Malware Analysis Report

2025-01-19 05:14

Sample ID 220602-ke5bbsaahm
Target 9FFDA0C1E8E9E9C63C5219941F3F72F04EF8027B2ED8443498100DF27E00B8B0.apk
SHA256 9ffda0c1e8e9e9c63c5219941f3f72f04ef8027b2ed8443498100df27e00b8b0
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9ffda0c1e8e9e9c63c5219941f3f72f04ef8027b2ed8443498100df27e00b8b0

Threat Level: Known bad

The file 9FFDA0C1E8E9E9C63C5219941F3F72F04EF8027B2ED8443498100DF27E00B8B0.apk was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-02 08:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-02 08:31

Reported

2022-06-02 08:42

Platform

android-x86-arm-20220310-en

Max time kernel

600553s

Max time network

150s

Command Line

njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json N/A N/A
N/A /data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json N/A N/A
N/A /data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/oat/x86/CLgH.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
NL 172.217.168.238:443 tcp
NL 142.251.36.10:80 play.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 173.194.202.188:5228 tcp
US 173.194.202.188:5228 tcp
US 1.1.1.1:53 alt8-mtalk.google.com udp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
NL 142.250.179.138:80 play.googleapis.com tcp
US 1.1.1.1:53 alt4-mtalk.google.com udp
US 173.194.202.188:443 alt4-mtalk.google.com tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:53 alt8-mtalk.google.com udp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:53 teknoasaglik.online udp
NL 142.251.36.14:443 tcp
NL 142.250.179.138:80 www.googleapis.com tcp
NL 142.250.179.164:80 tcp
NL 142.250.179.195:443 tcp
NL 142.251.36.4:443 tcp
NL 142.251.36.35:80 fonts.gstatic.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 142.250.27.188:5228 tcp
NL 172.217.168.238:443 tcp

Files

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 d3dffc453a8761be6d45825a501ad430
SHA1 75d1529a3425c7e49aa67d90f751e3a78b66e359
SHA256 60ef60157445a623636d55e81347a2f0fc322a1c8d98a0421f269330e6401734
SHA512 04c5031249a9db1074f413de9b910236af5d86b5893a7388627e8e72baf05b20ab029c4c215b4aa5e4c4133c64f24527f2d6e246e6fbe11c7c4d1de6956f11e6

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 b6dc5b2f98e5c26b494e6b5d21900dc7
SHA1 1aeeab5f0e028e536e9f34a9711c27e8c26cbdba
SHA256 058b5927de385c9daa9ef67731dd912e9ae4265b43ca676872e18db9aed3f228
SHA512 8b9928b5ad1a44f8bebe593f0fd12bf46a457a0a2d20afd2b73013528df1f901ca07190a71ab4739afaf63db6c9c39c9f10c277609385c5395c4dfdeebcf351c

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/oat/x86/CLgH.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/oat/x86/CLgH.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 b6dc5b2f98e5c26b494e6b5d21900dc7
SHA1 1aeeab5f0e028e536e9f34a9711c27e8c26cbdba
SHA256 058b5927de385c9daa9ef67731dd912e9ae4265b43ca676872e18db9aed3f228
SHA512 8b9928b5ad1a44f8bebe593f0fd12bf46a457a0a2d20afd2b73013528df1f901ca07190a71ab4739afaf63db6c9c39c9f10c277609385c5395c4dfdeebcf351c

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 5c1adda056dbad9805c14dc3a38b6879
SHA1 5126d1deceaff66e49d08fee7ff54b145f46bdfc
SHA256 e2215e492b19617f741c7dc4e5b8e25523579aee5564e37b33b8430a4e7068f9
SHA512 1071660c03b6e27cb786acc461694f776869bab4bc9478dc40ecb0ad29b3460a0dc9e4946d84872f0ee03e127e5ae33d200402980fb6adc7893721231f399da5

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/oat/CLgH.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/Web Data-journal

MD5 a9406c92ba9304f9d7e18a6cd1dbb00e
SHA1 49b6445efa05741971d929c905f348ce10317c4d
SHA256 eba1643d83f08212cffa523eb5a5043d1ffd87b7780d28e02c384d7a06353753
SHA512 ea42a897a1c3d382c01bb8facb85f2d775b801e0e95cbd8f1f33a82e2d2650e47a32ff9b6384705b3a44cf4d5e718b8522c8b6193e35df58440d380ebe70e0f0

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/metrics_guid

MD5 0a619119a3b373ea89c3e387dd0be260
SHA1 7f702a80c5ce9ba50466375c171bc012634d28ee
SHA256 c07436c0a9e4d755c8ed77e65074327ad03b5af5b813f3235ef9738d44e0e1b6
SHA512 2764f3869411bd6f5489781a15e8bbd4eeb34ac62bbacf167752389b3b3a768819bcd14d8956d00666a6da2738109a18e8a22a66e362616f846fceff98c7f263

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/GPUCache/index-dir/temp-index

MD5 f7dd9b70b582ae04547a2489120ea0b0
SHA1 7073f3d3c53d9c7e624a5933d589ef443f5336cb
SHA256 fe1dbea4bdbc96604a5f1cc8652cfd56d01e2ef88bd7b911d64b5e4ce8127f99
SHA512 eb9a63ebe0d0264d56d52eef0a7eb078517a17aea7e303bfc71d9f99a47f5cddbe30393446af3c13b2623a7cba1a88a65e83911feeb83fd29ab4fea5a3c03265

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-02 08:31

Reported

2022-06-02 08:43

Platform

android-x64-20220310-en

Max time kernel

596976s

Max time network

166s

Command Line

njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json N/A N/A
N/A /data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 d3dffc453a8761be6d45825a501ad430
SHA1 75d1529a3425c7e49aa67d90f751e3a78b66e359
SHA256 60ef60157445a623636d55e81347a2f0fc322a1c8d98a0421f269330e6401734
SHA512 04c5031249a9db1074f413de9b910236af5d86b5893a7388627e8e72baf05b20ab029c4c215b4aa5e4c4133c64f24527f2d6e246e6fbe11c7c4d1de6956f11e6

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 b6dc5b2f98e5c26b494e6b5d21900dc7
SHA1 1aeeab5f0e028e536e9f34a9711c27e8c26cbdba
SHA256 058b5927de385c9daa9ef67731dd912e9ae4265b43ca676872e18db9aed3f228
SHA512 8b9928b5ad1a44f8bebe593f0fd12bf46a457a0a2d20afd2b73013528df1f901ca07190a71ab4739afaf63db6c9c39c9f10c277609385c5395c4dfdeebcf351c

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/CLgH.json

MD5 b6dc5b2f98e5c26b494e6b5d21900dc7
SHA1 1aeeab5f0e028e536e9f34a9711c27e8c26cbdba
SHA256 058b5927de385c9daa9ef67731dd912e9ae4265b43ca676872e18db9aed3f228
SHA512 8b9928b5ad1a44f8bebe593f0fd12bf46a457a0a2d20afd2b73013528df1f901ca07190a71ab4739afaf63db6c9c39c9f10c277609385c5395c4dfdeebcf351c

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_DynamicOptDex/oat/CLgH.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/metrics_guid

MD5 97d7088d010760f1585d997f6f5f38f8
SHA1 a7805bf2e7d7074e81177f23d5d2674e41b8ef08
SHA256 c5c8bf92fdef2b05717e6ee908d733d3fbf5cd9bb1444f977bed9dd9bf568e83
SHA512 084137dd31639eb0077797aab3dacd8ebc4e0cc99e2a0487ed37a2c8ac44dc40b04602b6c4006b661da618ef6d38ce92292d06d8dc2e9fb9bd3426bd659f2f28

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/Web Data-journal

MD5 03b16662278675ca4510613eada1334c
SHA1 fec36358ec02e6b8ef3b4e294fe90f0033113a59
SHA256 0351b687b517f08b160939209a6e6cefaa10aa47d8e56c02cdca3da5f2c992d7
SHA512 a8f811672250112cd12d69ff3fb72770b92b0a49318cccc60fc397f7726b54bb82064caad7e8e21b23685de4eea8d97f80615b3b8ade8cc689dbb1133d74099e

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 77dc5316a59c99387b37711d7ce31b97
SHA1 de396fbd76b8e2e3d5fe0721e863db6341866bc2
SHA256 a73bbeccd6dc786702fe23a48c7a0bfa412f9aac4db2951803f522fe92f5259b
SHA512 09d61816a16b12fe0e768e18fb52c7086ea4b3e4cd0f2777579760e0ae9e13a6f527002b8074ae579635888706b92c232326b56dde68e0c0d844df0281c64e16

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/GPUCache/index-dir/temp-index

MD5 5e01520462644f4a57dcf03f942c2602
SHA1 bc68c33caf9907bdbe514b68846a4970db4fbe48
SHA256 8150a2117763f6ba83230725dcebcc7cf5caf18cd08da748f446013840f74143
SHA512 09396b29ce01afc6d8a1f6fdf1267251cb58a98ab7316a873c88d44d04da6773a552ffa6e68d084efd6c57dd6311e4e9631848d0b1e58e83ffc9063bfdc1adf9

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/cache/WebView/Crashpad/settings.dat

MD5 8ed1e6f23249f4b266674d6bbcadc72d
SHA1 0978b93a335099feaa3820b4ef5519e7eadede0d
SHA256 81988d634a77264f7035e74d6ee2b631b7c2bb27ff544942defa4236ac41a444
SHA512 7566dd9bc4cfe02922527df3a1b91e812de334e24d9e88fda104121f92006875df511882806d292753db0e28eb54388112c02141e077bd462020f0820d9b0303

/data/user/0/njrubljhdew.zkqncfm.cdjqppywpayaaciuwswzu/app_webview/.com.google.Chrome.bIgMmH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-06-02 08:31

Reported

2022-06-02 08:32

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A