Analysis Overview
SHA256
fba2aa4b133352b9fe45b4c69cc926a8147655c715d1d7f0c6d1f1a3967155d5
Threat Level: Known bad
The file HOT.7z was found to be: Known bad.
Malicious Activity Summary
Spynote family
Octo
Octo payload
Makes use of the framework's Accessibility service.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Loads dropped Dex/Jar
Acquires the wake lock.
Requests dangerous framework permissions
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
Removes a system notification.
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-14 09:43
Signatures
Spynote family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-14 09:43
Reported
2023-04-14 09:46
Platform
android-x86-arm-20220823-en
Max time kernel
2133374s
Max time network
158s
Command Line
Signatures
Octo
Octo payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sayearth85/cache/eaogohlxni | N/A | N/A |
| N/A | /data/user/0/com.sayearth85/cache/eaogohlxni | N/A | N/A |
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.sayearth85
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | kghdrt6756hu5e4h65.top | udp |
| US | 1.1.1.1:53 | www.ip-api.com | udp |
| US | 208.95.112.1:80 | www.ip-api.com | tcp |
| US | 1.1.1.1:53 | ltgyehve5tfctdrhh.xyz | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| NL | 157.240.201.15:443 | tcp | |
| NL | 108.156.68.207:443 | tcp | |
| NL | 87.248.116.12:443 | tcp | |
| NL | 91.198.174.192:443 | tcp | |
| NL | 157.240.201.174:443 | tcp | |
| US | 151.101.2.206:443 | tcp | |
| NL | 95.101.78.234:80 | a.espncdn.com | tcp |
| NL | 142.250.179.174:80 | www.youtube.com | tcp |
| NL | 142.250.179.196:443 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| NL | 142.251.36.3:443 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
Files
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/eaogohlxni.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/oat/eaogohlxni.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/shared_prefs/main.xml
| MD5 | 74407af5df4f68ba64e55ffe01096b71 |
| SHA1 | 468cbcfc54881ebe229e9267090a25eeb64b7b13 |
| SHA256 | 3ec00a8081a447ccb79cc59b65a53dfc5bc3dd0811d2f469b6cdee38712fc066 |
| SHA512 | a1a93e0cea64adb51546e41107816ad14f0a591ee48d3952f4977335fda33febe6e243759c5027fe0e97c73ae8ff8983acf5d65697c98919462cf8343aeb0c12 |
/data/user/0/com.sayearth85/shared_prefs/main.xml
| MD5 | d19cdb0c63b913499a0463fadb46485d |
| SHA1 | dec17221ad806cd4e88f34ecd2d20527e44f67bd |
| SHA256 | af725499adf3e980fc7d0bad4fe9f9f036ecd9baff2d0b577fbc311d0571bf0c |
| SHA512 | 06c53c07a5685b3e4e377a325b22dfe5ca6c54206328c00de06a8ab0fe93d7c10e26d6931f2f910f13063426ee8a0668d71341905155d29e56e694189cd79e9d |
/data/user/0/com.sayearth85/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/com.sayearth85/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/com.sayearth85/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/metrics_guid
| MD5 | a59c823ad5f77ba52f86c67815f3d96c |
| SHA1 | 760713e951450b19adc703dfb5f6157ceb10807a |
| SHA256 | f8acdf2cafd3cc84600a3e46e972eb4bdeba6df16ca926c809f2b5d574583241 |
| SHA512 | 255b45c68bfbc1be0e1590755392d431d80b222f3979a6c427ea2140ae31f9e93db7dd41c716fbf90c835dc9392426b2e2c368b6a5976c3f68c7f0ecafaf5c3c |
/data/user/0/com.sayearth85/app_webview/Web Data-journal
| MD5 | 1a954ff91225ff639ea1f9eaf1e24dd7 |
| SHA1 | 4f25855a397df6fda21b25a8f3eef4c7f9a299c2 |
| SHA256 | ca5569e2b25ec4506044a200c64ac3cbc05a137ab45715e62a394357662ad7f5 |
| SHA512 | bbb2acbbc0cb5f806bd0fcc9aeccdf7a9c3f81186f081daaaabee238ba60ad7d710f1e36df0aaccb18e60681cdfdb331afddd63e2b47efae42e7f122f8a2babe |
/data/user/0/com.sayearth85/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/com.sayearth85/kl.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/GPUCache/index-dir/temp-index
| MD5 | 73af0468182c20572632b3b6f6de2792 |
| SHA1 | e7b7f2ad696ce4eb070985b990d56f2fae346e4c |
| SHA256 | 7e17423cf84bfe79c70c062a5ef759c1e6898c46da65d5f8477c809047cd9b6c |
| SHA512 | 7fb9673a44bee4e7367247693b8437adaa47959651959d8fae870e490e4f10a4d419c9b6bcf8d079692c7bd15a2a12af018a020472d5c3f38ff70ee25d0f2421 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-14 09:43
Reported
2023-04-14 09:46
Platform
android-x64-20220823-en
Max time kernel
2133376s
Max time network
160s
Command Line
Signatures
Octo
Octo payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.sayearth85/cache/eaogohlxni | N/A | N/A |
| N/A | /data/user/0/com.sayearth85/cache/eaogohlxni | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.sayearth85
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | www.ip-api.com | udp |
| US | 208.95.112.1:80 | www.ip-api.com | tcp |
| US | 1.1.1.1:53 | ltgyehve5tfctdrhh.xyz | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | kghdrt6756hu5e4h65.top | udp |
| US | 1.1.1.1:53 | ltgyehve5tfctdrhh.xyz | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 1.1.1.1:53 | kghdrt6756hu5e4h65.top | udp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 1.1.1.1:53 | kghdrt6756hu5e4h65.top | udp |
| US | 1.1.1.1:53 | kghdrt6756hu5e4h65.top | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 1.1.1.1:53 | 65yh6546yujuthryr.site | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 1.1.1.1:53 | fe5gt6reghruj56.online | udp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
| US | 198.54.117.242:443 | fe5gt6reghruj56.online | tcp |
Files
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/eaogohlxni
| MD5 | 638e489cf0204f33f7ab1c2c7817df43 |
| SHA1 | 55599d62bf0dfd01ce5f2b94b6f4538a7cd4f99b |
| SHA256 | fe28cfaeb4da1101dff4b09dcfc5ebd7c7672c11a405a0aa80f9aaf0ca09e241 |
| SHA512 | 85445a94ed4b82ccc700b3330822dd5205880fc6f91b3e39bb330540ceee0ff7634cc0228fbb6093cf08cdc1c9fe26e1cf4dd23a646bfb30c5f5d39363b34f45 |
/data/user/0/com.sayearth85/cache/oat/eaogohlxni.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/shared_prefs/main.xml
| MD5 | 74407af5df4f68ba64e55ffe01096b71 |
| SHA1 | 468cbcfc54881ebe229e9267090a25eeb64b7b13 |
| SHA256 | 3ec00a8081a447ccb79cc59b65a53dfc5bc3dd0811d2f469b6cdee38712fc066 |
| SHA512 | a1a93e0cea64adb51546e41107816ad14f0a591ee48d3952f4977335fda33febe6e243759c5027fe0e97c73ae8ff8983acf5d65697c98919462cf8343aeb0c12 |
/data/user/0/com.sayearth85/shared_prefs/main.xml
| MD5 | 5c71d0f84c33be8170af02776cd94a10 |
| SHA1 | dd9a7186dcd6432c01da508c563b1af8bcac7714 |
| SHA256 | 142659fcfe304187356211c984f02469e3a6c836446c0fe36cb9c585a28bfc5c |
| SHA512 | 8a5bb86c2a362e5ef876088d981fd64657f244c42192081ed711d91bd39226fda1cf89765814d31054087fc5ce7f2f15e828b480377c7380869e7e776681cc97 |
/data/user/0/com.sayearth85/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/com.sayearth85/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/metrics_guid
| MD5 | ca26c4b54d8bee62142d2f90f95d12e7 |
| SHA1 | 2e765e7889282fae065ccd6219b8f3137d015dad |
| SHA256 | ce7afc85a25818dac77e6e1f6c209077db7dffee62139876f100c0893e3e608b |
| SHA512 | a641b5c4519d3c964c628998f4f1972beff848106d40381fc823af842dcd92fc4bd80facba18523fdb343fec6b8fe091a623abe01204f4864f3373f19c1efc0d |
/data/user/0/com.sayearth85/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.sayearth85/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | 051fb986a80a40d72a9331907ce1ba90 |
| SHA1 | 13f9be1f86290234a62e377920c02e632fc38a79 |
| SHA256 | e1eb9d65837dd52c5511dbd4d4ab604983157e71223e9b7f5f0f5e9a543496ce |
| SHA512 | e7bb37ba47a789fb43f7b22a0d226680d9a90abed0cace2394e91628ec41013a852cfaeef57d832055ebcbc5c3f4d21aa6b4da8e248f1bba2969d6bea636aa5e |
/data/user/0/com.sayearth85/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/com.sayearth85/app_webview/Web Data-journal
| MD5 | e67505e00f949b1e956f7e294a047cfa |
| SHA1 | e33ac3a688678fdf112a2f35ad4cb736336f05f0 |
| SHA256 | d3657b38d9bcba4521aa1af7eacea412c1cc54e5b2752e34ce2a2b4d276b92db |
| SHA512 | b5c6dae90483f67f228368457591616e953e0ba0f8d5aea97e27ba299beb620fd2e61875710835ca5e1736e312a42732e80f61a54ce143d6626a3162fb36bc62 |
/data/user/0/com.sayearth85/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.sayearth85/kl.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.sayearth85/app_webview/GPUCache/index-dir/temp-index
| MD5 | 18b67c0689bd86eeb0021e02686978db |
| SHA1 | 1d08ce55282c0861381df7bcf141cb4d60550b92 |
| SHA256 | 1db5ed23adb033defa52bfebb6ead729aea7b062a6d47a9fe8bc93c77e925f73 |
| SHA512 | a80132e66a6c8b3d526dd3593d51e566d1f0262b901ce13e047d379969abe2a2b6f91e685bc08f5d8fcb4372110275589f0d09951068a9f7078efd3fa84292bd |
/data/user/0/com.sayearth85/cache/WebView/Crashpad/settings.dat
| MD5 | 42ccc04e1a56270fdfec55171a01f9bd |
| SHA1 | aa8bfc3d257ec29fbc0206363dae8b1296a91c67 |
| SHA256 | 7a29ba6099a4e73051c006b972d3d13c0d3d2e420a5d875cdf3923dcb44fa2be |
| SHA512 | 995a00ff98f832da4014c28503cc446e2c08c04e165080ec3d9e3c1d528506370dfa71e14ade3e2b81f12647270fd84c8728f5b68be365dc1ae1756371b143a7 |
/data/user/0/com.sayearth85/app_webview/.com.google.Chrome.LEfCbY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-14 09:43
Reported
2023-04-14 09:46
Platform
android-x86-arm-20220823-en
Max time kernel
2133374s
Max time network
159s
Command Line
Signatures
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
involvement.lights.systematic
involvement.lights.systematic:remote
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| JP | 134.122.166.235:6655 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| JP | 134.122.166.235:6655 | tcp | |
| JP | 134.122.166.235:6655 | tcp | |
| JP | 134.122.166.235:6655 | tcp |
Files
/data/user/0/involvement.lights.systematic/shared_prefs/involvement.lights.systematic.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/storage/emulated/0/Config/sys/apps/log/log-2023-04-14.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral4
Detonation Overview
Submitted
2023-04-14 09:43
Reported
2023-04-14 09:46
Platform
android-x64-20220823-en
Max time kernel
2133305s
Max time network
163s
Command Line
Signatures
Processes
involvement.lights.systematic
involvement.lights.systematic:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.251.36.13:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 216.58.214.13:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 172.217.168.232:443 | ssl.google-analytics.com | tcp |
| NL | 142.250.179.138:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | eidykwbjgfqf | udp |
| US | 1.1.1.1:53 | nzlvxvz | udp |
| US | 1.1.1.1:53 | gaxywcbfmge | udp |
| JP | 134.122.166.235:6655 | tcp | |
| US | 1.1.1.1:53 | gaxywcbfmge | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| DE | 172.217.23.206:443 | android.apis.google.com | tcp |
| JP | 134.122.166.235:6655 | tcp | |
| JP | 134.122.166.235:6655 | tcp | |
| JP | 134.122.166.235:6655 | tcp |
Files
/data/user/0/involvement.lights.systematic/shared_prefs/involvement.lights.systematic.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/storage/emulated/0/Config/sys/apps/log/log-2023-04-14.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral5
Detonation Overview
Submitted
2023-04-14 09:43
Reported
2023-04-14 09:46
Platform
android-x64-arm64-20220823-en
Max time kernel
2133377s
Max time network
163s
Command Line
Signatures
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
involvement.lights.systematic
involvement.lights.systematic:remote
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | growth-pa.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 172.217.23.202:443 | growth-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | growth-pa.googleapis.com | tcp |
| NL | 142.251.36.10:443 | growth-pa.googleapis.com | tcp |
| NL | 142.250.179.202:443 | growth-pa.googleapis.com | tcp |
| NL | 172.217.168.202:443 | growth-pa.googleapis.com | tcp |
| NL | 142.250.179.138:443 | growth-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| DE | 172.217.23.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| JP | 134.122.166.235:6655 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| JP | 134.122.166.235:6655 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.46:443 | android.apis.google.com | tcp |
| JP | 134.122.166.235:6655 | tcp | |
| JP | 134.122.166.235:6655 | tcp |
Files
/data/user/0/involvement.lights.systematic/shared_prefs/involvement.lights.systematic.xml
| MD5 | e0ae18ee51f8080061f538d00a4a2b1f |
| SHA1 | b39e93a0da5a827e9154142070e5eb93eb2a6314 |
| SHA256 | cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee |
| SHA512 | 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e |
/storage/emulated/0/Config/sys/apps/log/log-2023-04-14.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |