Malware Analysis Report

2024-10-19 13:02

Sample ID 230329-alflfafg2s
Target YouTube_obf.apk
SHA256 e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f
Tags
hook banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f

Threat Level: Known bad

The file YouTube_obf.apk was found to be: Known bad.

Malicious Activity Summary

hook banker evasion infostealer ransomware rat trojan

Hook

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-29 00:17

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-29 00:17

Reported

2023-03-29 00:38

Platform

android-x86-arm-20220823-en

Max time kernel

718084s

Max time network

1200s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.251.36.35:80 tcp
NL 172.217.168.228:443 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/x86/ODNGfSF.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 2f014c008012e9eb8c1d2ad8cd3bc0cc
SHA1 b131858e915215e3d0f9c8c0a863b74289f1b9ac
SHA256 5d47e9802a60d0c0f374be499c0a6c4e52cda4b21cf202f0c5cfeb962ae3ead2
SHA512 8e4928abbd70451e9fd7bf8027abc93c0c0ad23d0eef1cc728e8c36c30c5d8288580821583e887cac0d5f79316bbf2fd5645c4079480362996ddbe34405ad7ae

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 2efd5f91d1b414e3e0b4986f5980b1e9
SHA1 753a4c84217c980948222858274ae0e36fc275d9
SHA256 c7c8a161515742857d2abd5ea653549f5b024c5b43ec792d1be873089e17d4ee
SHA512 4023ef970b5802c2daedfb47458ae1c111fbcc34d7d440560377727e3f38ba5bbe356bcca8ad1d5fc61323b1ba55e8e55e7532837c2e253eb9ce1103446780cf

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 87288cbcc0b491bc0d980519b69dafbf
SHA1 06871dbffec53d4e551914c23428b66bad24d128
SHA256 4e84f87821e39363bbd0ecde3faaf855a4be09450a4c62ab1a16ee494c8da9a5
SHA512 8b226909d5c9fbde52fc7118fd396659361baa962ce89670441d824576bf7cd306f6f3b321ed723cd450da208b26703a619c9be7191cf562b05204c04e8465bb

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 9f3f5e4aaf49f96672cebcb479649f7a
SHA1 5a51cfbc53cc3e086416b52512aa1623ab39cbbd
SHA256 87d5d137cf4d3cf534fa6ad2ec6ff7d178e1f8d643752311538e1a46c5e44c85
SHA512 2750ca5c68805c6ec55f59488a05c49b0b433633b5f3a81d7490a38cf10503d3c318e8da292a3f4df5d7d6783526829601011f8a2306074d7183b307c502e1f3

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data-journal

MD5 6624c4ad2a113476f7ea14260a724f8f
SHA1 391f8458c48b99f45635a9d9cce3d945a086d91e
SHA256 d910e7d1cb0f4bbb03046f76aa2deba48fb20d5f46106f2cded66d45397775d6
SHA512 8f9351394ced6ddcf1cf8ed094a9409416be79eda486ad8d8725d1bf4aa3a7774cfeeafb0f30980416c8cb361ac6f204774bb1c20790e19500dcbe40f510626d

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 2d1cf9829b8c210c3204692dbe323d42
SHA1 9477b74c52f80715e433c733fd755050d2a7b610
SHA256 6aefae08c14ac3f45bacb072ef6689e0097bba0f0921eb6c13a82d9d32d47897
SHA512 25bee513eeaea04f0ad180d8b4738226283c32b291a6b297c388f90de71c15df72656af8c4460063a6da4e0c526bbc0aad38b7a6a3ffa4b0944b5a39ce3bbacf

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 b819eb3804f436baec4a8f2efeb71696
SHA1 83ddce7fa7ac3ddefc165540206a2a8ef44d50db
SHA256 efa116113121e6961281d1e9709113900d19310177ece4d7e2eb3bb43885542d
SHA512 4095e7fc303d5a32f6171b19b2b3df0954d091a20a78e14cea37188fa3989d04c97546d9a1a177299e995b0983197264132665c0f8a36456abecfb201deef262

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-29 00:17

Reported

2023-03-29 00:38

Platform

android-x64-20220823-en

Max time kernel

718104s

Max time network

1223s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 4aa1ff0f1ba4e32d9e552110e44c4262
SHA1 cf9d6d99f5efcc17465baa743c8b82263db7a5be
SHA256 de07b45830f1d67462938a3391fb56dbdd13c410e746fdf6d9bee9d2c37798fc
SHA512 a89a544b539a19b1e49954570086ccd1f9252fb502d39f866cde4e02e2f0d351cbd026dce8eecbed3b56c1f84a7c6613dee77ef02e58d40f53de5fe5ff0f33ca

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 2e18914c5ae7ab3d5513db5155c6d168
SHA1 ec7b3fb69c078a783c82a505e21e73cc3615f308
SHA256 ee3400d62b8bfc4d8bb4eef5b4b19ab56b3a94cde3c2f575c843376f7c9f9efd
SHA512 a0d3897f4b9dc1e73baaa82544b7398c3555397085043a83d84ee1d97633500fb94391b914bad25e43c6b3ece2406db889a2ff463de76710b34a6011bdef659c

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/metrics_guid

MD5 0f92db4e1c22902b370eb655be909952
SHA1 769754257a65c92260025e0a543c1ff813b6e255
SHA256 ffab977ec512527d471789d532e99a962aa55f3111e79279cdee8568f76f662f
SHA512 afa8d65d816466d8fc6c4fa63e61fef8dbee73c0cb50da61ebd66d5e04079d17c0fc3e76d9d1020da637ec5b9c272bfb8c262d0003b79041d245da7efab64248

/data/user/0/com.cinecaluxozixu.benama/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.cinecaluxozixu.benama/app_webview/Web Data-journal

MD5 c685a780b40e04c82373e30c12bf3ad2
SHA1 ed13ff8b2ab624a6d7e1f51812abda813fc2f591
SHA256 0b765f12ed70d8791cf8a8a5c06d12e66059fa45fd503a5e0d271cee353eb9f9
SHA512 6c4e611b0a5892c35352037b2d09dbc026dccbcaf40a0c49d0e38d181935a7d6e16d8b23cde90b13d495bebb6b2c74f5add9a155c778d1398ec43eefed0f13d7

/data/user/0/com.cinecaluxozixu.benama/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 82f9a607ae17ceebc1b28de5df6b5808
SHA1 47189a3ab9df880dfbf9f8cb17869b6679b6bccb
SHA256 0a00b679c80427fa8322e8532c38ff969807ee57a54c2237aa804e9ea796365d
SHA512 f1fd25db137aa4cd94b81478993c5b553dc4a75ab9f548735b5d31eea48072511fc925e70592d746cfd097eb875d697a710283a4d08e296cae05f4f3601b154a

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/GPUCache/index-dir/temp-index

MD5 88196c6410e446c49e5877edf851908f
SHA1 8c96bb3ed418094b0a6260f0a8d90226595bfc16
SHA256 86845af2586cd74467379b28dee1dfa049f000415f81b7020cc1d13d204d596a
SHA512 84fe57810a9500a51e2c118c54be9a7a11ed30548fd1c4411ffe874b23dea6382c426c387eb95d812cc69851ba1b9f58d4f4da2124a03e1648b4914b83f66ed5

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Crashpad/settings.dat

MD5 2d5e5d4a117f80af6629f46889df0590
SHA1 52aa75757d3dbf93b88839fe66cfaf83532c0a7f
SHA256 90832a017fdfa48c9ffe71278c1845d22e4b99f1db11269d4778b75c5bc9d872
SHA512 d6fb06d29af6f5a0861ad989fa846cb9d0e0a517d3341e19fb4340fc03bfea0ca4bc959f4eb95df62c35cd6c6114b96c60bbfe95ef0c781267e5d9f11d56cd84

/data/user/0/com.cinecaluxozixu.benama/app_webview/.com.google.Chrome.ABjlym

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-03-29 00:17

Reported

2023-03-29 00:40

Platform

android-x64-arm64-20220823-en

Max time kernel

718229s

Max time network

1229s

Command Line

com.cinecaluxozixu.benama

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.cinecaluxozixu.benama

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
RU 176.100.42.11:3434 176.100.42.11 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.36.13:443 accounts.google.com tcp
US 1.1.1.1:53 yrzdbjtaemnw udp
US 1.1.1.1:53 avkhvfbdgu udp
US 1.1.1.1:53 bwbycrrfxmpoxwn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp

Files

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 6d5e9bcdab546a41a32dc134a0ca23e1
SHA1 272c6afdaebbf7a6bb78f42f659d5806b30a6907
SHA256 1a80d8632f0dc7d62711f32af196dd4ed98654453bc261288dc52c164f086071
SHA512 54d31460ce8dd7b0616000bbb6ecbcd49860583b08578af5023bbbdf91705de04cd51ee7d919eaf56b40b6acac0f30df05921c5254dbdbfb1e5ec68c42c17ac3

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/ODNGfSF.json

MD5 089544070959213580514e7b1587508e
SHA1 2e65d6a4b733fac241243dcbb3f45924358fa263
SHA256 204e9b3006016eae2c3b6323483c02515a158e722bf205571ec576e25d52b4e4
SHA512 f398f8ebcdfd628ca78fd17d74c9b72932987d81a94d2db8aceea692e274f6a9b7df751ff73b69526e87f6e379f1f412235ecdd8c72de7d51b3e44e8ec8192f0

/data/user/0/com.cinecaluxozixu.benama/app_DynamicOptDex/oat/ODNGfSF.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-journal

MD5 bc8af5dc32afb77a22e54bca775ce1be
SHA1 f55795360a41a912742e24e1f55c6d7f6e83d021
SHA256 d606bc378d85eb83fe0b72dbf0c325bd470f9b180361e8cc6625cc4365e312d3
SHA512 5a626cecfef68b0e2800aae35bb261012522f9111b1de06570a57a677582f5551044257f247bc359b8329ad26c32e68617e7383137351fb873f159db070bceca

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-wal

MD5 674671f7e1aac2970e3a65c49edd5e7f
SHA1 6fae07e41f5d6fed156fbc1e33617139d9e3f316
SHA256 deb5afba1782ba29639bd5c887c0b6efa087f3eaf4372b6c0e47bc9f6742a9d1
SHA512 3da5b79dfb0b93459647a04b8877a3c7f42da96d6233484cf317c803213d6040c92e51309d84b3e90631ceb03783dbefa03393131826a96bc48b3a5da079c2bb

/data/user/0/com.cinecaluxozixu.benama/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/settings.xml

MD5 7ceae0a9d45f1c82277d4a61b25e06fd
SHA1 d50d12087085a2a4022ab438544ff5cb21b877d9
SHA256 546f08d3ef03531c006fbe4271232b5d3056da72465664a8363bb1411fa1e147
SHA512 043b7f77726684a39dd67340a2e1e2cbc3fe101acf088d8acc0220e7a1d4cdef48232cd613c59057c7ed717a631a0e09766995c2f8f755887a53c411b2fa2800

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.cinecaluxozixu.benama/app_webview/webview_data.lock

MD5 9f9102555223db1d24b77df0e3649013
SHA1 17c51c13888d99b4c58f05dcf4911bcea4a640d0
SHA256 1300bf584c1db74844357c6808a1143a5fac815e5df35842e1432b7c33b77fa2
SHA512 032f8be727dff917f0122f01b756803d278f40504e64e523ef70d128b6e756068f1c4df245bd464dc687e7290683230375b71b14612f0c172fe01c28385c7aa8

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Web Data-journal

MD5 4ea65a361d8050c220eb68af314bb414
SHA1 7fc952ab87f36a08ac1c687c29a67c1a06763e47
SHA256 f3cb0ae6d8d27075de7812ba72ffb7fde08c0819ebe4572e6746fc2d8f520ee4
SHA512 7153d2fa41346e267fea0785a6ed95ca8918146866c539967dd953d7c0c40e5663c2f0ad1bd13e414a164e84fd1e7dce070d4afd613d1a77678bec7be7142fe5

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/GPUCache/index-dir/temp-index

MD5 2fda75c7e55bf9c98ffbc136740def9a
SHA1 7b2c63731fb1c5f823ef7f741c0c1461968dd231
SHA256 7225d9a3011714ea4a1b40a418b1fb95b075d1a3c091a9e04f1ee2d78e6290a9
SHA512 25e5118a0516b6fe8bc673c085861959e1073874aad1c7fefe451fe1d5caad643204a351116149ed2e2cb0221f09f2b52b758a945102eccbfde955377b744a1d

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 d092aa27393a0edc7092840aaf11fd42
SHA1 7eeb7c7988862581db09c26c75a62e6dbeba8a9c
SHA256 7be19e48a9ca9d424f0d5afe75badafcc06baac4d83e84e139f8b51592efb7e4
SHA512 4c0ddd11f59301377dedbc8b088ffc3e598a129705bb34dab1cd252554e7558e89213b14d50d72fd57de903fd550b987e7c0963d5ab16831b09cfa0f00e54b49

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 d092aa27393a0edc7092840aaf11fd42
SHA1 7eeb7c7988862581db09c26c75a62e6dbeba8a9c
SHA256 7be19e48a9ca9d424f0d5afe75badafcc06baac4d83e84e139f8b51592efb7e4
SHA512 4c0ddd11f59301377dedbc8b088ffc3e598a129705bb34dab1cd252554e7558e89213b14d50d72fd57de903fd550b987e7c0963d5ab16831b09cfa0f00e54b49

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/Crashpad/settings.dat

MD5 6b2db0d08d4edd685c59651688a07f81
SHA1 e20098e486e32615cce9ae3facab6b44abb7f7c9
SHA256 7bf1f3063062d60566d1c99d1b2e13d4d5ff66b6d8da4dc4e35065ca27c09d3b
SHA512 3aab2f156fc0c5c7263c482a316b07d9ad80f94b80e8ec394dd11692f326850203e58d31bf3c6524a2c87e7f0ebce773115130511ed68065a8f1af004c33d797

/data/user/0/com.cinecaluxozixu.benama/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/LOG

MD5 b394054bc76a7f875b0119df3493d922
SHA1 4917f6e2338582985305947a87d6765eaf7ef37f
SHA256 b510edfca4945c25cfc17b3639533a92bf2d85d18c32d9b01e2cf41ea09c164c
SHA512 4909cd39066bc1d1fb237ecf83aba67b8747de1e7e2fa30b2965cc583757b3658f123e00ca2f8dd491ed42ce2c6d79fe9899ebc49ee9fa8e632cac617ed03217

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.cinecaluxozixu.benama/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.cinecaluxozixu.benama/app_webview/.com.google.Chrome.a3wM6F

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e