Malware Analysis Report

2024-10-19 13:13

Sample ID 220820-2mm6fscbg4
Target Live_sexsi.apk
SHA256 5bb6dc2fc38bccaebf7a9a0da01c708cb36b6875563b494333ca471a899079ba
Tags
brata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5bb6dc2fc38bccaebf7a9a0da01c708cb36b6875563b494333ca471a899079ba

Threat Level: Known bad

The file Live_sexsi.apk was found to be: Known bad.

Malicious Activity Summary

brata

Brata payload

Brata family

Requests dangerous framework permissions

Acquires the wake lock.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-20 22:42

Signatures

Brata family

brata

Brata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-08-20 22:42

Reported

2022-08-20 22:44

Platform

android-x64-arm64-20220621-en

Max time kernel

3178087s

Max time network

150s

Command Line

edward.org

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

edward.org

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
NL 142.250.179.195:443 tcp
NL 142.251.39.99:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
N/A 224.0.0.251:5353 udp
NL 216.58.208.99:443 tcp
NL 142.250.179.174:443 udp
NL 216.58.214.8:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.174:443 udp
US 1.1.1.1:853 tcp
GB 142.250.200.4:443 udp
US 1.1.1.1:853 tcp

Files

/data/user/0/edward.org/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/user/0/edward.org/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/files/PersistedInstallation6780993033157748071tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 8b852080446f1a016873c36c52739123
SHA1 f6ad426e15c051262c74499b0b2376ce9efb71b1
SHA256 1e33d882449f300a303315bf95f008ac6f2b03317c349ead2df0dcb97617a7ec
SHA512 da978f4f38ebec46d3cdc8675aa543947cdb8a6d1c31b7fecc4801608bbf596a795f97b149c16ec8bd1e7189ab54dd6b861aa8d56647fc4b7e72cb3b18481d0c

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 eef1bab91616165bd3ed5d2e07834cfd
SHA1 efddbde1196d0a037145150dc4c743e941e15f40
SHA256 05ec4eea537e7bab99a9ce35c3c2ab33460061fe9a1a37dbe3345cd9896a93ef
SHA512 08f98ed64ada4f962d8173e5de2fe1e833dcd9f78c0cc5e9465cedc76a6841a253c2c0733216a23b44e7867673af90db0d8865a5742abb7e06f1f0de8c11f577

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/edward.org/files/PersistedInstallation3425471724223322041tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 61353a14830498f30d4a0cf31caef8f0
SHA1 278cea7a5a074b86c053c0451f24b4f12f98ba6e
SHA256 5da5f86709a0bdc65c7c0e4e6d9bae6d27a5b31fa5838e9c4dc64090b5c61256
SHA512 d3c68dc72a821c68016cccdea9397256cd3e0a77d1dafefb369a8125b78a44c57f9c0e401baae2d4b88e1e8e9627c0100bf1a0f004bd1ac1f703ba26c2cbe40c

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 bdda6c2aef3dbdc22467af8fa1eea5af
SHA1 89407f2199cc8bfc38249a4e7023e5bea1496b62
SHA256 6de180b15121458a6826e5d4c29ddccfeff02e001f714613d8ef27d523853076
SHA512 c159415ebcd6dafc51ada9cb4c7f3ac08cf5b4a56e0f92f3934873543625b56517605959832e72d6907a9a1803f8970b200dcdbb709dbeeccabd0b01f55b6316

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 e0c4132c32b12ae49697324b6b03f5a7
SHA1 a122bdf0c84ef90a4db9151ff6a67c9c20226a19
SHA256 57e737092774adf37289d65a3fc167ccbb1236d7e5da6b758096e999cdb07a05
SHA512 94b164b26017e32f550dd2ae19c5224d447f9fbd458314d5eb4cc7fcfc9f2d7bd285f895ea52fbdddf096e661d2324bc827b4e4d4423e0dc9e0382b9baaf947a

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 b568b1be1bdd5cf99ebb5604feae2e7e
SHA1 2637c87f0e7f3c52fd252d3b1f5fd9a642435855
SHA256 567daa70cde68995725623ff78383ffcdd64eeb7622ddb0e331f1cc2335e52bb
SHA512 70839bb88366a6bc8ca58aad57c3f3e910fb799bc99f9e7f0402ff9ec521af725fcd9b664bd8c703a148460a3f9ceeebb84cee67226fd3add626972198e5ce66

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 8dfcfdcef5a9793fb83bda404ec3f42b
SHA1 dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b
SHA256 a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2
SHA512 e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 11326546df0578bdeb293cbe01bd2e0e
SHA1 2890e4c5e811d35bbc4964425c11245aaf522743
SHA256 85553e4e566ebf77c310a0476e27570d2271f8622dcafeb36ad5bf3fba89bb5e
SHA512 75fa372d6b4942cfd5f33d0c39d235ee012b082e2b303b19e9405398fe47b6eb2a0b4330f45e2929c02bd54bb661f4411a9f354c7bbb9ab1cc1919949b78e9d9

/data/user/0/edward.org/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/edward.org/app_webview/webview_data.lock

MD5 1179c02d2bec9626461bbf4fac33e4b0
SHA1 e919b2929dfef151c624d8c0fc3f2c5fa9d4b62e
SHA256 c6084752c36bcb651eb9fdc640109d2cb628e1a28a453f6755a39e2ec48e2ae9
SHA512 dc80edcc3aace38eea160ce27e3c424588f23c50937ffe6b17c0e5420c6ad44eb621fbd492da196c38ac2e8fae2ef6af9a8a0031aff4616461f303fbaea74790

/data/user/0/edward.org/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/edward.org/app_webview/Default/Web Data-journal

MD5 986df4cb1bae9c10dc73539ae36ae8bd
SHA1 945d47e6e4205851fc5328fd06d7c7528ebc82a7
SHA256 fedc5720e100b995ace18e4e31115cbace4349908a36ef5e339679355854f305
SHA512 db326c81844952e0f82e47eb2f6f65d4d5d8c853f62c3689f839d9213691dec392afc4261c21c49e752957cecfd3f4a246c7d0d83d67eacb6041db302cde28ce

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/edward.org/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/edward.org/app_webview/Default/GPUCache/index-dir/temp-index

MD5 2856a3ac2f6d4be7276074d9ddcecfbc
SHA1 30916f9242e3f8d630db7300d4bfb02404b592fe
SHA256 3e232d16169e32288219370fd00245d635211ba02d74db773da007f9625a273e
SHA512 81bdbd765c887a503cd3f8ae7622a3650224122c706017d3ac52923a47380af4032470b554a14bb855c0d34b3e3baee367a3d09957e461eec47e30c3fda75d17

/data/user/0/edward.org/app_webview/Default/Cookies

MD5 dfb2098ca7b3bf16d6f5f1e7d3839af5
SHA1 ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d
SHA256 e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224
SHA512 fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

/data/user/0/edward.org/app_webview/Default/Cookies-journal

MD5 78fee543d90aeaf9d3b8fa64e456a78c
SHA1 4567626a56bfa342a83b3796faac221373b6ae52
SHA256 0a1419ea5f26b3410438bbf92c5bb83a40038864c1bcbb1c19b24ca8a604ac1e
SHA512 de032d1767d7175f63c75b2cd8c482ee9ac2edfeeaca3b8a9944952754f1c506d78b38ccd0c2a281b3eeea79d296d819bc5e194d72f436f3be02de55d6cb4748

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 10b2086782c81fe8d427679f92b2923b
SHA1 97e2186422ce715ca2c3b7c79b86710256221f31
SHA256 2127c564e97b0f858f4def164f4e678b56bd68df53bf383b72e385813dfa9e47
SHA512 e57666a4ee09f2bb4e48904b445a1aebd007deb0d99d43f8fdba089d9fd7beb9e5d1700cb10c333e45f661ee8042cab0d3ae23bae84734fd2be0c8a06025a915

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 311fca4b4eb7f9ef2d3d1f24b51d127c
SHA1 743a7f322b3d25b9c163cab09e085628de736ad5
SHA256 51504268edb5ba65a89f9c1fa0e971532aea50853da7de472094efd5d0d5f0bb
SHA512 2e6527a1bedf545efc86629bc7e7ab9e18f390245e592a283e62011edfe9758ec1980b12b5bbeca2d16cf5c8a930ec38cc49f5c9e73022e9731f34079f17aa50

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/6be76ed7d482004e_0

MD5 0ea6fc7cdc00b6b82fbe6a7b8d6d491b
SHA1 075b0e49e3ad6fcf8fde72913e2d784d75401d4a
SHA256 ea7cf5d15edd54b5cb4ba10eaa387a0d2a31b41af213ae5657e57b3aceb4f493
SHA512 d9705ae1e7a6c417796ed1dfb9ab43cae4988b8d71a333d7249e25486a56b1b8eae2f71bb4037f8de6b2c856447e0e56abd9ec8d13e805f9d9061b774dc387f3

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/index-dir/temp-index

MD5 c96cab361be8510f04352f476d340709
SHA1 ecd338b94539b3f92cd3ecca6cd0487a9ca8011b
SHA256 20591d659806b1635456341b34e8d5dd000d266939ef7460eabda4b015db417e
SHA512 2dc84a057fb590e43b0e4662dc61b3f0d4eab114b8c911c4921bafe182010b9256940fe9057e092c3a6ef76b7df623643571760cf9c5b44c36300b718bfdc194

/data/user/0/edward.org/shared_prefs/com.google.android.gms.appid.xml

MD5 41f038e7034b0b8abdd842c3ce3ede9c
SHA1 d254ad0ce5eccb80ecb6ace269bd66e3c01912fb
SHA256 09980131c6c0e6d35d28506fdd12b2d7ac5ca2b3faeb49be7b6094c4022b1f28
SHA512 915fb01dbe63afe06a3339bd3df76931efec4afe4e76678db5cab585ee9581693c7dbcccfaefdee073cccbc6dce13798feedc154a279abb67b9f22303496449a

/data/user/0/edward.org/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/edward.org/shared_prefs/com.google.android.gms.appid.xml

MD5 3b7dc0c7cf3b4eec3568368d8f25a6e3
SHA1 baa8e0735f3221e7fd4af7059e8314d6bb788796
SHA256 fd8da26716a2855256fa3c2b6f79e4ef191eef23cd7248e90b67dcee018c5604
SHA512 cf1b408d6db01fda1c272bbf4579c2348ca052676ed3f6b467e37efa0baec7da66aed52af2211e381d2892114f48a434fed32bf267a61abea7dd85a099da85fa

/data/user/0/edward.org/cache/WebView/Crashpad/settings.dat

MD5 e5888bf33feabb2b437f952ea5325471
SHA1 5841059cfbef6c5db5539d8bdc0dc43a1a9fa94e
SHA256 a1545fe94cf286061b76d20fd7373d9f32d393784d838eeedd92b44db0a64850
SHA512 134c26f83576bc79e65a6c1e6350c49895b75b1f76553d7561ecd0bd924b8336362312c38d42c41b8fa41071239414fb7ed6349985908d1bdb03f17100074a88

/data/user/0/edward.org/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/edward.org/shared_prefs/com.google.android.gms.appid.xml

MD5 6a67a98f28bfaee57ff557f18a48f689
SHA1 607eb912e3af83b795683c95ae817567add1577f
SHA256 1ea548f7f5f8534d9efc578121034815eccc7f86a135272a9a1249124941489b
SHA512 66e2b4c499930f359680b5a6dd6d9e9c948a1fe654da14c0dad73e1d5bfd4c147f604d450b890243e93245f145e2cbc6854370785e0e05917136026c00ec7681

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 5a5f71996cc9b2d508d424aec928fd38
SHA1 a71b789fd317003a17bc4d02f190fbcc653ae267
SHA256 b47fa623a0d73d78eba19df74d1956df4de5e85dc78951350690c06d9b7c9a0e
SHA512 11c0040c6d18e93713f3ac4508f77d3a5319b79aad29ce6fe611eeb817e44e944bd0a3402cb6eba3f2600b4bc38cc09860967035c4999aad256fd9e1b0f8a286

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 fb100ea4d8f01a90a1274b0a4492f91f
SHA1 d2bd7f8c451b04f633a999d33d0d88e7e32ced2e
SHA256 397359ac86b52799c0d723beff2897453742f3be1d0b6f24f36a2ca24f101b5b
SHA512 3f062ea7e2be29c9f6ce3234c45244400de74c2eefb9d99388c68070fea6d1d5997f32c4e1162dcc9d08f348cfe527f294c4d1729087e7bb6305e2bcc909d076

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 592aa63d292af6caf713ddf916ef7929
SHA1 5eded8e6b7dba8db33dd4def2dc8a2886f89e75c
SHA256 4d62ab61ddc5d065d4b3ec4905e532d4b4ccbc1d09d33fb9d69c8fd2f29d4671
SHA512 be2caca51fc75b07ba6e6244aa21f3d2bcab55a30930eb34e66faf8c541f0469c823ecd30cf1d50a70d748355bc18e455cdcb0c1b5ad901d7116e928a4ecd483

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 efa148e1ed13a72f27420e11a3143be0
SHA1 804380c4b8088d8021ef3f64764bd1e152d30bd3
SHA256 edded1172ecfa7a0d68da49971027e3730529195b42cfb1d8c684282dfc42d4b
SHA512 1f40eaf4a1488dd1cf0f3e65431570abef8440430213d68e67796f5bdad841c2c80754ff8f1c684ca3b05042662fd30e1fa5cb51031cff07847ae483533f2bec

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 ad277ac4cacbc0f3d40aa53922e5290a
SHA1 37eeba775609e5e6d968453d0d26ec19aa833737
SHA256 53d7059b76d25f584de2cff7b3b6229ae2b300caaabff621df67f5109f8cb26c
SHA512 1f5aec1e6c9aa3f39616b0a8f222b5ee7aac7ebb8f0e273e697759a5c4268445a588742fa2c0b414d3fb2d108aeadfa6698da758b4187efca355dcccf54ecf87

/data/user/0/edward.org/app_webview/.com.google.Chrome.grcII8

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/cache/WebView/Default/HTTP Cache/index-dir/temp-index

MD5 5e2ff50167e51e745518a927a1718fb1
SHA1 60c59a948c701b4ba15b6cb457cf8c1a94a9f0cb
SHA256 c34a16b19928f5817718290f7858bc44d5e65e8629e8b178f35ef10915bc250e
SHA512 a602d145da19ba6841db917719caca5e8f46d729cb65cae841c1923f56cc7a43fe0bb394ee818572cf29c4194711bd8fe2828a6aa64f24824085a970cb11399c

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-20 22:42

Reported

2022-08-20 22:45

Platform

android-x86-arm-20220621-en

Max time network

179s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.195:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
US 1.1.1.1:853 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-20 22:42

Reported

2022-08-20 22:44

Platform

android-x64-20220621-en

Max time kernel

3178077s

Max time network

157s

Command Line

edward.org

Signatures

N/A

Processes

edward.org

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 172.217.168.234:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.251.36.34:443 tcp
NL 216.58.208.106:443 tcp
NL 172.217.168.234:443 tcp
NL 216.58.208.104:443 tcp
NL 142.251.36.3:443 tcp
NL 172.217.168.234:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/edward.org/no_backup/com.google.android.gms.appid-no-backup

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/files/generatefid.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/files/PersistedInstallation2786873524824211082tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 9008971adad5ae21a6eb2a327de95e60
SHA1 f0bae132997ef84710c0899ca9379ed1142ab9d9
SHA256 1f7cff6b4e44ace279f06871db8c7457707d5015e7efb6d74fa14328db0c4b7d
SHA512 f5a8dbc712d46983c7d1a44547fcf8988303da96aeaab960bc160212fe91823fe1fa8702d79c795ce41c3db7595c7d125080041ef32fd6dabff31acfa71a0759

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 e5ede8fbe2b66674d57aadcd37dc97c6
SHA1 5143097d31f6d58e08310fd19bd620409f6f311d
SHA256 bd212986eb230c6f562f314c57c1cf9b184ff0e8d81b48c9040ae89cf4c0c085
SHA512 31e5c09232f4890502fdbe122796d0ad21e7795deac10466384a375a31d356c7057b8c8b12ab46d7e15eee65379467d86c5999507ae7527e3431b27be38d2948

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 250b4caeba60ddf53228405750ba66ca
SHA1 422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA256 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

/data/user/0/edward.org/files/PersistedInstallation387105598849967569tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml

MD5 4769d1db73a6329c21e1bf2f97e41f2a
SHA1 fec2867b4111dee9bd804727b3f3ec1016d382a8
SHA256 f8d764715044978cced79cfda21109ba41544c9ebd1a9afe4e2323544c384b5b
SHA512 5ead763635b7dd09af901950a24e31267e7ba7604b575861215df8f2ea77381ce12ed7eb313374b4fdde1f3414ac1948c81a232dc6301f8017c705db62018dba

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 63fa48ddf657e297dd5c9abfaf3e5cfd
SHA1 f296207ed0166bdb2bd575c89d789e0db610233c
SHA256 cd8624cc0d5ab709171dade2a102d57f8a5fcbfa36a6cbbfa1dd16387bdd7b18
SHA512 e992dd540a190ad0e4bcf0257a371d567e1b7dc24a9316fcd016244a162c553ab2c4363d7c34c077c75b8c70eabe57c27817b1fbbd3e0205ecbe285c0f9b13e5

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 7bd7e08b7c157fb7a04f9701b6965b65
SHA1 19ed78cffffd879509071b091ba60776c18e8d97
SHA256 c3aa0e8a52b6dcae0f988502bb3887f94c13148a8f36c3fcf5036c7c99afbdbc
SHA512 a668c141cd4d48396e9d67e79ec1036a8ad4498293e0f16d108e8c4d842f76714f561bbe440a3a5dbcfb6b7ade257ffed7fa07c56566c8ea938589c61943d4cb

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 82dd7e7c2fc40d61071719904f898ad8
SHA1 9775d9f06cab0669890e7c9c81f3509d10a9174c
SHA256 1f9b8526958bffccd9d5310543ef33459478cb2ccaec604717ef8e48829a8df5
SHA512 3f0a187cf79bc21065af9af61ab9ac9d9e1d87afa0cd81ad60671f3b05add0a2baa9f168dc27ce682b8a6e147dada15565af8599a3d520d33a8b21d34290ea5c

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 74467ed370cc36fd1db5acec06b0fcae
SHA1 ecc494e589e26458256e91803ec91c593f58c672
SHA256 890c280b7e0789808e2524fd949bf90a452f2ee07dae699f7c6857fd6581df6b
SHA512 40026f94cfa05c058b9f9cc957ebfed8e96926e386441f4e44bdcdf2995a7fe8f1738c9b99486df8f05854bf7809aa47bae7810b2e7d840cd5411d28750d42a0

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 61a9255656667e3c26dc3107b29019ab
SHA1 7dbc0f7f761082b40170c164e00d7a5682c649f0
SHA256 8375498b515e60d87558ac63103bb237a7fca48c29ebde29b9a97f6cb5a3177e
SHA512 92d9b8f2c56e642910b668cce239df1e87fb53390142e6cf06e28e5dd07032323811495139fe92a3e551b00621f1fe76592eccb3e3e991d3502b7916f9db9cbb

/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml

MD5 09b9be3010525abe9014e923ded2d8f6
SHA1 747aa44d4b4b8ab3b4ba27518a4f89eb26897b22
SHA256 0ec6cde9231344883e842c844d999a48b08f96b6b32a25630fc63c4f4b215839
SHA512 6c5f1627781d3073f4b2d87038c929c543ba6941bcd9c640a4f1609976c000284709d928f91c1fc8b3ec7459f5dcdaa865c82514e97be51c138ce757d49d3636