Analysis Overview
SHA256
484f6862473b96487b7d2cb1079df512403ed48ab25adf6aa3738fb39acc625b
Threat Level: Known bad
The file 484F6862473B96487B7D2CB1079DF512403ED48AB25ADF6AA3738FB39ACC625B.apk was found to be: Known bad.
Malicious Activity Summary
Cerberus
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Removes a system notification.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-03 06:27
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-03 06:27
Reported
2022-06-03 07:01
Platform
android-x86-arm-20220310-en
Max time kernel
677250s
Max time network
153s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar | N/A | N/A |
| N/A | /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.ygmdflerbfvl.tbistzkei
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| NL | 172.217.168.238:443 | tcp | |
| US | 173.194.202.188:5228 | tcp | |
| US | 173.194.202.188:5228 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | semanticlocation-pa.googleapis.com | tcp |
| NL | 142.251.36.10:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | alt8-mtalk.google.com | udp |
| US | 142.250.115.188:5228 | alt8-mtalk.google.com | tcp |
| NL | 172.217.168.227:80 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 172.217.168.238:443 | tcp | |
| US | 1.1.1.1:53 | alt4-mtalk.google.com | udp |
| US | 142.250.157.188:5228 | alt4-mtalk.google.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 23.2.163.242:443 | tcp | |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | lcnpro.net | udp |
| NL | 142.250.179.202:80 | www.googleapis.com | tcp |
| NL | 142.251.36.4:443 | tcp | |
| NL | 142.250.179.163:443 | tcp | |
| NL | 142.250.179.163:443 | tcp | |
| NL | 142.251.36.3:443 | tcp | |
| NL | 172.217.168.227:80 | connectivitycheck.gstatic.com | tcp |
| NL | 142.251.36.3:443 | tcp | |
| NL | 142.250.179.163:443 | tcp | |
| NL | 142.250.179.163:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 172.217.168.238:443 | tcp |
Files
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | d45bf00bb6e9b4d8b7d1658b446dcdf8 |
| SHA1 | 513af094a9b41ec93176dfc22736b35eedd16b57 |
| SHA256 | d333fe24ab64cffce489cf149fc1127b91f3662a406ea7555b9e91fda486ab1f |
| SHA512 | 2fa44792c862740d1e3389c819a08f87066c4b77d7de4de2c5bdc956c62211f5abd85a6a234e10dd9c029cb91dc4769a1250d1669591ef1438108cbcf00621ce |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/x86/fsdcqjklz.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | 08ccc2e2df5b4113f18c8adca75efc64 |
| SHA1 | 4b3d9853b909f92268f135133084b539da258d5c |
| SHA256 | 802ff9fe8616b77cfd5ade32de49928816a35376340562bc1d90a4dcd1fcb443 |
| SHA512 | 1c7d9feee736b8e5563b02aa741651cf2a23b41dc7b3a0c7d388a81b99c41c3b0c074af8e0eec38258a2a0d8aac7d9676d7ff11a7ccd8f3e9a98c00a7335aa5c |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | 4455c8475a4df2dd495574913b9a8ac6 |
| SHA1 | 9914e63baacfece99a56ae088075ec4c7fc7d8a0 |
| SHA256 | 89daf9ec891b28446e9665181da9344ace578e945dd2d873ba9fe55b88adafb5 |
| SHA512 | b1a3af1ebebfdc31ff68fc215a73b16d83ab3f1b6e029e3922be3d2e2dddd0e5979d297d7626012481a2581618d0f063ecf6541f5e72f082a182f5d507f9eef4 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/fsdcqjklz.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data-journal
| MD5 | 791a02e6636cd7454ed2bade727ce9ef |
| SHA1 | c2832a5c47728fee83824a9b91b591c2cc498f22 |
| SHA256 | ed8276c39aa2307af61e69f13d772f7e0c6c47da9cb9ea5a8dbaa57f697b7d3b |
| SHA512 | dec2763424179210266108a542b915390a0a9df8eea96fb6fa0afb616635d20a7af19529d67f36d0a7bbcbd93b1392194fb63a4a735677cd1f17e286669ea5bb |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid
| MD5 | 008c3ce0213c86dac3c9188722033f1d |
| SHA1 | b99c59972481872ef75b1cd3cdb3fdbcc45cafe3 |
| SHA256 | 63f313c166f1dd807579aa647739c8ed004f1889620709a1d4560a9a84174941 |
| SHA512 | 8d2a271b75a38ab9581d99866bf6d63484f5dcb908a7edf57970ca681ee4ee6d8570c9ba4aa59292b2c20d1addcc5853ab81232402bc5394f1273f08ce5a96bf |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index-dir/temp-index
| MD5 | 07ac4e8d2bf0e81c046393995bb2089e |
| SHA1 | d14c2045e68b025fc318a11e19f305d24b563574 |
| SHA256 | bd696c30c9ebd5385ae2838968360c4a103d89b42b44b45e3bcd8856cee5b495 |
| SHA512 | e7d1ed6f5882705052a9cefd80d6bfd274f5b684263fda31ab9a12fd1d0416488fdc32b03635445e74c14067d1d7d30a92935af370bb4aafb91e4472d2f5009a |
Analysis: behavioral2
Detonation Overview
Submitted
2022-06-03 06:27
Reported
2022-06-03 06:53
Platform
android-x64-20220310-en
Max time kernel
676758s
Max time network
176s
Command Line
Signatures
Cerberus
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.ygmdflerbfvl.tbistzkei
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 216.58.208.106:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 142.251.39.104:443 | tcp | |
| NL | 216.58.214.10:443 | tcp | |
| NL | 142.250.179.202:443 | tcp | |
| NL | 142.250.179.202:443 | tcp | |
| NL | 142.250.179.202:443 | tcp | |
| US | 108.177.119.188:5228 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.136:443 | tcp |
Files
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | d45bf00bb6e9b4d8b7d1658b446dcdf8 |
| SHA1 | 513af094a9b41ec93176dfc22736b35eedd16b57 |
| SHA256 | d333fe24ab64cffce489cf149fc1127b91f3662a406ea7555b9e91fda486ab1f |
| SHA512 | 2fa44792c862740d1e3389c819a08f87066c4b77d7de4de2c5bdc956c62211f5abd85a6a234e10dd9c029cb91dc4769a1250d1669591ef1438108cbcf00621ce |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | 08ccc2e2df5b4113f18c8adca75efc64 |
| SHA1 | 4b3d9853b909f92268f135133084b539da258d5c |
| SHA256 | 802ff9fe8616b77cfd5ade32de49928816a35376340562bc1d90a4dcd1fcb443 |
| SHA512 | 1c7d9feee736b8e5563b02aa741651cf2a23b41dc7b3a0c7d388a81b99c41c3b0c074af8e0eec38258a2a0d8aac7d9676d7ff11a7ccd8f3e9a98c00a7335aa5c |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/fsdcqjklz.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/metrics_guid
| MD5 | 063eb5383673d35ad83e6ede5d66dde7 |
| SHA1 | 9283df386a8cbeead1c52586f1bfaf7ef7bf541e |
| SHA256 | 057835b7ce88c37fd2ffeeab6fbaf0bce0e0ceff63e87cbabc2b8f5b1e7afa7b |
| SHA512 | 357d3852b3d3b7935cc62219d0fd1802e53d2c6e03b7358da550866efdef92db8c0d8b7eff69665af88ad7eaf479e166c3891dceeb63c4e062b4a288cf017c4d |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Web Data-journal
| MD5 | 11f99caa907ae849459fb1930ba5b521 |
| SHA1 | 7f193aa625c8d543b5141ca840373f9b6413114c |
| SHA256 | b2f1b581f1992d0f4b61aa5cef32b72e5dcdca21a2805ac744ef88d7115b5126 |
| SHA512 | 76867155b12cbfaf09944dbe4af687edc8d110b50c36a9509813a95dad71c6ca2d5df509d3eb533b9602f4d74b9ae855efa51650effc6247fc4956f4a15b1f20 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | 098e25299d3e88969da4ad0a4978b70a |
| SHA1 | e45f33aef9aa188ce90feaabca86a7586d806ce3 |
| SHA256 | a9da61adb6619085fec457e1e95802c1e8be2a6c189a13ad71e677b72a847075 |
| SHA512 | a19c0e9242ea666e955ceb6375aba3d316fbb6e03a954fc309636323b03aca6fea9d10bb3350fb38dc503698019c053f7fa5ddbf2fb310d53d63c011c1ba235c |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/GPUCache/index-dir/temp-index
| MD5 | 5335971a3b34b40e46cca9c4ed5298c1 |
| SHA1 | 1d6ceaac6e3b6689cbff1751c86a6fc971e976c0 |
| SHA256 | 9b8442448320df36fdff15c67bcecc36fb2786db27cf1cda7372e54fa2b54be3 |
| SHA512 | 84e2fe280aa3e1779750386136413ab35e6bc3a0406eac06889ce54b55e05af1e3ce637af480aa49c78d1a5139ca7c8543677e673d616813f890ea9024f6f3cc |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Crashpad/settings.dat
| MD5 | 3087f511bae979f8a007b3510d4b308e |
| SHA1 | 42daa1e1d42efd66654a04f23c65fa97d62b1059 |
| SHA256 | a6cf8cf34160a142ef8100066817db6d5b485c2cc05d302adc3503c21a0c9f8b |
| SHA512 | 46beae7a0d451762a64360d9fa5966a1b38878532e4ae9eaf1bfc492fc802172e796ffd192dde0ddcfec44d7985b2147a20863c1239d5d237587ace8fbb5d71f |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/.com.google.Chrome.qoIHla
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2022-06-03 06:27
Reported
2022-06-03 06:52
Platform
android-x64-arm64-20220310-en
Max time kernel
676715s
Max time network
170s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.ygmdflerbfvl.tbistzkei
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 35.186.238.175:443 | tcp | |
| US | 34.120.65.227:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.166:80 | ad.doubleclick.net | tcp |
| NL | 142.250.179.136:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 23.2.163.242:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp |
Files
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | d45bf00bb6e9b4d8b7d1658b446dcdf8 |
| SHA1 | 513af094a9b41ec93176dfc22736b35eedd16b57 |
| SHA256 | d333fe24ab64cffce489cf149fc1127b91f3662a406ea7555b9e91fda486ab1f |
| SHA512 | 2fa44792c862740d1e3389c819a08f87066c4b77d7de4de2c5bdc956c62211f5abd85a6a234e10dd9c029cb91dc4769a1250d1669591ef1438108cbcf00621ce |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/fsdcqjklz.jar
| MD5 | 08ccc2e2df5b4113f18c8adca75efc64 |
| SHA1 | 4b3d9853b909f92268f135133084b539da258d5c |
| SHA256 | 802ff9fe8616b77cfd5ade32de49928816a35376340562bc1d90a4dcd1fcb443 |
| SHA512 | 1c7d9feee736b8e5563b02aa741651cf2a23b41dc7b3a0c7d388a81b99c41c3b0c074af8e0eec38258a2a0d8aac7d9676d7ff11a7ccd8f3e9a98c00a7335aa5c |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_offline/oat/fsdcqjklz.jar.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ygmdflerbfvl.tbistzkei/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/webview_data.lock
| MD5 | 4f778bbbbd13f447f0f33cf3316cd05d |
| SHA1 | a47f36e10eb624130c5f8b3561469e1934bde60a |
| SHA256 | 51348e6955e1efa025618013b036c42ff92ec395a761692a439a97fe44221f5a |
| SHA512 | fa14daf4bd3785a9423f71e532b14e2d286703e433c28f5c25fed622e3131b553cbccfcd49b32df955984b9c83dcb172590632f8d42b129896306fdf2de67991 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Default/Web Data-journal
| MD5 | e5bad4166f9f6629190c2e1e31061892 |
| SHA1 | b84c78f60be40712d2794f76df3d7140ed0b7a94 |
| SHA256 | 15da66a0ec995fcf531b216500bc0c0fb102483f2a9cbc0f52e39440176a96e5 |
| SHA512 | 17fa6468377a43029e211cb1c2121c212e65874fb8386bb19d4c15977c2b2d3444dba922f6049a78399ad00b91fe3bc56b0c9f4178220082a710d28af528d0c9 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | cccb6c9cea2e80a2a3283ae81f28f8a5 |
| SHA1 | 1479a20b391550f69204d25446d7ea167b057d07 |
| SHA256 | 0f8204eba6c9d310872fcb32d34c46a7f67da7d980948a11c9d9a3b28da157e4 |
| SHA512 | fc1b12a64dda7e7c15be6965cdee1ce36da719e4166993a956755564e3fe23f5cad7f0d4f1afdc8fef2f563bfe119cff51b3097501346736922e3ec6e20772a7 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | 94ec6925675ded13f96e9a90df7289d7 |
| SHA1 | b742b71b2154de396a96e50390aebeb2d578eaf8 |
| SHA256 | 49e1e3ee844603204d982e640289a978df26623517472e5ffdfaf3b12f023e18 |
| SHA512 | 1ce83a933e9392d0db42bd5ce974b94c225ecf00d4a3ed8082c3b7d3ca9046407dcd13fc85bd7fa1ae6f0f5027275759e8ffe578805bd736177220db1d02f405 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | e0cbaab633364dd87ec420783ca5e824 |
| SHA1 | f7549838de28e2d136b3aa3dd5c11325a4723ad8 |
| SHA256 | 8b9c40acf16b4b09c99e73700f2de75b600a4441ee2602f563fad359cd842145 |
| SHA512 | 3179712b2d46ed913bb49987afc33b520c9e44324c67ce48b1c4f5282f2a50fb3c80ae2bc64b9bde1e35d5e56b9a9566dc85a01bca54b6a6d09f4a8239a68efd |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/com.ygmdflerbfvl.tbistzkei/cache/WebView/Crashpad/settings.dat
| MD5 | b4970f48a12fe15ca30f4c317bdb1f24 |
| SHA1 | 20282a13701eaea090c0ec82cb33edc3fa0f2b93 |
| SHA256 | 5ec804d46b4e4a7383d191117108fbc2aa74ac92711a833ce307076bdee21d0c |
| SHA512 | 028b2f4ecbd10a431b3afdf512f6fa227d595bc6354000d857bd19cad3c6168f71322988769ed26801ddc26f9b0c3ed372a5ae23788cb67ba658f0c1d775456a |
/data/user/0/com.ygmdflerbfvl.tbistzkei/app_webview/.com.google.Chrome.Mo6mkQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |