Analysis Overview
SHA256
facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219
Threat Level: Known bad
The file facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219.bin was found to be: Known bad.
Malicious Activity Summary
Ermac
Ermac2 payload
Hook
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Acquires the wake lock.
Loads dropped Dex/Jar
Reads information about phone network operator.
Removes a system notification.
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-10-02 22:01
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
win7-20230831-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\template.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
win10v2004-20230915-en
Max time kernel
91s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.208.253.8.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:04
Platform
android-x86-arm-20230831-en
Max time kernel
4067125s
Max time network
154s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| NL | 142.251.39.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| NL | 142.251.39.106:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | perlmp.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
Files
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 0d3998927c01464e76013e1ba8a98ef9 |
| SHA1 | ab9aaa1e50a5d57b06b4bccb501cec87c30aa9ac |
| SHA256 | dde9f9235f6b5b8970e0a19f309c49a38528c1ee55e0de04a3d6525f9cb46a46 |
| SHA512 | 68ffc1116a9e88d5474b020f9739125f890600db00f67bc13cf7337194954d615b41460c5188b2fa12767a0c5aac0d9cf998391710c941521335897cb9fd00fa |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | edc5bfa307ed549e2c7e6aa90b1bbf1f |
| SHA1 | f8774704320d03624867c4a158b299e73b50304a |
| SHA256 | c6828835f1bb2682771f64649456c6aa61c5223705ede469aa1ade5d46a3afd8 |
| SHA512 | b629d07fb72deaee0d2d677a99a415bf8bc9599a9baec5509df45dc5e21a4022fc360a7cdc15c9e894689bb133c1fa2a651b3cd2bc9799b211a61ab187cd65fe |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 304a506cd3c316140cba4b35174ec269 |
| SHA1 | 7d391fd95220afe1074336972cc2c8b9d770b19e |
| SHA256 | ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf |
| SHA512 | d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | ee1293e14e97dad1ba682da8177aabbd |
| SHA1 | dbe990f4adbece68403d9483903a9b370252fc37 |
| SHA256 | b1953c5270c12ddcf8c127e59ad64c1056433367fee8d788a299d3033883c4c4 |
| SHA512 | c792449cf6c795fc399d75587aa8779f13dda3a7abb54b8af177b4f09a28a31e1c9d0309606fc55dcfece3543a530ee20c52896b5b09e6e3f575cd6929524d6a |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 284bed093f82027a8a3fd54ea3723f81 |
| SHA1 | dc48a1b43a0704408759279244abb59ffeac4664 |
| SHA256 | f95a84d232aa6b6a326fac9ec78c7e5b3033c0d6432ac0b7c56ffbd49252cb70 |
| SHA512 | 7d26f85ad846e2097499526c88f07f745e576bd98e739e3222c1d0e0c5b0e347b133b5ba87c455593e377f0186197de58866569e1709af33b37ca22acbd0ff47 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | b810123721c8ca09329a09e6a3993687 |
| SHA1 | 193b7eaaa89fa9f2afaa4f5c1764e698b8f9a8d2 |
| SHA256 | c66457cd23e7291aae5e8c5fe487bc89847b04e4811bcc84bbeeae449788e1a2 |
| SHA512 | 612429a3de7b57752558c17407e75245ab3dad2aff6b74dd5a8fba9e713856acded39d988eb35902536d079a5c5daa6e7be0ed7a7d99a7c65966d5c6e0ba13b9 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 8ae94635135d72820b96d37f174a0155 |
| SHA1 | 7ab802164bc638cc93d1c4e5c2e2eac30bc264f7 |
| SHA256 | 648f5d9b9349b46cbc1c79c68f1d2e6f5757a47f2791a329a50f51b47cd376ff |
| SHA512 | b3293266493792422269d9e317b421608b10b30ba36c6a222682f80aad1dd82510e55ac8df0d4b64497379080be58978e9e080e1be8fa3e81334672bc28c19b7 |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/eoqPgaw.json.cur.prof
| MD5 | dc1ee9730499faaebfe9f9fa0d43185c |
| SHA1 | 909c7e218ee31b8b2bde5ba74852d599df2b0fb4 |
| SHA256 | 8d64a2005d1e2fed65761a4b5c88bac9abb381074a1a021e8af60dccc61b3746 |
| SHA512 | 2218c586a2ed20fc8005003e7ebed3fd0a3b5e8f3d395935239f7525b2c67fd34570736fa91eff5b50f6b5cfa6d1e4f5819977709093ab676ec77d76faeefa05 |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/eoqPgaw.json.cur.prof
| MD5 | bf37106ba49f1ffe88e23ca015b386b9 |
| SHA1 | a629902d26529ceec10385ef7395756e0ab75cfe |
| SHA256 | 320dbf57578aadbe3b69f497c616c28428355ff54eda7b6a2b4e23f329e9c680 |
| SHA512 | ebdb9a4d533a9f066c8b4ba99a04a26d828890950640e8cdd1424b7d731139a7c582f65cbfbcf3a626a592acfdba4494b58b56504d60e7f04176f56983f74434 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:03
Platform
android-x64-20230831-en
Max time kernel
4066979s
Max time network
163s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json | N/A | N/A |
| N/A | [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json] | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | null | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.251.36.42:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | perlmp.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
Files
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 0d3998927c01464e76013e1ba8a98ef9 |
| SHA1 | ab9aaa1e50a5d57b06b4bccb501cec87c30aa9ac |
| SHA256 | dde9f9235f6b5b8970e0a19f309c49a38528c1ee55e0de04a3d6525f9cb46a46 |
| SHA512 | 68ffc1116a9e88d5474b020f9739125f890600db00f67bc13cf7337194954d615b41460c5188b2fa12767a0c5aac0d9cf998391710c941521335897cb9fd00fa |
/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | edc5bfa307ed549e2c7e6aa90b1bbf1f |
| SHA1 | f8774704320d03624867c4a158b299e73b50304a |
| SHA256 | c6828835f1bb2682771f64649456c6aa61c5223705ede469aa1ade5d46a3afd8 |
| SHA512 | b629d07fb72deaee0d2d677a99a415bf8bc9599a9baec5509df45dc5e21a4022fc360a7cdc15c9e894689bb133c1fa2a651b3cd2bc9799b211a61ab187cd65fe |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 304a506cd3c316140cba4b35174ec269 |
| SHA1 | 7d391fd95220afe1074336972cc2c8b9d770b19e |
| SHA256 | ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf |
| SHA512 | d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | 946497efbf02b39dcc44ee1716a886be |
| SHA1 | a735f9be767fcb29f41a60040c846dbd660ace4c |
| SHA256 | 1a8dc45669a614cfdbf180239b5f95b607677f6fa1687e95911ad146cd288d61 |
| SHA512 | dc70bbd921c77c8d5cbcddda826593e623d8d86692675ee310e40e821882fd4f9dce5b85feed71f09c055cfc945d671271689d9d4ea9be28c0e2fb7ef1baf8f3 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | e7acbbcd01277098d3bb4e1db7330c51 |
| SHA1 | 4bc44d69961693be50f68962ebf220dd260ad5d5 |
| SHA256 | 8dd5a8ca7d3befe45ad7a91c0e587138a0841d7eb5c18bb719d55a686cfa4ee2 |
| SHA512 | 76f1d39a95713a722c95461b93e879dd4e8dadeba3c44ad1d880315b1f17e3e387893f5e353cfe54fad56ff82d8422cc64349c5a91fa9d8ce353b09850254b51 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 0958aa6b607bb17f16a01424542fd8a7 |
| SHA1 | 8138cecacff60d991674ccf841db1d1c9250d3bd |
| SHA256 | 770b3c49434071f6fd17cdd276b2e239f77bdf7cbe93e0b68d532c60ae412815 |
| SHA512 | 1664612b014aecce7fb93bacb4fabbda88ee39af80ef35ac6fa03c1bd8b34aa4088958f789e4b12bf13fa6a6889fe720b2e7e9ef8eb2f2d7e4a7dfe2246fe685 |
/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | bcc763190f00bc46cad6cafbfb8372d1 |
| SHA1 | 5d0ced238d2540392380b8b6bd51e04378d8b077 |
| SHA256 | 901f4d7c744bad1529eca7ced0680864a7bc07daa075412b915e7c7c2b8a00ed |
| SHA512 | 50f2d309b0c89c89c556ff4ba8295ef03a49a6c56d4c209d93a30103e3f6d14cd1125f1d1b30dc082f7e2dee9d24e1319c0f27976e6174d44018442b8820fe58 |
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json]
| MD5 | 304a506cd3c316140cba4b35174ec269 |
| SHA1 | 7d391fd95220afe1074336972cc2c8b9d770b19e |
| SHA256 | ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf |
| SHA512 | d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee |
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-02 22:00
Reported
2023-10-02 22:05
Platform
android-x64-arm64-20230831-en
Max time kernel
4067119s
Max time network
154s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json | N/A | N/A |
| N/A | [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json] | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.bulosinehipibe.zusu
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | null | udp |
| NL | 172.217.168.202:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | perlmp.com | udp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
| NL | 194.169.175.243:3434 | perlmp.com | tcp |
Files
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 0d3998927c01464e76013e1ba8a98ef9 |
| SHA1 | ab9aaa1e50a5d57b06b4bccb501cec87c30aa9ac |
| SHA256 | dde9f9235f6b5b8970e0a19f309c49a38528c1ee55e0de04a3d6525f9cb46a46 |
| SHA512 | 68ffc1116a9e88d5474b020f9739125f890600db00f67bc13cf7337194954d615b41460c5188b2fa12767a0c5aac0d9cf998391710c941521335897cb9fd00fa |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | edc5bfa307ed549e2c7e6aa90b1bbf1f |
| SHA1 | f8774704320d03624867c4a158b299e73b50304a |
| SHA256 | c6828835f1bb2682771f64649456c6aa61c5223705ede469aa1ade5d46a3afd8 |
| SHA512 | b629d07fb72deaee0d2d677a99a415bf8bc9599a9baec5509df45dc5e21a4022fc360a7cdc15c9e894689bb133c1fa2a651b3cd2bc9799b211a61ab187cd65fe |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
| MD5 | 304a506cd3c316140cba4b35174ec269 |
| SHA1 | 7d391fd95220afe1074336972cc2c8b9d770b19e |
| SHA256 | ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf |
| SHA512 | d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
| MD5 | fad9507c4446fa45fca0dc3c3e751a1d |
| SHA1 | cb1843511608517bf3b4d9ff3de5da898ebdf963 |
| SHA256 | 3c51906fd870d1672c186670f2209eb97c5e8e772a2a43449c25e3b3286f1d0d |
| SHA512 | 66d9d746b2f6a6c42515d636ee3c027a1b3664e4594bbf3d8a295628249c19de95f14513b98824f2c6d8ec20819fdb64866d86690b7e521377ab3e7fb849627b |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | c90d67a76d2e465661b8d99beb13a2d2 |
| SHA1 | 00abd40cf98c643aabdabb0bf4cc8463a4a4fcf8 |
| SHA256 | 6bde2c55451d4372211c44892ac82fa2c82b8c4a3dd64db297ac350c6df16f76 |
| SHA512 | 2c8406f8069b0671597ded828b78e39cbe72ce21c07e95da2589dc1680c776e718caab278e9b2699905e37e183843930fe9649bb7922454c22a5fac0d338dc7c |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 4edb2d474b6a6290a0fd313ad8c52c5a |
| SHA1 | 18d5ec1e0aca702937867f104e9dcb5f711764e0 |
| SHA256 | 813a00e0da600143ca68656c476b67665a4f0e73b6107bdac3a6dc7fb23b5f43 |
| SHA512 | ec9e883768da5fd2b6937d2917448daf38d9749e3fef465967a0d7ee8e6ce150e4fd6667ff8fd0edc15d12d531b6af100ffbe3e74432a78cc18f67a146ee7b92 |
/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
| MD5 | 0d7ab8b3ea46612d23f0f01207a485ed |
| SHA1 | 816749f6c83b7932d1456ac53008882dc3ae19f4 |
| SHA256 | f07a8ce2f29a9f534f51d27b08233e87dd93155a09189b127b174031b654810b |
| SHA512 | dbefd136e5a53ed26a3b72f43443149afa676f4a2d2d71f708375db8dbd63e33011fa1422b7d3047e5ac5c2aa60b15b9729b3b9be41cbcfa7bafc21f03d3fe2b |
/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/eoqPgaw.json.cur.prof
| MD5 | a6b6ecb215ec6b2b931ae85bf965cbcc |
| SHA1 | c1923442f5ddfa5e02ffe87f72e8ed7847c7e1c9 |
| SHA256 | f272853dc548f0609690daf4fb44485002127719ae2b83173ccdc81b5f58ac1b |
| SHA512 | 368b08287685004060bd994346faf58fb91b541cf68be96c0cffc1f8dc7b7c33a16da5a4e752d6adb1f5508c7bd4f053384ee7ebf9d87358bed4042693aa06da |
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json]
| MD5 | 304a506cd3c316140cba4b35174ec269 |
| SHA1 | 7d391fd95220afe1074336972cc2c8b9d770b19e |
| SHA256 | ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf |
| SHA512 | d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee |