Malware Analysis Report

2024-10-19 13:03

Sample ID 230412-rtwfased2x
Target a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74
SHA256 a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74
Tags
ermac hook banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74

Threat Level: Known bad

The file a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74 was found to be: Known bad.

Malicious Activity Summary

ermac hook banker evasion infostealer ransomware rat trojan

Ermac

Hook

Ermac2 payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-12 14:29

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-12 14:29

Reported

2023-04-12 14:32

Platform

android-x64-arm64-20220823-en

Max time kernel

1977729s

Max time network

161s

Command Line

com.waciniyehiruna.razo

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.waciniyehiruna.razo

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 172.217.168.234:443 growth-pa.googleapis.com tcp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.200:443 ssl.google-analytics.com tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 216.58.214.13:443 accounts.google.com tcp
US 1.1.1.1:53 nshnycxzu udp
US 1.1.1.1:53 mttuuyrzwtneesi udp
US 1.1.1.1:53 dpujtaxzy udp
US 1.1.1.1:53 nshnycxzu udp
US 1.1.1.1:53 mttuuyrzwtneesi udp
US 1.1.1.1:53 dpujtaxzy udp
RU 91.215.85.23:3434 91.215.85.23 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp

Files

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 ddb935b4cb89568b1126dbc47a099efd
SHA1 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f
SHA256 c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27
SHA512 c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 b94fd56ee56fe358ac6b2f7e581aacf8
SHA1 4dab3e1bda0d164214245422cb05d5283e9b0566
SHA256 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314
SHA512 a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal

MD5 3cf8c6a56f9e036775dcad24ec48a175
SHA1 a9a455055ee430bc3c0e9a4d551b421fdbe2ad9b
SHA256 262a50c82d33bf14e87be1620ecaefb25672668784925c6f913a4eeca10910a9
SHA512 cef4f4beccabce053c21d28c24eb769cf3286e195cb5b81534f0062c3505e5a3b3360611f2f6d7ed695713e2eabf042e4d08eaf2e1bd420cb4b6216336345241

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal

MD5 00bef0717b29daa0f5850842dc48c3de
SHA1 e72bb84a120488471cca1e536b4da743aafe1659
SHA256 c919e7b73c07c1b3970e0f61d21a4a8095e2c5f243ebf922f28ab8669708e4ff
SHA512 c6380cf1b40722f74c40aa90197162f04866d64885c2c853b0d1764caebad6a972ee99474f701209ca4bb3ed389e3149a31220447615cfa40790f8198a16b00a

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml

MD5 65725641cce557eafbb5ef060ee1dafe
SHA1 fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b
SHA256 db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760
SHA512 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock

MD5 b27c4e81601f3b3a8fcdaf4dc38a908c
SHA1 1be4415b097cb070fca415356e96694cd9a7744b
SHA256 d7b00e9779aec3ad55d5050e374d72948fff060b28c4268fa76b06d8e8489d86
SHA512 e3d056710d30807af0b9cb12d09d1e32ac8115af01f01f45c282c218a8cbd25519960556b8511655e9fe4805104e5b70013fe0f6403cb25282c00594ffe0b3d1

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Web Data-journal

MD5 5942ab17e66214b231f7e0a5f26308bb
SHA1 d8c1ff9dd85677363dba5747fc264c829a22ccb3
SHA256 7cf35ef8e3f4b61d15d2db56d73a302d62a63bd9ca9564f9fec7bae48b007abc
SHA512 338ba71bcfa63f33b4904da6175297f9b2bb6fc95d9ecb600b5959f3442813fb0099980cf20872b712d3067bfd7dab3e9a21f1a14381aa076301a66d059ba970

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/GPUCache/index-dir/temp-index

MD5 f2276fd81c1e48745e79c2b02b8e73a8
SHA1 73df5600beef208e16c2bf11bbb058fc9b381407
SHA256 7315b5584b4659d855e2f3681d9bccf8027fef3cafa49efc4fd112b8429f283a
SHA512 89b25e3abe14c016d18bc406fded933894135d4cf3772a07aee77b1e4262b50d8d927a8916831eaac7678ee0e813c8fd54c63a0d4a6f4767f15af63baa4e6e15

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 1a4626334c8dcf2e1b1809edf45d2578
SHA1 22fdccbcad37860fdf6f3e66fec70668c1f16702
SHA256 0ac8e486a5320a9f56bd95a3a5cd1de35ac4245b5b0a6d3611523a8ee7eac062
SHA512 c437ab613f19930725a6d887bf2e8d039151ae1087aeec5faf69795f3d4208510f917274c97857edd5ccac04333860ee8c005e73b9ed2c7fa5fd0d7af5415543

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 ac5cc01acb2c10f6714b25a1f132ea77
SHA1 3eed94cac099c7e027d7d9c074568573a53ff5cb
SHA256 8cd537342b81c7d0994746e9d5f91410bf520f872a7d6e41215b8cb79883eb77
SHA512 adcea2051a380b54b29d4eb8f0534f2a12f901b825d13682add296eefc0c6fa466b6cfda0f3d073a1534550137e540de89d3519a803a88ebec087c3e4378498b

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Crashpad/settings.dat

MD5 bc21d68add8ca7a96893afbea0dee01f
SHA1 2e84e6372e6d00513af90d9ca1eab9173a1b5172
SHA256 2081273f6946cd85e1da7b11a9baa4cc63e4085efcdde51efb3455bcbeeb44ba
SHA512 59ff30302abb08dda6d90c6cd684ecaef320e3ec0ac24d488308f018697ec361fe8d31cd19096605eeb8f010905b2ec31f17dcc7a711208a910923b81042fc6e

/data/user/0/com.waciniyehiruna.razo/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/LOG

MD5 ad2a16dc343eb6fcd65bc1818fa3c5f6
SHA1 d13aaa4c632a31f0295eb87506a0a8de37866eda
SHA256 30ff336e2a6c58d1d10a23c6109c5114c5201a5fa93ace5d0612dd0ed1ee5bcf
SHA512 14a231c426ed0cc82184a98b5aed1fbf2b11badbac4abe332d7ce70ac59310a0c19a473fbe439a2e3c12059eb15e4102193caed824bf69bdae20e7030fee7499

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.waciniyehiruna.razo/app_webview/.com.google.Chrome.iRSUoD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-12 14:29

Reported

2023-04-12 14:32

Platform

android-x86-arm-20220823-en

Max time kernel

1977727s

Max time network

158s

Command Line

com.waciniyehiruna.razo

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json N/A N/A
N/A /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.waciniyehiruna.razo

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.251.36.46:443 tcp
NL 142.251.36.46:443 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
US 1.1.1.1:853 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp

Files

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 ddb935b4cb89568b1126dbc47a099efd
SHA1 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f
SHA256 c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27
SHA512 c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 b94fd56ee56fe358ac6b2f7e581aacf8
SHA1 4dab3e1bda0d164214245422cb05d5283e9b0566
SHA256 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314
SHA512 a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 eac07b6436ce480e5b46d7da4d7ec4e8
SHA1 419cbf602adf1ef4d908f5bd5b90a2d2a94d6798
SHA256 4865e8f50ef28e39bee1c9b88e9a632c85f3df6ea1f6b9ee7eb2b41bb39c5d82
SHA512 6f0c389654a5ac6ad607e135ba975733e84b845533a482d7658d9a5b429b825dbe22c15d0535eb48094aa07a49bffa5fd9acc69a67a9200e66dad06362171fa7

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal

MD5 6aca6b2a1207fbbb31bd72fe856a5d0d
SHA1 27730a4fbb38e2427e5d8840805310c6fbb368e1
SHA256 eb6dc2c3e5a1dac2fc759d9a2a753c3284abddbeca39828a96f0a333629ebd53
SHA512 7c5417967bbe9544b7a2d7c1dc7be20de21e3215319d8fa624451a7c3dbae83418566beef29416e74be46fc5a5d6efb70f7a8a5412d8c84d054cf586dd592d1f

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal

MD5 e8b497640a73f92c31942d41bef37009
SHA1 a2fc266e760ea7b2417217474a9748da381fbd40
SHA256 f331c8ccad15d34a35c44b6de9dffbfb98851c09b493d16cdd580323d91c1baf
SHA512 ff398871acbc703fe7fcba9b03804d88b4f2d54c85759a31787833ee4c19cdf36edc3f09eacc59d3753046f948fbedd13b0a2aaab2e4068e91b8bdf53c6e086c

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml

MD5 65725641cce557eafbb5ef060ee1dafe
SHA1 fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b
SHA256 db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760
SHA512 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid

MD5 04fd0e706a8031580a274d25960017a9
SHA1 11cfd11a04db457559fdf1890eaa484e4228a7d3
SHA256 2d33fe1a2da3a092513640f09179b926cdb0b150899ceb315b0b3d0cc462c5c4
SHA512 b3ae8249163ba9d40e75b2ac2e524e56f2321be3c735829a85cd5c15273940cca4581d4548bb50f8d7ab00eb61ec2bc8ebdf5496f9a781c355c56eee857feb59

/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data-journal

MD5 a56c5dd2a291036462d2c79b243b886c
SHA1 c4378aebb65d6707504d7ac96c1c27961608a738
SHA256 aa0502967599f6a7ef6362849ce9772e8035b086d11fac886a03fa3b5054913a
SHA512 cd841bc99ea15f7717fe5226175bfa8e5cf30d1611f2dbf8b7dd243e94df5948bcfb97d64c113b63c779b3a21ba526d0ebc600b81cb1dc3e71c7de42fa249cb5

/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index

MD5 68dfaa7c973e1362b91f246f952d8481
SHA1 bd8b3505a0e66267aa739853fd3d628e1e88c5ed
SHA256 b310dfdb83a1c6791603ed98ec067d62f654b885c7ebcfeea422204499229631
SHA512 b5c2a90b418ce87f67aa3bc8b05ca07e2a2c0350caa1203af2d11080c1bdee34f277dab98af67f926f06c175016db3a3a79604f3b2986b9c18bd1a1ed58aaf01

/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index

MD5 4c980aff172232fb1ade4f9197ced2c9
SHA1 aeba143cf1d0395ff730cb9b7652ec2e561d2c07
SHA256 235087616ed622ef875b45c96302e9a848c1992a5809ceea93ca896852369dfa
SHA512 40eb60178277d4c0c91036b5473bf2ed64de93f8a0343710242e257d696aa41c0072ba825f9fb0d94e5f2b138eb4b0b58a69a3ffbcde1e66e9449910ca022179

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-12 14:29

Reported

2023-04-12 14:32

Platform

android-x64-20220823-en

Max time kernel

1977730s

Max time network

162s

Command Line

com.waciniyehiruna.razo

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.waciniyehiruna.razo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.173:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.173:443 accounts.google.com tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
RU 91.215.85.23:3434 91.215.85.23 tcp
US 1.1.1.1:53 cjcavgphywws udp
US 1.1.1.1:53 pixxtehzhe udp
US 1.1.1.1:53 bhxlugpctptmbfp udp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 91.215.85.23:3434 91.215.85.23 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 bhxlugpctptmbfp udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 bhxlugpctptmbfp udp
US 1.1.1.1:53 bhxlugpctptmbfp udp

Files

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 ddb935b4cb89568b1126dbc47a099efd
SHA1 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f
SHA256 c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27
SHA512 c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json

MD5 b94fd56ee56fe358ac6b2f7e581aacf8
SHA1 4dab3e1bda0d164214245422cb05d5283e9b0566
SHA256 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314
SHA512 a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332

/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal

MD5 7fbfcc56b58332e5f7819b2704ecba80
SHA1 73a10c3d1b1d9e1c1dddd56eefa42e312eb4cb17
SHA256 2aa2d7165c9fe966fc212550d1548d549a1ef44d0e47f52384b083cfba5815cc
SHA512 97d5044693d33b169da500ed36de294d15b6d2eb4ada6794185db7aad7609a472ddbb7761af0a4492130b03715272dbfc9ac82e0697de11fa07f7976e4bb415b

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal

MD5 e85909f5c7baae4432efe590d7e8aa51
SHA1 388aa74fa9c52d7c61ad764d18678235c15d03b0
SHA256 3c1a6560a96d1a05a25bb885c2ba692b3a21fa95a138b8af02597f9c4ccbc641
SHA512 46c8b2a8bad008fbe8ad77bbdc8a7c285ebc72855c62694503f84c3ca9a2405c7799066ed513c6ab9616ac6c7c17b2873027cd85a7c75b9fd51d59598f51c071

/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml

MD5 65725641cce557eafbb5ef060ee1dafe
SHA1 fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b
SHA256 db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760
SHA512 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid

MD5 27c0ae2ab1e67779a1351bf11a76ac35
SHA1 8935fc66b9a3e2975e6cd14ce57f3bdc242b4b7b
SHA256 653efb4b9f05c5e6cc2cb2ba6876eab9e5f4265007cc4fdcfaa17e119e6c003e
SHA512 fcad95e3f93d7d3eea8ebc1d57576206ab18a3f4bdc59efffb85044a616a0695df419e9e7ca245c9eb491327f566096adb255a20ee7521bce9766dd0daf8b92a

/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data-journal

MD5 04e6b63e1be78ccff9a187f139ad9687
SHA1 a33df1a32f5d31ddf10b5ce6440fb09354fdfca4
SHA256 eb4c18130ed77b0cb7a9ee466f5595da799b843845c86ddb1ca9dcb308579d9b
SHA512 53c74bbe92fd083b10464cd5cdd8f56b3ddb3c56cb98c8d8cbd7153b1184c10d58b38ca7c9160ab2fed48a170f3620473a8ec283f2269b4f4a2ddb399b702fcd

/data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 857efba313f365e8fbc561967a2f2d52
SHA1 3901bf69eb24dbca8308bc31b8248f70ac72e892
SHA256 aa75ca2e9a75173b339b4ddfb5bdf0ccbdc58dffb02c83c12f596f958f631131
SHA512 fd6f8f220eae23075ee05e8696b787effb634db50d76906d604c1c542d5ac46cc78035a33bc85765cd549dcb132fc7b979add87172589fd032565ad897c3c445

/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index

MD5 872e5b5ccc0d3afee211c4bd43662c74
SHA1 5f11cd91dac20e2c2e45dac717fcbc090fe3ac2e
SHA256 4a8edef2185820591bcba275998b69b8bc211069ac4a65b7ddc0a7063655d619
SHA512 0279fc4308d0d16e167baabb3330b5f292829db65aaab5b6d68699b03b5a2ca1a146f20db72aa7fa21dfc3e959c8d5f96dffbf1d957363dc9b051a75fadf0da3

/data/user/0/com.waciniyehiruna.razo/cache/WebView/Crashpad/settings.dat

MD5 2124f2491aed2c127aaca263b5959707
SHA1 4c3e117ff1f02e5d63eb3b9c91630f8de5b4e166
SHA256 d6d598c4b72bfe9af678eacf0538f2fde6353ebef02b085b8ab310c695415817
SHA512 6bdffff6453efaafb9419f588149d64049df60312dacdc7bd85c109231e11ab2c5875f2c58fd3bf456899ba778d8b1da590eded6399f3bdd4b080ba899bfbfc1

/data/user/0/com.waciniyehiruna.razo/app_webview/.com.google.Chrome.cbNl7t

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e