Malware Analysis Report

2025-01-19 05:18

Sample ID 220521-pjznvsfdg4
Target 199c27a457117334eab655b3811d24eb77f121562518f0bdf06edb676ed5845d
SHA256 199c27a457117334eab655b3811d24eb77f121562518f0bdf06edb676ed5845d
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

199c27a457117334eab655b3811d24eb77f121562518f0bdf06edb676ed5845d

Threat Level: Known bad

The file 199c27a457117334eab655b3811d24eb77f121562518f0bdf06edb676ed5845d was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-21 12:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-21 12:22

Reported

2022-05-21 13:10

Platform

android-x86-arm-20220310-en

Max time kernel

3874790s

Max time network

106s

Command Line

atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json N/A N/A
N/A /data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json N/A N/A
N/A /data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/oat/x86/XPt.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.251.36.42:80 play.googleapis.com tcp
NL 142.251.39.99:443 tcp
US 1.1.1.1:53 alt5-mtalk.google.com udp
US 173.194.202.188:5228 alt5-mtalk.google.com tcp
NL 172.217.168.227:80 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alt1-mtalk.google.com udp
US 142.250.150.188:443 alt1-mtalk.google.com tcp
NL 142.250.179.174:443 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.138:80 www.googleapis.com tcp
NL 142.251.36.36:80 tcp
NL 172.217.168.227:80 tcp
NL 142.251.36.35:80 fonts.gstatic.com tcp
NL 142.250.179.195:443 tcp
NL 142.250.179.195:443 tcp
NL 142.250.179.195:443 tcp

Files

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 2f5fc6ddafdcd012b0e3deb1b6552a6a
SHA1 2cc8ee856285f6b1ae29661cb5fe46a60fa29031
SHA256 2e10bcce53c317b583aae5487af533653594a8b2f48d307d9d15707ca9126bc4
SHA512 f5d939a13a260f6435b7dd477e1d905128c3d2c190764220da711ff156a40b2cea5f8f40f487b1c9cff72cd32ca810a88c9c448f17355547eeab21cab6ce01a8

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 30b8aa196b163d171da28d127e55b297
SHA1 07e1ddb3da6501cffafebce8ce3cd2b89638aade
SHA256 119111aac71159e433c238174272f9a47882566f856fe6e8378d106061dadf90
SHA512 9a5b8275df616e3aff785126d7df5962bddb1ce3d6485c671d70b4530e97ab05abdb3e7249a96f7dd30a1d38365e69c4bd7825828377a6091f15b1ed4413ef51

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/oat/x86/XPt.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/oat/x86/XPt.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 30b8aa196b163d171da28d127e55b297
SHA1 07e1ddb3da6501cffafebce8ce3cd2b89638aade
SHA256 119111aac71159e433c238174272f9a47882566f856fe6e8378d106061dadf90
SHA512 9a5b8275df616e3aff785126d7df5962bddb1ce3d6485c671d70b4530e97ab05abdb3e7249a96f7dd30a1d38365e69c4bd7825828377a6091f15b1ed4413ef51

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 3f54c2bb2c04001e31e183b6a7e36e45
SHA1 36e5efbfd1b570143b5601587f8cc5ef3bba00f6
SHA256 a85450f9b7849a083fdd4488df48d9397fb652c720af5184877971121a7e85f0
SHA512 5c04a47bdc8e0d40b9ca48165824bfbb680cbde897ce58c7e2332c37635fa3c14c1ffa3368cf4bd8f3b51b88ed079727308213c16d9bceb6293f6a4860cd8ade

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/oat/XPt.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/Web Data-journal

MD5 8c0b9ab82c22be6f9d476439229a57d0
SHA1 c60100128964428e2c9cd3dc350e79917df741f8
SHA256 28f3289ee1e8c2faa97564000d081221913d3455141a7e57b760a9d8170d9a8c
SHA512 ba27eed495e6a17ac1595e3d60a2b376150c38a2a1f6d8e9ddce5df044ee2249c6a3ec54dee6ca439e2406b57ee29a97cbbbad30289bda3a7cb4f77fb26bf291

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/metrics_guid

MD5 a2e1b3314a17cdff0394d71b6916bf7b
SHA1 10d299f79e0e64f38510584df5d609a8c63fea20
SHA256 1d21a800611f3f95611eec68631356494dd7aeec7857441b5e2385162ea5020f
SHA512 f4ea3fcc1fa768175f473d4ae60020f36c83df07b9cc7fe47046474b809f8a4062d959c1d34274fdf0df9324665225ac2b1520f6777afbb7ac49d5f48435ed95

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/GPUCache/index-dir/temp-index

MD5 7197ec0be84c0b9805fb39ca86e72614
SHA1 46d78668bad1da890a50160a77a7b5128048ec02
SHA256 39625d625760caf6b3ff94acf9a79e72316ebae6f605b5e762300920b6184439
SHA512 789fbd8c5bffaae76e73f740f5131cdd5db7573eda71954d1edb57d0b77b96c4d1fe1af5ff6331dd3a77e464915bbe60209a29d7c1d8900b9033fbe549dc9abe

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-21 12:22

Reported

2022-05-21 13:10

Platform

android-x64-20220310-en

Max time kernel

3871196s

Max time network

150s

Command Line

atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json N/A N/A
N/A /data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 2f5fc6ddafdcd012b0e3deb1b6552a6a
SHA1 2cc8ee856285f6b1ae29661cb5fe46a60fa29031
SHA256 2e10bcce53c317b583aae5487af533653594a8b2f48d307d9d15707ca9126bc4
SHA512 f5d939a13a260f6435b7dd477e1d905128c3d2c190764220da711ff156a40b2cea5f8f40f487b1c9cff72cd32ca810a88c9c448f17355547eeab21cab6ce01a8

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 30b8aa196b163d171da28d127e55b297
SHA1 07e1ddb3da6501cffafebce8ce3cd2b89638aade
SHA256 119111aac71159e433c238174272f9a47882566f856fe6e8378d106061dadf90
SHA512 9a5b8275df616e3aff785126d7df5962bddb1ce3d6485c671d70b4530e97ab05abdb3e7249a96f7dd30a1d38365e69c4bd7825828377a6091f15b1ed4413ef51

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/XPt.json

MD5 30b8aa196b163d171da28d127e55b297
SHA1 07e1ddb3da6501cffafebce8ce3cd2b89638aade
SHA256 119111aac71159e433c238174272f9a47882566f856fe6e8378d106061dadf90
SHA512 9a5b8275df616e3aff785126d7df5962bddb1ce3d6485c671d70b4530e97ab05abdb3e7249a96f7dd30a1d38365e69c4bd7825828377a6091f15b1ed4413ef51

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_DynamicOptDex/oat/XPt.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/metrics_guid

MD5 e6141ea8486c733e0b160143385e5e2e
SHA1 f3feed7b1bbf15e5a62ce0bf01111b16380ffef3
SHA256 1a167171af45957ca98410a73a62cab7765fe400833fa78e4ff3d3e6a2eec378
SHA512 8372ed1796c85f6a702101c9bc4b0aae074e63082d155e7e99f67f77265ce2b23b612915649a5abd20d051eec372aa3e07f08e346e133817d26d553ad9c9d12b

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/Web Data-journal

MD5 042e129d99ac5902f26d54e62f9735c0
SHA1 45f83e1720273397c53f994ff3a3793b8f1f3660
SHA256 b702a9a49e788b0a419a115806591d149eaaf364d5f412a4c24e009144bd0e53
SHA512 80b6512e970c06a934221de8d2f8d19f60e1bb7a603ed7b3192dd0ae83ab4f5b4f67ad1b705e85b3cea0de8b23e21481262899395d39e4b52e8c4deba461be00

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 99f9dbce9217fca4293726ea9d766208
SHA1 f1868f37716eb0480b6d71de0515e8f62c72c389
SHA256 d0bf966865b5c576e6ec9c0b8440a3eceaa81ce2a9a63c86a02706a4bf8c0ca7
SHA512 e79551b0bdc509da9f989fd3ed17f62eba9345231595610ce1dfbadbe877943984dee141d8f8b4eb7d3dbc84b4887b7c7f10f9dfeec92be934bc65c030795e7e

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/GPUCache/index-dir/temp-index

MD5 a0d30132a99d5644f283496550ae6c1d
SHA1 a78f771e986f7cb93a7c162e2af2b1786e157b22
SHA256 dba3545fa4886f2bc7c5c9bc673dc1231f7d12f0c9db68ff7eef1c7047315acc
SHA512 d851d62b8ccb098a1765eef5e45dbde49d2c4b9e43310108d2df3697a41163c93737e8128a2c4e19d04c9c5bd28c17e108b3cb7a8bc85bf2fbe86c4c5f8c90cb

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/cache/WebView/Crashpad/settings.dat

MD5 035bc969546201aeecd79ca828f2e77f
SHA1 ba6c3d1629a5306619f0247f0924c339244a81fc
SHA256 853b6cfc63ea2718dd8da5fb8a796d38f4b6c37e4c88579387a8f8579c488312
SHA512 274a4fe89dee8753b0e20543894bdca9cb8074a123649137ab3b160d12656b478e96df8aaebc7034684af7ddf6bfe98a38a605d9924c7b3794adc9a9f758cbfd

/data/user/0/atbbpuadhw.xzgezlzootfkiaxahdpwu.bkg/app_webview/.com.google.Chrome.Ki1atf

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-05-21 12:22

Reported

2022-05-21 13:08

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A