Malware Analysis Report

2024-10-19 13:03

Sample ID 230814-klhqxaah44
Target Update_2.apk
SHA256 08d4f2f90e1adcd801c3e3dae90e5b0680941d49e0ff426291ffb0e32868fded
Tags
ermac hook banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

08d4f2f90e1adcd801c3e3dae90e5b0680941d49e0ff426291ffb0e32868fded

Threat Level: Known bad

The file Update_2.apk was found to be: Known bad.

Malicious Activity Summary

ermac hook banker evasion infostealer ransomware rat trojan

Ermac

Ermac2 payload

Hook

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-14 08:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-14 08:41

Reported

2023-08-14 08:42

Platform

android-x86-arm-20230621-en

Max time kernel

4080406s

Max time network

34s

Command Line

com.bugomadokijowa.vokusaya

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json N/A N/A
N/A /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bugomadokijowa.vokusaya

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/x86/OlAIOFd.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 null udp

Files

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 1bbc4433156d2aa4851868d91185d1f1
SHA1 34d77f845846210fe53fd6e0a4c3ac4ed623ccaa
SHA256 e594d7411adae93edac426b94f6fe467b735636c309822607e209d923a703057
SHA512 39aeea849058d849689a45d1ad71a90e599eefd88261ca880a12e873e3faa49d7b30e2c7bfff317f124cf809c3624167c62c477225fa6931f45c048cff550605

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/x86/OlAIOFd.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/x86/OlAIOFd.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 e5655b6086c37472ba5e4d6875a46632
SHA1 278e74bd60c8682c8dd06ecf349f61fab3d07977
SHA256 1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944
SHA512 9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 ece6b1b68bf8eccaeb64b229512765ae
SHA1 f8bcb69195ba4ae7931d0fd1ecfeaae59010f138
SHA256 5dd101692ebce126173a6aa0b6e78a435bdb220647cdf93f44820f4d96473cfa
SHA512 abfc0141bd86dac6182056f9573ba96a90414d08800bf86a59dfe39f2cb09ae787dbfdf47846f65d34ab618fa702ac23c5828dfce6348df03a77e6bb991dd65f

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/OlAIOFd.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-journal

MD5 acc4e82d437be4628bda01c1a41593ad
SHA1 d4bee48dce39c1479a413015ecc5f044ad0227ce
SHA256 1f2251ad22c99cd55fc8cca50cd4e82e31974411f7857685c5884f7d64d3fd74
SHA512 e62313f6139fc36696a31c5e735e29caf855eb293fe7506feb49580434fb06faa6762ece699198960a852e4f7f6f55ff4a7ad7f1005da3ab0868d65d5f7eb1b7

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-wal

MD5 8426854feb9f9dc270869dda8e176e3d
SHA1 072fa233169f72e968a95d7ca501b5341677bae6
SHA256 738998773b194a2c76c4de69b088fb287214752f1350b97107a4b5054425a917
SHA512 28a132edae7f8899d45b47aad3419946acbf91f7f230da66e26b10ed044558f2ceb1943f1e6e6b181b8d37e1756be84e54e92c08ec06248df870d9d13472af01

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/settings.xml

MD5 fb7f9d886d0a3b1205cd645b22d60ad9
SHA1 013236f02e6dd94bc90ee2791d83c7adc885dd26
SHA256 bfc4f62e4351eaa78f0c20c2ef357bd4eaa3cd35441142ebc098a2b704198c52
SHA512 940b6596af3684104ac3d11612e261d6036d716f9c9cb13c62c58dc86ba0254cf72598d691d73800655cdd5647e9e0b3abec4e6db89e5a76e8a8ea4a94cf9f9f

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/metrics_guid

MD5 14a41f1843e8a71bf70c4abf966297b9
SHA1 dea1c65d838b371d2c8a753649141dcb39b839fe
SHA256 d3f48e63274c69c52b1db4ae15c224314d5a60398fe0a5db4f0537b6afcaa234
SHA512 4ba7a9f5f2ff09edcb31eab24693150e401b23ac892d0f9b6897945f85d0d85ecbb4c488e71408c26c62f6dab904aabd91a1b1c6a689df66aaa863426815e843

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data-journal

MD5 019c14a9f9a1fe548619626d4ee94707
SHA1 a658ca8b2556195b4fb0cb4fe9609702b2720c58
SHA256 1941976f07efff0e389f624feb6993c920bfa72722ddb3452f6d3b2970aee315
SHA512 813fb7af9e285c2ae2f43673c40543402d97329559db50770ec05527a0720e3105714ed7b91ba4097270b04aa67345192afc3f16559feb347659c9b2ec840c89

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index-dir/temp-index

MD5 adb27ff16c2e15ab50d896eb697346c7
SHA1 a73884b88f54aa3dc45cebc57e90aab3a472fd67
SHA256 dc549566d14c12577443350919daf601305235ae58153db74a6d2b5b075b6bb7
SHA512 0767744e3bfcabf60bac43d4f4f3af57f0b935fd3ab9ac5a22f43d56e5fe4a6296aefd4e28b9cbf7ddf275ae5ca8009c9c3d31c1ea801a90af82ff9fbc1f18e1

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index-dir/temp-index

MD5 d6a464178796e16bba33d49edb91a29d
SHA1 c7f8feafbe522f534083994a2cd2d0dfbad1efd0
SHA256 5ec5c97fc513836b14512c8a7e61fe63ee89076ac3e2aafd45192b033c3b066c
SHA512 1b5eed386dc6c5316ff43ced6d3e87e3b1fd25c7206437509a6fbce6b661f274e553ba990bf098474656448558208b3f0cab2fa328956a731693616ef6dfb5a9

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-14 08:41

Reported

2023-08-14 08:42

Platform

android-x64-20230621-en

Max time kernel

4080410s

Max time network

37s

Command Line

com.bugomadokijowa.vokusaya

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json N/A N/A
N/A [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json] N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bugomadokijowa.vokusaya

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 1bbc4433156d2aa4851868d91185d1f1
SHA1 34d77f845846210fe53fd6e0a4c3ac4ed623ccaa
SHA256 e594d7411adae93edac426b94f6fe467b735636c309822607e209d923a703057
SHA512 39aeea849058d849689a45d1ad71a90e599eefd88261ca880a12e873e3faa49d7b30e2c7bfff317f124cf809c3624167c62c477225fa6931f45c048cff550605

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 e5655b6086c37472ba5e4d6875a46632
SHA1 278e74bd60c8682c8dd06ecf349f61fab3d07977
SHA256 1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944
SHA512 9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/OlAIOFd.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-journal

MD5 792a3f474e259df599d5a919e1a98fde
SHA1 e03653a0d91295b054dbd66e1131b0aca92a2814
SHA256 535f2e73fd82b489050b3f3aee6cae73ffcf9e4d16c13b4459236087ba70fda1
SHA512 ffe87febb8c52dbd042c39b7bf49ccb38a25dabdd46bd21a3b9b5c3cdad4eea6e9e526bef320ce65b004fcd5ceb14e4a4007f49b9e71acf0bbead485b5b842d9

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-wal

MD5 767a3b70937fc0dae37a7ecfd3fad016
SHA1 d495b05baf6986c9a83b8ef6f019e6a693b5fc1b
SHA256 ddac4ce234b48f35f588768e3e8ca2179ea1681bb2dad46e4237290a950a7e3e
SHA512 31b3f4f481382d2dd0720f2d94340d6ea7a7b5097634c923f03b681586494b3693fe8047f18748dfaa8c60a8cf29de486efd070ad1a4a1270bdda1cac3768a6f

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/settings.xml

MD5 fb7f9d886d0a3b1205cd645b22d60ad9
SHA1 013236f02e6dd94bc90ee2791d83c7adc885dd26
SHA256 bfc4f62e4351eaa78f0c20c2ef357bd4eaa3cd35441142ebc098a2b704198c52
SHA512 940b6596af3684104ac3d11612e261d6036d716f9c9cb13c62c58dc86ba0254cf72598d691d73800655cdd5647e9e0b3abec4e6db89e5a76e8a8ea4a94cf9f9f

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/metrics_guid

MD5 7b70b20da01e01bf0877703aaf19829e
SHA1 6b5ab70502b47a8c0a83382e98dfa387128c23ba
SHA256 1c249c6daebcc6ede292ee583128a11e27eb99bbe34c08f27e3ade3b60290229
SHA512 d9690a0dff058f41f7c5baadb6af135779a93ae44b5baa5a079fb327ba798721519bdeb7cd9bc46f6ba23e26c79d33ec76c82edba11c90990101a48f268d35bb

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data-journal

MD5 ff9506a605f42c42cdc7a72e98597fdc
SHA1 2215a770c396372ce5416bb2b15d3505f12657c2
SHA256 9db1ac5017ec5f180407c56117e2118f62f7bfa99b3427b9e84cd8c53f18acf6
SHA512 ad7fba5da657b8bc3f229c4ba9ae9c73d9b8de9264e4ebfbc23f4e93a81d867b611c085e5486ae1b6acfbbd3e5463418f426e4d9391dff72b3701e0f4a765b03

/data/user/0/com.bugomadokijowa.vokusaya/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.bugomadokijowa.vokusaya/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 eda53d8dd833d74f83f31b005cd7594c
SHA1 8f4fb4262d2940c35204a749019be8a04a3102a3
SHA256 d598a829de68ba13f26ef08e64beb29bd2c8c6849f08cd886791e14bf7118160
SHA512 c8251233918b7f8dc8fe141ba60526c17c70680865d721f2946783c4483ac337113c5787f650743680b43db627c1d2da8cc4a8acb0e5d30e40fd30c33c8f6395

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index-dir/temp-index

MD5 8a94e5126f1c9383d66a24907b193da1
SHA1 e088d01d3cd6ef17f904f2906bc3aa16a919156d
SHA256 fd9aeb86c9b27f58de9c5ba7c26626be49734841fd010d830330dc65f7156ab0
SHA512 3ea599b59a358371ae15859e73f3f0ff72c4612b06c23aa3dd6852275423c88ab8ee61b5aa2a84abcba91cc2a5db59203f18e95c3fc2efcdde0017d3d67ad2ff

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Crashpad/settings.dat

MD5 b5043bdadcba14a3159f6f8e4c03a586
SHA1 a67b1e615adcdf0653ff197584fd685bc94861a9
SHA256 c9d835276d6444406f3365c756edb6eccf4f524f1a83a9dcb98171452d313970
SHA512 6ccf9e27059ac4cee1efa13a1a405a82ff4de8cc3abdb14ac946af6f069699a6cd1831e2d9fd18050db03c7410665f7501e9c9f26018a8f0c866e4345684382b

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/.com.google.Chrome.yxD4Pb

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json]

MD5 e5655b6086c37472ba5e4d6875a46632
SHA1 278e74bd60c8682c8dd06ecf349f61fab3d07977
SHA256 1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944
SHA512 9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

Analysis: behavioral3

Detonation Overview

Submitted

2023-08-14 08:41

Reported

2023-08-14 08:42

Platform

android-x64-arm64-20230621-en

Max time kernel

4080409s

Max time network

49s

Command Line

com.bugomadokijowa.vokusaya

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json N/A N/A
N/A [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json] N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bugomadokijowa.vokusaya

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
NL 142.250.179.202:80 play.googleapis.com tcp
NL 142.250.179.138:80 youtubei.googleapis.com tcp

Files

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 1bbc4433156d2aa4851868d91185d1f1
SHA1 34d77f845846210fe53fd6e0a4c3ac4ed623ccaa
SHA256 e594d7411adae93edac426b94f6fe467b735636c309822607e209d923a703057
SHA512 39aeea849058d849689a45d1ad71a90e599eefd88261ca880a12e873e3faa49d7b30e2c7bfff317f124cf809c3624167c62c477225fa6931f45c048cff550605

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json

MD5 e5655b6086c37472ba5e4d6875a46632
SHA1 278e74bd60c8682c8dd06ecf349f61fab3d07977
SHA256 1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944
SHA512 9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

/data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/oat/OlAIOFd.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-journal

MD5 34d7d37ffed971cf76f71d99549f4938
SHA1 38d4cda1494d40e1ec6998a291895169864cfa2c
SHA256 5699b5542aa6e1707ccec463b139d3d38de685b135cf60355f6d0baa87635d01
SHA512 c76210404c09b7475407c7ce8bca3876775067b78a05c8804facb31ad19c3c5c1dad248d70fb836ab594266f94755bff00f1ba382c22fbe684041794cfb838ce

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-wal

MD5 90e65e15d899d55c497151ae083c7816
SHA1 24073e7b155a07646de5e924704c669d9f884872
SHA256 917c4b5ef426c7a68581d9ee943c89d1122b98b59541553403aa1163125db132
SHA512 003262434bee186236f54787f68783e8506c6c3bb2357b1ab6e4fc6f8c32072645e50708f325b628ad939740d39343f1ece0ea9a1b70a010074b34643d8618b7

/data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/settings.xml

MD5 fb7f9d886d0a3b1205cd645b22d60ad9
SHA1 013236f02e6dd94bc90ee2791d83c7adc885dd26
SHA256 bfc4f62e4351eaa78f0c20c2ef357bd4eaa3cd35441142ebc098a2b704198c52
SHA512 940b6596af3684104ac3d11612e261d6036d716f9c9cb13c62c58dc86ba0254cf72598d691d73800655cdd5647e9e0b3abec4e6db89e5a76e8a8ea4a94cf9f9f

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/webview_data.lock

MD5 6183732ce589108b47dce9123dfcb011
SHA1 90e63db7659a62e73e9ce1154d763aa7a05910e0
SHA256 41a0b10e172461c23e99f8cff28855fd1e5a13bf8d14815a84ca592012fc0ec4
SHA512 6c8f5c8ce5275523f9fb5d0ea6454d3db4a2591545055b2e645b96c850e058199504e9bb28d6b88e47fda0dde83908e6ade873bc691902a856e45f84b00502df

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Web Data-journal

MD5 817aa9ac45142331971321a80c66dbbf
SHA1 a730e5ed06aaeab06c9eb1da961f297f2bc027c3
SHA256 d5461b1c4827a3daf12b9218fa1eb830bcf0ebe8a93dfacb5dae7ae3bb54a193
SHA512 4a428fe922856beb4635d00f14ef8773054b34a4459cebd37ed68f5cde5ffdeaca76ad9e417352e7da0cec03d6e47b330e2bda797c51c903b73930e23cf8401a

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/GPUCache/index-dir/temp-index

MD5 c0c0c1504cc781676310a94f9db2356a
SHA1 65bb0ea1fa33f794e67263a45bcceb3c027a1bd6
SHA256 02a217d93e7e023a0d0230e337a597207a2f887a368a5cf7bbd05689a1806424
SHA512 c998a8247df35b241ea2ef43207bdfed5071bcbfe3df6e1025545f2b9a9b76ab688a237ae6d4d3feff1cb1668f3fce2fb4115bf35666ac0a2a8590ff455dbc0b

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 6e876d19dbb66c421d37d3466fe26c12
SHA1 a7e40d8cd4bc6e93ede125bd079aee0715017c26
SHA256 fc29c1a16b29b44de164ee9a6d631d4a86cd339cdb49bf3de61fe748d6f16312
SHA512 e43f718f715d6c85e6d61632659b10712331ea81c3949daa2d67f9978703b83c437f884bb36e4202b5cedd6ea2772b098fb5069a551aef0e7f59a5956ea2dd8c

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 f18eff0cacb28fb5637d7e3a51d8367e
SHA1 aae5aca3fd2eeaee39e9446438bbef0f4ef07e38
SHA256 c7b82efdd2b8bf3dc52c79a9ed30f453708bb5ea1d069f22a3ee016c9d5ac093
SHA512 f82d8123d53910825327fdc18cff0b97dcfa11663d0a5ca52f4d2848aafcc24a6aab70235e1161f3087b18c51c8c365a64e6c2ed205b8876f6dd9b8c5e26cf7b

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Crashpad/settings.dat

MD5 dc0ccfb107c1fee218e711f8276e875d
SHA1 98c9247bc6431b4c3cecf277e2dd3fe8883b0482
SHA256 64c6b9fe58e457f70062caa0794a07fce444b03cf10a6cc21e7710f7c717cd73
SHA512 689c9b4638dcd539500bf103f0bc707c069c02096bb368e49981b893e849139ac5dcf8fb20923e23065796b09ccd8ae15653628a3f8cc788ae029d2ffabf2006

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Session Storage/LOG

MD5 b4d111a3e7f1e1f9f8c6c64b1b352dc0
SHA1 198bfa5b2cedd04d73787ec3265141f8a1dafe5e
SHA256 87aee069ccd74c3a049644e53830e114be57a263a5f45bad4fd7edad13a0ee3a
SHA512 ed783e2ba8bd7b1e7a6fc334ae19b7861d8f60f1bea652e4d2db767c887571ed7cf88bb83c27e1fa09976ceb30399e7d8a995a274760b8d8e6a6448e6e809066

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.bugomadokijowa.vokusaya/app_webview/.com.google.Chrome.wK8sa7

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json]

MD5 e5655b6086c37472ba5e4d6875a46632
SHA1 278e74bd60c8682c8dd06ecf349f61fab3d07977
SHA256 1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944
SHA512 9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8