Analysis Overview
SHA256
474005d6af611e316a1510f1148e6fe6b6d3af5fad198dc23f12e29209eaa303
Threat Level: Known bad
The file 474005d6af611e316a1510f1148e6fe6b6d3af5fad198dc23f12e29209eaa303 was found to be: Known bad.
Malicious Activity Summary
Cerberus
Makes use of the framework's Accessibility service.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Removes a system notification.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-18 13:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-18 13:06
Reported
2022-04-18 20:18
Platform
android-x64-20220310-en
Max time kernel
1045675s
Max time network
161s
Command Line
Signatures
Cerberus
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | 23026b6e70ec1dde343bcb74180e0350 |
| SHA1 | a087f689c8898b6339b75084d7a66ca24f534c16 |
| SHA256 | 95d14fe2624644561c2d4a2b0734a6083e2d5d7c42dabdb5a65490d6aaaca005 |
| SHA512 | a52dee40281cac20bf3e7c3699ac0d780f8f736de1cd77841397760560e28377a4b9499f3ecb8261f3f0fd633f02e13778fe864e25a21b7addcaeef7bdf587ba |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/HdSQ.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/metrics_guid
| MD5 | b44ac6863f58ab705d2fad35ba999a97 |
| SHA1 | 277f5c7d7f35dc42c39f05432f5b559e37aa1577 |
| SHA256 | 936d9f2b826f4671f99527ff82e715c6dc30106f2cdd2a1706a99fe972031078 |
| SHA512 | b27ec335a216ea7ca6e0d7fee368b9ef54e4de85aadce30f50b57f3c3aa685a41ea1398b016da710937672a35c246987a973a89d25ba894321f8402f03d9bbbb |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Web Data-journal
| MD5 | 99fe80f39eec0467e69dccd581d2ad47 |
| SHA1 | ac791a4c2ed5e72aaaf2a56d5bdf061013555549 |
| SHA256 | 3a23d99cea712b30940ae0179dd6c69a01d9000c378bddb5274e4174d7f391b1 |
| SHA512 | 061fb13aca203e42c43f1a0b109f273f37082b3e2cd3f1d032f5669352c189a6a60d6809dba836c85bffc099b64a5017e89462ad1e4a7809e0319cdf3a6af793 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | d1ed7e4df89a021603a3952b3b03b7c5 |
| SHA1 | d0a1a8501fff3535264da14cadf91fffeefea4c5 |
| SHA256 | c8fe32c427204fc93a8bc4c0c9d71bc9f6bcb8ebf49190c64ed7893ea9d91a29 |
| SHA512 | 80474d13b979f61b7ea5221c59aa52d97242b11f9748ff06c245721556b1b0fcce0e0306b78875bb22faa7e2d7c3780b5df5447d682ee9ed05246aa2f0b06499 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/GPUCache/index-dir/temp-index
| MD5 | 060d236179d302dfc784a909a602ca36 |
| SHA1 | 2a3aa571ca136ab7667af0c0ccbfcf0bfaaa0ddc |
| SHA256 | 9f689285ec01bd099cf0affbf4e5aff8becfa5f48231e378bfd449346d40799b |
| SHA512 | ff32f98f4a795f287c4783e3fb9707fe00a427003968441b163091561a7913c3cebe96f1156e980e01cc526a529c7ddd643bb12831e3ec65db752700d3156de2 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Crashpad/settings.dat
| MD5 | 87680188f0a73a52602f5729992b7aff |
| SHA1 | 971debcadf7f54a4608f2247ee81f3b9b56811fc |
| SHA256 | 2b23c5f3cd15468f05b6cb4e884b13b299044c058dafa436d6a48a71ea92af87 |
| SHA512 | be6c81f7b67f60bf71caa431047470f2f8e856060f299b4737788ec29a8d015795af1db103b8522d93a7d6ee34549f668f53c898e8a2f25b89a0764ed78fb9fe |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/.com.google.Chrome.fpFyCB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2022-04-18 13:06
Reported
2022-04-18 20:18
Platform
android-x64-arm64-20220310-en
Max time kernel
1045676s
Max time network
159s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.8:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.251.36.33:443 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | 23026b6e70ec1dde343bcb74180e0350 |
| SHA1 | a087f689c8898b6339b75084d7a66ca24f534c16 |
| SHA256 | 95d14fe2624644561c2d4a2b0734a6083e2d5d7c42dabdb5a65490d6aaaca005 |
| SHA512 | a52dee40281cac20bf3e7c3699ac0d780f8f736de1cd77841397760560e28377a4b9499f3ecb8261f3f0fd633f02e13778fe864e25a21b7addcaeef7bdf587ba |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/HdSQ.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/webview_data.lock
| MD5 | 5888283f1d8f0cc47adf6eaaed7e1e28 |
| SHA1 | 0521b64bb9d4fac9c423f81247fbb2c1f1bc09b7 |
| SHA256 | 61e05ae9070fbeff90783c0abe798d5500a62fe168852e185d302a36ec83fb91 |
| SHA512 | 8bbdc1b24ed5edf92f23d0b207f49c20ef8758dff276df8eac1fee9ce10b798f2972decb2be407f98d0a0ffcbb485ff88817e003bacc83f5504b0db8fbfef808 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Default/Web Data-journal
| MD5 | c88ac8f4e7386398245529050057ed8a |
| SHA1 | bccc8f178460cc58262439b05a6c7e4af2c4ccd5 |
| SHA256 | 99932f14fe72cf5f6ab2022172b20ef3fdf20b3c996446c31b4fc5be43fe5a2a |
| SHA512 | 1f2a79510191c36e9066666fa65ab96e9cc0108ffb0207b7bb753a2f5c3e698c921ae61c7146f9835fff254a8f4b87d889042b8ee70f08954007ef5dc9db07ca |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | ba0900567c5c6d15a979bf1dfb98f929 |
| SHA1 | b4731837e3f3b68cba6973993b1b96ac10599f44 |
| SHA256 | 4deedb0620d50bff5b6bd863cbaaa14c92739e045309f90c4e3304b34a11576a |
| SHA512 | b39b0730672535a8167e73c88c67edb03b4147ece2f8aebb0e5448160c37918a4cfb9895a6869ae8f57fbb1cded6d919d61981e622488b61b48e0993837ff286 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | 7fd6ec9e2ee5c198409c7748db12a770 |
| SHA1 | e5fafe3cfee91949a493a4e629331641187fdf62 |
| SHA256 | 38dbcdd38108dc0883a7016bd027f5d99562a92cddbe9bae3e181fbb5c151848 |
| SHA512 | dc1c458efde92adbd87830adf106194d1da2810438261bb1234c2883523aec58904065272bc205be64f0826071c0c2128b39cb4c71127cf3ad8cf039d72e62e1 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | 3d523e83855fbaf4e9cc50cea4fe46d9 |
| SHA1 | 86cf44f63625315542678dcf6ffca8bd889f8885 |
| SHA256 | 2d5964f5bd26ad44f4f4c640c21cd05edb66bd7dbe4cf43fb150a087c2b729f2 |
| SHA512 | 2ebe8607459016c59260fc3559bc57baad9a0c0e4cfeaff1189199f97d0a378a9da84a0a2fabb36f6ab032f90cbbfaff20e31cbcf393ebc969c37a1779587b3b |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/Crashpad/settings.dat
| MD5 | 576cba825221ff40fbad71d688af6a1b |
| SHA1 | 4ccbb6e75ec27d773ddbfefc051d5dbac58132a4 |
| SHA256 | eeb2cca327e000213762a21e53ab0a3a3ecb4a463e6b42ac37ba50fa40a8e704 |
| SHA512 | b7683af5f997a85c47f8f88db11cb9ac5fd5559b766e25f2ad5024239e9264053d2c0970df70f7076ec0163d7d7328ce7d41eb14bb665105bfdcb99c9188383f |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/.com.google.Chrome.aDnO2m
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-18 13:06
Reported
2022-04-18 20:18
Platform
android-x86-arm-20220310-en
Max time kernel
1049267s
Max time network
150s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
| N/A | /data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/x86/HdSQ.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.251.39.99:443 | tcp | |
| US | 1.1.1.1:53 | alt8-mtalk.google.com | udp |
| US | 142.250.115.188:5228 | alt8-mtalk.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | semanticlocation-pa.googleapis.com | tcp |
| NL | 172.217.168.238:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:53 | alt1-mtalk.google.com | udp |
| DE | 142.251.9.188:443 | alt1-mtalk.google.com | tcp |
| US | 1.1.1.1:53 | lanadelrey.top | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 216.58.214.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | 23026b6e70ec1dde343bcb74180e0350 |
| SHA1 | a087f689c8898b6339b75084d7a66ca24f534c16 |
| SHA256 | 95d14fe2624644561c2d4a2b0734a6083e2d5d7c42dabdb5a65490d6aaaca005 |
| SHA512 | a52dee40281cac20bf3e7c3699ac0d780f8f736de1cd77841397760560e28377a4b9499f3ecb8261f3f0fd633f02e13778fe864e25a21b7addcaeef7bdf587ba |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/x86/HdSQ.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/x86/HdSQ.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | c32e4b19bb10da1ac9b7fa43a9cf70fb |
| SHA1 | 95e474c14e481528667459339f7829c74fe0373e |
| SHA256 | 53239d2e99650519ed73d41027f0cfc7b4104f4a367d411dd43cc9d43f9dd7ce |
| SHA512 | f3aa2fd84bce7af4375e209ac8821df317659e9e6d396b3c8d08987fa11e4bb59cde73d869969a6170e0444322aa6619bb330defce48e5f8fc893007c40be3a5 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/HdSQ.json
| MD5 | 82391f44933bfa12b91f824566cf3374 |
| SHA1 | 40569d82bb5d053ef6d73be9d60a26804661a459 |
| SHA256 | eca7992a07e83d04c274bb86c6c805fd99d50e2c1148618dafc225afc6774266 |
| SHA512 | 75cf403b4d9aabdf0a13c2de742f8959b7e5acec56b860a23dd46002b64c21d9af77991d72ed46b32590638e5fdc9bfe0443df6d6ce45f561e4da4fad6cb4d1e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_DynamicOptDex/oat/HdSQ.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/metrics_guid
| MD5 | d53970f93711f5912cab89d2b677b6a7 |
| SHA1 | f4d059240dd2b3d89d039ffa31ac2826374e29ff |
| SHA256 | 6aaae7b4d5fc73d6757d158a9c80f1106923e5d8b3498ad6aa64a55b416ebdf9 |
| SHA512 | 19536b47f998cf4cd54e165c97d85bd0a167271a90c8de2c44b050010553490d1b791a783a3686fcf2f9a77bc04a332fdf40cf9559dd2459c5e9eb03d0752f02 |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/Web Data-journal
| MD5 | 692369ff168107641c48149e7016da35 |
| SHA1 | cdd30cf8f38191df0960e63501ee618609977ff4 |
| SHA256 | 3f23952a4e18f9e32af4d30524a67c9f27f397fa34240d189ae4ad01fc4db67e |
| SHA512 | 582897017f98e69e60963d3954af9786e4aa24a6f8124c8795fd368251f246bb58dfc8b0b3080766689210fadda77742fd00c99b02d0749ec1af44d94812ea5f |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/pchdgpfpqwbrokgjmiafdl.opcmsapbtiywd.lfngpd/app_webview/GPUCache/index-dir/temp-index
| MD5 | 73c199c3cf0a1851dd7a2f2cde9bcb48 |
| SHA1 | ffe2f794e8fda539c79d5e785f6b5b237d20fd51 |
| SHA256 | 1a6af111788d3dd679a57d028e03194d477e6f8c7c4c8c842c7193d0f7c0f709 |
| SHA512 | c4cc3c13913f1b7452d33451d302bfccc29f90988abb7019a6362cf91103d0defccb705251c702f640c293099eb3af0acc2e8a2f50c64b6917618715baf055b7 |