Malware Analysis Report

2025-01-19 05:14

Sample ID 220602-kc9s2aedf2
Target 484F6862473B96487B7D2CB1079DF512403ED48AB25ADF6AA3738FB39ACC625B.apk
SHA256 484f6862473b96487b7d2cb1079df512403ed48ab25adf6aa3738fb39acc625b
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

484f6862473b96487b7d2cb1079df512403ed48ab25adf6aa3738fb39acc625b

Threat Level: Known bad

The file 484F6862473B96487B7D2CB1079DF512403ED48AB25ADF6AA3738FB39ACC625B.apk was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-02 08:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-02 08:28

Reported

2022-06-02 08:34

Platform

android-x86-arm-20220310-en

Max time kernel

596452s

Max time network

141s

Command Line

com.ygmdflerbfvl.tbistzkei

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar N/A N/A
N/A /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.ygmdflerbfvl.tbistzkei

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
NL 216.58.214.10:80 tcp
US 1.1.1.1:853 tcp
NL 172.217.168.227:80 tcp
NL 142.250.179.164:443 tcp
NL 142.251.36.35:80 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 172.217.168.238:443 tcp
NL 142.251.36.35:80 tcp
NL 142.250.179.174:443 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alt8-mtalk.google.com udp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
US 1.1.1.1:853 tcp
NL 142.250.179.138:80 www.googleapis.com tcp
US 1.1.1.1:853 tcp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
US 1.1.1.1:853 tcp
NL 142.250.179.163:443 tcp
NL 172.217.168.238:443 tcp
NL 216.58.208.110:443 tcp
NL 142.251.36.10:80 android.googleapis.com tcp
NL 142.251.39.106:80 www.googleapis.com tcp
NL 142.250.179.164:80 tcp
NL 142.251.36.36:80 tcp
NL 172.217.168.227:80 tcp
NL 142.251.36.35:80 connectivitycheck.gstatic.com tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
NL 172.217.168.238:443 tcp
NL 142.250.179.174:443 tcp

Files

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar

MD5 d45bf00bb6e9b4d8b7d1658b446dcdf8
SHA1 513af094a9b41ec93176dfc22736b35eedd16b57
SHA256 d333fe24ab64cffce489cf149fc1127b91f3662a406ea7555b9e91fda486ab1f
SHA512 2fa44792c862740d1e3389c819a08f87066c4b77d7de4de2c5bdc956c62211f5abd85a6a234e10dd9c029cb91dc4769a1250d1669591ef1438108cbcf00621ce

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar

MD5 08ccc2e2df5b4113f18c8adca75efc64
SHA1 4b3d9853b909f92268f135133084b539da258d5c
SHA256 802ff9fe8616b77cfd5ade32de49928816a35376340562bc1d90a4dcd1fcb443
SHA512 1c7d9feee736b8e5563b02aa741651cf2a23b41dc7b3a0c7d388a81b99c41c3b0c074af8e0eec38258a2a0d8aac7d9676d7ff11a7ccd8f3e9a98c00a7335aa5c

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar

MD5 4455c8475a4df2dd495574913b9a8ac6
SHA1 9914e63baacfece99a56ae088075ec4c7fc7d8a0
SHA256 89daf9ec891b28446e9665181da9344ace578e945dd2d873ba9fe55b88adafb5
SHA512 b1a3af1ebebfdc31ff68fc215a73b16d83ab3f1b6e029e3922be3d2e2dddd0e5979d297d7626012481a2581618d0f063ecf6541f5e72f082a182f5d507f9eef4

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/fsdcqjklz.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid

MD5 52c7d874b28b436f6d5bcc327138c40f
SHA1 a54122acbdf9ec165c145b3d711e506ed34c21f3
SHA256 884db5849e5e4b98f0bddc462d7ba5abdec8fdf7d12884e27dbbf4ac4138b6d7
SHA512 6cc916c78687704d9f8b0ebdbcabf1775799c49dfaca8d1030cd32ba45be60227bf01ffaa2b558f63f30585233399ea1b5e9062ff23abb68861854365d8a3c83

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data-journal

MD5 e665caff2b9614088b668de546706c8f
SHA1 b44fa5cea47af17aa08bff3069b9b37c05000d1a
SHA256 855595491be09c139f1646b0bd48f863b09e420d5e97d670138cec46ab4fb33e
SHA512 d4cc56aad0dca95e0b4dcc21a947aef9c3820fe93d8e40313c4d231c1f7669f79bc7f3cdacb547c2090da45605fc0b862ff92331e6c49e57dfd70aa4c9435587

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index-dir/temp-index

MD5 3f95d4939e232f29a3ea47eb09251f74
SHA1 9051a8015ad0c8f2a73d65737cc55832f243dfd7
SHA256 4fbb3fa98bffad5c85970e5b88db6f3aa1a906053b96adf69537b2c5026aff7d
SHA512 5e5c58a180e3fe84d4562643c1eeab4dfa59e12f45f60280c6ab191b943309497d1042c4033bb2aaa2065eb0143bf102c33fa551c2331c863c64fc04d406e20d

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-02 08:28

Reported

2022-06-02 08:36

Platform

android-x64-20220310-en

Max time kernel

596539s

Max time network

174s

Command Line

com.ygmdflerbfvl.tbistzkei

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.ygmdflerbfvl.tbistzkei

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar

MD5 d45bf00bb6e9b4d8b7d1658b446dcdf8
SHA1 513af094a9b41ec93176dfc22736b35eedd16b57
SHA256 d333fe24ab64cffce489cf149fc1127b91f3662a406ea7555b9e91fda486ab1f
SHA512 2fa44792c862740d1e3389c819a08f87066c4b77d7de4de2c5bdc956c62211f5abd85a6a234e10dd9c029cb91dc4769a1250d1669591ef1438108cbcf00621ce

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar

MD5 08ccc2e2df5b4113f18c8adca75efc64
SHA1 4b3d9853b909f92268f135133084b539da258d5c
SHA256 802ff9fe8616b77cfd5ade32de49928816a35376340562bc1d90a4dcd1fcb443
SHA512 1c7d9feee736b8e5563b02aa741651cf2a23b41dc7b3a0c7d388a81b99c41c3b0c074af8e0eec38258a2a0d8aac7d9676d7ff11a7ccd8f3e9a98c00a7335aa5c

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/fsdcqjklz.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid

MD5 0ca205894b8ad8989c53eb8a0b660281
SHA1 52295973bb551204e176743eca419fe964df3ab7
SHA256 dc65809bfc4aa2277b98e23d5afe8ad7c081e6a5a0ca23a0a9a244af2064e26c
SHA512 682e54898b958c38968fe784a118b271bc1f72177221ee862d52643275d8c118b3c3cd031f34224c855016e03c88efaa327a9839b19d3bd8bb6d2f4e8d59de35

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data-journal

MD5 94908614d3c4ee443f3af05368890839
SHA1 c0cd13f3333e6e873687a1d1e27adc3b6ca13479
SHA256 d226d28c58b5697cace7cc6a3c828cbf44bffc664c743bc46fd4b5ae69e1629f
SHA512 a524504d2d128d834fbdd238e538a194e8333c137c81e7db96ae25e3d96dabf411b2ed90208b0d42c9cdde4ddb6cb081f81848366304dd39dc7f2f75b7809c95

/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 edaed66da1aa6dd19a91572459584849
SHA1 8e4a701713f09501125b896749b1290a68ca02ba
SHA256 6019b5dac91e35006b50e363e0dc416d33a93b2c6d064fe4fe9a37c8198d5f53
SHA512 550b103f6c42290d6ab330a0efb9d85a5712eec4f523585a41205550f8edcf5f38e3835bef54098796ee230b1be6502d6bb13ddf8d6664ddb016483dd662c342

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index-dir/temp-index

MD5 9d707a6186151199f6d49fb3b1b54e10
SHA1 1015d5e8859710756e079d506bf7c682ce80152e
SHA256 1dd956839b4895a5c4ef256fdc6ace6ec6237c5428e3ad16677a8db56ec036ae
SHA512 9ad0e58a2ab72cdfe75fb9a80db98313deba2e6abcaf210f255203bfb21ece21eeceb59922cf4ace3c143bdb9aa28b53366bab54891a94715a49b9c2facd248c

/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Crashpad/settings.dat

MD5 846d135c10ce51341cb1bda595002dee
SHA1 aad06f137f35fe586f98ebcb04ef610cd3cf0347
SHA256 1cffeda32e43c641d0b353c7cd16e8df332989b44667b855f7a64b0c86609957
SHA512 55976984d799f5d74835c25ee4bb29a944a4cec2cb154cfcb31e7b6cb4062cf582bf7f05e01861f7b4c2e1347e3a0c0455277639e9e7c36b4913cf990c662d39

/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/.com.google.Chrome.zdX0IU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-06-02 08:28

Reported

2022-06-02 08:30

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A