Analysis Overview
SHA256
cdfc0442cb04c3e999367dbad2a7c3066b9b372f25e3c88dff57d8eba53c9644
Threat Level: Known bad
The file cdfc0442cb04c3e999367dbad2a7c3066b9b372f25e3c88dff57d8eba53c9644 was found to be: Known bad.
Malicious Activity Summary
Cerberus
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Removes a system notification.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-20 09:18
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-20 09:18
Reported
2022-04-20 09:38
Platform
android-x86-arm-20220310-en
Max time kernel
1180075s
Max time network
152s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
ywlundbgmk.tnraolua.antabkrriztc
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/x86/UwhRD.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| NL | 142.251.39.99:80 | tcp | |
| NL | 142.250.179.195:443 | tcp | |
| NL | 216.58.208.110:443 | tcp | |
| NL | 142.250.179.163:80 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.251.36.36:80 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 173.194.202.188:5228 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 142.250.115.188:5228 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 84d3ea26a33fe6078d924a02d4009e29 |
| SHA1 | 9d1095ab8368c5219692ec363a6d81a93bdb9ba6 |
| SHA256 | cbb53cf2343593611d4fa07eebd464b3b442af3c626813f7d5a078b584d4a614 |
| SHA512 | 7e285bffb3b80ae9dddc72b15dff29ea0b9b4c987b28437ece9b2a5a743fd79b2d16037bc1ea4dafedc5e8f5cfc776c21e3c81b72ace7757899cada093e012be |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/x86/UwhRD.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/x86/UwhRD.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 14fd281f7ed4aee876ef710fc5123bb9 |
| SHA1 | 9f0a69b1c6f316586e331535296f5011710664c7 |
| SHA256 | e194749c3938e49da7a9d5e709917bb429856a8d305142c2a67cb78b043ccf25 |
| SHA512 | d4c3cbbe20f6c1a6d3fd1a923911a2ec5c68006768e9a8944aad92dd14e7108aa1b9bbf4b1136e06b50360a1815ccaac62998563aaff14b49911ec5e8a9a19a1 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/UwhRD.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Web Data-journal
| MD5 | 0ac10209a4398e28f52163f9438335ca |
| SHA1 | 3ffd22df3370907d7691eb0d9e529bef6257bc18 |
| SHA256 | fb765ca1614627a520e4aa0291b3b37523efe7597d1644d0021cda7698a7655d |
| SHA512 | 49dfe5384c00386616b880d0f20318f75dea2d86753517c8cfe439e5112a2505eaed30ff5ffeb82f07678e5f0aab7702e59ed5e23e7140f744fa1ee555f2efba |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/metrics_guid
| MD5 | c140518a3f530c9188ee62c26e14e086 |
| SHA1 | 53db3d905e9afa4e69ae2886746a79f605b07071 |
| SHA256 | b051702c427c66a4c1e88ce5b9b3884f5b66ed126422a602fc47f8befc52acfb |
| SHA512 | 4c36bcb19a7698ef6a530155a5b4f90633aa7b6fe0e83b476e36a19580de7ff3950c3b6fb2592abf2d09518060c471a61c727bff2190cf4a94c89ef4051cdcd6 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/GPUCache/index-dir/temp-index
| MD5 | 5236af44476f0750083f8c7ea2116673 |
| SHA1 | 1cf85b272df0a9eae29e80e4e71e7a7f852c193c |
| SHA256 | e1d2ce7acf401b1d812873075a281843f9d0507977719c305c4e079f9a90627a |
| SHA512 | a0bb7f481de3a463cb7616e6bcdc74a332aae6b0da21f1ac1dbd83b741c4424c011b027ffc07fd34feae1f000cb95d5ebd92a21e0af7aafd12b2924909e77645 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-20 09:18
Reported
2022-04-20 09:40
Platform
android-x64-20220310-en
Max time kernel
1180161s
Max time network
192s
Command Line
Signatures
Cerberus
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
ywlundbgmk.tnraolua.antabkrriztc
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.136:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.251.39.106:443 | tcp | |
| NL | 216.58.208.110:443 | tcp | |
| NL | 216.58.208.110:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.251.36.8:443 | tcp | |
| NL | 142.250.179.164:443 | udp | |
| NL | 142.250.179.170:443 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 84d3ea26a33fe6078d924a02d4009e29 |
| SHA1 | 9d1095ab8368c5219692ec363a6d81a93bdb9ba6 |
| SHA256 | cbb53cf2343593611d4fa07eebd464b3b442af3c626813f7d5a078b584d4a614 |
| SHA512 | 7e285bffb3b80ae9dddc72b15dff29ea0b9b4c987b28437ece9b2a5a743fd79b2d16037bc1ea4dafedc5e8f5cfc776c21e3c81b72ace7757899cada093e012be |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/UwhRD.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/metrics_guid
| MD5 | ec60082d971094f497a0bf0a6c1916de |
| SHA1 | 6be2db825e2f05c0f3042a110c35429beae41a6c |
| SHA256 | fb8f04039d8185644e8bc55a4c3b159cf9512abbb0fdef34876984aaf8fa6e7a |
| SHA512 | 8e24d5ca9e9a91f8344d4b2c5415567093005bc1d3fdbcd10b2360b3980142a761d479856a01a0c26b4726a8c2c8149b8054c69877afbcb99c3e343cf0003624 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Web Data-journal
| MD5 | fde4150388d916f26e44765cfa0f3635 |
| SHA1 | d7e4a011955911205f344d3e5b57ce1d51597df1 |
| SHA256 | 062f8f313317545ea088181419f63bfd460249c3e37c5676eab600fec39135e8 |
| SHA512 | d559373cb01d972bb34b23d8c75466c1b33b51c20cb621443c3f9fffbf59421c5765a7895123ec81ddcf06a9daa7e05c46370b6ca3630d5cc67cd6c62a4de462 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | 1acbbf1f4cda6ca728cdac83ac9e5069 |
| SHA1 | e5dff970fd935c9f6061fa5e7bbc2377e440fc25 |
| SHA256 | e8220119286bb8f54dc7e8b53185862f9a4ea17066d96d792bed207e4e76b4a7 |
| SHA512 | e8c22d1523010b7334afbed91474c1d400ea0f77f66a51d451716f3776deacadea38cc880785eed1e851cefdd8fc5ce95474c5011c3ec239e4ebdf94f185d919 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/GPUCache/index-dir/temp-index
| MD5 | 513694e9d65f89d53b63b95c509b6b15 |
| SHA1 | 324a97acd60c7557cea3e07821d6d40b158a4acb |
| SHA256 | 696cf2b0eca8a94d2515924df0323b2902a1191a1b85f32856ed12cb8d073884 |
| SHA512 | bdf7fe8497462cedee95c48b452737dfcbb10e289f265bebdc1e4bc4ea429abb37633d54800b1f2dea4bb07710ade6ac72e82a4360af643c68bcd34c032bac2d |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Crashpad/settings.dat
| MD5 | 91657d84f5d6f40af19f867b0bed6028 |
| SHA1 | 3cd9126b74ac9f8d5528c195c885a503aef2885d |
| SHA256 | 590c05448bcc630ef28703e9146a8a0f679e61f66584cb434b73cce5fc813977 |
| SHA512 | 4e69a64ed8a83737534a333e6cffc41d5b512467056d85d500cf9941712eb45f17a5b7a81b56ecd8a45df48e03d660fc0037c2c79e7df5fb21f939e6e12e2983 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/.com.google.Chrome.j2TCjo
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2022-04-20 09:18
Reported
2022-04-20 09:38
Platform
android-x64-arm64-20220310-en
Max time kernel
1180085s
Max time network
159s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
| N/A | /data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
ywlundbgmk.tnraolua.antabkrriztc
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.206:443 | tcp | |
| NL | 142.251.36.3:443 | tcp | |
| NL | 216.58.214.8:443 | tcp | |
| NL | 142.250.179.194:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 142.250.179.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.136:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 84d3ea26a33fe6078d924a02d4009e29 |
| SHA1 | 9d1095ab8368c5219692ec363a6d81a93bdb9ba6 |
| SHA256 | cbb53cf2343593611d4fa07eebd464b3b442af3c626813f7d5a078b584d4a614 |
| SHA512 | 7e285bffb3b80ae9dddc72b15dff29ea0b9b4c987b28437ece9b2a5a743fd79b2d16037bc1ea4dafedc5e8f5cfc776c21e3c81b72ace7757899cada093e012be |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/UwhRD.json
| MD5 | 279fe593ab3712c9c19d759e5c8c784e |
| SHA1 | efee9802ff320724ac20896442dc736a4ca59a01 |
| SHA256 | 811bd3395f175b9fa624dd1a36df1e926c971ee60f15086b32aff48e285e9697 |
| SHA512 | cd087f60ec4b00ad56a5c4d0d4b8b6f01ac2ff9c42ccbbf829306fa5248d8a79685ad96349eae72c7a67a0560d95d7305040f33e495060ea61e612f0a4f5e45b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_DynamicOptDex/oat/UwhRD.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/webview_data.lock
| MD5 | 28050cd073e7419db11677e2034321d4 |
| SHA1 | 2d565770f36d0d5b7ac3ffd2e11a91cce743f516 |
| SHA256 | 6c0af31815700a16cfbe5829e61dc3c31523850e09d9597af2699f4ea799fe19 |
| SHA512 | abaf53d14fd1e49f0790285d18cae4439e02a51491a26067ad8e1907987546769ae2ca3ea94c4a37d57e8fc481d2c0694786059b614b85279cce8327ba9bf2f2 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Default/Web Data-journal
| MD5 | 83c305058677a85e76c6dd0fefc14d03 |
| SHA1 | 3648978c0a5a50cb8ec3e5cf7af75b828ae47327 |
| SHA256 | 4870e3f8f6b0a541747c4252439414861c3a05fcd7665d3cafad30fa6a9448f3 |
| SHA512 | f4ce97d073744cad16bae7493486551c8830f853bdfedfecd49cdd1f255814f51bbb16a687c917e5ab3060b68a526079eee6285173ffbd3c021ae7c32455fa54 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | 595906ea530c73bea6a2f60b09b9a52c |
| SHA1 | fb0a47b136e5dc566b1a3df357fbfc86b2402cee |
| SHA256 | 9a0753e2a1ab22ae398ec669329a83073ec5409053cd529441eccf021c6a9523 |
| SHA512 | e7d2d553f393f27ef3df697c9e1457bf38f8fe6d631fd9f24b4e5e2d5eb60948e2959c4518fc4f738de19b1bb8959bbb31a94bfc1d562716bdd3a7b25d8f39a5 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | fee61657a6b5e2fca2f30b242904e87f |
| SHA1 | a5a0d2ccfe1b4216f3753ed2cdc12fabbe5ee23d |
| SHA256 | c8ab21127ec66a50fb54514583650d95caf8083c948ad35f95f1b5910ebf7b65 |
| SHA512 | 5529ca1d489a9955d547537b6c48b3c80c3e006c6e1602d63bf787e305c63ce384d4848ea9a0ce675929e01442d4b618edd0af526bf1f7f9f79212f7767c7b34 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | 0090178f8de00922b24d6462ffe47807 |
| SHA1 | 274179dab9073ce2ab93aecb86df80364073803c |
| SHA256 | 8fdb878357c68694683a593891503d608080ea009cdb9eec92d76c6644207e63 |
| SHA512 | f087023395104dd7d0eddc84fb9100a75a3338bdbb06e3b985c8fd4053416cc4f6eabf137d404c068f53dd5b38d377bd3287c8299757f0ecac4058bf2e00bf88 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/cache/WebView/Crashpad/settings.dat
| MD5 | 37ff6d134a0c0f1ac9e90320e39c2c48 |
| SHA1 | 7f2e9483fce64036da86b0d5a6cc4e0e0bca7f80 |
| SHA256 | 712172194d8eedd0724504dcf85a41f9368bad821ee8b8383816a0b33d52dba1 |
| SHA512 | a2f990d238757b55385405e5db8db79140d2241c422c998858aa7183cb70f5591ea4b4aba143a2cb625500f6ca856faf8582b18e1b29dad09d03261032319ba5 |
/data/user/0/ywlundbgmk.tnraolua.antabkrriztc/app_webview/.com.google.Chrome.ftzw13
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |