Malware Analysis Report

2025-01-23 12:34

Sample ID 230606-hvkkrach9t
Target sicurezzaPSD2.apk
SHA256 ba2d5236c4969e37c79f058642c58164d791685e452bbce1adb2264a1cdab58c
Tags
spynote evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba2d5236c4969e37c79f058642c58164d791685e452bbce1adb2264a1cdab58c

Threat Level: Known bad

The file sicurezzaPSD2.apk was found to be: Known bad.

Malicious Activity Summary

spynote evasion

Spynote family

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Acquires the wake lock.

Requests enabling of the accessibility settings.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-06-06 07:03

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-06 07:03

Reported

2023-06-06 07:06

Platform

android-x86-arm-20220823-en

Max time kernel

2408031s

Max time network

157s

Command Line

com.anti.church

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.anti.church

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.170:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 172.217.168.234:443 semanticlocation-pa.googleapis.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:853 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp

Files

/data/user/0/com.anti.church/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.anti.church/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/metrics_guid

MD5 587ae24fc71c01409cb16b4c841e46e8
SHA1 7ed60593fd54a6db80f0a10ef86c96fe932ed2b6
SHA256 6ac25e865e2c470cb31a0d2ba46dcc0e6b388b9aff998868826dca471d5cc32e
SHA512 a3f13144aaaf0a3e937478afa05d8e221b5bf04b1859761b3482f803ec0ccd37c4105251ca36914bae1071b47beb6f99896d3c2ade5b34f238c432f7115e87e5

/data/user/0/com.anti.church/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.anti.church/app_webview/Web Data-journal

MD5 7890a9e4f755b9d4c9167db126d7f968
SHA1 27a2c822576fca759a1423b69f38e54793364bcd
SHA256 15598b3ac7ac0df5bc13cf41fe9f9645be94d75d035885aaedc4e5b8468f8bcb
SHA512 21d377f66e0c246f5087e682adb887f5c7289297ef0d809063d8026e88f6dca0db6f5d802d03958e09c033aefd67686402552ec64a666fc7050a75bd1335823b

/data/user/0/com.anti.church/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.anti.church/app_webview/GPUCache/index-dir/temp-index

MD5 70093c9e21fd47e141d7b08e04bc0baa
SHA1 a48e52ad29f24455963c58ecd3a30e919d08d8d5
SHA256 84924864bfe6360d0c4ddd02aa1345552024fc2b4ac2fef808e22df91938d1ff
SHA512 93ada75f4dc578e9b25db2d7a5483a51073b86d8981c4d14f15de7e3f9965f480453ff24f80674741931724810f2974d9f7d4cee3f01420247a6afdb6bfeb5c6

/storage/emulated/0/Config/sys/apps/log/log-2023-06-06.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2023-06-06 07:03

Reported

2023-06-06 07:07

Platform

android-x64-20220823-en

Max time kernel

2407995s

Max time network

161s

Command Line

com.anti.church

Signatures

N/A

Processes

com.anti.church

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
DE 172.217.23.200:443 ssl.google-analytics.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp

Files

/data/user/0/com.anti.church/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.anti.church/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/metrics_guid

MD5 1665d6aea19ed65c8a221c9f1fb2c867
SHA1 26d658e81e8ae33e0c34513e53d3db81f44bdb31
SHA256 b8c8df1e81ee7381b032ae6acc55e3b989b17df5cdf2abde11fff4bf7ab63545
SHA512 8585afb4996c78093ca768ecc6e14c90e9bb3d473e653395833764b570673660fed00a82165a5021a7bcc7d2738d115a160cfa6e95a3cd78f287f686ad8ec8c5

/data/user/0/com.anti.church/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.anti.church/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.anti.church/app_webview/Web Data-journal

MD5 4a058df780ce3e5c0834931893893642
SHA1 ab2aec29d0baf82ef09b5e0c185422576e1f407e
SHA256 b5a933bd67dfdd5af7983d3fa82e2c139f41916605904c853bd27ed164f921f7
SHA512 089c398699d4dddf78f0f85097fed381ee0fd3722fec700b5ee72512f57f640651f47a88fb4f2817a92ecda898d2925be90aa2f27f7ddb57bc097618ae9b3553

/data/user/0/com.anti.church/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 c088cc416cfce075d44643fbee12d3ff
SHA1 990ab9b364d724f4de95e8adebfb3cd5b3aa969c
SHA256 93d4df47fc2a3165ca9619243cdf495bf5f813043e7ffa95ab220b79a5fed978
SHA512 e31951e5fdad21e6628212059c8e390c86de6e098af75b3362885049d62c0ece8dd79b25fccf96c8653222d71608ec227cabfe9c25e764035c0feabab351714a

/data/user/0/com.anti.church/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.anti.church/app_webview/GPUCache/index-dir/temp-index

MD5 3a460bdf1a6653a96b31cc65f27b936b
SHA1 d3bd9d0a7a73eb0956152e1c56722032a23bad88
SHA256 75c7d89d0798b5ce6982dce160c580855915ea79370de4dcbf1d68302e3a057f
SHA512 db7e7b71a41433fd13c89b6a213698ea7295dae5636ea77d6ee97680f75d88f2539910ea1b7fcf0bf3b7b001d60689a6583dc7837cb866e399c6ee6a4a32dbaa

/data/user/0/com.anti.church/cache/WebView/Crashpad/settings.dat

MD5 6fadfbe87eee15164baa14b56a3b8cc9
SHA1 5db7ddc67c1348439b98361659a79ef051189864
SHA256 498bc8a524cb04bc7fe8abf2f4c6ca89883fbd1b3525e707b2711770cef4e240
SHA512 78567e785050039f307e2dfb7ebb43e897ecc7b9f6159848eb36463332bc3116e7dbe19d30aa5d7c13fd59fce9a9de6d0d6caeb16209808b03c4122dc6cd6737

/storage/emulated/0/Config/sys/apps/log/log-2023-06-06.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/.com.google.Chrome.kG9K8F

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-06-06 07:03

Reported

2023-06-06 07:07

Platform

android-x64-arm64-20220823-en

Max time kernel

2408033s

Max time network

161s

Command Line

com.anti.church

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.anti.church

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
DE 172.217.23.200:443 ssl.google-analytics.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 accounts.google.com udp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 accounts.google.com udp
NL 216.58.214.13:443 accounts.google.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 shvmudrkbnkg udp
US 1.1.1.1:53 txgapjbaih udp
US 1.1.1.1:53 cvhhlozemunr udp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 txgapjbaih udp
US 1.1.1.1:53 shvmudrkbnkg udp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 update.googleapis.com udp
DE 193.161.193.99:63230 tcp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.36.35:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp
DE 193.161.193.99:63230 tcp

Files

/data/user/0/com.anti.church/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/webview_data.lock

MD5 724521c1d6589af5ede5862efb5575aa
SHA1 946bcab36a6f2cf531a1b636bc2041548e79db61
SHA256 95022d177c9f68d90f12b13160ebefecd576a354a63f2df68cc4c4784aba2eae
SHA512 e9ec2153d983117dacef933599d7c02a9bdba85a0946df678457ceaaa63e1507dd52f99ee0eae8f46ed1682925f9bf3df51c4904e973777006fad9cea3069fd1

/data/user/0/com.anti.church/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.anti.church/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.anti.church/app_webview/Default/Web Data-journal

MD5 657b910c855211cc691319c678a586ab
SHA1 dab5b674755bac9e4b325325587b1e3fbbe36fb2
SHA256 6850604dc188089afee45aa7bdb9bc7eb43cea3b57e5c3d371f578b4614e6f2d
SHA512 2f284fb91e8723b35758d3112e6e3f2cbec8c9a73d7204087258abc19c5a2ba304b10b3d7b90a22f0325955839496c85a897591e761128770380692b46a0efc3

/data/user/0/com.anti.church/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.anti.church/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.anti.church/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.anti.church/app_webview/Default/GPUCache/index-dir/temp-index

MD5 137686fd2c6710597d658179ab3a8843
SHA1 237c90afc917bbcccce3d0695c2ee3aa72f88594
SHA256 a7aff3ff805191acee3b2f0aa37988484a6ccf99751027d12e367f7c60d5d010
SHA512 4bf9669c72fe3658e6cbc7ea06b43fa019542f2f523fcf4f0e0963f4c691c56d90ac72737aa405ea066e01f95a169d41aa224cff2ad50da60c97c93ed2d54a15

/data/user/0/com.anti.church/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 07ad32713f936bb8abb6cb9c9babf35b
SHA1 3c1c893bbc52bcc7fc1686d44a6fcb33909c7e25
SHA256 14a889b2c443ccac9140228bd5fbf6224346f5b4b945245d9382ccfd6a161982
SHA512 6e9b902a2bda6813a7db25706ae10ed12a815286df8e767145e86b209f9d60693daa6010353e0ceb196917dfc8362a4cb83d8d6f54ff4732b0538110e3f930c6

/data/user/0/com.anti.church/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 4268dd06a051229af4272ba467967cd3
SHA1 969f676454e27c7ffa2978002092bfe50cf0719e
SHA256 57fd6d62ed516d05fe0d1049a8461359e5ced8bc3d323b32122bf5ef831d8ed4
SHA512 857bc8c333454cb2ff788cfa510da3f73d749f35d1c845eda37897175ac88c29276642492e7153c43c9f3d5a6616b5dfa0ccf055b019e1991357d5756b76cd80

/data/user/0/com.anti.church/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.anti.church/cache/WebView/Crashpad/settings.dat

MD5 d96419b881a42f57129ca3e96411bd8d
SHA1 4e213c746574d3a2b3789290709e442e59c62575
SHA256 764487193f7f67a4c89dc8a12a5c34954d68c0e52a29946172dbd88728a0451c
SHA512 124fb5528ee12c383e60f955d8cc0ae3f9e27517e14fee74376a0ea23aca616a2eb02ca306b4848f7d6589f95382c1abf81a60353dab3e1910622d4df8499066

/storage/emulated/0/Config/sys/apps/log/log-2023-06-06.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.anti.church/app_webview/.com.google.Chrome.TaIP83

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e