f6
SHA512 f6775abc7ba1b1a91228f916e31ce8a6f5433addd99913282fbcf0325860914aee766b0c145cb101cbc0116f8e7e3af183aae53f999bd6329b7641520222fd21

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 a79f78807ec9a9c84dcfa50529f503d7
SHA1 975341663f995022011321b45db797b531ec81d2
SHA256 48042b5422a21778f24dda39815a72ac93e8dab21371dc83579fc3f1adaf6ac2
SHA512 fce4328d4e4f1765bf7e394bb828f4cd2e8823268fdda034e8396cbf64a529efe1be95f72bb97095e59a39eb7d8f960a158399f54a692faedad1c01b87cfad45

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 6a50ee02944f7bb3f371a0cb7431ec97
SHA1 2a18637f5ebe62e08518bcbf6fc7fe9c96eb0a0d
SHA256 6ad2e9db88f51c204324cc9882e01762be694c1f04e1bf38139042bdd7b20cb0
SHA512 a7723536b44ac9313741cdd03c2c99e9a81a20455616a7440d1f786b3c7ff3088dc0b12d1abef004a291c5a8e3f91b5ccfcab3e2fe5fc16906431cfd0db8a240

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 5eb0038aa118b7446ae9734cb645b6e3
SHA1 4f377db756b52fa55f50395d8a3e009f68921be6
SHA256 a0625e7b73601fbf6a30a4477e6a69f396607bc54da84f620f12bec21bd4cca9
SHA512 929d4dfafa35f2973159d1c2954bada2919aa504b86d177061885f1d749063bde44b46b471c870bd732ef3cb8551b49f065a2d33ed8ec16cc7691eeb538f315e

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 901f66f6d26a1a133b6d2711221022ed
SHA1 3fbd56e4fda07be719b0085da17a55368a8bd267
SHA256 661f64e87e5f3700ba6d87e7e01d7b710f61109937ab45db2d9d8eb611c8f656
SHA512 cc276ff0e05044332bc3090cdbf0ae11cc49e7c40c5a5eeb7623450f13c5671033e6b927eabc96877517ecbc0b66f6b96625214feab9e2c74de8f1de9414eafc

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 4899acc55ff8027c098da4419a161ae1
SHA1 ac67332958d27fa51daba819bec4a3032c707111
SHA256 3e82922ce45c24f3fc4d26c76d1bcc4d267c7bdf2895c925bef98f3b6301e880
SHA512 7b0a187085b407366aaebefd46b64c92b3b76e356f9e2a4721729ef315b582fc12b80951ec163afb76a7fd2334abc46edff74a9eff78d3455f33cf44dad5cf67

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 b593d0594fc2e98f60b0288475ba950b
SHA1 1c10ef393a2666d7640ca45e663321019a5675fb
SHA256 49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411
SHA512 7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

/data/user/0/com.tencent.mm/files/GP.txt

MD5 59ca2d7d6ad7bc4a1b874bf63f974265
SHA1 5a322d05f99118aac46fdac7774e8528d81b9d6a
SHA256 7bb2c2f1993dac8571358d0897685b3e84bad4587119c446f72e014137cfe855
SHA512 8aa933a31b5cd0f93ea5c1573638e31ca24d6848ce4c9d937034ae36ebcea3d9d8ce7ce8464eb0feb0b29202323fd73a00dc6c0c621ab5c91b13244ce9970e0a

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 8dd2d88d2e878742f2265fbd96beb74e
SHA1 28fa0207e799473ae9d3727ad3f2bd64ccaac225
SHA256 3e213568449f8eb9888efc4a14d637eb38791bc5344e414020c1aa75ba5f8340
SHA512 5d9062b45bc973f4a4b3523ace17b6ae3314d4881bfea4050c6477a75f930a89020db4942c6bc207baaad9d9625f7340f0db87694e639bb1f39a021086af511e

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 7ac10b47440e9bf1b6e0583920f30a1a
SHA1 26d263e675f5d596ea1a9c073a0100b83a2c1648
SHA256 9325377cd84e53c5cf7ea91056e2ca25f46f0ba573944ed1f72580b800726afc
SHA512 4a7ea27e6aad8df85aef13246e9e3685a142510ef686f119a5804512b72959aa482e29dd11b921a6758581ec6dad582a6df50f2e4367fc81b79e32e668447d0e

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 d791cd89507e75f4d685a1fa7dca6449
SHA1 c9bf4e3bd3977fc995be739553c9a11b5a7088d7
SHA256 cec1f31f39762a8204b2c564b8585595c7813178d6882bb3fd0bb4dee0ad3571
SHA512 8718b3399cd2e90c5ca70698c7db6a426d71b62292133f06f113d7e8c8bdb78b8aae092a9484c2907f28d12205bd70bfd26dff76a6e163c4bd64344706d8dc3a

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 cd44f3e97482a68b2089f0d14507ad29
SHA1 37089b27697307da4ff7bd0d8f8147b40c81b275
SHA256 d4acc9e1ded60a6bcedf1b03d2278c93b66b8dd5479e72e69c99af4f74877bcd
SHA512 0d6f4ba05bf7e8d273afa32f979679eaa4b8aad7ae0cad8331059d450731963e9ddf7c27dc5a1cf36ec818e6754b43dbace2420aaabfa9e0c4afd8f20dabd915