Malware Analysis Report

2025-01-19 05:18

Sample ID 220521-d9tdzscahl
Target be95873c1842eb3725a35871c248ca7888fc782e4de151128222443c51e4cc96
SHA256 be95873c1842eb3725a35871c248ca7888fc782e4de151128222443c51e4cc96
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be95873c1842eb3725a35871c248ca7888fc782e4de151128222443c51e4cc96

Threat Level: Known bad

The file be95873c1842eb3725a35871c248ca7888fc782e4de151128222443c51e4cc96 was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-21 03:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-21 03:42

Reported

2022-05-21 05:37

Platform

android-x86-arm-20220310-en

Max time kernel

3847577s

Max time network

149s

Command Line

hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json N/A N/A
N/A /data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json N/A N/A
N/A /data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/oat/x86/MTlKkXe.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.170:443 semanticlocation-pa.googleapis.com tcp
NL 142.251.36.42:80 play.googleapis.com tcp
US 1.1.1.1:53 alt5-mtalk.google.com udp
US 142.250.142.188:5228 alt5-mtalk.google.com tcp
NL 172.217.168.227:80 tcp
NL 142.251.36.36:80 tcp
NL 172.217.168.238:443 tcp
NL 142.250.179.174:443 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 188.114.96.3:443 tcp
NL 142.250.179.196:443 tcp
NL 142.251.36.35:80 clientservices.googleapis.com tcp
US 1.1.1.1:853 tcp
US 142.250.102.188:5228 tcp

Files

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 2320bd70c6ded2f0c28020d335aabb17
SHA1 4ae72ca6f428bce8f968a6fcd273d264b290f185
SHA256 3baa9cb44149bf5b0c0350f33f5e0e1fe9f3ca3dfda817fe06b6da370b06df58
SHA512 e86af829c2b40ab9d15370ebc1a75efbc208e916679cf9a3add7bc2141fdedf7a93e3cc894d7b5dcc11092c3bc3fdd09ca65c0972858ab61f8faba853c95ff5d

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 187661b9835b60ab304776b8d15080aa
SHA1 9599b7dcc1a4a9075c4e6247ee9126e95384ddba
SHA256 417bdb99e77d298d86b2aa850c69d9ec37be5b957efac7b365302e842cf2d428
SHA512 f095ae0434db473e8aec0e02e622403a3a9de42c303aee76b000a5901cfe36ea27e021eb7b53176bf813a6ccb85e253eb8ced2e49ef9ec673347123590b46ce3

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/oat/x86/MTlKkXe.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/oat/x86/MTlKkXe.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 187661b9835b60ab304776b8d15080aa
SHA1 9599b7dcc1a4a9075c4e6247ee9126e95384ddba
SHA256 417bdb99e77d298d86b2aa850c69d9ec37be5b957efac7b365302e842cf2d428
SHA512 f095ae0434db473e8aec0e02e622403a3a9de42c303aee76b000a5901cfe36ea27e021eb7b53176bf813a6ccb85e253eb8ced2e49ef9ec673347123590b46ce3

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 fb40d7b4012d06badb42d2ca6cab4277
SHA1 8c09163b11413c55512b08b0e9ab5cbb8bcb5e2f
SHA256 e3e9ead16a61d4f3b0e023a81c8943991f886e929787198d97246d2f688ba0d1
SHA512 b028dd8047af37be7b3c9b685b90c30b7e5cb487d0caa528e9c34cf4268f922426ab3b5b7748854d56c71ed500309de3215a115484846c8cdb203770c3cc7c55

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/oat/MTlKkXe.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/metrics_guid

MD5 497adc4efd8f31a9f81c03ad7f14ab73
SHA1 4427c2db302bdb3831a460da5e995f0308e34231
SHA256 e9d8aa1a3a6751b7ecac625ad92e8ee503859e7bb23d3657db110a236518b049
SHA512 aa15f402eec62dd0bafb555edc0b0a7eeaf9705d1c0a3f1c7acb9af587e1acb0e98e8456b453e85b43291d7356115730bc7eb195c0cb449ebeafc3ae99f34b27

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/Web Data-journal

MD5 7db8760ad0dd25eca03fac3bc71b4855
SHA1 133a6bdcf8551e64abd368e9f148d9356df4435b
SHA256 a85df698e531861180e33dfd52f821a7b14ac39c9340932407fc87b6016d3206
SHA512 8cdc85d7a0bfdc53299ab605525e9f8952a8b001ce5f6286a919caf8931da7a1698d3b03973ccc89c8d0c39cd516315be2ec14d7c69df865818ce1fcc7af4838

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/GPUCache/index-dir/temp-index

MD5 788e2e29c647ce90e6fe4bb1d19e24fd
SHA1 45eab73425eb6e7d464eeab97b681435430a9038
SHA256 61d752c7a829522d6c7051ca6993b2befcc30b56843677612a75dd13e8c469b5
SHA512 eadfc3c1afd1643ba5a6942935133fdb73930c554fc39d5b5052269cb37967b529c590eba6fdbc9f6d37058b9fe3934e34b5ebbec329403da9e88c5404a4173b

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-21 03:42

Reported

2022-05-21 05:35

Platform

android-x64-20220310-en

Max time kernel

3843856s

Max time network

166s

Command Line

hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json N/A N/A
N/A /data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt

Network

Country Destination Domain Proto
RU 93.186.225.208:443 tcp
RU 93.186.225.208:443 tcp
RU 93.186.225.208:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 216.58.214.10:443 tcp
NL 216.58.214.10:443 tcp
NL 216.58.214.10:443 tcp
NL 216.58.214.10:443 tcp
NL 216.58.214.10:443 tcp
NL 216.58.214.8:443 tcp
RU 93.186.225.208:443 tcp
NL 216.58.214.10:443 tcp
NL 142.250.179.195:443 tcp
NL 216.58.214.8:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 172.217.168.238:443 tcp
RU 93.186.225.208:443 tcp
NL 142.250.179.138:443 tcp
NL 216.58.208.106:443 tcp
NL 216.58.208.106:443 tcp
NL 142.250.179.138:443 tcp
NL 216.58.208.106:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 2320bd70c6ded2f0c28020d335aabb17
SHA1 4ae72ca6f428bce8f968a6fcd273d264b290f185
SHA256 3baa9cb44149bf5b0c0350f33f5e0e1fe9f3ca3dfda817fe06b6da370b06df58
SHA512 e86af829c2b40ab9d15370ebc1a75efbc208e916679cf9a3add7bc2141fdedf7a93e3cc894d7b5dcc11092c3bc3fdd09ca65c0972858ab61f8faba853c95ff5d

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 187661b9835b60ab304776b8d15080aa
SHA1 9599b7dcc1a4a9075c4e6247ee9126e95384ddba
SHA256 417bdb99e77d298d86b2aa850c69d9ec37be5b957efac7b365302e842cf2d428
SHA512 f095ae0434db473e8aec0e02e622403a3a9de42c303aee76b000a5901cfe36ea27e021eb7b53176bf813a6ccb85e253eb8ced2e49ef9ec673347123590b46ce3

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/MTlKkXe.json

MD5 187661b9835b60ab304776b8d15080aa
SHA1 9599b7dcc1a4a9075c4e6247ee9126e95384ddba
SHA256 417bdb99e77d298d86b2aa850c69d9ec37be5b957efac7b365302e842cf2d428
SHA512 f095ae0434db473e8aec0e02e622403a3a9de42c303aee76b000a5901cfe36ea27e021eb7b53176bf813a6ccb85e253eb8ced2e49ef9ec673347123590b46ce3

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_DynamicOptDex/oat/MTlKkXe.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/metrics_guid

MD5 5c27b38f856897ad995431624b3f5007
SHA1 18a36d9f7c8c616219a5fad84a4d035dc78672b1
SHA256 39bf8639c9788c3c2e126f4925fb6d3b17b6572d45a51fb9ed12fa8698cabb21
SHA512 2d6c7327be48e74ddb4682963fc13548156db0e19f77cebfb7801ceea532211fbbfaca5d67d795c164f3000ce959d9942e0da16313fe2b7029d8505bf36ad764

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/Web Data-journal

MD5 ec517e115c0693b59618741d90a3d88e
SHA1 a2f5caa2f967f42a67adec3a9599df0cbb59041e
SHA256 445fe5927fa0da0bc53dc627ca6ee4b4707ef2a22c77ebe79717209be5a0c18b
SHA512 c3d489d8decb0dffc64dfa8720884a04e5e544f2e0e07b366fbb6d06914f0e0522b5c0a4844c51c7bec92d0e9dc7d7a9f25f969154ce1bf5ed7fccb3adaa6b5a

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 6c39f23601c5a3d8d5c8ca4f4de323de
SHA1 aedb6351058feff4bb48e0f602ccfc8b4f86aa71
SHA256 5135a9361a3e289b5607657422fbdc9ac596021eb477e6f6f3fd5df6e8fb2d30
SHA512 4f0c25cf029ff222ac76af59e8263301e013e88b9b538b3afa7f2399ac957994bac5deeec79c58d808ae3da06bd3c4e23562f03f19bbf60822d863ea05a59ed7

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/GPUCache/index-dir/temp-index

MD5 e7e24e91613cf743d58c55042c69a2f1
SHA1 0d2ef6143b1baaebfb6d15bf76f7a1d18f2f7833
SHA256 36693bcf7828549002aea53f8d373048f3356afcc9c54be426275513176b1c71
SHA512 f5f7bbacca69b950e1607828aab42e6784211e6ee035c0f26ee36e330194f38e22f457235d218f6108401440856c65d921d147bbb76e344626386522d8dd88d7

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/cache/WebView/Crashpad/settings.dat

MD5 cb373555a91d3dee8964058ae05afac3
SHA1 49cd607710c6f583554fe7b4424819a186a2148d
SHA256 97f9d17d6bda1238ed7af52a7f911840e64010f14c5070c942bc7124a07a4890
SHA512 053e8e49f70d39db65e8b17a17a6445bb4a67f0454ba7ae0cae375ffc9c51f15b946bb5d5218594b0576480d74555e191d058e08abe3d32cdf36abcd8a562dc3

/data/user/0/hlxdcjlglau.jyytwobzwms.zzgsiighyuawrzcnxdkecgdt/app_webview/.com.google.Chrome.m3bFfc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-05-21 03:42

Reported

2022-05-21 05:30

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A