Analysis Overview
SHA256
bb1146c08e39e704dc50c81ba12169d0eede42c38fe9ea5eedae74952c75433a
Threat Level: Known bad
The file BB1146C08E39E704DC50C81BA12169D0EEDE42C38FE9EA5EEDAE74952C75433A.apk was found to be: Known bad.
Malicious Activity Summary
Cerberus
Makes use of the framework's Accessibility service.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Removes a system notification.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-02 08:27
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2022-06-02 08:27
Reported
2022-06-02 08:31
Platform
android-x64-arm64-20220310-en
Max time kernel
596249s
Max time network
172s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.xwrmnh.qoszdczhgyt
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 172.217.168.234:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.136:443 | tcp |
Files
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 389ee3aca5bf67053f3ea3bb9580fa59 |
| SHA1 | 986113f66add0927a37c7eb5ee8f25398313ba2c |
| SHA256 | 6337ad9bc6fd7c4523a9684382ed4841f453fb6b65c1fbcc5126be4fe8a866ca |
| SHA512 | c312855f55e9b4fc9513250f6a565a157b2cb638ebb9c7a2c23319ece532a580442930bf7579af08c835de54c296642689f96108f2c1d69f9fcf8b6d7771b737 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 9eac7842f81b72657e16ba33e90144a1 |
| SHA1 | dc213d3833f485c96b77c9c660d5b85ee9b8586a |
| SHA256 | b73f3b5256bf3173c1454d31c0c4f94efd9e496a640596aa293f62beaab35a0b |
| SHA512 | c4d666b14323378a693a2444f8ab8dd7dee7fb0e57c999495d628a2c29ca2b53ac85119a191bec8cfae3f5cec493b5e74e77b36ce46015dd9ae5845b9f734d90 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/hcwryfjcfr.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/webview_data.lock
| MD5 | 9b8fd6f6db1d72173bace786fbd3138c |
| SHA1 | 74fd93b8ca387ebd41e5f5b38a4b0f812e4375da |
| SHA256 | 8a0471b16349364698aa8746d66231e9b0d0da167fe64ab37f0d7bd02ca2c587 |
| SHA512 | 987c2caf4100f1b8843d2d03343289125dd76d23678ad275340b4e7424db079068d2eb7009af09f3031a4b11349f187231550b07ed3c63f3a1f177b5f30cce56 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Default/Web Data-journal
| MD5 | 65860015cb4c576febd04f5bcc696f85 |
| SHA1 | 78817e7d2954cc37c34f26b7f8fa0ce33fcfe4c3 |
| SHA256 | e77d973282179ff08d7511d9c66f6f7be91129592254d72afe7f81a6ed20ca17 |
| SHA512 | f3195982ef8c7a0bb5ba239d79a7ae0100d5776ed1916d63f2fe7a11d6ef3095fded8ccb4f5c528344475bc50bc2b9f3695fc4bdc52cea078b60cfba88efd8ee |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | 5525693bf0ede4d088048c558c59048c |
| SHA1 | b813ea18c12267eeccc85c90a4333582d4f99807 |
| SHA256 | 550c1a84677d52c789ddff31f707278222a3a4306568af2e9b6a79306dd9fd12 |
| SHA512 | f229eda8cfa7c6977a402d489c2041e2da1973a7e52d4b6c4d4529b07f0007e24ddbf89780ba654a494f1e8a172554f200431026197553bd1f0444b52758163d |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | 432a675867ed1e8861f16fadcbf535f8 |
| SHA1 | 927059241d0d351210b3f59e6870507fb5969e1c |
| SHA256 | e7929232f03ac961a484186fab9e92f0f64a545ff8b60ffcc689ed74b7445137 |
| SHA512 | 557a30425348aa175f10bd0ae5e69e16d4459b2f17136359f5b8371683218a2719c442028e18bb8957f60309287e4cbdf9256fc93e9ee18260bacad027f6ebc9 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | 432a675867ed1e8861f16fadcbf535f8 |
| SHA1 | 927059241d0d351210b3f59e6870507fb5969e1c |
| SHA256 | e7929232f03ac961a484186fab9e92f0f64a545ff8b60ffcc689ed74b7445137 |
| SHA512 | 557a30425348aa175f10bd0ae5e69e16d4459b2f17136359f5b8371683218a2719c442028e18bb8957f60309287e4cbdf9256fc93e9ee18260bacad027f6ebc9 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Crashpad/settings.dat
| MD5 | ff8264f028ed4e0d274db551c6164e3d |
| SHA1 | 3186e30d2e90706e0b8b534bbc32c30c7b417895 |
| SHA256 | bdf0b017d966e463cf00fe40da29796496e38b28b2a1a010be6a2cf910336793 |
| SHA512 | ec962705dffcbb90e44d07d26267689f8cbca9c820b4528902f2620397fc5bbd7c186779b041440e03070d79aa5056b760d2a4a69cc1683fcae4a0348e26a22f |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/.com.google.Chrome.vQPuy8
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-02 08:27
Reported
2022-06-02 08:31
Platform
android-x86-arm-20220310-en
Max time kernel
599870s
Max time network
155s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar | N/A | N/A |
| N/A | /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.xwrmnh.qoszdczhgyt
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | alt8-mtalk.google.com | udp |
| US | 142.250.115.188:5228 | alt8-mtalk.google.com | tcp |
| NL | 142.251.36.36:80 | tcp | |
| NL | 142.251.36.10:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.251.39.106:80 | play.googleapis.com | tcp |
| NL | 142.250.179.174:443 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:53 | alt4-mtalk.google.com | udp |
| US | 142.250.157.188:443 | alt4-mtalk.google.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:53 | lcnpro.net | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 389ee3aca5bf67053f3ea3bb9580fa59 |
| SHA1 | 986113f66add0927a37c7eb5ee8f25398313ba2c |
| SHA256 | 6337ad9bc6fd7c4523a9684382ed4841f453fb6b65c1fbcc5126be4fe8a866ca |
| SHA512 | c312855f55e9b4fc9513250f6a565a157b2cb638ebb9c7a2c23319ece532a580442930bf7579af08c835de54c296642689f96108f2c1d69f9fcf8b6d7771b737 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 9eac7842f81b72657e16ba33e90144a1 |
| SHA1 | dc213d3833f485c96b77c9c660d5b85ee9b8586a |
| SHA256 | b73f3b5256bf3173c1454d31c0c4f94efd9e496a640596aa293f62beaab35a0b |
| SHA512 | c4d666b14323378a693a2444f8ab8dd7dee7fb0e57c999495d628a2c29ca2b53ac85119a191bec8cfae3f5cec493b5e74e77b36ce46015dd9ae5845b9f734d90 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 87746a084c21774ab77668aa202ced3d |
| SHA1 | fe02e4b84dd2aeb70241a2bb08045f4d8807a416 |
| SHA256 | 3727f85275ee33318b849712d8844a3096284faab7cda26a26615359b36b727d |
| SHA512 | ae78baec75e1a88d8432338de4ebd8fa484098d812daee69dd806936b80aaece5005996c749783418eccf45df285882e8c63a79096c142884046d772b033e5f4 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/hcwryfjcfr.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data-journal
| MD5 | 5948403071d3ebbf540b228150249958 |
| SHA1 | 466c3ea3f09493600e7c9361467842497b60bb72 |
| SHA256 | a915898ec067c6de5a670e52c4547a2b0bf094de7a744f7396207693c5e24019 |
| SHA512 | 22a9b14dad88071dfed025e429ce36353c3e16299cd0fcd81023e8a7ada0da7b3e2dc2c34461f33e7c7097f9464f8e432f6823057e45fbfac21a5106e777d07d |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid
| MD5 | 474baebf5f1c36e569d9de43dc1413bc |
| SHA1 | 604d9c5ab26ae7b62544a18d8ad55f854a808c42 |
| SHA256 | ada9ece1da6c676a8140dc6999d6b8dc3bf0e92a255e1c058147bd77c258426a |
| SHA512 | 930b8d3d180da77aaa276dcbb343be024fcbd772dbd735c006211e8f1335e72ec49ca0dcb9a6927c138411b685c6fc3172c50fb7fa10241320796cdfde1bfe23 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index-dir/temp-index
| MD5 | 3a30ec503e6d869385cd3a824723a7eb |
| SHA1 | 93d73ab156ac7457a1e904839c73d35641ca6fe5 |
| SHA256 | 6cef0be41942e5b3df0ae282c42c8c0f312aac5abd13bf46428fa8ffdc789c52 |
| SHA512 | e68790964cab6d2c8867b8582d6c794df1c18187d2c8f93d141857d49ab454b6249636448a30e2bf516ff6c3f48d1045f283225e5c8491737827d1217f6c7e33 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-06-02 08:27
Reported
2022-06-02 08:33
Platform
android-x64-20220310-en
Max time kernel
596359s
Max time network
172s
Command Line
Signatures
Cerberus
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.xwrmnh.qoszdczhgyt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 389ee3aca5bf67053f3ea3bb9580fa59 |
| SHA1 | 986113f66add0927a37c7eb5ee8f25398313ba2c |
| SHA256 | 6337ad9bc6fd7c4523a9684382ed4841f453fb6b65c1fbcc5126be4fe8a866ca |
| SHA512 | c312855f55e9b4fc9513250f6a565a157b2cb638ebb9c7a2c23319ece532a580442930bf7579af08c835de54c296642689f96108f2c1d69f9fcf8b6d7771b737 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar
| MD5 | 9eac7842f81b72657e16ba33e90144a1 |
| SHA1 | dc213d3833f485c96b77c9c660d5b85ee9b8586a |
| SHA256 | b73f3b5256bf3173c1454d31c0c4f94efd9e496a640596aa293f62beaab35a0b |
| SHA512 | c4d666b14323378a693a2444f8ab8dd7dee7fb0e57c999495d628a2c29ca2b53ac85119a191bec8cfae3f5cec493b5e74e77b36ce46015dd9ae5845b9f734d90 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/hcwryfjcfr.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid
| MD5 | 44fd9837400e9b35a2cf907b327ca69d |
| SHA1 | f7bbce6ed9962ccb133b5e6bdb172985b85b1468 |
| SHA256 | 1ce726bcfa6852cb3f6aec86cad26af657c9a5a5d2406a3fe1824ad6a200e181 |
| SHA512 | 8d208be23040568f775a3363901233a1fc295ffc3b00b1de3de8e9745592390338fd946aaf95088645ff3d0a492a91d51704399dc17c7627c6157c18b7dc3688 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data-journal
| MD5 | 50f9e686e6196c60d85787dbbb76f0b3 |
| SHA1 | 042fb3af9310e8ef48018a01f7192a06a6e392e3 |
| SHA256 | 578435fd55759c3138cf7d06bd2d920a35f1a1730df7052415fe574d439dfe10 |
| SHA512 | 15f43a49663b6659f307513419c64d7c8869f8c47d900aa4b8c19475e9352dc07c970c78f44487ef47e863550117abfb640cd73b1b072f9c29b0d5562f3ecb81 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | 46df90ac47f1383fd9e72307a510081b |
| SHA1 | 25236b44fcd91e4fdf4652cc6a69714ab6a0775f |
| SHA256 | 3b1b9ad64e31c72c3205093e4fa0a6371fc617886510b21e597ffa553ae04e91 |
| SHA512 | 6dc631af523dd2d7ddce44bc439568b5318f51be6dfe768e49183d24d2cd8b7d72842fed736874804e116d8549eb814b1884076e8982ab63602dd76c56cdb5e4 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index-dir/temp-index
| MD5 | b635e85af82514dce68698dfa440ecaf |
| SHA1 | 3fc7b0e76b2eefa6346f637f567863278bb06c40 |
| SHA256 | e1697582b9a3d3482d4625a219035e896f4a296339d795ad9aa0bf9a66c4a09c |
| SHA512 | be80f5bed04a761a0f535389ce805bea02bb31fcef49e18e67d8ddc68397122c7dc10744d47dbee447451e04b3fb3e26dd045bd3270e98b09fb4bf7caec56a08 |
/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Crashpad/settings.dat
| MD5 | a4d0e68e2e13817e144ff1bfd8cf5e90 |
| SHA1 | 184985b14a7d93b4e8480ef032dd232b6e9086a4 |
| SHA256 | 5bc6b44e3259b19dcf8200e301a9b8f2aa0a0aa979c7df8a54e7407cadd0ac9c |
| SHA512 | 3ffc776eae3f7c3d2ce54fab5c999e90a6ee2cfd2a712f73f9300131779f7de7a73c4b1d2b8f0e9365680f95761beb93abac37f7af7d3a065cde9d3fd2a7f03e |
/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/.com.google.Chrome.WYNAHf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |