Malware Analysis Report

2024-10-19 13:03

Sample ID 230327-l3abjacg95
Target YouTube_obf.apk
SHA256 e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f
Tags
hook infostealer ransomware rat trojan banker evasion stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f

Threat Level: Known bad

The file YouTube_obf.apk was found to be: Known bad.

Malicious Activity Summary

hook infostealer ransomware rat trojan banker evasion stealth

Hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Acquires the wake lock.

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-27 10:02

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-27 10:02

Reported

2023-03-27 10:05

Platform

android-x64-20220823-en

Max time kernel

579321s

Max time network

165s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

Network

Country Destination Domain Proto
DE 164.90.178.90:80 tcp
DE 164.90.178.90:80 tcp
DE 164.90.178.90:80 tcp
N/A 224.0.0.251:5353 udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
DE 164.90.178.90:80 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
DE 164.90.178.90:80 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
NL 142.251.36.46:443 android.apis.google.com tcp
NL 142.251.36.46:443 android.apis.google.com tcp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
NL 142.251.39.100:443 tcp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 2993847ad41746b44ee27567405ac528
SHA1 40c28d39f4091ea6468bf48f5de32499f6f391ed
SHA256 4b6f8aa40ce3f4203817c150019d72b7e614abb7d39d0d1bd6b7d8c9704cf3d5
SHA512 1457b7328368316882cc5bd64ccad7613ca7a77e05903505b5d9a46489ff5611642f093de64eb783a523afe657a3760f6af507af1c0ea510df2b85b461bbd248

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 8f01d56a76a33e4df9e6fb9b9fdb6a6c
SHA1 53d9bb18e6510e4e2b68027663390d065dcddbee
SHA256 6cccb40f5ae2f87bfa59dadea0ab1e466358a42a0a16ca7afb068b77b8059f22
SHA512 eb4d8842aa4db99acc99cabc1ff78ec9be92094f99b74dc6e7050a0d9f63d2623374cb8a6b75080cc0f36c26b400e7276c3c8b12359c5cd1298cf2bdda653c18

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 04644646aba044e574f1bbfe41d76277
SHA1 41f009ebf2d53172d682a74de5bfb96109713914
SHA256 11c247e0d407633b4b21430b138005b7d4d521b16e862fe6599713081774a53c
SHA512 fe5a1e36d29d30c2101fa3f741b098016a3e138f35b7e57589fdbf53422fa7ca0c7cda04c607cf2572bedbf5a9a1c1ec7db57abfda561194b0383caee6ab6e38

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data-journal

MD5 09af47f97a5f187286487bb0780f3e07
SHA1 818b54016a89cc70d9275579706843dc4c4f1bc5
SHA256 884af167eefe0d89b951c910d1da9b5802b913431561ce91209d069a1b37f4bd
SHA512 512f707ac0c7964ca23d569882b65d0566a7eb159644aa13252404dbb65e454f7aaa9810b7699d65f51bf1b59d1d6e085f518fa9947a239f520035be9706ef92

/data/user/0/com.cinecaluxozixu.benama/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 7cd7e78ae395a8d062f409e8d37418ca
SHA1 c9eb868e83abb2f08c90dfc0632c246799b1a87e
SHA256 5156b4f60c2ecf8248aed7eeebaf6858200b0fdc938e23bf0d5cc55dcb62ed33
SHA512 2b7fa98a9cd519adce59a199e1c9721201689f96dbed71136bca2f0752fdfcc82f7b32074f3692886aa8e07fd5836896a008f06d6600f773cb3cc07bcce0b250

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 de2611e3358f8fe21fdb1cfed716863a
SHA1 c4f6d200336cd22e3a071bddc101f59e9c60339d
SHA256 fa60fdf5fc6c10658a316438babf2e34950c6ab1fa075adc1b5c612388e49ecb
SHA512 82a8a59b83e65bec3bc590d2a77f6df651693d20727c3adeaf4d8ccfc922b12f92d6b502126c351c0dbb0ead542ba7477216b7e7429cde2696aeb6c1c14cdee9

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Crashpad/settings.dat

MD5 d7b9756887afaa33c788d4f8d5227b75
SHA1 d78d04ac5bf13a6dd7183c1937303fa352873467
SHA256 be8667f995402b9f0a97a8a23e2df1244a2cd463e934a9d8de43f187c761ce3f
SHA512 197900c63d4dbdadf1ab17aa77f8c51c72c4f6707d5beb52617c248e8788a75958423d2d17be9e5700a2b36b07039e0861ae5db17fcf47ce059f098a0ee536ee

/data/user/0/com.cinecaluxozixu.benama/app_webview/.com.google.Chrome.5Id78C

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-03-27 10:02

Reported

2023-03-27 10:05

Platform

android-x64-arm64-20220823-en

Max time kernel

579323s

Max time network

161s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 kkvdcamdxhufjzu udp
US 1.1.1.1:53 hjfnhspxepo udp
US 1.1.1.1:53 wzdkdpubcdmaqb udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 172.217.168.205:443 accounts.google.com tcp
US 1.1.1.1:53 kkvdcamdxhufjzu udp
US 1.1.1.1:53 wzdkdpubcdmaqb udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.250.179.131:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.238:443 android.apis.google.com tcp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 f5fd70fdb72df97dce5a1c66de4e6333
SHA1 01d1c42d97ee595d52635e1ec59674f46d2bf9fc
SHA256 7549ae39ac8a851eef65b8743d4bbf4a525f5187f2e0736a65847d693710fb89
SHA512 85ede6ca3c103e293d13e9fa1ff06668c1ca1f9de5feb55ea4c75d74c4188dbc052edf93d13ceca5c961e714f44ba54f537d2036400c5d067d34595c570e72bb

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 d83431cecae6579b8191b7a7d2e22d01
SHA1 0967163736c94c25715fc8eb35ef52c1b73d50ff
SHA256 57714a50665ccd8d5a177c1de78a8d8ec0ddd159b7f600612bd1d62778439754
SHA512 f3ee8dca26d5bff86e9b420a4e147cafffbc060007e4fc0c24f9848e7fdcaa1dc061fa8086fd14084531a023bafa0897774713f748c16de50f9101c711cb0e7e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 1af650ff37cd121108177d923647ded7
SHA1 94c4c933b66fcb5978641ab854f8f933a60a8a9b
SHA256 b96b63b6499db1ebae1447a454de7b63d4c90f527bd681a62b83b2ed0cdd740c
SHA512 463a5ddb47138ef14cc6237b40d4472d72154f3a852c4a0d055bbc37a3137aabd04d69fbc8e275be128c0e7f12df78e2254a574f2a8fbb869eb74e92732ac9bd

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Web Data-journal

MD5 752b93d330847291fa5e2a273fa416a8
SHA1 d866de552345fad18d2a620e21a4ab77cba57381
SHA256 0f47e3063781526aa25661c01f47d9db36ade0facf3d177e2eb970994748a912
SHA512 4e467b7be5b3afad4249f2e27a9d07b8f3a47774cabce886cb57e1d4011d84a75c4d6c820adad4808c34bf02dda244bf9fe9ce89028ce7d41e46ad993e8a9914

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/GPUCache/index-dir/temp-index

MD5 175d164a556e396d69db698f60a1c8bf
SHA1 1a87d0b7bfa9a6f3dff054c88b819e0c2886ce04
SHA256 46f1f69253563bb42cdca58fb29e2ca68b0d65283c281c7f3c9cb553be8b93f9
SHA512 3cba2b03bc08bcf5ced4e5cb73944543c6d6fd3449f1c11ae0db3f9f5f8bde5e90b7e6a922c96bc8f0ff168d806c21fd2d61a05961ee058d1ae75f57ac07832d

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 6322d6b2b1c89be51ac6e703cdbdb326
SHA1 b9bf569c3e7319dabfee71922432b1d3c624bcde
SHA256 cdf1d932dd3ada3a69908de142ab7fc4afc78f431bc994233128b6711e1d1b32
SHA512 a365cade67bc99761219c718714ee40f61b0676ad65970738fc870868d6104a6074b24bc7c1f59b0cccaaf2bfbdf1f2dbe20e5994dad5f00058fa18ec665c4ca

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 e90af16c40465fcdd9351c4ffd0bc5c6
SHA1 ba556fe9f666722c11c01ab097af762888792415
SHA256 6a87e088e01ad7001ce02f75f798534a2d8cb39e7ae86cf1a7475c5dcdac0d6c
SHA512 5934a6a5af580b441a9955cabe498551e0e457220ce3d068ae16052da022d172e18dde02e17f805d84752df083fe268398d9073c0892661ffb8c156f82ff4625

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Crashpad/settings.dat

MD5 c1684e6adaf9c4120e6d17760f8304fa
SHA1 7757ed2408f1e6abd7742e31dc6dc29051c41166
SHA256 1efd3512e6e11f1d36999c07ac835d7b4413defd0840ce600dd96f1ed1eb08fa
SHA512 20c9611f05f2e24045456198df5adf38e12953b64da7fdf7731715637aaf7f4f5e46808874bd02cf04ec5d922f6848c28b4108ca0e598da29bc662058f395a08

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/LOG

MD5 17de0f6e029101e5b6b5dcd8620925ba
SHA1 8d6245e33b46ce45dd9d4dea52a13209c3cb3ac2
SHA256 c3f2800d60e6c6fcd14922e09bd7cc67fe6e2f72857a5ede65be6f6d562e50f7
SHA512 691b36747d3b1a7a4e9ac1ad633367dac8c1eb0a9b468568ba95286b12595c7c53df7d7ea8e975054babbe09cfabd73c48a28270dcef492f5234c99bfaaed82f

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.cinecaluxozixu.benama/app_webview/.com.google.Chrome.TMfREb

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-27 10:02

Reported

2023-03-27 10:05

Platform

android-x86-arm-20220823-en

Max time kernel

579321s

Max time network

158s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 2f014c008012e9eb8c1d2ad8cd3bc0cc
SHA1 b131858e915215e3d0f9c8c0a863b74289f1b9ac
SHA256 5d47e9802a60d0c0f374be499c0a6c4e52cda4b21cf202f0c5cfeb962ae3ead2
SHA512 8e4928abbd70451e9fd7bf8027abc93c0c0ad23d0eef1cc728e8c36c30c5d8288580821583e887cac0d5f79316bbf2fd5645c4079480362996ddbe34405ad7ae

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 696c30746a979a06139220da83642272
SHA1 0a30398c214df317b9be7b0d76df5654999a5b7b
SHA256 a23857fbd0ce016bd74ea87d6899695dc312ac4c796cca0726effe23ef7a75f5
SHA512 c9a31d30ae900e422b7df6e90a7ee4541672663d743113037607bb83eab151e6fbdcc2d9f85028286144ec54797cac19bb8ed96fb19281996875b975f953a32d

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 5c2dc0644758c5dd1b700fa94b6493fb
SHA1 0508d4245306921fc5a3a89f53c30a3c675d37d2
SHA256 65c1c49e6f8b2b40c91bde4a2281dec190d596c3dc8f6be06debe1dfd4757fe9
SHA512 570f07e5723b6779851fb9d9c3728486796803731469e2c0c2335a74106dd77f30dbaa01e00a29e6173255494fbbc6b6faa8ed481cfe9c29bb5f66c14fd1e7cd

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 7defc30bbb075163bec34906d17da98d
SHA1 a66485d09c5137bfcf73c542eb68da0bb851334b
SHA256 4fdae3a3449f630616f58a01c3c7fa552d4a969d5d8fd013fd9577e66bfbc4cd
SHA512 224853b4c2f12b2ca967b7a4b1a40c0768e59cf9396e10631bcd6f1f2aa71c7c706b8e7eecf61d2dd10eba54199cb2c6fdaa760ee6c9d1654378cc8027a9b5f8

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data-journal

MD5 a0e6c409938cb40d34e41b5f280ad180
SHA1 f2495dff19a234ed247405db5759d39207c38e32
SHA256 255b0cf2df83147add9abbe168b0f474d3ef297458e3e4a65e2e2d263bc9701d
SHA512 ec881c599bfda2d5237620e91f7b496f887b9585434f92c28102c092d67454d8ddc39059afd6d164d623d9f4263a0455e356270f007334ad39ba599edd044859

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 cd3efb03f0aa03286d35a483abea130e
SHA1 a540f3be195fb4fcbbad68fe9ca2d8c5c4b8f9f5
SHA256 5de1aee754c2e17c4cafdd7d1e17e28c844b86582fe2ab99207dd7478f1b7404
SHA512 2c5f59c1e957692c3650d198807748a29c0d48da99a7cf1de330bee621bd8312a3e20716d36b7686e62c351073e23544c3c911eea465f4995df63ae66ec8ea72

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 d9630d966230caaa1613db5f6f7058d2
SHA1 a5cf66b142cf70143824127056b756069e581165
SHA256 c4f8dbc0f2575dddb1abcd5cd477a869bdee3efd453119244426124fc6edccf8
SHA512 199615764f2f88d91fd4fc4551cfb9df5e6dc1df1652b3dd9a1a21175aa759e8c69e91c2b98c424ef60695aecf271af256f468a3bf300ae474822e9475628aaa