Analysis Overview
SHA256
c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d
Threat Level: Known bad
The file c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d.bin was found to be: Known bad.
Malicious Activity Summary
Ermac
Ermac2 payload
Hook
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Acquires the wake lock.
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
Removes a system notification.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-10-02 22:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
android-x86-arm-20230831-en
Max time kernel
4067098s
Max time network
148s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json | N/A | N/A |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/x86/ebFl.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.138:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.251.36.42:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| NL | 172.217.168.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | f49e8a788e53b7e1e054248ab571c0b1 |
| SHA1 | f5a870ef0e19e332381c3c17bdc2a8333c86e733 |
| SHA256 | 85e8aa0f6f3e5c386265aa4e7d381930102f05e25d2e64f34cc53ae77ef026cd |
| SHA512 | 0ff996ac719a0924e92dc38da15f71c1f995f82687e4dcd3a1c8786eee22f19f7083928a569d538f04500cb13112778cc5ae8e575b36048829c426ad7bcb6ea6 |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | 95a42313a143c59ccd0a59e25b4c65f7 |
| SHA1 | 48ce701e20e847a74ee6a82d7de330e0ec6a9a2f |
| SHA256 | 2e4884470436bc7d3d5f6e957ffcccd27575da27e32f4ea9548f50aa463910a9 |
| SHA512 | ab4f1efe0b4b1409a2062a4f8e9fc18146f33fb4b5d7a2c24f790fc9298894e9e3b42b0e4b4d105f53297ef19643be352892eb53a0279a807fab591434f4cbaa |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | bcced22f9ce50fbd79a55d02a81fc1be |
| SHA1 | 1f719a83fed54f6c79e05734b6b98e70310279e0 |
| SHA256 | eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3 |
| SHA512 | e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065 |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | c606ec25071927dab1e8f62707aaa23f |
| SHA1 | 04f3da363fbd9c6a2ea940449c7d4d962d7b7288 |
| SHA256 | 6b79194574e6c32b7979c028d7c34d4328713034f948dc32a5e7bb32e2835b50 |
| SHA512 | 47e9afb1cf021d7630affc28417c05f1f5e8896d8856930ed9fde923db67eaea3334c1a523a1d1401d4eec1f2a8997f8bcecaa03e7cfa9dfcb8701cde8cc2605 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | 49a3c1dfe08e84b6efe022163a9a2ad0 |
| SHA1 | b2b5e31d0469cf36c07157ea3955eb75494eddd3 |
| SHA256 | c4421050ec8d9694c6ea2ecc73413c35962b1ab213356b5d064e39e8c909b39e |
| SHA512 | bbf636c1ba4fc4cc1d5a473e2eed1cf581348a0cff1e13332c56b276208e54d06e02ad5f549b3ccdcd11f8f69da9938423dd37d8f82e71601a07b3b56f4ebff6 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 431ee91f016d86e236d3048a2f441f72 |
| SHA1 | 05a690e5af7a51c648f2621153a46dade0ea7223 |
| SHA256 | 0d4337f8a3fa0a99ec3ff74f1c786af8c0804223755a19f9a9d3b3fe447ff1c6 |
| SHA512 | 09b37d452efeeae5ab3a143bfa3b1af95d35262aa337b245537f0bcc26fcbb2a1881ae03cedad42771777fbaad360364d0653eafa42c501a3fe08c7d86d5d4b1 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | a6906299c9c9bda16bfb2dde41576c44 |
| SHA1 | ff5d04b4335f0fb78f8b77eda7f8e2e96d74c675 |
| SHA256 | bf922c887d4c870eeb6ea1d4a1d28503d53afa59264a284c302f2249bca7bfda |
| SHA512 | 56aa8ebae0e686811d1eb7dc7f95606a59844f006eb6488017197a5473d6f32ea7c7ac47a8477649b1c5aea6262da299da678258b96592ea29a611d88936a71b |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 549ea90b157fc50830d8b42a2907cf04 |
| SHA1 | 916368bd8aff06e19da0ea266f45c156633128b2 |
| SHA256 | 79a250c99b4eea450a4f28a81edc92d7e5fbfe7a02ff9cfeeb00dac500373312 |
| SHA512 | 6b2e783b29596666cb5ac293db8816bf2381c7c3b601d4879da8aa5b9f9a70d85e696986dedbf808e181f13271b165e1445ce22ff8608c0cfa34a48c0b7508cc |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/ebFl.json.cur.prof
| MD5 | 9f63b5c495728f98d94e11327a3f4a80 |
| SHA1 | 52c0b659a10b05dd628ded637d9671a8b5f59049 |
| SHA256 | 1a60572a1f13fa067ac8181e3bcae3d624d0da7319a744073301327eb1315849 |
| SHA512 | 887cfc2ebd4ba3b3bffa9e14e8d1a135f8f9c2ff6724995d3567a6737abcb6e6ae69d29235cdbd337cdca5b86f200e8e4ef87feaef607edc3181ec142952c151 |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/ebFl.json.cur.prof
| MD5 | 6cf68fe3039278b3d924e57f3b5d8f14 |
| SHA1 | 6e6464d9a48731d48674cfc5f47078177f311838 |
| SHA256 | 66f34aec507c50ea7914d5ea3211fc2e7dc333d725741956e4c035b1b76aa26b |
| SHA512 | 6006babef0be34aef2788d676ec68ffdf51b9473f0eb805e7d74ad4f71e2aaa8e0ca1f6427d58d7bb0d447d75109320c04ebaeb82bfa046cda849ebdf6908fb7 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
android-x64-20230831-en
Max time kernel
4066981s
Max time network
161s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json | N/A | N/A |
| N/A | [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json] | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.136:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | perlmp.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 142.251.39.100:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
Files
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | f49e8a788e53b7e1e054248ab571c0b1 |
| SHA1 | f5a870ef0e19e332381c3c17bdc2a8333c86e733 |
| SHA256 | 85e8aa0f6f3e5c386265aa4e7d381930102f05e25d2e64f34cc53ae77ef026cd |
| SHA512 | 0ff996ac719a0924e92dc38da15f71c1f995f82687e4dcd3a1c8786eee22f19f7083928a569d538f04500cb13112778cc5ae8e575b36048829c426ad7bcb6ea6 |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | 95a42313a143c59ccd0a59e25b4c65f7 |
| SHA1 | 48ce701e20e847a74ee6a82d7de330e0ec6a9a2f |
| SHA256 | 2e4884470436bc7d3d5f6e957ffcccd27575da27e32f4ea9548f50aa463910a9 |
| SHA512 | ab4f1efe0b4b1409a2062a4f8e9fc18146f33fb4b5d7a2c24f790fc9298894e9e3b42b0e4b4d105f53297ef19643be352892eb53a0279a807fab591434f4cbaa |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | bcced22f9ce50fbd79a55d02a81fc1be |
| SHA1 | 1f719a83fed54f6c79e05734b6b98e70310279e0 |
| SHA256 | eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3 |
| SHA512 | e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | 63598172f740023de91139da62fec662 |
| SHA1 | be35758a57d58233dbc880ee499f121bd999269b |
| SHA256 | 2b9f1ab3c87a76c886d16dd04008602c9f6190c1cf533a136dff9e5f8802f86a |
| SHA512 | a22f07b0473254bba7e69a25598b1d731ae7770d492848b77e91f17563613a694909e7d2dba15a69f1e0cb6bc7d85091dc5d5084dcb21c17129f5f24d26b9177 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 7d99810494a1701b629627f3f11711bc |
| SHA1 | 3ab599c0d474154e3f8d72e8734970a56139201f |
| SHA256 | 6ef6d32b9bbf9c5af9133a6b1b3de02821d12b17b5dee59380e1a0cab692fc79 |
| SHA512 | 2ddc85d177b2398b2ae4121fc6e05081d39ac9384189bfa6b3177409b5ebee3fcdd6a1d5bf6f8f8b57442c14f4a027ad4846f3f4969238d2abe72f2b0743b53f |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | e506d694ba12d1fa6a60ac230d3d9575 |
| SHA1 | f8b59982b5622324daf0d77e2850f992a01c309a |
| SHA256 | 38b5f0724c633e3229ab2922c0e92eddefa79e76b65482f4645808fceec5de0e |
| SHA512 | 9fd8c07254e294a971ff658297640bdf3d44d26332a894dff82c97dcf8c2da19fb3a60d32387970270600f79f669e7394b2dee02683d5db048474cc87aa750a4 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | bfb84fe7ccaf0946e099184711966a88 |
| SHA1 | 09b25aa13d5803d213e1dfdf223de8aa650ae9c6 |
| SHA256 | e85e64ba7438cd747c39de1b011c9d663b02678a6c5b467cfd272dd8704e4dbe |
| SHA512 | 7069889192deb6c78e80ccf204a84fcee0f22f7dcab44d154d6be20afdbda395d605e1a58eb39f8044fe800841bcb1049c43541b20d6fd88cde935ab21407816 |
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json]
| MD5 | bcced22f9ce50fbd79a55d02a81fc1be |
| SHA1 | 1f719a83fed54f6c79e05734b6b98e70310279e0 |
| SHA256 | eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3 |
| SHA512 | e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:04
Platform
android-x64-arm64-20230831-en
Max time kernel
4067063s
Max time network
136s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json | N/A | N/A |
| N/A | [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json] | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 172.217.168.238:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | null | udp |
Files
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | f49e8a788e53b7e1e054248ab571c0b1 |
| SHA1 | f5a870ef0e19e332381c3c17bdc2a8333c86e733 |
| SHA256 | 85e8aa0f6f3e5c386265aa4e7d381930102f05e25d2e64f34cc53ae77ef026cd |
| SHA512 | 0ff996ac719a0924e92dc38da15f71c1f995f82687e4dcd3a1c8786eee22f19f7083928a569d538f04500cb13112778cc5ae8e575b36048829c426ad7bcb6ea6 |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | 95a42313a143c59ccd0a59e25b4c65f7 |
| SHA1 | 48ce701e20e847a74ee6a82d7de330e0ec6a9a2f |
| SHA256 | 2e4884470436bc7d3d5f6e957ffcccd27575da27e32f4ea9548f50aa463910a9 |
| SHA512 | ab4f1efe0b4b1409a2062a4f8e9fc18146f33fb4b5d7a2c24f790fc9298894e9e3b42b0e4b4d105f53297ef19643be352892eb53a0279a807fab591434f4cbaa |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
| MD5 | bcced22f9ce50fbd79a55d02a81fc1be |
| SHA1 | 1f719a83fed54f6c79e05734b6b98e70310279e0 |
| SHA256 | eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3 |
| SHA512 | e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065 |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | ed4817dab93e10db32104ca6012c5bf4 |
| SHA1 | a5f62bbd3cf3a0bbf99e4cf5ca4e41ca4f739d31 |
| SHA256 | fa2bcdcf8ea29f8b5b45a4638b91a9e2d9dbe5b46d2fd5d7df1f3c62b4aa9e81 |
| SHA512 | 749c9065d630c758de4e743ed7a39aeeac7391ba97e551e944280b67613e007b5ac7edcee0b4327d2e5954eede15a544d2f8e9de88d194a5ff18b3961d79ea21 |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 9670b3fe13d203a0dc829f6353779cdd |
| SHA1 | 942a476f265d413f99ddcd44a2a3423318ad6f8e |
| SHA256 | 0be3a20aed21d37d2210a0b4642a1709bb8cf65e766048c4aefef96f101c6862 |
| SHA512 | af307285965fbf6e9e87f1514470aadc6433c40058de2c99df22a2983832ead85c840aae57538fe99954973416153637738fdff62722697ea92199de4e039dfb |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 08db7bab8c5a2d304115c2d5ef54d56a |
| SHA1 | 42065f3a20996867f945f43e0c3df4a1da3ee546 |
| SHA256 | 2535371686978b1bc43808241564ef4f27baa7f073019d552645ac5445b13c0f |
| SHA512 | 25b57a9a94067ffb0a898ff84a5f9f8cd98044926b04e5d3160bfd92c3ed2ded87552aae3ac780678423c1d4742d59403ff0ee090561a96b77365476a515d87d |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 5ca8f1611460fd587ae46792fd159fc2 |
| SHA1 | bbfb05ccd297b99702fccc94c021bf0fec0f371c |
| SHA256 | 4ade813d5ed76e99e602b93bc62fa8057d4aa33f1dcf5a89eaafb715358257c0 |
| SHA512 | ecfd434c3851546cc2f489a2ad25369ec456163fc1bbca164d8f78895bff766b57d08f930236eb90a470332c6d029caf2becff65413783c46ca9cb9d7ca3d117 |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/ebFl.json.cur.prof
| MD5 | 477c73683b0defb787e68df63c44d188 |
| SHA1 | bba7f2c32feb58633ec1d80a0f88dfc920f8b9c7 |
| SHA256 | 8f40b5809fe2409ffcf3ba0f2e1474899e322c9da2ec17e3d96bc9eac6c5dad4 |
| SHA512 | c1729ba58851aadedee7dc1b77a7a934b26fe9620cabb9a3cf57b6a54028757ea9b053a2b7dcfdfad32d39d6099a27cdc78f3a34c8f8fc9bc34a02564a777be0 |
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json]
| MD5 | bcced22f9ce50fbd79a55d02a81fc1be |
| SHA1 | 1f719a83fed54f6c79e05734b6b98e70310279e0 |
| SHA256 | eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3 |
| SHA512 | e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065 |
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
win7-20230831-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\template.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
win10v2004-20230915-en
Max time kernel
125s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |