Malware Analysis Report

2024-10-19 13:03

Sample ID 230622-hqk1qaec4s
Target 849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5.apk
SHA256 849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5
Tags
hook evasion infostealer ransomware rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5

Threat Level: Known bad

The file 849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5.apk was found to be: Known bad.

Malicious Activity Summary

hook evasion infostealer ransomware rat trojan stealth

Hook

Renames multiple (234) files with added filename extension

Renames multiple (140) files with added filename extension

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-06-22 06:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x86-arm-20230621-en

Max time network

24s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-arm64-20230621-en

Max time network

29s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 172.217.168.202:443 tcp
DE 172.217.23.206:443 tcp
DE 172.217.23.206:443 tcp
DE 172.217.23.206:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x86-arm-20230621-en

Max time network

23s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-arm64-20230621-en

Max time network

27s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.138:80 play.googleapis.com tcp
NL 142.250.179.174:443 tcp
NL 142.250.179.174:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time network

28s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time network

28s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 g.tenor.com udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time network

24s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.130:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-arm64-20230621-en

Max time network

26s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time network

26s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:59

Platform

android-x86-arm-20230621-en

Max time kernel

3789971s

Max time network

177s

Command Line

com.dekezumepome.deyecite

Signatures

Hook

rat trojan infostealer hook

Renames multiple (140) files with added filename extension

ransomware

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json N/A N/A
N/A /data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.dekezumepome.deyecite

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/x86/CHw.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
NL 216.58.214.2:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 chromefeedcontentsuggestions-pa.googleapis.com udp
NL 172.217.168.234:443 chromefeedcontentsuggestions-pa.googleapis.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 157.240.251.9:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
NL 172.217.168.206:443 m.youtube.com tcp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
NL 87.248.116.12:443 s.yimg.com tcp
US 1.1.1.1:53 www.instagram.com udp
NL 157.240.247.174:443 www.instagram.com tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
NL 216.58.214.14:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 t0.gstatic.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
NL 104.97.14.219:80 a.espncdn.com tcp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 t0.gstatic.com udp
US 1.1.1.1:53 heqnasrr udp
US 1.1.1.1:53 embdnjrnxenrlj udp
US 1.1.1.1:53 wrfbgqzrxwwwewb udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 18.65.35.175:443 images-na.ssl-images-amazon.com tcp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 93.184.221.225:443 ir.ebaystatic.com tcp
US 1.1.1.1:53 t0.gstatic.com udp
NL 142.250.179.196:443 t0.gstatic.com tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
NL 157.240.247.174:443 www.instagram.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
NL 142.251.39.106:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 static.cdninstagram.com udp
NL 157.240.247.63:443 static.cdninstagram.com tcp
NL 157.240.247.63:443 static.cdninstagram.com tcp
NL 157.240.247.63:443 static.cdninstagram.com tcp
NL 157.240.247.63:443 static.cdninstagram.com tcp
NL 157.240.247.63:443 static.cdninstagram.com tcp
NL 157.240.247.63:443 static.cdninstagram.com tcp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 en.m.wikipedia.org udp
NL 91.198.174.192:443 en.m.wikipedia.org tcp
US 1.1.1.1:53 www.facebook.com udp
NL 157.240.247.63:443 static.cdninstagram.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp

Files

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 21672f1a63abf2641d367d27ae8a2ef3
SHA1 4d402ab52e8c987bf876a0b8a2e24112032bcc1b
SHA256 e71046d6e6c9657a27f483c55c84762daa544f36d2a98acd118d1ffdcf9fffb5
SHA512 945c9ec8627e657e15eacf4fc804b8ece90fafee5ac5d3611e82e9e2629f4c8d7476bcf3723747812301ef19ab366e10be1b669074e17226c713dc5b56c4988c

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/x86/CHw.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/x86/CHw.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 3e37214a8dcb0a66ac8c147b7ab1c0e4
SHA1 9c777385a33bd871dc1d044985b44e673a7a9633
SHA256 8e64678e1b935f9c316d939ba016a1aa6e7b603432ba3b5326c329a2e089ce83
SHA512 877a7ea90ee28e0a293c9ba9996bca8c2f667784436e5ef8ac73486041e5e58331a29e293476359142ab5d74896704d59f543d18ae4aa4db1ddf0170f13e9ae7

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 c4733b6fae3ef6f2e77a24172bf4e9f1
SHA1 19624390cb460f5fdedf75c1e3eaf8c0091ed2b3
SHA256 31b9e07369af2c7db02483ba77fdda08017ad5789e8887b61dfe10a2a092f842
SHA512 f994584a1113574327f090551eeef35ceea2e1f633ffe85c271bfbf478ed672c7f656b5b9a0c1a3ce531b8e24ebacf7710546240cb20a8a66c54ca1c0f23994f

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/CHw.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-journal

MD5 89add3f22e1e4970956fdf35e799949f
SHA1 0faa8c5d046a274b85f15e79f0a7c4e3a178d318
SHA256 aa9b9c74367bf61f7c789d7bea80d47fe3a8fd53c5e40b4e9f1b9b0e185537f9
SHA512 e5a382857724d552a549779334021693cc6b8f97dc482a48697233375242a1ededd5dc98cd1190dde573fa3ce5d28fa08558b42ca35617b12a6ae7900966016f

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal

MD5 932da6b090b4bc996c6b95e049ecb878
SHA1 d4b49f159fa78663e504c2908f4e34141352c78b
SHA256 8ed8c8c2eb8a7d505868a49400d9f38538ffc2d090f9223adabc2aa3e745caef
SHA512 4fc6474a0a8ae36257c3aae19b60a5ec051fc21cf31dd510bddd2a1d61260c9fd5d0f8b4fd20b2dbe638c5468b40310fb2af1119476f40cbcd9a1176404b7bb0

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.dekezumepome.deyecite/shared_prefs/settings.xml

MD5 f8bdc04912eb3db8c209c12532aa4591
SHA1 02a8902131d9156b4ec30974580ad083b7d52a84
SHA256 b975dd690c4028dba6fbf2faf0e940d46ea0dc458acbc24eafe74e9d5b75d19a
SHA512 08aa271eb341ba240b088f2209c387d3f8796956a6220ddab34824e251fc33c691db70144710146a9e05675e7354d1b070727d4a76aa3f88b71aad233ebb1101

/data/user/0/com.dekezumepome.deyecite/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.dekezumepome.deyecite/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.dekezumepome.deyecite/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_webview/metrics_guid

MD5 5b073ab846549035c82b31f6138760b3
SHA1 85f75604b4d75d6f35e4ce0eb893b9cf8609419b
SHA256 7765a1a4879a8b423275083c871739914bb74214ecbde0c3eac0702608d06f03
SHA512 5ed23fc5a1ecdcc0193f0e546893ea260502fa92fe6c35f3ef1c19eae9729ffecf64ccccd74bdeaa1dcef5b56e9a48e111c5c654741a87e88c6375bba8d99e26

/data/user/0/com.dekezumepome.deyecite/app_webview/Web Data-journal

MD5 c9b3de7ba5d3e6e0e4d19c5e05223779
SHA1 a9c1962a7010f607bd28e9c59a113239071b3f65
SHA256 05bcd6f84da8ed02adcfc49e83fb9acf3492c6651f431a5037bdd3d593f18ba0
SHA512 cad193d4cf0b041aa57da399052046908cd947aaae96593e75108f5c8255387dcc340dc5e1cd44c433540ff728426a48e6a5632107c871b8e835281d5fee9bd1

/data/user/0/com.dekezumepome.deyecite/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.dekezumepome.deyecite/app_webview/GPUCache/index-dir/temp-index

MD5 27b546823c1d5fc9d78136ae121424c5
SHA1 33e20b36a3e70b73b9c6c5c64f75866dd6c8f5b7
SHA256 00eb1b27d7b87663ae46a032e7d7519f8de834979d477c3e5314dac0bad8dbd9
SHA512 d2c4a67537978da3a8de745998094f2ed3364957859c4c16ebe39b7a4de59a9ab797cbfdfe71f273865da15af3d30c2a0646d3b804698b9ba909b62ac09f7cf3

/data/user/0/com.dekezumepome.deyecite/app_webview/GPUCache/index-dir/temp-index

MD5 3ac422798c71a40aac8e71a17882ef22
SHA1 9150c5320dffb3293d67505deff1e750aa3ae7d4
SHA256 7c0453a5c942bfed94084c77c8e355c192052325d689fec24764649f4adcf1c3
SHA512 d8184b686e239610a5e4aaee5df84572ad4fa918a9654e4937b13d9c39050508738e32b62327b32d5e17eca17bd7ba36a811dddb9cd3551cae7e255ed1b58937

Analysis: behavioral4

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x86-arm-20230621-en

Max time network

22s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 216.58.214.2:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-arm64-20230621-en

Max time network

30s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time network

29s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 216.58.214.10:443 tcp
US 1.1.1.1:53 g.tenor.com udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x86-arm-20230621-en

Max time network

23s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-20230621-en

Max time kernel

3789833s

Max time network

38s

Command Line

com.dekezumepome.deyecite

Signatures

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json N/A N/A

Reads information about phone network operator.

Processes

com.dekezumepome.deyecite

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 21672f1a63abf2641d367d27ae8a2ef3
SHA1 4d402ab52e8c987bf876a0b8a2e24112032bcc1b
SHA256 e71046d6e6c9657a27f483c55c84762daa544f36d2a98acd118d1ffdcf9fffb5
SHA512 945c9ec8627e657e15eacf4fc804b8ece90fafee5ac5d3611e82e9e2629f4c8d7476bcf3723747812301ef19ab366e10be1b669074e17226c713dc5b56c4988c

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 3e37214a8dcb0a66ac8c147b7ab1c0e4
SHA1 9c777385a33bd871dc1d044985b44e673a7a9633
SHA256 8e64678e1b935f9c316d939ba016a1aa6e7b603432ba3b5326c329a2e089ce83
SHA512 877a7ea90ee28e0a293c9ba9996bca8c2f667784436e5ef8ac73486041e5e58331a29e293476359142ab5d74896704d59f543d18ae4aa4db1ddf0170f13e9ae7

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/CHw.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-journal

MD5 d9abf11980fcae6cbb77859abd9e513f
SHA1 6ac56f8a23d1dda83511f87d04fdfa736306e41f
SHA256 ecffbcc58e5163ad6ee177b067aca82e540fcfa2a3fb159f0b3464bf96743151
SHA512 caeba36a0f849f956c07a13fc2de627116535013e1f8e89ea7f89d94db01eca69db40f69463a1fdd07460c06bdc83e58b4e0e97b2c49040d97a4a83a4542ba72

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal

MD5 952667380eb3f89680dcd64c96ffce8d
SHA1 874c39bba00462a54029726f019f66f00b4eea18
SHA256 362742b500ba6f3262cedec90ed83a86afe380fc557bb84509d7dfebe1963b64
SHA512 6f74dec6cc7716cb8a88e5cc961c91d6657301e68f30dbf07894db718ae02c37dda481173713586808343504eb63300835e62df78e3807d8e9273d23d0521a9a

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.dekezumepome.deyecite/shared_prefs/settings.xml

MD5 f8bdc04912eb3db8c209c12532aa4591
SHA1 02a8902131d9156b4ec30974580ad083b7d52a84
SHA256 b975dd690c4028dba6fbf2faf0e940d46ea0dc458acbc24eafe74e9d5b75d19a
SHA512 08aa271eb341ba240b088f2209c387d3f8796956a6220ddab34824e251fc33c691db70144710146a9e05675e7354d1b070727d4a76aa3f88b71aad233ebb1101

Analysis: behavioral3

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:59

Platform

android-x64-arm64-20230621-en

Max time kernel

3789970s

Max time network

183s

Command Line

com.dekezumepome.deyecite

Signatures

Hook

rat trojan infostealer hook

Renames multiple (234) files with added filename extension

ransomware

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dekezumepome.deyecite

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 172.217.168.200:443 ssl.google-analytics.com tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.39.109:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
DE 172.217.23.205:443 accounts.google.com tcp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 lipvnrfbtkdb udp
US 1.1.1.1:53 ogrgommxxrzqa udp
US 1.1.1.1:53 ysctvkrgwlh udp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 lipvnrfbtkdb udp
US 1.1.1.1:53 ogrgommxxrzqa udp
US 1.1.1.1:53 ysctvkrgwlh udp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
RU 91.215.85.22:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.39.99:80 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.251.39.99:443 update.googleapis.com tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp
RU 91.215.85.22:3434 tcp

Files

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 21672f1a63abf2641d367d27ae8a2ef3
SHA1 4d402ab52e8c987bf876a0b8a2e24112032bcc1b
SHA256 e71046d6e6c9657a27f483c55c84762daa544f36d2a98acd118d1ffdcf9fffb5
SHA512 945c9ec8627e657e15eacf4fc804b8ece90fafee5ac5d3611e82e9e2629f4c8d7476bcf3723747812301ef19ab366e10be1b669074e17226c713dc5b56c4988c

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/CHw.json

MD5 3e37214a8dcb0a66ac8c147b7ab1c0e4
SHA1 9c777385a33bd871dc1d044985b44e673a7a9633
SHA256 8e64678e1b935f9c316d939ba016a1aa6e7b603432ba3b5326c329a2e089ce83
SHA512 877a7ea90ee28e0a293c9ba9996bca8c2f667784436e5ef8ac73486041e5e58331a29e293476359142ab5d74896704d59f543d18ae4aa4db1ddf0170f13e9ae7

/data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/oat/CHw.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-journal

MD5 2695d2c1f4a05b520890a882430795d5
SHA1 e3c7de422f03ce656b4e870ae269755d65e9cc1e
SHA256 f39c497ae8d66e468646a3897cbea8db24c0943dc4ecd58908b7dfc3da7916f0
SHA512 bb0916c730b6ab9399c7bc3818e439484ca7813ce9abb333d1264658eaf22cfebbccc2582817a5a16a4d93a217f42ea935d1043d4660bda1974497ec38fea83f

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal

MD5 8e4444960ac44ee62875120bb528c064
SHA1 26ad3f9b07f6d54bbbc7e041b2202fc346ae3933
SHA256 e00339ab5d8848afc6dfa720fcb78a3b11e4547cef008a2bd7c56cbd036543ae
SHA512 6db4952a3948ab114912a3b66f8b9602e8fb4a1ea9407913a7d506332af8257ca8e24ea4d6b3e1b49bd7360380d5f5dad0202e7d554233cad70b31b44904e9a4

/data/user/0/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.dekezumepome.deyecite/shared_prefs/settings.xml

MD5 f8bdc04912eb3db8c209c12532aa4591
SHA1 02a8902131d9156b4ec30974580ad083b7d52a84
SHA256 b975dd690c4028dba6fbf2faf0e940d46ea0dc458acbc24eafe74e9d5b75d19a
SHA512 08aa271eb341ba240b088f2209c387d3f8796956a6220ddab34824e251fc33c691db70144710146a9e05675e7354d1b070727d4a76aa3f88b71aad233ebb1101

/data/user/0/com.dekezumepome.deyecite/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.dekezumepome.deyecite/app_webview/webview_data.lock

MD5 dd5f6ced4ab8a2b70b852fdbb39529ad
SHA1 68c638b85ff0654be4b9a380475408d8f138dfc7
SHA256 a01fbe7ef6033978985bbde8af8aa4c1b076111c7b22a42015e82ee7bbc34be3
SHA512 36a3d9dab9c1d7babdbf7d4d93159886310be46ed27405a73c0a3b1a8a94bec95aecafde1fbb06f94423f52150d739024f3451d808a8626c17e962401b66e58f

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Web Data-journal

MD5 f031dd001962e0df05ebb51f941c3d1a
SHA1 4cc255e9f59f3deca52a8539b4d19c0f5cc5b83f
SHA256 22a43eed23c4f4ab410a3fef7c2b6d360029a3bd6b0d4586106b95ed64bf169c
SHA512 dd4de80f9ac1c73aa47d05782af08a386d03eae5285e248683a15fcc010d24bd07f3c346d29551b1f251b7ff61a8c23dfe43fb2417af3f0a636311df97ea5a46

/data/user/0/com.dekezumepome.deyecite/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dekezumepome.deyecite/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/GPUCache/index-dir/temp-index

MD5 05f124790d9d84d05407ee563085056c
SHA1 c2f94bede5d5078f98210ae5dacb504e0337b4b7
SHA256 1656d2f0ae750981281b5927f4441e6dd240b82a3e04eef6fcbf975beec540eb
SHA512 fc55f5f81e809adf1f7842139fd1a02e8e0da2cb67e8f9568046cade647448cb14c8c94124634df9ea111cc03e7a6131586dd7be0053d0b3c7d94a9ac14ce665

/data/user/0/com.dekezumepome.deyecite/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 58923f24bdcbf35fd93b29c06e5adb0a
SHA1 e27336f74eebb05cb18e8cd471c8aaa9e54dc0cb
SHA256 3071b06cff81509c7915285edec63fed5ea9b94a997c13c491c801e34681f490
SHA512 650250d26aeede322cf7f992f0c684fc72158dbe2940bb16f9022210bd21c0de8f8dd10a239914967a3c2f07e4a8bb8644cc1145016292fc36bee63173c3c524

/data/user/0/com.dekezumepome.deyecite/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 468d980e7e5672d9f74c3b83e01c805d
SHA1 3765b3d46132e7b2349e98cadd8bee9e7288fa95
SHA256 de7498e2f7d769dc4e092b3d4d31872999d918b39e5a1255ccd6f8d8b1d5a6ec
SHA512 4cea19c2a4131a92c43d7fb8970e73350a56d1d5d250c1f9082e8f9303fa5d21f8f4091497928f021bc0406e105acf07db2a05826797929f214a12247e8a6692

/data/user/0/com.dekezumepome.deyecite/cache/WebView/Crashpad/settings.dat

MD5 1bcc8d50fbe46cb59c27871435d01ba1
SHA1 d0f90a267964977de4737563c814a8bfd91ddda5
SHA256 e43b17b2f26d956c21824697b8937828ad289a976ecdafd911b1db3b4834599b
SHA512 2ddacc5296e8e24ee8d1cbd67dad549edd410854813beaeb288de7ca72f1af25c7e858441fe87d020f062e1cb9cbd26d34a1e2ad72898957dace718e067fb4e0

/data/user/0/com.dekezumepome.deyecite/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Session Storage/LOG

MD5 fbd4f5a04bf4eec5e7cbe2af8b8097e0
SHA1 8a15fde405f4f8502423edef46f9a4d27e707231
SHA256 0cbf075603afb18e0e808629897255f7f133306174752c587baa731f385af50b
SHA512 cf11ca645336fe9104d85b4c70d7551c63b569347c7c48dbdfc44ea43f9b084387d8318860a24d841d67bc5e4a2a8bb39196580b8da3c2ab1fd6b67db127cf0c

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.dekezumepome.deyecite/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.dekezumepome.deyecite/app_webview/.com.google.Chrome.ZQRCVk

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral9

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x64-arm64-20230621-en

Max time network

27s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
GB 216.58.208.110:443 android.apis.google.com tcp
NL 142.250.179.130:443 tcp
NL 142.251.36.34:443 tcp
DE 172.217.23.198:443 tcp
NL 142.250.179.130:443 tcp
NL 142.250.179.138:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-06-22 06:56

Reported

2023-06-22 06:57

Platform

android-x86-arm-20230621-en

Max time network

24s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp

Files

N/A