Malware Analysis Report

2025-01-19 05:14

Sample ID 220603-g57mlabea8
Target 57EDD6BCB7FFF5653794CD9B8CFF04C49858270E3BC54D847958E46CFE64CEC1.apk
SHA256 57edd6bcb7fff5653794cd9b8cff04c49858270e3bc54d847958e46cfe64cec1
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

57edd6bcb7fff5653794cd9b8cff04c49858270e3bc54d847958e46cfe64cec1

Threat Level: Known bad

The file 57EDD6BCB7FFF5653794CD9B8CFF04C49858270E3BC54D847958E46CFE64CEC1.apk was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-03 06:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:34

Platform

android-x86-arm-20220310-en

Max time kernel

679248s

Max time network

162s

Command Line

pntsxp.mnnasexytyeym.uqjgxqy

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json N/A N/A
N/A /data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json N/A N/A
N/A /data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

pntsxp.mnnasexytyeym.uqjgxqy

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/oat/x86/RZASPL.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
TR 176.235.22.175:443 tcp
US 173.194.202.188:5228 tcp
US 173.194.202.188:5228 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.202:80 play.googleapis.com tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
TR 176.235.22.177:443 tcp
US 1.1.1.1:853 tcp
US 142.250.27.188:5228 tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alt5-mtalk.google.com udp
US 173.194.202.188:5228 alt5-mtalk.google.com tcp
US 173.194.202.188:5228 alt5-mtalk.google.com tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
TR 176.235.22.177:443 tcp
US 1.1.1.1:853 tcp
US 108.177.126.188:5228 tcp
NL 142.250.179.138:80 www.googleapis.com tcp
NL 142.251.36.36:80 tcp
US 34.120.65.227:443 tcp
US 35.186.238.175:443 tcp
NL 172.217.168.227:80 tcp
US 1.1.1.1:853 tcp
NL 142.251.36.3:443 tcp
US 1.1.1.1:853 tcp
US 162.159.134.61:443 tcp
US 162.159.133.61:443 tcp
NL 142.250.179.162:443 tcp

Files

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 721cbd6a2a6d18800f9a7bd347591658
SHA1 64c726c4f004b769b4763fed47af29182cf5c942
SHA256 41f67dcc903f5c1add860c8f08a55b6989f8fe04fe74888e7a10f41637380c28
SHA512 ae8d8630cc51517d218fe5cc1f7e03b7002f76fa9ac844b6d5a95c5c9270992c83af5ebf8d082143f920b53c9062d0eb17a9da47825a9081862a0cdf540113ef

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 39270737aa36c85ce97bc3aac4315140
SHA1 e28427f4216be588931fdce34006a79c4f9c8faf
SHA256 a9a988298ee392976cabd60147c47e3f445e9d1fd7b2f99ed84ef0276d8cccd6
SHA512 3c6638a19e91798e0e734b4a1482b7709c82a16308a448fbc9bc9880a8fccbb112f2c45f79a256cf4e4273594aa228232a6252dbb55d4b4d84651e6fadb0d757

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/oat/x86/RZASPL.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/oat/x86/RZASPL.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 39270737aa36c85ce97bc3aac4315140
SHA1 e28427f4216be588931fdce34006a79c4f9c8faf
SHA256 a9a988298ee392976cabd60147c47e3f445e9d1fd7b2f99ed84ef0276d8cccd6
SHA512 3c6638a19e91798e0e734b4a1482b7709c82a16308a448fbc9bc9880a8fccbb112f2c45f79a256cf4e4273594aa228232a6252dbb55d4b4d84651e6fadb0d757

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 397e0189ff13798b5fd91ec752c9ceee
SHA1 55bc6ed0f2e7fd15c45b2a046591a0ea2ee76103
SHA256 a0e7548a4d4fd75bf537638f15477c2d475ea58a8307575841fca3f8fd8aacf8
SHA512 8d7de4f2d8988a8d4adf6bfa654b3924da964ee523d3aff66cfd9a96d99250db4c64f7a6e3b241dc2d8a076961e2c6bb928a9e9312f4cab1d6d031de143d734f

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/oat/RZASPL.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/Web Data-journal

MD5 82ccc7222f29fc83a501142996f4b65a
SHA1 f445040210da6a72d85dfd4895132bd655aacda8
SHA256 1786d4fbb65ef609628b26441c98d0ef6762eb8ee1473572aaf7af4dbbd1a9dd
SHA512 47e8d2921748151d97ffee1092b719d54a208d39f4362bef8941cf924496abb3391a411bd2cc2184b9bdb11b359ebe10d09761bf754f36e3ea92929f5aea5a84

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/metrics_guid

MD5 ec220845fad9c65e47d9ed0f503cb287
SHA1 5752ce9ea3631ce262e518a5aef77d066387bec0
SHA256 448088301f0c1641ab3a0acbdc2eb3598ddc823839ef1e711dd094155d52876b
SHA512 1c68f0ba4437bf2cfbaf3ccf46585f00b1eac7ee9fe8d55c33ff91ab1f4f90da0e3055fe27ba9476d3a090c947ee1af0beca3cd6c5d81b2bc2bf19e8f851553f

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/GPUCache/index-dir/temp-index

MD5 bac62d52915eaf0d565493143d0d977d
SHA1 371ed61d4ebf95f248a63afd66f7a99b6c076475
SHA256 f2b08514d9976e55bd8fb2664474af657cc82ecf3d5fab3de6f6c6ed901f8c90
SHA512 8ddcc7983a420bb4d063428aeab3626a395f191963e128cabfbf24985595fe2ff6168ca2f1c533349dba25c85cc00e9667612d8607a1d5c8adf0abe095f8ab46

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:17

Platform

android-x64-20220310-en

Max time kernel

678205s

Max time network

172s

Command Line

pntsxp.mnnasexytyeym.uqjgxqy

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json N/A N/A
N/A /data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

pntsxp.mnnasexytyeym.uqjgxqy

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.138:443 tcp
NL 142.250.179.200:443 tcp
US 104.244.42.65:443 tcp
US 104.244.42.6:443 tcp
US 1.1.1.1:853 tcp
NL 172.217.168.238:443 tcp
NL 172.217.168.238:443 tcp
NL 142.251.36.8:443 tcp
NL 142.251.36.3:443 tcp
NL 142.251.36.45:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.138:443 tcp
NL 142.251.36.3:443 tcp
NL 142.251.36.3:443 tcp
NL 142.251.36.46:443 tcp
NL 142.251.36.14:443 tcp
US 142.250.102.188:5228 tcp
NL 142.251.39.110:443 tcp
NL 216.58.214.2:443 tcp
NL 216.58.208.106:443 tcp
NL 216.58.208.106:443 tcp
NL 142.251.39.110:443 tcp
NL 142.250.179.138:443 tcp
NL 216.58.208.106:443 tcp
NL 216.58.208.106:443 tcp

Files

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 721cbd6a2a6d18800f9a7bd347591658
SHA1 64c726c4f004b769b4763fed47af29182cf5c942
SHA256 41f67dcc903f5c1add860c8f08a55b6989f8fe04fe74888e7a10f41637380c28
SHA512 ae8d8630cc51517d218fe5cc1f7e03b7002f76fa9ac844b6d5a95c5c9270992c83af5ebf8d082143f920b53c9062d0eb17a9da47825a9081862a0cdf540113ef

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 39270737aa36c85ce97bc3aac4315140
SHA1 e28427f4216be588931fdce34006a79c4f9c8faf
SHA256 a9a988298ee392976cabd60147c47e3f445e9d1fd7b2f99ed84ef0276d8cccd6
SHA512 3c6638a19e91798e0e734b4a1482b7709c82a16308a448fbc9bc9880a8fccbb112f2c45f79a256cf4e4273594aa228232a6252dbb55d4b4d84651e6fadb0d757

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/RZASPL.json

MD5 39270737aa36c85ce97bc3aac4315140
SHA1 e28427f4216be588931fdce34006a79c4f9c8faf
SHA256 a9a988298ee392976cabd60147c47e3f445e9d1fd7b2f99ed84ef0276d8cccd6
SHA512 3c6638a19e91798e0e734b4a1482b7709c82a16308a448fbc9bc9880a8fccbb112f2c45f79a256cf4e4273594aa228232a6252dbb55d4b4d84651e6fadb0d757

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_DynamicOptDex/oat/RZASPL.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/metrics_guid

MD5 1adacc324bd179ca099abee13e2190d2
SHA1 84d75499e4dcd072217953948ad6b4650bb5f8f8
SHA256 12240e7eb082f2b1b576865251affddc4c2062727a50510c5d08a5984fa47ccc
SHA512 bc7e6430d2331e77a25bb0a2e6d355113e3d67ae020be43c55488f2aecf0330744f685a11b1e637cdd397f6f81361d492cd51f957320eb1b715c44dfbc6679f2

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/Web Data-journal

MD5 afbb17ca6dd8a96a33f3cd7ba54b687c
SHA1 9951e9a02b1e7d89963519419294747a0eaecb9c
SHA256 92926de38509a76736c629eefc15b8e903c9d0db92649e502a8409730071990a
SHA512 686cae8507b29ae0b9ebcb9a9985e1daa2c16826ea4078439482ea72aa85e324b30af5c90dd533c2e3d4eb3aa2bb353b5ab7bb03ed125033d5058ff439131fa2

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 988baae5eed23c25182ec75386e61767
SHA1 166b9b7da251c7dddee33c9aff340874165f8b5f
SHA256 375d821a28e76e23cd26ad0a81cb09d557098ff8217cfb35c985c30211114d68
SHA512 66423ce759a8eccf2c7335d9d975831890c1b7c51f3f90bb65b23bf8cef787ef86ddc0164516d5dbeae89eb47cc557e6c138f1e7a165a276bc5f285c5bce584b

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/GPUCache/index-dir/temp-index

MD5 8a761af2eb047415f7533abd1b0932cb
SHA1 15eea1dbc74028840e771dcd3bd00f25c9d53510
SHA256 86c41a2a1fad61ae9e4ee0f8aec4047a246f482bf943bcea6382de16f493efae
SHA512 2556f4c71167b34749799b61f65931d015a018e2a580a3e9bac037da27a259139419809146ad06d274dbd2d1cd9b9f0d0288c2cf01e07e63b5c0293e059837df

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/cache/WebView/Crashpad/settings.dat

MD5 18e6a577686dd0891dd8593610147399
SHA1 e3d6fb4330bf38211df33743122aef313d4bfd80
SHA256 be08126543be4dadd331a339e34155413599d47abbf575e2358b502c8c517134
SHA512 5e278d5adc0c0026dd2970fc4f617205ec7e29e91e30a10e728755616378243616357f9067608822a8a34b7f5e319871133f7a2ba5ba68cc425038d3a32ca507

/data/user/0/pntsxp.mnnasexytyeym.uqjgxqy/app_webview/.com.google.Chrome.UJCL9c

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2022-06-03 06:24

Reported

2022-06-03 07:09

Platform

android-x64-arm64-20220310-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A