Malware Analysis Report

2025-01-23 12:33

Sample ID 230607-cm9xsage44
Target oSiNT_1.3.apk
SHA256 a24cf4785dfaa3500f54a63126165e74f5cd20f3a3fb1b6dfc3bbb677b8584ce
Tags
spynote banker evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a24cf4785dfaa3500f54a63126165e74f5cd20f3a3fb1b6dfc3bbb677b8584ce

Threat Level: Known bad

The file oSiNT_1.3.apk was found to be: Known bad.

Malicious Activity Summary

spynote banker evasion

Spynote family

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Requests enabling of the accessibility settings.

Requests dangerous framework permissions

Acquires the wake lock.

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-06-07 02:12

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

13s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.36.10:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

13s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

13s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
NL 142.251.36.46:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.36.42:80 play.googleapis.com tcp
GB 216.58.208.106:80 play.googleapis.com tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

11s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 142.250.184.234:443 udp
DE 142.250.184.234:443 tcp
NL 142.251.36.10:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:15

Platform

android-x64-arm64-20220823-en

Max time kernel

2476930s

Max time network

120s

Command Line

com.oSiNT.Dev

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo0 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo1 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo2 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo3 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo4 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo5 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo6 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo7 N/A N/A
N/A /storage/emulated/0/sysdata/sysinfo7 N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

com.oSiNT.Dev

ping -c 1 -W 15 soon-lp.at.ply.gg

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 soon-lp.at.ply.gg udp
US 209.25.141.181:17209 soon-lp.at.ply.gg tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 216.58.214.13:443 accounts.google.com tcp
US 1.1.1.1:53 rwoxynleo udp
US 1.1.1.1:53 ynmcieixlloplnr udp
US 1.1.1.1:53 glgnlbnzuzsajjy udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 glgnlbnzuzsajjy udp
US 1.1.1.1:53 rwoxynleo udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 209.25.141.181:17209 soon-lp.at.ply.gg tcp
US 1.1.1.1:53 181.141.25.209.in-addr.arpa udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.36.3:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp

Files

/data/user/0/com.oSiNT.Dev/shared_prefs/com.oSiNT.Dev.xml

MD5 e0ae18ee51f8080061f538d00a4a2b1f
SHA1 b39e93a0da5a827e9154142070e5eb93eb2a6314
SHA256 cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee
SHA512 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e

/data/user/0/com.oSiNT.Dev/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.oSiNT.Dev/app_webview/webview_data.lock

MD5 0705205794426ef9aff1e9dbd55f1da1
SHA1 b68d545a19dd87c92ca43486a845ec4b8b0451be
SHA256 837d3104628981f7d0de4059c4c1eec0d135880ee35ffe31ce389a9f09ae3687
SHA512 181f01da0ff183700f93a96a3247103109ae9d4439ffcae329d263f44469bde8da5212dccb090975670c2a185977e4f0e2617e567d5d416a2779635a0bf549d6

/data/user/0/com.oSiNT.Dev/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.oSiNT.Dev/app_webview/Default/Web Data-journal

MD5 fe4c594a7c0bc1d7760c3bf887da0b2c
SHA1 5ab5301fed0fb2c68f9bb997d69457f289a496a2
SHA256 39f7098552f3a433584040938cc0386e16a96da84d906899483a4321f3ea298d
SHA512 bc3bc7aa16c3d503bd6e5ecf796bbad01532938066accd2ebd43730b3d340fbc24fa0e36357b75d277f6227f068009d33004b2869ba4593a630b7c984a86773d

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.oSiNT.Dev/app_webview/Default/GPUCache/index-dir/temp-index

MD5 b8154e0c63bd977330326bb39fb8c06b
SHA1 1237f61aafd0ab7efb882757a03b3680fc746fae
SHA256 af2c7bdee0183d2e0f892d49b10d0d77e92380c6abc40c23963d302666400c25
SHA512 07e7b4dc00fb7efe98711bd5190480a1b655e7d7948cdbd0d446afbb109f57b2b49f988daf8f4e2b1848635b78ebd89c9fef0b1ef18adb840d778a9cc91017d8

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 7acedc425c71754c2f2e1ed0f7cb1174
SHA1 421142c73f9adc39a2fde83262e648da7e4ae136
SHA256 8e5377f0d14e9b22fb5ffebaa7378e747de04992263eb079da478b221f799487
SHA512 c6996a5fcda0f6eb25a7e0f51d26dc4b3775e519c43a97177f52006fcefdcb1764d567266dab285a35b79b806c18be3a227952be2c38d34b15232346dd0b1ac5

/data/user/0/com.oSiNT.Dev/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 274cc1580357c74c28207c2c09ee82c5
SHA1 8a308daf19e611a73c203a14af8fe21314e32290
SHA256 80ea67d6f9832dfc5d5cc498d37a8ce284db186f21e9dcf7029376827e249f1c
SHA512 c3ee638eb93a3332e7407e2410963e905cc1f9a583ff3e85193e877c9397fe2a73ed41dbfaba48b26186010bc715cd06a411a5f0de4c8e72c061013429964685

/data/user/0/com.oSiNT.Dev/cache/WebView/Crashpad/settings.dat

MD5 fda734c7c8626a8de8dd12cfabde57f8
SHA1 3c3344c5c6a4c6017ca1f949749a3ce184fae13a
SHA256 fd3ace99c81350b04b68a1fbcea0ce098c668134d3a31fbdab0bf41695a5247e
SHA512 1a5ae52683a34728bc697a1018e5a08a311b1dd8f39831151a666e738877c3fb809d608104d11b878b3784f7cf55c573f166519a3ed5caa873910b21201e964b

/data/user/0/com.oSiNT.Dev/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo0

MD5 effbc10b41f027e5c2130835d524c99d
SHA1 affb65361d7a36d00e402ad869696578b5ac3259
SHA256 566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84
SHA512 b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

/storage/emulated/0/sysdata/sysinfo1

MD5 3748dfbaeae0d43d38471f14e4321dcd
SHA1 a5a6dcb2e325479cb25a44cb66216e09a843666c
SHA256 4830f1d48d41c7725686901a2d4f93a8ea722f6160dfecc6815ac85598e361db
SHA512 bde4b86489abafb3a5aff955ce232367044b6fdf106ea02847c3dbd78e49a02dd7c63bf82c26a3b630962aad16a877ece85af74608909a37a89b0591e012625c

/storage/emulated/0/sysdata/sysinfo1

MD5 514d884ca8bb12d1b8f440f3e64c3f9f
SHA1 6242b72c85ce2a287e95fb2522afe1f559b277aa
SHA256 5a9b87d66daf4ad4791d980d9c3270c7806bc18c89e323472a500fb8ebfefc5e
SHA512 c18018ecb5742753f72dbe369c6f21b391b514a3d0dda2ef404cd53be299c42f3c774c7bec085d7c5713d42cf0fdb2f9e629d6cf5d635d3ca9271147e8420ac2

/storage/emulated/0/Config/sys/apps/log/log-2023-06-07.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo2

MD5 a6fcd52b6b66cecf6862b4f36341bc04
SHA1 8b21ceb4d264f40cf7da42ce630c991a0eea4090
SHA256 47bb8e56ea3c98e4a3a8b1e557e8b8d7683683e6657df223907b7c1ef085018f
SHA512 90ed714810ad62ef12e861506814f595db1c407aa5d2ee659e0bf5fb67cc1d8bcfc5bd776c82ea7fc0e6cdb21e25e4fc0399e90bfdf666a2296769bdfb0efce9

/storage/emulated/0/sysdata/sysinfo2

MD5 6b2bac966edac0048bac4336dd7ffdab
SHA1 4fa290b1ae3d09a70f29e05ac33701a937307a29
SHA256 9a0285c31c82617f5d5823210791ab57fa29c92ca8107b0fa0e7a7a35be96af8
SHA512 758a90200d4f08c263d52c931a2cdc9ce066d87c89f786e04b56cc90bdfce7918001db0349e7a037c5e79a7eeb9d3f6e43c661d37c0cdda43f7bf2853d63f4e2

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo3

MD5 9506c5cbfc8e3e59fe9b9d52bea1ddd9
SHA1 b7ff5d775666cd07120ea14569dc00527cc53d1f
SHA256 725cce101997a2608c3a1b51de805caa6cfd7f9c8c84420d4b68135227b49edc
SHA512 44445051d25ab0188ec7233c97680a279c2d717a436966d8cd90153747a7dfafb7d39c5bda72acfafdef9f674e2de500723134c08cde76d885cbeab69bca89e0

/storage/emulated/0/sysdata/sysinfo4

MD5 24187c8d4a921022947272a9803b3f41
SHA1 1620aadbdbcd4adebe67316e89e8c65d1f61b8c4
SHA256 5468034e8a0355df93f6b070a8025304900219588f6c946f4ad37ba5750a53c0
SHA512 aa1ecef797d063e091c0e149747f331b90051c007cedaee72407f0c533e25086f2a6bdcc3ea4a6686ca595ab9ef577ef11bcd14c0fc26daa5f8f76ab513a3978

/storage/emulated/0/sysdata/sysinfo4

MD5 36d7729b8cc8ace6afcc472b3f1220db
SHA1 3f1d7cb1dd721cad2cf955303872e3bec883968e
SHA256 58d71a9c91d09e4a5e3cbf4c543daf97e8f2ce31295efb6547d3eb535bd9a148
SHA512 e98135aee684654d62bccac9014d8d15b6d1cddcf303aef10c31d9352ed3fde35c922341ce5d7245e38d8d53c022ecb7953a59632873915af211df90784fa621

/data/user/0/com.oSiNT.Dev/app_webview/.com.google.Chrome.2pkeLR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/storage/emulated/0/sysdata/sysinfo5

MD5 1a26c5544e9f9f82b3c020c49162764a
SHA1 3689b5b26e85472785082c3f879da9bcbba22655
SHA256 d365285ec8822cc96ffa79d9596e03bb0fef3bcff4d2cf9b890340fec6458459
SHA512 d240e89ce386672b339d8c72b64bc41106b326b4d592ad2dd4aa3ac449a8e5d4930fb705d104f0ee8831ce188e54a644fbde0d3e2da1d788f83781bbb02a5f0f

/storage/emulated/0/sysdata/sysinfo5

MD5 29b80b15673d46bfda32d7beaf2457b6
SHA1 cda13c92638243b9116d3ddeb49c792a6b5369bd
SHA256 2b111730487405bef3ad063f3bad8bcbe409fac4ee00c08ce6122b27c6298254
SHA512 1810eeb08a7fc3be4ea0648aae082cea2bca5987972d65f82bd427025fe055c4c1942f2c045a9a95cbfaa60f64d436d6528337f34602c63362ed895c0d92210c

/storage/emulated/0/sysdata/sysinfo6

MD5 42602d32a96f59366c36ca9dac5ce28d
SHA1 9690c0c6510cb5c7be9182d41dad381a1262065b
SHA256 e15552b3ab0824370ff36e1ee461251d72fef39ab75722a56064259049370b3e
SHA512 ded18e20f4b4353ee5e65f96a0d8297dc1f7f5802a18332de7fa3aaf6f4cb9b81982cb266c6779e9b1c4791aaa4eb8e04e3214b792c0a98b69a41654158684bb

/storage/emulated/0/sysdata/sysinfo6

MD5 b0fb4b4b85453c7413ce34f558dde399
SHA1 e64d0e87b0baf84cc2c7e4c4dc1cfe8adcf9376f
SHA256 ad712097c583f970a7490dcd56f6c85fb3398dc6a5922b8477617fb741385eb0
SHA512 a02ddb7cccd7a820f059c9aa0869d1258d6cd4e1772dbda41d50c967f0da934223d304c4d4ec914b2dfc6b3fb0edbc40b45b2bce68915a312dc0140358dfd036

/storage/emulated/0/sysdata/sysinfo7

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo7

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/storage/emulated/0/sysdata/sysinfo7

MD5 9c6503eafa45558f1eb5f125c542bb0f
SHA1 c8b67c7a056b96a7916fc97a597bff934e972fb0
SHA256 7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4
SHA512 8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

/data/user/0/com.oSiNT.Dev/shared_prefs/com.oSiNT.Dev.xml

MD5 46888c204e6c26269780e78b1b455af7
SHA1 874c2ecadd1225b3724116fc4a4d984f577a30c3
SHA256 6bedbdc28529338bb5605fb5edcc55907b363588194b4b9595f2f83f200adff4
SHA512 b88d9d8bc9fd1108924fcd638c5a7fa97376015bd882a91aefe16874b8debc46a79ec5de7c39da2f62a4c43bb8cc032d1b4ebb287163073cf1b35bcfe1989350

/data/user/0/com.oSiNT.Dev/shared_prefs/com.oSiNT.Dev.xml

MD5 40491f750d40e8f82cb69f01df4c9026
SHA1 f9d30149b6f1a680265d0907d0913f91de56e3ba
SHA256 0e8f455d051d7eb17e79e7700666cc8cf8ef44b41b01ea4ae3e49a041828c2fb
SHA512 d95ed618c4b9c541c71daac6394bb0a779a776c76cd1a51ed2b98981484a1a5319da7c3a254f9eb6edccceb81755f6b676f8a2b19181f199975cb4c9dc393b26

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/LOG

MD5 eace25c932afbe465a73cc1c5e53afee
SHA1 456bede25598560008f3449d67d371ef398c32e0
SHA256 30a2ded5f738c9aa244c7a851975a89ced02ce7e2d6b68ba259b0876d90dd92a
SHA512 4a615b9ab1387142a72d256267d2892c95cdad05feb9bca2283ee0f185e309bb64d3201e767770c6b2e7c439cbae5caaaec72d827b5e51c44f9b52129eadaca2

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.oSiNT.Dev/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Analysis: behavioral4

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

14s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 142.250.184.234:443 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
DE 142.250.184.234:443 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

12s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-06-07 02:12

Reported

2023-06-07 02:13

Platform

android-x64-arm64-20220823-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.39.106:80 play.googleapis.com tcp
NL 142.250.179.138:80 play.googleapis.com tcp

Files

N/A