Analysis Overview
SHA256
60a84a9c1f41257573d5c2ee96926ae56c2e7255b62526b432bff3818a95d438
Threat Level: Known bad
The file 60a84a9c1f41257573d5c2ee96926ae56c2e7255b62526b432bff3818a95d438.bin was found to be: Known bad.
Malicious Activity Summary
Ermac2 payload
Hook
Ermac
Makes use of the framework's Accessibility service.
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Requests dangerous framework permissions
Acquires the wake lock.
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
Removes a system notification.
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-10-09 22:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
android-x64-arm64-20230831-en
Max time kernel
376912s
Max time network
163s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.zeriyatetahelo.hodi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.36.46:443 | tcp | |
| NL | 142.251.36.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.168:443 | ssl.google-analytics.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp |
Files
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 853bfb626a4e20e1fddb36028d018634 |
| SHA1 | 6e536a55d87814bad019e52b20d8303e91124778 |
| SHA256 | 41d3ecbf5cba680bdf23a9d40ec2ab6c561dea6e68820a09117c62483a48da84 |
| SHA512 | 074941cc4e68a1c053dfdb664e3afbfbe5b3d731e5d547035620ce552c866b8042473224313649231a294cdfc96b7560893a26c540cb4fe74d75b4e99c484869 |
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 35e82027ddab7996192175d175ba488c |
| SHA1 | be9fa31102efffbb44d7a20dd1a8e7a4b185a2ad |
| SHA256 | edc5038411ed851fe488e54e869df9dc5a0121270b779d33e89effbcc88a0f91 |
| SHA512 | de8fdf7044f6aa5fe95f67a58c9c99b988c4f12c6acfb952bccea3fbfba7f4beee858ee9705d6e8e9e5b020258760f4b5ad177c695df7eadcde71001ad2daadc |
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 4fdb4489998b24cd1c9c6625769ec3ec |
| SHA1 | e515c55c75be675060e143fa525f770f1534ad50 |
| SHA256 | 3f1ff2d8838ded4ab4cbfdb11576185e51c8504d61bfffad0a981c050b5d9c85 |
| SHA512 | 5375341dd4f4cb146d31ddfc38dddc47e682f68267d27f2d50913cd5478778f17601327f1cb06156567f8d98a2ff37c05729f435888e6bf348db4efe437a9471 |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-journal
| MD5 | cee3c49ccdfbba5b1362c53ed76494fa |
| SHA1 | 756e93e38fb0d03a7adb6542d637d4cabea2cfd4 |
| SHA256 | a0e9301f7d07b168f1b68e2958fe9c5a70ea38acb43b3201bbf78ff8cdff799e |
| SHA512 | 86ea7e1e0c19d3792b17111843688c703b624423e7cfeed43f367177630205ad65fd81afe952917812360fec16ea20341ca3160eff47f3c55feeb20580a8cce2 |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | 8fda5fa63dfffb3ee7f767a90d115d17 |
| SHA1 | ca878208dd2e575fc4adc73cd7525ab682697f8b |
| SHA256 | 876707ae65b2611b7e875aed9e294468d5b15abd6542611f21ab978a9e030579 |
| SHA512 | c6d247275056082695e41aa2dc92be6684d27c204c969e5c33bc85ee0dc0fd1c4520765c841cf40b0ad2e24a3c46d8769864b80f2cd5205870d51eee8ac881aa |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | a2284c70b6fbb8c4aa03dffecbfaa61c |
| SHA1 | 7b9224a10c0e84fae23c2941d4bb30229f94d13b |
| SHA256 | d0290bc9ae9ee2e027c64c1232c1b38e5e85a57947964ea4b4db447b0e70257d |
| SHA512 | ddc6736b0a876c9525a28e130665ceb772224fc4a73bdd9a67d5ae917c5a48c332e1e66dd9c8a8e1d6315900644923eb3ddf1455393d6538e09c1b441a7ee378 |
/data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | df3bfc9450f0a24aa61486460007a8e2 |
| SHA1 | cb2f852f0bef5357fe5d3df44696c063309f4f6b |
| SHA256 | 6e0b3f57a431f342c36a086da0203cbccfe5b5a81cf1d04cc036678fbc76a6da |
| SHA512 | f8dcd66aade643679b7ad2031fe3283a36b6dd4cdeb5609f329121e83029e951f5c2335b64081acd6c76c255fe319fbcca2b350598c623ef4e5c612a62d5f8f4 |
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | 441e0c96f0ea2f6365b04ecd7e8bf6be |
| SHA1 | 02c1296993e24818181ac6f46cdd4073343a4708 |
| SHA256 | 8b72acdc94daf6fb3e3e62f8e4b11f47088d8afae8f6973e7c9f513d8253c90d |
| SHA512 | b2ba42f56d72d57240058df437f1b968e3a3f519f5c249d67492f05de4f48ed4f9977a76c9d036e1081baee4261802962c889eed8a5ff037745cd12f628aaf33 |
Analysis: behavioral7
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win10v2004-20230915-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-2.2.0.min.js
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
memory/1460-0-0x000002545DC40000-0x000002545DC50000-memory.dmp
memory/1460-16-0x000002545DD40000-0x000002545DD50000-memory.dmp
memory/1460-32-0x0000025466030000-0x0000025466031000-memory.dmp
memory/1460-34-0x0000025466060000-0x0000025466061000-memory.dmp
memory/1460-35-0x0000025466060000-0x0000025466061000-memory.dmp
memory/1460-36-0x0000025466170000-0x0000025466171000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
android-x86-arm-20230831-en
Max time kernel
376908s
Max time network
156s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.zeriyatetahelo.hodi
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | infinitedata-pa.googleapis.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| NL | 142.251.39.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| NL | 142.251.39.106:443 | infinitedata-pa.googleapis.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp |
Files
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 853bfb626a4e20e1fddb36028d018634 |
| SHA1 | 6e536a55d87814bad019e52b20d8303e91124778 |
| SHA256 | 41d3ecbf5cba680bdf23a9d40ec2ab6c561dea6e68820a09117c62483a48da84 |
| SHA512 | 074941cc4e68a1c053dfdb664e3afbfbe5b3d731e5d547035620ce552c866b8042473224313649231a294cdfc96b7560893a26c540cb4fe74d75b4e99c484869 |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 35e82027ddab7996192175d175ba488c |
| SHA1 | be9fa31102efffbb44d7a20dd1a8e7a4b185a2ad |
| SHA256 | edc5038411ed851fe488e54e869df9dc5a0121270b779d33e89effbcc88a0f91 |
| SHA512 | de8fdf7044f6aa5fe95f67a58c9c99b988c4f12c6acfb952bccea3fbfba7f4beee858ee9705d6e8e9e5b020258760f4b5ad177c695df7eadcde71001ad2daadc |
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 4fdb4489998b24cd1c9c6625769ec3ec |
| SHA1 | e515c55c75be675060e143fa525f770f1534ad50 |
| SHA256 | 3f1ff2d8838ded4ab4cbfdb11576185e51c8504d61bfffad0a981c050b5d9c85 |
| SHA512 | 5375341dd4f4cb146d31ddfc38dddc47e682f68267d27f2d50913cd5478778f17601327f1cb06156567f8d98a2ff37c05729f435888e6bf348db4efe437a9471 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-journal
| MD5 | 193420c65e5a90976ff0e0413848de59 |
| SHA1 | ebe0f7430b9dc770e1ca2c78e08cd783371ab5c5 |
| SHA256 | 6501408cb4216221af18abaeec77ac0262bc97e69d22c31b0067ddc96ba4bf09 |
| SHA512 | 94511d6ccb0d6c967afb3f3a6c5e26674341b6131020fc389e8cae2c2040b67f6293ca3e57a08cf3f0007d64d6950e9be58f2575b190c6834010df985c80e8c7 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | fffbb209ec8c6a0f4c44d9e83dc999c5 |
| SHA1 | 4d300a94d19947061d97cb67d7dee9147b6f30b1 |
| SHA256 | accec939f7b7f376a51f22915ceb03716616aa2af755d55bf7a5916b9abde63b |
| SHA512 | c05dad50cd1c676584061e4e5dc2bfcaad1cc9c69026e874cb3ab8f99bd95662b3e2afdf69864c744d7e39421638d5b80867039e14fb72134947011e2e1e475d |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | 8000bc3c04b4283609170daa94d8fb6b |
| SHA1 | 7b346cb637a6d54f87297b30535c40ade6b53146 |
| SHA256 | 6138eed610e227f5e2b744ec3f7c8fa472aaa4dcdac2c465079752ff8d6635b8 |
| SHA512 | dfc8392c942ead228273c607c422db27cc068c50610660daf9bb84d5486ac041cb2971e046c0b4a1151db91a784151d5aa63e0c823d43342b964ea99a430ef8c |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | f9846ab7ed8016429b6b76cbf86c6fca |
| SHA1 | e0c61c3573467959a2deaef66742938a211d36f3 |
| SHA256 | 0427124dd7a2f88e0fc22706750d3212bfd0d9c4f3225aefbbd0d41feb15ed9a |
| SHA512 | c0807d2c75e450bc1c88e5285cd9254ed5aed2c51649b49d57a1653241404d68e3ecbbdaedfbcb660d95341c820a27e791b963aa64a6aae1414481ba4d9200f3 |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | 75d1ccab8520bfabd34d4444274ea03e |
| SHA1 | f08adeb49c1d9718d3137efc845b2d1163d9298c |
| SHA256 | 09703d7d10745add74575a38296ca703f71d1b3a29c3df733b6ea9ff290da23b |
| SHA512 | 91faa42be41fdd59309a6b5caed6f6dcfc895e6b12bd14b3027fc4815c05f4f7e8f4b0e2563cf6e212f6dcbaf0893055d366be21be7b663a07db40bf5eac7a8f |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | 2fbc4b051768196ebd081846bac0be8e |
| SHA1 | 47ac2f9e7996127f07e3188928428f6fa00eef58 |
| SHA256 | 88c7e5c8b69e1151e2b3f2283ba3d574064522972659b08bff9563da7f0cfc52 |
| SHA512 | e7a00aa134949f489e4f5e2def9cf47ee62a0af7949e96b89ecd60b391f0168747e171c35c150aad7c62d815956f91c7330a8d3d13a69666c5e4eb40db0ded71 |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | 3c1247dd247a5c7e7d426e3e1f78ec17 |
| SHA1 | 2931c8a190ddda1aced4d66e47dfb1cd1b4fe2ca |
| SHA256 | 9bcc30ac5a67b06305013e234ee77652eadb18968ce783a2f3bc79ebd4216c86 |
| SHA512 | 883b802bd3ae9833c75009533e126b1cd2dde2b7ab2876e55355ea9bffaad167a06e2cd25cba60fce9904e7764c4a959eb26c5f059ae9c8c26261b83b4586b1f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
android-x64-20230831-en
Max time kernel
376906s
Max time network
159s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.zeriyatetahelo.hodi
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 216.58.214.10:80 | play.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 172.217.23.202:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.8:443 | ssl.google-analytics.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| NL | 216.58.214.10:443 | infinitedata-pa.googleapis.com | tcp |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp | |
| RU | 91.215.85.37:3434 | tcp |
Files
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 853bfb626a4e20e1fddb36028d018634 |
| SHA1 | 6e536a55d87814bad019e52b20d8303e91124778 |
| SHA256 | 41d3ecbf5cba680bdf23a9d40ec2ab6c561dea6e68820a09117c62483a48da84 |
| SHA512 | 074941cc4e68a1c053dfdb664e3afbfbe5b3d731e5d547035620ce552c866b8042473224313649231a294cdfc96b7560893a26c540cb4fe74d75b4e99c484869 |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 35e82027ddab7996192175d175ba488c |
| SHA1 | be9fa31102efffbb44d7a20dd1a8e7a4b185a2ad |
| SHA256 | edc5038411ed851fe488e54e869df9dc5a0121270b779d33e89effbcc88a0f91 |
| SHA512 | de8fdf7044f6aa5fe95f67a58c9c99b988c4f12c6acfb952bccea3fbfba7f4beee858ee9705d6e8e9e5b020258760f4b5ad177c695df7eadcde71001ad2daadc |
/data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
| MD5 | 4fdb4489998b24cd1c9c6625769ec3ec |
| SHA1 | e515c55c75be675060e143fa525f770f1534ad50 |
| SHA256 | 3f1ff2d8838ded4ab4cbfdb11576185e51c8504d61bfffad0a981c050b5d9c85 |
| SHA512 | 5375341dd4f4cb146d31ddfc38dddc47e682f68267d27f2d50913cd5478778f17601327f1cb06156567f8d98a2ff37c05729f435888e6bf348db4efe437a9471 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-journal
| MD5 | 6cc91848513937a6435071c5a520b620 |
| SHA1 | 3afadc63bb534dc911679724721bf0b057ab0794 |
| SHA256 | b764702d8a7109367e6898e63dbf7fe9e08c6a04556f294a10b780d27c958524 |
| SHA512 | feb78ce8e9e2d175f164a16bd861e1f69083fc3e866cb738ad45b0ed320d3c2d899222d6ab40f3b0f28bf3f840f843f616bde1cf7321272c107cc3341c2daec1 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | 4ead9b58cdeda19b6dc093efb9d216da |
| SHA1 | 1de1fc7956bb0bb1c5d06bae151a1e46f7a69356 |
| SHA256 | b8288570f8d0b3f540f8983ecd417dd3d2e16ca7f9d50c329f230222e696f62e |
| SHA512 | 4e95f3fadc806d5fb9d3492c407407063786463b6cfd394de7aa7f9626740f5a2123672d6e179d28538a9e17fa099b3534347f1ee09f252f02ffa7db4d83612c |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | 25a6227318bdddfdaf22f7a77d040707 |
| SHA1 | 0ddd2d4e7b09094f797a5796990f908b576038bd |
| SHA256 | b2adcaa5a7d1bab35a42a160d4fbb83d00d6296a343e9f7360644aa94ee2de66 |
| SHA512 | beb7bfc071921016c25d87472d457c9f5c317869a20d01b58f529bbb4bb2a3a846a755cefff13cf7f895bf8fefbf7f4219980e012076d66eff9c7ac7b3ef276e |
/data/data/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
| MD5 | a9f88ff9c6fbc72e011ad4c9bdbf5bd1 |
| SHA1 | 5ffbb47cdd4f4da6e126858f5c5679a739482759 |
| SHA256 | 3611c1a4b2f8a7436d28c5902e232bf848e2a7d7ebdc846806c2c50b82589731 |
| SHA512 | ea776f885bef09e4925ef2b2be8940733d08320b749ea225a956734178d22653762563118ebc0ebfe45e75b9a473c40ead062688a1e72ba8a3e936c73a5e5a77 |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | 9678d0725ede8cabff3aa6acfa68e7d7 |
| SHA1 | 3f1d7c3d151a1c0cc43aa7051c2a8a9076b7b848 |
| SHA256 | f38b2b1432eb76ad9d803a3a564a14904a88391adfd9fee0fc55c0bcddf1060e |
| SHA512 | d51022e47736cdcc87dc57581e2acad8a48fedcd447962f1861f0b62e161ef47da874bb69beeb62c1ca3f3a79d4d409fd15077e450067a9e10fb01499e0f01eb |
/data/data/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
| MD5 | e59ce670b2ec4c32acbac372b2dfafb4 |
| SHA1 | 92e557be050b3a979dd9f7fa41bb9aeafed9dad7 |
| SHA256 | 5290aae937ea61243af752eb6d2418d5896d95d675053121abc718d0c1c4c5d7 |
| SHA512 | fc4c9a647fe6fab1f56f58d0172ab51e02074588041a79e99e66cd98ae1f4ec48a669f2e3d3368a834a591ea02a2bc8ecdef0c749204a681ac8720ffe23f9570 |
Analysis: behavioral12
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
debian9-armhf-20230831-en
Max time kernel
1s
Max time network
125s
Command Line
Signatures
Processes
/tmp/libnative-filters.so
[/tmp/libnative-filters.so]
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win7-20230831-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mraid.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win7-20230831-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\core_wrapper.js
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
debian9-armhf-20230831-en
Max time kernel
1s
Max time network
126s
Command Line
Signatures
Processes
/tmp/libcrashlytics.so
[/tmp/libcrashlytics.so]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
debian9-armhf-20230831-en
Max time kernel
2s
Max time network
125s
Command Line
Signatures
Processes
/tmp/libcrashlytics-handler.so
[/tmp/libcrashlytics-handler.so]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
debian9-armhf-en-20211208
Max time kernel
2s
Max time network
126s
Command Line
Signatures
Processes
/tmp/libimagepipeline.so
[/tmp/libimagepipeline.so]
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
debian9-armhf-20230831-en
Max time kernel
1s
Max time network
126s
Command Line
Signatures
Processes
/tmp/librsjni.so
[/tmp/librsjni.so]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
4s
Max time network
112s
Command Line
Signatures
Processes
/tmp/libtoolChecker.so
[/tmp/libtoolChecker.so]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win10v2004-20230915-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mraid.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.73.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win7-20230831-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-2.2.0.min.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:03
Platform
win10v2004-20230915-en
Max time kernel
135s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\core_wrapper.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.3.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-10-09 22:00
Reported
2023-10-09 22:00
Platform
debian9-armhf-20230831-en
Max time kernel
1s
Command Line
Signatures
Processes
/tmp/libcrashlytics-trampoline.so
[/tmp/libcrashlytics-trampoline.so]