Malware Analysis Report

2025-08-05 19:10

Sample ID 240518-vyzv3aef99
Target 55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118
SHA256 1993b9b6fa906449d07eb485a67777db766b5dee4264bb4991d9b5838938f69a
Tags
banker collection discovery evasion execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1993b9b6fa906449d07eb485a67777db766b5dee4264bb4991d9b5838938f69a

Threat Level: Likely malicious

The file 55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the contacts stored on the device.

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Reads the content of photos stored on the user's device.

Checks memory information

Queries information about the current Wi-Fi connection

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Checks if the internet connection is available

Schedules tasks to execute at a specified time

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 17:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 17:24

Reported

2024-05-18 17:27

Platform

android-x86-arm-20240514-en

Max time kernel

62s

Max time network

157s

Command Line

com.estmob.android.sendanywhere

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

com.estmob.android.sendanywhere

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 api-cms.send-anywhere.com udp
FR 18.244.28.35:443 api-cms.send-anywhere.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 api.send-anywhere.com udp
GB 142.250.180.14:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 44.224.216.28:443 api.send-anywhere.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 api-push.send-anywhere.com udp
US 35.162.238.48:443 api-push.send-anywhere.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 tghpibln udp
US 1.1.1.1:53 ghixxalngi udp
US 1.1.1.1:53 uxqgopvdsunoqe udp
GB 142.250.200.46:443 tcp
GB 142.250.180.2:443 tcp

Files

/data/data/com.estmob.android.sendanywhere/databases/main.db-journal

MD5 7080b849cd732a9a5ba6043717376d46
SHA1 1297e3a166601ca1edb9aaa10ef4450cf2d3032b
SHA256 69ba4cfdcdbeaea463f3c1a913cea9fc160e8281818d7b87a6aa7ad1d7947277
SHA512 fb32a672ebaa93b94a09d784da9e18cd97e3969374ca88c967497142642a27e6fed2f48f57ccbeca229e5275aa5bcca63a41f44bb415ebfb1d7811255bc66d1e

/data/data/com.estmob.android.sendanywhere/databases/main.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.estmob.android.sendanywhere/no_backup/com.google.InstanceId.properties

MD5 87243d0c8c31f6fbe8f8538fe8306a78
SHA1 02a6ca755c8816e23dcc5c6475d6939c9ed88a46
SHA256 140e82babfc3f3dfc374510b12253fa616c56ad266707b482c590bd47a5bd1ca
SHA512 b9d1a639c7019486cd17181528be044f42a5c80751494532d9af107859d0ac7900b9d45d3d364da7f72cd3e8d51c41b43c6b188f5609f75bce880b0817183e50

/data/data/com.estmob.android.sendanywhere/databases/main.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.estmob.android.sendanywhere/databases/main.db-wal

MD5 ebec3aa7310b49bf82fff7e27fcc36cc
SHA1 b9b5f703ee3a7ca867d83375abf7b97d1b475b45
SHA256 efd1ca2ee666b7bc736e33332a46b83f42af549fb939b6813b6e50e317e4bb36
SHA512 d40c70a359b0fb4754af2a6181c73df5ad89a23d8eeedc71e4bbd3e897e52aa51eb948120b4742ad3a979769b0a3d4be048d3c016ff758b96c2e4fc4c1402708

/data/data/com.estmob.android.sendanywhere/files/persisted_config

MD5 c59e25e4ed91c97001f53b7ae5827a1f
SHA1 2dc7493688d0569e07e5b7f40fb3ab9e205d31f8
SHA256 926bc5d1c8f2cdc869deafc405eb4cb45dbbc932fd189413d69583eae329b8f8
SHA512 12b6ec3aef530f73870e0527e44ac92f4565a4edd4fda472e9e7c0403887ee6ba5fa72d89af462318980e9b8f51199d8234c2be1fc0c1cdf712c527d78a83a73

/data/data/com.estmob.android.sendanywhere/databases/index.db-journal

MD5 4b68ebd23bca53bf25af79e12f1958c4
SHA1 6379e4fe16081eff61a20f401fa08399c9dadfd1
SHA256 784cd1f6fb78b8bd8191b95e66dde528899c757a92763e804fe4b260485b537c
SHA512 e470bfd5dd00b360f6b4eed0ace78c973961cfe938441bd78b00e4aa2a1486076304410fb65d857f3b9dcb5b2d782c697906248a9ef97a5082546ce8ffd3e458

/data/data/com.estmob.android.sendanywhere/databases/OneSignal.db-journal

MD5 6b95ad4c2c8dca596365b80afadada71
SHA1 b79165973309fcd0436583e1f544a6bcbb463382
SHA256 f8c5a34847c6d0bd15cad077ed2820baccb3b383bdb7ea2ab2fee8fdd08fb422
SHA512 2a2ea937b28e3a6bb50e946a7a58992b17491ceca13ad3d8dc40eb75a485082c43fa07fb098ef25761ebc24ea09d4d1a8a4aabb65648ace1f14ee3cb53093f4f

/data/data/com.estmob.android.sendanywhere/databases/index.db

MD5 3933241254fa9a61b2dc3fe7eb7ba9a0
SHA1 c8b23eab456dba7470a1df60c1629b07b974766d
SHA256 61cfa7821cb8d248123e50b956950a0bbc55e5858217a05e07f485b481565fc1
SHA512 580707c8a8e0cc6c82905fd23f29163d981fc49aa45baece0a91679f7b2bc1b9d2a84a3e1b7680925ab740314810c15f5d7dae4c47244473e5af273c1664f485

/data/data/com.estmob.android.sendanywhere/databases/index.db-wal

MD5 07d62d3c837b889b2acf5702a9886d75
SHA1 83643e8ea05c0e58b30c44a336bf203d0d0dcc70
SHA256 e78f671c1a95bbb0c5a1e949ac95bf1a1d53f8b4612694ff1a8d449c186a1ed0
SHA512 08ea5bd4832c758c6fb4819ab554e0c2faf2fef70ebe1167c08afe8154925bafa35198b841187411b09815a005a1a2965c2c6ae8172e67024a706b83cc7aa395

/data/data/com.estmob.android.sendanywhere/databases/OneSignal.db-wal

MD5 ac6194873e625137d65a440fff7451b5
SHA1 2588cdabed956616b46864f0d313252a851e8399
SHA256 566818aa92338cedd2c3230b4d41c9eaf918ba019fb803217be9f8598b11badd
SHA512 b285433612baac6b3a972d992a7b6c1052b285f3f7ec1c0d8eeb9bdc249c91ce70dc45e3f2ff8f97b9bfcaac7a906a8e3c2988ebf9b1b66cf7c9a1e6c1dab3c4

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 0db6e550998e2ca5d94274e9041ed452
SHA1 020a1f66531f31d417a1cd557ebf42ec99018744
SHA256 f02f7a37ec6c0ca3baa4e203c3e6456db413fdb64326bc4dd4e41153b5f2121e
SHA512 ef938deb1d96a37fc3dce3078bbb33462d720c420ba3152998f855de1e52827c69ff2072248fddd533070a0d49932ac7e181cbe05c78cec67a3db673d84b1173

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8da91df5-5d0b-4fa4-9363-a04908ee3606_1716053100956.tap

MD5 7dfb0c2cb3e60b6ff57d23f05482035b
SHA1 9f735bf7a7af972a1c277f559e3b63f44376d4dc
SHA256 98d227271aad9a7a7fd99e0c44ea56e4a7b49130d7d251d9f31f781de206964e
SHA512 6334cc1ed0bf97ea51094525b9fe9c9bb3bdb22c4282661d70fbf1f74b2acdedd8928044d095f5b186dbaeae911674284894a463a948ed97eeffa679dec12a39

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 d4e4e868b8ebc05bc6b786585f5e99e3
SHA1 d5bcacb6af33c79899c7a4e0361d6f55a55d3b5f
SHA256 1855e25871c3a84afa927ba44d296b25a1c6dec17e91be3f72cf26d94ab4d7e3
SHA512 0e24a54c034b2ba7dcadb9f300a50296614ed95aea30e404c62dc380940832eb288458da7735c4f3b8ce3273d2cee46a9616f88b1805afb0480f74cc0194578b

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.cls_temp

MD5 77424e5ce056ac4a36e627968fc07d67
SHA1 9304637f7cf49a41ac92b1048a7e6daaa98d5789
SHA256 18ba511877d5d8ac7ef9568c48f95e555e4352ed6ecac34d9326981ad2bec912
SHA512 7d939c65d5d17c70172430e00a9927538ad6df9f7f545b12240f89e3dff93c3eea0d3a7afc1250b50660ecbac202b7287e6bfdad72c28f6f1a35e06b5f9ad091

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.json

MD5 a5372b5cd907e941dc1acd507a6bed76
SHA1 d2448c14d4741f78000bdd5bae5b3c34ebe35001
SHA256 2ee6c2d0ce3fcf4aa8a1f020a9b8aeade35f84f57012edf0162a569c0ab5f250
SHA512 59b6b845fc90cd12a9ef90aca941971e31d95318148cd76d68181cda98a3fb01dda0d5a9da5d5da09105247e062aa2a439b3fa6858d0bf74d4d1e225d7f8cc64

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.cls_temp

MD5 f9c8609ba15b3f6f417a32e107d593d4
SHA1 74ccdcae0d2efb7cbfdb359f3faa0366c010dfd1
SHA256 481808b1a6659538551d2926b0c9131e9dcc6a928b884fdf1e2ac15399003711
SHA512 5e2d851aad9af0948ceb154810857d16e89fa603124f815f13f409f49c1f3de77327e43abb9769731e231d1f0f5cb90f35fdc5ade42faf9e997b4b98345596a4

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.json

MD5 eeb9f196e691d2499ff12b1571914b4b
SHA1 cec4d207b703382f07d4ecbecdf21ae3d85b2b7a
SHA256 edf045a192bf0b855ffab88a599dcbeb037a4edb70b69a9c35b99fa595f85ceb
SHA512 b777eaf78c2613e90b31d99044a7a6473ade32007d2a482c4b18fd40733a08f158a03607a734db6eb1990c522f8271e96900185e29dafaf633c2c902901bdd8b

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.cls_temp

MD5 cf9cb0612d588a1f71b63084cea67316
SHA1 3d035bb92fd3f8997160cf8025c40239af74d3ca
SHA256 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA512 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.json

MD5 75db92d50c80a89e068550028c62acec
SHA1 d78ea55f5dc682e4da456d26383249f608fe894f
SHA256 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512 dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

MD5 eee135e6127384c3fa980c70bc2c7c5d
SHA1 7442a68ad294b26046d2edbe9a3e9d6720dc7af3
SHA256 164114a7da15c860ea7e20b4d2e4211ea52794e69176860a3627bc4b525448ab
SHA512 9cdd6c6c33472525eb705b804cc86ca62930d150032fa101c53e02e9e926ac7b5bef5f2d1d85a219d7a243e9550d6a841143b2dcb8fa4900884e82d996b97a57

/data/data/com.estmob.android.sendanywhere/files/persisted_config

MD5 9064499875414ea66561e11d86808869
SHA1 d4d771421baf79f80a9a28ac738b96925542fa43
SHA256 5dccc5d942d955711813b66f26dd7f2a8509ef6831618798ebbefa7acb40b2c3
SHA512 e3f4bae36182f7a49a5ee5da709a8303eef72c39171156bb0aa8fb0994768e8af2fdbdbf2f046c01cdec3700230e72b7b6d98bf04da705f2937062bd2daecfca

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

MD5 89ec907edf0501c6b8a7d9199e76f4a3
SHA1 f8cfcb8c37c0f77fdd99165f9e5352318c5baad4
SHA256 2495e43174b19d198bdf4b3ce43a0df9edd2dbb23745f2a8509588877bee6f15
SHA512 4b0b34865d405e2fdf2d591e92b6bf7271e9c7cf817b765df9404c6b582494f12ce6b3fa1b2297db144df686cd598d44ba049408ba2c6945ad698a047cb68e7b

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

MD5 ad3e287df2f559df9c1faaf2325e326d
SHA1 fe35e22955c5e1541e6f194f0d4ec643a681a6e9
SHA256 6a3b5ecee15bca5238b806bf18d9c43c15a36cb50679030a8b5df9cf300bf397
SHA512 2e29682a5fd6181ad82287da1dd3e224fd3e6cf85f830a6d2fd0af6fa839c20acc6ead7c08665d0e540ece5305a141eba7e8d5d1b1e0944a19442d4f5f96b08f

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

MD5 a7c41969167bfdb2999be9b2fb3bc793
SHA1 aa78a036874ffff7dde3eeae7d221f21f1bfd132
SHA256 7b6d24f2fea64d37f59b3507174932aacb021a3f5069100713ee0c561ed9d308
SHA512 2f96b7b2c0ae50232a35fac2f9a8c5eed7a5e8fa7ccc1387e5dffa952645f48ce75efb9ed7244c1f202cffa4fe51a23aa6539f438842dd5325fa1812a1dfc18d

/data/data/com.estmob.android.sendanywhere/files/persisted_config

MD5 808defd560368376178c83310e1e5a5d
SHA1 45c73589729916bac0c34d3a1561abe5d5f238d1
SHA256 39d69d2b511be2f41354d8ac101d3b7bb90871521a1a59ca25027fa518d7d83e
SHA512 13b37eb069504aafe1d291cc8e3996f0cd2c22bd2c86aa6e6e6bb7341f60cd1c64e4fced18a406c389b25f9305344e6d7d723ca8921e9cfca7617b8b864ec0f1

/data/data/com.estmob.android.sendanywhere/files/AppEventsLogger.persistedevents

MD5 fc07249e6dcd63eca5ac999e3130c57a
SHA1 21dfdf869160910ebbdf67574dd084e690299789
SHA256 37a4a07f6b2674f1eceebdfd776d678b282d09b0721ec2143bfb98bd5bb34436
SHA512 23d068cbaffa098a07d3bc39487dc6001908ff5eaf4adf3831885bac8aaa9728074af0cacd20af862f609a1225efa174069cf8a1abf31fbd5c74ae5abe4f12ec

/data/data/com.estmob.android.sendanywhere/databases/assistant.db-journal

MD5 c3b6eb3d4f1ff200b361d04eb5668ed8
SHA1 e0a5e7e19186cd4eb5b3211cec169613da8a83fd
SHA256 ec653bacdcfffb02991ec382e17ced4c5c8212d4820b2fbf421b18b9aafdad8e
SHA512 9dff24e53a58151ebe0b69f9f973c9808c025220ab328803cc65003914fbd934e3e4dfab67ad8cd149bc497cccc1ff44823bdadfa3099be9b96560b96560a549

/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta

MD5 11f707856801b2698d21aa4f56678e68
SHA1 a287a83bad3f967ccc9747a9822f61cdd766559c
SHA256 c27cb9bd31659e3eede2ef1064190a1a74192452bc276b5470b1c8435cdcfa2a
SHA512 3fc5232a38ca4c08f74abd8edadcc1b73161a41815870a0400045fd28628847c687739cb23701ea39ce699f8af78ffb957a2acc831a62e2477026eec6d687a99

/data/data/com.estmob.android.sendanywhere/databases/assistant.db-wal

MD5 241d315ce4ed4140edfb8d6ae1614001
SHA1 c16c810013ff4525012d3377fc3040cc0660b53f
SHA256 57dd6f199ce98144a332a19e2467b5f316d6557264e74e922cf7046484402623
SHA512 5057b54fac95572fdcb27439b422b520ba7edf3b3ed858c79c10b7c8108d64b34b927b88f7905ff0a8d2b21949dfa085f71e00b56716e1c307deb8c2c507609d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 17:24

Reported

2024-05-18 17:27

Platform

android-x64-20240514-en

Max time kernel

153s

Max time network

150s

Command Line

com.estmob.android.sendanywhere

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.estmob.android.sendanywhere

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.estmob.android.sendanywhere/no_backup/com.google.InstanceId.properties

MD5 73dd31ae74c3ccdea370571aecbd565c
SHA1 0b76d7b6a8cb05b2c20288f121cb668e0826be6e
SHA256 3a3ff341ffdf02ab90edf2dff2c76b66be0d2ba566cf68389f2cf0b2b30ea914
SHA512 3765cf6d2093870c7a0d771206ff22594c73f6d4cbd8431cb3430797db87c203b6a5bd80dfcd7771b322edbd0f57474f66d1f215dd36111d0eca54c306cbf5c9