Malware Analysis Report

2025-01-19 05:14

Sample ID 220603-g51jaabdh6
Target BB1146C08E39E704DC50C81BA12169D0EEDE42C38FE9EA5EEDAE74952C75433A.apk
SHA256 bb1146c08e39e704dc50c81ba12169d0eede42c38fe9ea5eedae74952c75433a
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bb1146c08e39e704dc50c81ba12169d0eede42c38fe9ea5eedae74952c75433a

Threat Level: Known bad

The file BB1146C08E39E704DC50C81BA12169D0EEDE42C38FE9EA5EEDAE74952C75433A.apk was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-03 06:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:32

Platform

android-x86-arm-20220310-en

Max time kernel

682714s

Max time network

147s

Command Line

com.xwrmnh.qoszdczhgyt

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar N/A N/A
N/A /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.xwrmnh.qoszdczhgyt

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.202:80 play.googleapis.com tcp
NL 142.251.39.99:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alt5-mtalk.google.com udp
US 173.194.202.188:5228 alt5-mtalk.google.com tcp
NL 172.217.168.227:80 tcp
NL 142.251.36.36:443 tcp
NL 142.251.36.36:443 tcp
NL 172.217.168.238:443 tcp
US 1.1.1.1:53 alt1-mtalk.google.com udp
DE 142.251.9.188:443 alt1-mtalk.google.com tcp
NL 142.250.179.174:443 udp
US 1.1.1.1:853 tcp
NL 142.250.179.138:80 www.googleapis.com tcp
NL 142.251.36.35:80 tcp
NL 172.217.168.227:80 connectivitycheck.gstatic.com tcp
NL 142.251.36.4:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar

MD5 389ee3aca5bf67053f3ea3bb9580fa59
SHA1 986113f66add0927a37c7eb5ee8f25398313ba2c
SHA256 6337ad9bc6fd7c4523a9684382ed4841f453fb6b65c1fbcc5126be4fe8a866ca
SHA512 c312855f55e9b4fc9513250f6a565a157b2cb638ebb9c7a2c23319ece532a580442930bf7579af08c835de54c296642689f96108f2c1d69f9fcf8b6d7771b737

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/x86/hcwryfjcfr.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar

MD5 9eac7842f81b72657e16ba33e90144a1
SHA1 dc213d3833f485c96b77c9c660d5b85ee9b8586a
SHA256 b73f3b5256bf3173c1454d31c0c4f94efd9e496a640596aa293f62beaab35a0b
SHA512 c4d666b14323378a693a2444f8ab8dd7dee7fb0e57c999495d628a2c29ca2b53ac85119a191bec8cfae3f5cec493b5e74e77b36ce46015dd9ae5845b9f734d90

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar

MD5 87746a084c21774ab77668aa202ced3d
SHA1 fe02e4b84dd2aeb70241a2bb08045f4d8807a416
SHA256 3727f85275ee33318b849712d8844a3096284faab7cda26a26615359b36b727d
SHA512 ae78baec75e1a88d8432338de4ebd8fa484098d812daee69dd806936b80aaece5005996c749783418eccf45df285882e8c63a79096c142884046d772b033e5f4

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/hcwryfjcfr.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data-journal

MD5 25690097d93ebf395aebfea7e6932749
SHA1 b1f4b0434c607fa089c1ef2b6e1260bca9cb2f12
SHA256 7edb8ec863b950f003e6f980ac21cb514d375d0c7100a4ba07276077c74856d3
SHA512 750c7532a8c8c72b51d3fb113a1e56061c2debd42b4ba5bd7bd7018f7e7cba137016489c66033b2031673f0478b2f461acea6e1c61bfe127b74842928f8813eb

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid

MD5 05265012f5cac0d69593d5f8676b7404
SHA1 826e2c7a18e3d4b38413d62909925c696e9e67da
SHA256 f031460460c722db47aae01eafe431a4a0576dda25bd313f4d9f3af26f17f1d3
SHA512 88fb67f3d89f6eb97a766216aae841f6e50b8abd0c806e764912a369849ad0fb2f1ddd23ccafef6a2b81ddd900c5031bf6fce4f45b1764423ab7a8de767167a7

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index-dir/temp-index

MD5 31a593c2cbc296707aa0ac2bf54ac6b4
SHA1 12878b2c18e0e1bb7352d78a0c225257f0f08705
SHA256 a63e8958dad94da14ff5de48dd910742e4bb9ab01e208ec9de3400502c3a87c1
SHA512 09993694e1f40b9d30290fb34c75cefb4c877257c9c57297711ee8756a4d90e601f6421f0ad2ee6a742a06cd519fad9c9c7df2d7a5be88811d597f74a0c8a73b

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:15

Platform

android-x64-20220310-en

Max time kernel

678098s

Max time network

161s

Command Line

com.xwrmnh.qoszdczhgyt

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.xwrmnh.qoszdczhgyt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar

MD5 389ee3aca5bf67053f3ea3bb9580fa59
SHA1 986113f66add0927a37c7eb5ee8f25398313ba2c
SHA256 6337ad9bc6fd7c4523a9684382ed4841f453fb6b65c1fbcc5126be4fe8a866ca
SHA512 c312855f55e9b4fc9513250f6a565a157b2cb638ebb9c7a2c23319ece532a580442930bf7579af08c835de54c296642689f96108f2c1d69f9fcf8b6d7771b737

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/hcwryfjcfr.jar

MD5 9eac7842f81b72657e16ba33e90144a1
SHA1 dc213d3833f485c96b77c9c660d5b85ee9b8586a
SHA256 b73f3b5256bf3173c1454d31c0c4f94efd9e496a640596aa293f62beaab35a0b
SHA512 c4d666b14323378a693a2444f8ab8dd7dee7fb0e57c999495d628a2c29ca2b53ac85119a191bec8cfae3f5cec493b5e74e77b36ce46015dd9ae5845b9f734d90

/data/user/0/com.xwrmnh.qoszdczhgyt/app_offline/oat/hcwryfjcfr.jar.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/metrics_guid

MD5 80d824ce1d3e28ca285c5cf6789cbe3f
SHA1 8c5437a331a268890f0b1c3321f382d25b4feef6
SHA256 70c05e4f21b77c867ac89239c0a09545da023e17af7ef893662e32c811963138
SHA512 c320760f38e73e94b4d942a6eaa5dbf3a89c8393daa9e64959317665b78f2b5aec44280f70a4f781128e8549b73cf28d7ce1548cbbbdf948f17fc63693037d61

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.xwrmnh.qoszdczhgyt/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/Web Data-journal

MD5 4222ce64eddac792d9da20fed1626f8b
SHA1 36f7ddedd5c7797f875a2e25a8ffd833bff6909c
SHA256 53e740ad4c9d3e3d89b7b0821e4d8c6e82aa493bae5e4c6994dc916e09d2100d
SHA512 a3ab36cb7bdf4431f30039c8fb90a43280b65d4d5e4bff1bf395daf437f9cf0fd0545780e22e1a50909861ffd28b4330c5ef44f31b602930bff65ec6908bf2c9

/data/user/0/com.xwrmnh.qoszdczhgyt/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 2782e5c8e7b34715bae8589169c0634b
SHA1 ec264004f1f2169b804f93c5889e71f8745469b4
SHA256 90b03bf705e085fc35ac86028bf2de130b670959875726edddfe7a69024bef51
SHA512 df08ab0b90f5ac49a1bdca520675c7e6fe55bcbdf8e6b5206e9fba83b030d96ad03533dcbf440a211ea4f9ca3827bb04f9e8da1f611562f5255ccdb3cf3ece0e

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/GPUCache/index-dir/temp-index

MD5 4210ae3b9ae6441515e557301fa9fe78
SHA1 38668c229169d79def44afe1b2853cf68d224bd6
SHA256 efd1efd4d5fc48cc495ad8e3545838129c3fd7be80d25f0a061121ce702ef391
SHA512 f6de52d4c6fb81861f0f305bedf5af263da38d60a802f8ade5092dc551efc2495066e52488e37a8ab085a79c32e0ad71de6d90fe66a2eec2b9de36e2f292bcfe

/data/user/0/com.xwrmnh.qoszdczhgyt/cache/WebView/Crashpad/settings.dat

MD5 c4f6c82a95f8e756b63fa352d3da3171
SHA1 99529c1e47d3407e65efb7a27f385d017f26290d
SHA256 03050ce524d578adae1a90cc57de689a5cbae75c1de15e12e6276a02e62f57ed
SHA512 4367ba3f0420a809d81acc08220f2ae06061eddabbd1cfe6ecf2442460469119f068c9d7089e115243da8ef347546e71441681c2c514a0cb4060f96e954a4320

/data/user/0/com.xwrmnh.qoszdczhgyt/app_webview/.com.google.Chrome.RKehnm

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:09

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A