Malware Analysis Report

2025-01-23 12:45

Sample ID 230514-d6t64sch31
Target ec7a098f73da3827104ac23b68650797
SHA256 837c1e29ab597540e7fd396a6fc182c91a4f6601517838955501ac58fe23f665
Tags
spynote banker evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

837c1e29ab597540e7fd396a6fc182c91a4f6601517838955501ac58fe23f665

Threat Level: Known bad

The file ec7a098f73da3827104ac23b68650797 was found to be: Known bad.

Malicious Activity Summary

spynote banker evasion

Spynote family

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-14 03:37

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-14 03:37

Reported

2023-05-14 03:40

Platform

android-x86-arm-20220823-en

Max time kernel

408435s

Max time network

136s

Command Line

com.chats.ope

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo1 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo2 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo4 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo4 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo5 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo6 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo7 N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.chats.ope

ping -c 1 -W 15 104.233.203.226

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 104.233.203.226:27772 tcp
US 1.1.1.1:53 226.203.233.104.in-addr.arpa udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.chats.ope/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.chats.ope/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/metrics_guid

MD5 4860642b29a2ef5c1cbded5d191f20fc
SHA1 d14dca820b4c410cb1f0f7cb7b6c9364909be423
SHA256 5941603c1f4b66e0f8da57e978fd375036630030ffe4ec6df04e450307d973b9
SHA512 a2c4d2488e0772393dd2a1d6fae789485d7bdd865b8fc7f55af068799815ce7b588ad57f7cf37135438500d3a597a36dfa0e6b6e9cbcde03d5006c24a16540a4

/data/user/0/com.chats.ope/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.chats.ope/app_webview/Web Data-journal

MD5 0ef8c8d41f1c8b6350c4b36f3c53b13c
SHA1 a1f16d2b3d0a56a1ac1d1c87223b66af4bdd85ca
SHA256 e6318dfb4a943d0d568ef446200ebcd835a4a0b5d55adb2dc4da635dc3f7046d
SHA512 e17b36a33b35d1d7a91629e9b701181f1ba6c36a3cbc413777f49ea18bd114054368cf639c6d5fe6dfff331102bd933495659bc6136f0107711ecad862a50fd8

/data/user/0/com.chats.ope/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.chats.ope/app_webview/GPUCache/index-dir/temp-index

MD5 4774476f9d89c9bc408f4303bf1dcb3d
SHA1 5cd05629050707d35ecf680843ab2a468e6e94b3
SHA256 1cfb90336252cea3e9472cfd69163f395651f414cd25d98fc309d2b80ff3c923
SHA512 957c6baf29865003eff3b99f63fca176e1fd678b17ed4ba62c9b2577e6512f9fc6375edf8ebb92bfa550e8254c52668f0d2b1e0c5c8205f01fe3938bfd1e8a2a

/storage/emulated/0/Config/sys/apps/log/kvm.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/Config/sys/apps/log/log-2023-05-14.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo1

MD5 3748dfbaeae0d43d38471f14e4321dcd
SHA1 a5a6dcb2e325479cb25a44cb66216e09a843666c
SHA256 4830f1d48d41c7725686901a2d4f93a8ea722f6160dfecc6815ac85598e361db
SHA512 bde4b86489abafb3a5aff955ce232367044b6fdf106ea02847c3dbd78e49a02dd7c63bf82c26a3b630962aad16a877ece85af74608909a37a89b0591e012625c

/storage/emulated/0/sysdata/sysinfo1.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo1

MD5 514d884ca8bb12d1b8f440f3e64c3f9f
SHA1 6242b72c85ce2a287e95fb2522afe1f559b277aa
SHA256 5a9b87d66daf4ad4791d980d9c3270c7806bc18c89e323472a500fb8ebfefc5e
SHA512 c18018ecb5742753f72dbe369c6f21b391b514a3d0dda2ef404cd53be299c42f3c774c7bec085d7c5713d42cf0fdb2f9e629d6cf5d635d3ca9271147e8420ac2

/storage/emulated/0/sysdata/sysinfo2

MD5 a6fcd52b6b66cecf6862b4f36341bc04
SHA1 8b21ceb4d264f40cf7da42ce630c991a0eea4090
SHA256 47bb8e56ea3c98e4a3a8b1e557e8b8d7683683e6657df223907b7c1ef085018f
SHA512 90ed714810ad62ef12e861506814f595db1c407aa5d2ee659e0bf5fb67cc1d8bcfc5bd776c82ea7fc0e6cdb21e25e4fc0399e90bfdf666a2296769bdfb0efce9

/storage/emulated/0/sysdata/sysinfo2.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo2

MD5 6b2bac966edac0048bac4336dd7ffdab
SHA1 4fa290b1ae3d09a70f29e05ac33701a937307a29
SHA256 9a0285c31c82617f5d5823210791ab57fa29c92ca8107b0fa0e7a7a35be96af8
SHA512 758a90200d4f08c263d52c931a2cdc9ce066d87c89f786e04b56cc90bdfce7918001db0349e7a037c5e79a7eeb9d3f6e43c661d37c0cdda43f7bf2853d63f4e2

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo4.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo5

MD5 1a26c5544e9f9f82b3c020c49162764a
SHA1 3689b5b26e85472785082c3f879da9bcbba22655
SHA256 d365285ec8822cc96ffa79d9596e03bb0fef3bcff4d2cf9b890340fec6458459
SHA512 d240e89ce386672b339d8c72b64bc41106b326b4d592ad2dd4aa3ac449a8e5d4930fb705d104f0ee8831ce188e54a644fbde0d3e2da1d788f83781bbb02a5f0f

/storage/emulated/0/sysdata/sysinfo5.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo5

MD5 29b80b15673d46bfda32d7beaf2457b6
SHA1 cda13c92638243b9116d3ddeb49c792a6b5369bd
SHA256 2b111730487405bef3ad063f3bad8bcbe409fac4ee00c08ce6122b27c6298254
SHA512 1810eeb08a7fc3be4ea0648aae082cea2bca5987972d65f82bd427025fe055c4c1942f2c045a9a95cbfaa60f64d436d6528337f34602c63362ed895c0d92210c

/storage/emulated/0/sysdata/sysinfo6

MD5 42602d32a96f59366c36ca9dac5ce28d
SHA1 9690c0c6510cb5c7be9182d41dad381a1262065b
SHA256 e15552b3ab0824370ff36e1ee461251d72fef39ab75722a56064259049370b3e
SHA512 ded18e20f4b4353ee5e65f96a0d8297dc1f7f5802a18332de7fa3aaf6f4cb9b81982cb266c6779e9b1c4791aaa4eb8e04e3214b792c0a98b69a41654158684bb

/storage/emulated/0/sysdata/sysinfo6.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo6

MD5 b0fb4b4b85453c7413ce34f558dde399
SHA1 e64d0e87b0baf84cc2c7e4c4dc1cfe8adcf9376f
SHA256 ad712097c583f970a7490dcd56f6c85fb3398dc6a5922b8477617fb741385eb0
SHA512 a02ddb7cccd7a820f059c9aa0869d1258d6cd4e1772dbda41d50c967f0da934223d304c4d4ec914b2dfc6b3fb0edbc40b45b2bce68915a312dc0140358dfd036

/storage/emulated/0/sysdata/sysinfo7

MD5 24187c8d4a921022947272a9803b3f41
SHA1 1620aadbdbcd4adebe67316e89e8c65d1f61b8c4
SHA256 5468034e8a0355df93f6b070a8025304900219588f6c946f4ad37ba5750a53c0
SHA512 aa1ecef797d063e091c0e149747f331b90051c007cedaee72407f0c533e25086f2a6bdcc3ea4a6686ca595ab9ef577ef11bcd14c0fc26daa5f8f76ab513a3978

/storage/emulated/0/sysdata/sysinfo7.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo7

MD5 36d7729b8cc8ace6afcc472b3f1220db
SHA1 3f1d7cb1dd721cad2cf955303872e3bec883968e
SHA256 58d71a9c91d09e4a5e3cbf4c543daf97e8f2ce31295efb6547d3eb535bd9a148
SHA512 e98135aee684654d62bccac9014d8d15b6d1cddcf303aef10c31d9352ed3fde35c922341ce5d7245e38d8d53c022ecb7953a59632873915af211df90784fa621

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-14 03:37

Reported

2023-05-14 03:40

Platform

android-x64-20220823-en

Max time kernel

408441s

Max time network

165s

Command Line

com.chats.ope

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo1 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo2 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo4 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo4 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo5 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo6 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo7 N/A N/A

Processes

com.chats.ope

ping -c 1 -W 15 104.233.203.226

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 104.233.203.226:27772 tcp
US 1.1.1.1:53 226.203.233.104.in-addr.arpa udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
NL 142.251.39.110:443 android.apis.google.com tcp

Files

/data/user/0/com.chats.ope/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.chats.ope/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/metrics_guid

MD5 836cc2859ae287c98a59b25ee7f21bf8
SHA1 8255715e73118840b109f3ff05da6d8f9c3613c2
SHA256 8ce1352dd8d613f73e3389d9c07775ac78f385ed9f08c47c4caeef460c44a5d2
SHA512 88bf6075fbb455b5a699396054f1d7723dc469b2220747caa1b71b70426623af542c5a09d1f669ea4df3128daaf6c4c1233492257fdf37da1e5e8cf3cbe8bf4f

/data/user/0/com.chats.ope/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.chats.ope/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.chats.ope/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 c6b2f6a8096121af57f1b8d69b9a2ea4
SHA1 06670358132c10e9862a9427bff04e3021984cc9
SHA256 9c4b681d1a5d87ad836a39e7355190ee9ec18b4cd96855065120a6752fefd440
SHA512 1ae9a355dd08bad34842e6f63797fe8dc7f4f4474087468676acd48bc3199be534911a55288ab02580a791d914a7d775b4a9dc93b4e77123efff95203ca5c58a

/data/user/0/com.chats.ope/app_webview/Web Data-journal

MD5 0fee69f9647c43c531dfb2d205f32cbb
SHA1 5113cc9e3dc675967810cae0b9f19c2e57af4799
SHA256 3ba46d723c7a4f45a14ae9b12516a3794a512038070e2a456f78f4cf5adb57cd
SHA512 5ab99bc92ffa10e368ab44a29b4057699fe59a200493d4200c9c49cc6a4f1dbf3dd5c7612c489e648a344ee81d9d56db85d41923981793308e0555bb259bf878

/data/user/0/com.chats.ope/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.chats.ope/app_webview/GPUCache/index-dir/temp-index

MD5 48ee518eabaf343d46e0fc2f06b3cd81
SHA1 79b0940dc53a8e6eb8ef3bb914536f848f588f0b
SHA256 d5b4302b52e85a5c0025e9c092683eef62a62ff0d0b10e2408c9abebae5059ed
SHA512 944d9c09e33b464146fd8cbf1d273d5df5278fd99467036c12b0810f6c003ae748cc5e09b9235ac107213ab21dcc4a85b77b618dc45b7a66fe5e958f6184724b

/data/user/0/com.chats.ope/cache/WebView/Crashpad/settings.dat

MD5 a924c12cdb8b8b63c64fad49f134553b
SHA1 548183bd36f0d89552aa9b2c9a7d47e3fcd5b1f2
SHA256 bea0722ddb9a0066804b7099b5569997055a2bf294eed537ad4c9282a98ec83a
SHA512 3de2e4ff41007a48cfd6939eb2e90419c6cf7996edd1994b5e3529781e1e09f07cbb81c61b2ec6e85092d6680a5a087416f052dd03ff1ac153f24a7213dabdb0

/storage/emulated/0/Config/sys/apps/log/kvm.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/Config/sys/apps/log/log-2023-05-14.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.chats.ope/app_webview/.com.google.Chrome.nTf85Y

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo1

MD5 3748dfbaeae0d43d38471f14e4321dcd
SHA1 a5a6dcb2e325479cb25a44cb66216e09a843666c
SHA256 4830f1d48d41c7725686901a2d4f93a8ea722f6160dfecc6815ac85598e361db
SHA512 bde4b86489abafb3a5aff955ce232367044b6fdf106ea02847c3dbd78e49a02dd7c63bf82c26a3b630962aad16a877ece85af74608909a37a89b0591e012625c

/storage/emulated/0/sysdata/sysinfo1

MD5 514d884ca8bb12d1b8f440f3e64c3f9f
SHA1 6242b72c85ce2a287e95fb2522afe1f559b277aa
SHA256 5a9b87d66daf4ad4791d980d9c3270c7806bc18c89e323472a500fb8ebfefc5e
SHA512 c18018ecb5742753f72dbe369c6f21b391b514a3d0dda2ef404cd53be299c42f3c774c7bec085d7c5713d42cf0fdb2f9e629d6cf5d635d3ca9271147e8420ac2

/storage/emulated/0/sysdata/sysinfo2

MD5 a6fcd52b6b66cecf6862b4f36341bc04
SHA1 8b21ceb4d264f40cf7da42ce630c991a0eea4090
SHA256 47bb8e56ea3c98e4a3a8b1e557e8b8d7683683e6657df223907b7c1ef085018f
SHA512 90ed714810ad62ef12e861506814f595db1c407aa5d2ee659e0bf5fb67cc1d8bcfc5bd776c82ea7fc0e6cdb21e25e4fc0399e90bfdf666a2296769bdfb0efce9

/storage/emulated/0/sysdata/sysinfo2

MD5 6b2bac966edac0048bac4336dd7ffdab
SHA1 4fa290b1ae3d09a70f29e05ac33701a937307a29
SHA256 9a0285c31c82617f5d5823210791ab57fa29c92ca8107b0fa0e7a7a35be96af8
SHA512 758a90200d4f08c263d52c931a2cdc9ce066d87c89f786e04b56cc90bdfce7918001db0349e7a037c5e79a7eeb9d3f6e43c661d37c0cdda43f7bf2853d63f4e2

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo4

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo5

MD5 1a26c5544e9f9f82b3c020c49162764a
SHA1 3689b5b26e85472785082c3f879da9bcbba22655
SHA256 d365285ec8822cc96ffa79d9596e03bb0fef3bcff4d2cf9b890340fec6458459
SHA512 d240e89ce386672b339d8c72b64bc41106b326b4d592ad2dd4aa3ac449a8e5d4930fb705d104f0ee8831ce188e54a644fbde0d3e2da1d788f83781bbb02a5f0f

/storage/emulated/0/sysdata/sysinfo5

MD5 29b80b15673d46bfda32d7beaf2457b6
SHA1 cda13c92638243b9116d3ddeb49c792a6b5369bd
SHA256 2b111730487405bef3ad063f3bad8bcbe409fac4ee00c08ce6122b27c6298254
SHA512 1810eeb08a7fc3be4ea0648aae082cea2bca5987972d65f82bd427025fe055c4c1942f2c045a9a95cbfaa60f64d436d6528337f34602c63362ed895c0d92210c

/storage/emulated/0/sysdata/sysinfo6

MD5 42602d32a96f59366c36ca9dac5ce28d
SHA1 9690c0c6510cb5c7be9182d41dad381a1262065b
SHA256 e15552b3ab0824370ff36e1ee461251d72fef39ab75722a56064259049370b3e
SHA512 ded18e20f4b4353ee5e65f96a0d8297dc1f7f5802a18332de7fa3aaf6f4cb9b81982cb266c6779e9b1c4791aaa4eb8e04e3214b792c0a98b69a41654158684bb

/storage/emulated/0/sysdata/sysinfo6

MD5 b0fb4b4b85453c7413ce34f558dde399
SHA1 e64d0e87b0baf84cc2c7e4c4dc1cfe8adcf9376f
SHA256 ad712097c583f970a7490dcd56f6c85fb3398dc6a5922b8477617fb741385eb0
SHA512 a02ddb7cccd7a820f059c9aa0869d1258d6cd4e1772dbda41d50c967f0da934223d304c4d4ec914b2dfc6b3fb0edbc40b45b2bce68915a312dc0140358dfd036

/storage/emulated/0/sysdata/sysinfo7

MD5 24187c8d4a921022947272a9803b3f41
SHA1 1620aadbdbcd4adebe67316e89e8c65d1f61b8c4
SHA256 5468034e8a0355df93f6b070a8025304900219588f6c946f4ad37ba5750a53c0
SHA512 aa1ecef797d063e091c0e149747f331b90051c007cedaee72407f0c533e25086f2a6bdcc3ea4a6686ca595ab9ef577ef11bcd14c0fc26daa5f8f76ab513a3978

/storage/emulated/0/sysdata/sysinfo7

MD5 36d7729b8cc8ace6afcc472b3f1220db
SHA1 3f1d7cb1dd721cad2cf955303872e3bec883968e
SHA256 58d71a9c91d09e4a5e3cbf4c543daf97e8f2ce31295efb6547d3eb535bd9a148
SHA512 e98135aee684654d62bccac9014d8d15b6d1cddcf303aef10c31d9352ed3fde35c922341ce5d7245e38d8d53c022ecb7953a59632873915af211df90784fa621

Analysis: behavioral3

Detonation Overview

Submitted

2023-05-14 03:37

Reported

2023-05-14 03:40

Platform

android-x64-arm64-20220823-en

Max time network

140s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.142:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.39.102:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.102.188:5228 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 216.58.214.13:443 accounts.google.com tcp
US 1.1.1.1:53 xkkcnjxksxdvben udp
US 1.1.1.1:53 pkwnothjfyfbe udp
US 1.1.1.1:53 uvbanoh udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 uvbanoh udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.250.179.163:80 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
DE 172.217.23.202:443 mdh-pa.googleapis.com tcp

Files

N/A