Malware Analysis Report

2025-01-19 06:59

Sample ID 240522-bqhf9sfg77
Target 65802c85ecd70712ed4d040b19a80d0e_JaffaCakes118
SHA256 38946992ae547ceeccbe9282e18769f7d921d55c7b62f41a42f448c7e53983a9
Tags
discovery evasion persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

38946992ae547ceeccbe9282e18769f7d921d55c7b62f41a42f448c7e53983a9

Threat Level: Shows suspicious behavior

The file 65802c85ecd70712ed4d040b19a80d0e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Checks CPU information

Checks memory information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Checks the presence of a debugger

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 01:20

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 01:20

Reported

2024-05-22 01:24

Platform

android-x86-arm-20240514-en

Max time kernel

168s

Max time network

151s

Command Line

abnehm.app.low.carb

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Processes

abnehm.app.low.carb

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 dev.fitnotfat.de udp
US 104.21.57.56:443 dev.fitnotfat.de tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 app.fitnotfat.de udp
US 172.67.159.144:443 app.fitnotfat.de tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 d5aad8453ac1de97807c076fb38b8666
SHA1 be325e95cc64292e2c8bd0037ee2515cf3a47016
SHA256 217f9853d7cab3e4e0ff0f14cd2d7eb3f7926a34ca43c66d2224be963996e223
SHA512 d4d4f5156629f423591c08b3466f8e597c8325f58fffbf14505327a799865eac5051681b656d9f6482f7b7ab9318e22c1f689c7af2511495e899b2edb4473d39

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 9ebc3109cbd46dfc30afe322c53b9328
SHA1 c29c74e775cc7e1340b0d31cefed10e7c82c4dc9
SHA256 ddc6b71b0d6e99044d976ee702d710264836e07b1d37d483fb3cf2b267bb7884
SHA512 b754718c467cf0d7e45a210e96e6a8c4572c426f4471db8fe5382c81ab4300c7e6c81a4103936ec9e796947eab327c612268fdb88e22accdde43fbc87f4e9cb1

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-wal

MD5 509ec0d1ce0dade20edfcc813d840d3b
SHA1 1c3848b9ce00bdc1c5e77e9c0dc4a7ec60f23072
SHA256 b4bc770b26b2c36228caa9c582ccf7c85dcf38753eeb3039a5ffe9798c9f8bad
SHA512 d83f78fa4d765c1cee876637209973699cbfb7e389c20838fa0c3e62cfea204d1aec6c49778aae15a261bf6980ed98d0a4c93c9c2dcaa26d0007ef9e017746f2

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-wal

MD5 a7751f63a4ccdfe94ca813e7d0f724b5
SHA1 b02d25f23eff2dac1041197b415d4a7028537399
SHA256 c3372ec6816576de89fde291919ea39eb20569eaadc04b0713b87067bb5a8a96
SHA512 14dc9f20c7a617d0202ee4725ffc0363bf1df58d6e5bab1890582dfb1d2b78371b86ee3814a9872d08e68c0f4729ab0e0c9efa7c7ad9e744d5f76d217e510351

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 0ea367b643f440a4351d69ab82b0b34d
SHA1 24f501bfaf67381621a7db5a3a16d471bda55dda
SHA256 093d67ba0a3415207294687421fdd37cbd47f32882aaf2b08816e3fde114c5d0
SHA512 99de45d6813b81d9c70c81e07ee21bd9acb593bf8047bc4eef2e367fd0ceaf28cf4444a348c5305a07ca2cd61e80b27acb1b6921d8f0ec2e44d28ed8c870e4c9

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 022ac6bbdf78f08bcdb123173d04387d
SHA1 8579ad9e5242335739d5427a9944833c03745fd9
SHA256 14a686aefb9348e9e01db39702af08ee4cd474dfbbe8a0323c2c70cb16702874
SHA512 05f894969b44a9864b3af8ce6441f7b11e58501182c93f45baf7601797311eee021c9b94ddc04310403fbbc5b98d562e6517ff0499ca274a5fe470f7b1c5b650

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-wal

MD5 df793e8ef603bdd30d22e3c9f458d83a
SHA1 bc8c6e14afde176e279147f6a1a40e0fdf336f5e
SHA256 348aa9f78940b343d594ae92d5a60da09e54f47b867fa454351b8d16cbb10b80
SHA512 f954d25bbf18b4565aeb4d66c4e94a441cc8c15923c37a9aa9e5e478f62f5dadf728a8d34e0d9291e9a68b22cb9f984cffb36ff6735d96b143130804ccbbde67

/data/data/abnehm.app.low.carb/files/gaClientId

MD5 e53f15a0f884b00e2c96573cee07ec32
SHA1 20b26ad4c7f14b57f1a2789dd3c342b450f10049
SHA256 6af3ae6194f677b038dabc705670821d949f12ed86d1a7bf223265820943e47a
SHA512 578d4e5e47a3457bcbf686d91d6f0d3fc63397d24755a0115a137f25bdcab1b05793b2cc61a37fa185de79d9e9147730ae19539636185cdec558fa70d93abd81

/data/data/abnehm.app.low.carb/files/gaClientIdData

MD5 550aeabc11823cdec5124d424d9e9fc5
SHA1 a2efeb35a955f937b03cce425f448d43820d8b66
SHA256 671af055b3d6809c26fb1a6ef70861cb16148ec3ff5e69735f0b6eafb0a77d3c
SHA512 ab75148b6e180059b80510baa6c64b56378fe4a65c2599010cd1ffce3f4fbb98ea2b65d153f9e4260bf212a269d9ef3f23494496c1bf3686489c80318687d3a5

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-wal

MD5 d2b5f88a0d95ef73b957460985334518
SHA1 5792256076ef20fe2007c8bd73ac4ecfe60e0690
SHA256 b632afdc35dc6697f81e9512a21002b4783eb073871f5f0c86cf6282848273c3
SHA512 553b494905b66567c89f04f5b0aa273b80ecf262c79e0a367d28a615fbadf21f26ae289f0d7a1ee07feeb60d796571245a78633cadb972216918f1672fdefd77

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 06d7cc120e8fe7ebffb29168d20e710a
SHA1 fa278e2a3669003ec13f95fa6f16b642ad9d2c97
SHA256 e2bf721278e5b1692f33e8cee87019d380a9d648b7e3830f50030731c2c98f4a
SHA512 ccc280e6da5839665165d35d1af74813b034eeb24aea21e09fa342f921c0664b0b4df2b7266d83f3fe4963801a2f77b7cfd925a3d03fcaad40eeacaff9cfe21b

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-wal

MD5 e6d0f3fecd34c72516e8eab5bc16222e
SHA1 a16fa41920a373389691678cb022508e90a0be21
SHA256 8e9ccceda4830643f0942976d5d1ca00b444cf014632d87153ae506bbc0b183e
SHA512 a13048ff298855eba25f49de9b8474d5670c133db91a9989d1327fd584985e613458b07b49e280a50cdd0ce30e94d5ca73d6f13eeaa0ff6f3b9b8cfcdd4a183b

/data/data/abnehm.app.low.carb/files/AppEventsLogger.persistedsessioninfo

MD5 db72a1a17e9f80c711a359f2186e2015
SHA1 b2918ee61faa8a6a2d735eae5c562aa9b7f22e07
SHA256 dfa40d2663c0055d13a4822f505f67012d25741912258eb9f994a9ca353cb747
SHA512 23a3869283b362bae591e3229fdb2b3fc5dabe75858476d58c41adf52fa983e171e11dfdd23d709cd5b33223cec5801f1b3c21de531ec8028ddbfddfac8c21e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 01:20

Reported

2024-05-22 01:24

Platform

android-x64-20240514-en

Max time kernel

169s

Max time network

145s

Command Line

abnehm.app.low.carb

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Processes

abnehm.app.low.carb

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 dev.fitnotfat.de udp
US 1.1.1.1:53 app.fitnotfat.de udp
US 104.21.57.56:443 app.fitnotfat.de tcp
US 104.21.57.56:443 app.fitnotfat.de tcp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 c63c365e549ca67279dd1bce86d8fb86
SHA1 82e443ad415ec2a43b0245d448d1b852c459d72d
SHA256 cdbe6686b086625afb92a59e523e9985f1f082eaedd083c7cabd4637a7ace02b
SHA512 e43ece1ced652718ed3ad9985617dd63270b925af3cf1b0a1b83917db9202fc3f357ee440ecde78ca348d5f2bf2b2023f7a23e0a6877ca1c8619f349354eb5ff

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 ad35082fc6d893226de674208837fc98
SHA1 6c05cc001c06c075dc9023cca4bb1e4227d8ff23
SHA256 09e03eaac161037479784370945734291e43123e53c2236a503c70901b1a25bb
SHA512 5be97cf0435f3ffac51a9f03df2fb291c02e52b1c1cdd8f4bc9bbbef389e4f6fb3f38aad31cbde3e8179817f508fafa1311b1e9a31452a6a13ce3dc7c0eae8c3

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 60c234e6176b97750d98fef5604e5ea8
SHA1 4909963a349244da0e92b110926352acb7245182
SHA256 cc912d56073ba0c07b21a1cb61185106f9f55c4818097513167672c1d206c821
SHA512 2e5806b09245088fc59af40941a637f72d7c0fafdec6a7efe4c5cce079f1124767284666ccf2e6fa70bb4782301cd4101bd35b627f9728dc55e5d3a2cd9fe587

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 d342b3137740836263d431ca50085f0f
SHA1 44170ccc64ab634ebbc291c147ee52c254234f9b
SHA256 a67ceb1d682753f9bc71239ee5341a3a66decb8bb398a9172a671596705e7b73
SHA512 5b87d560d222037a84898b25d46dda9636c105c6e00b429806282ef3b584d6b9c0fd3038382e7646a91512a39af3fcbcbdad76f7c91f432ed7dfb5131c162ee7

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 953b903620ccb624ad649b169242d1b5
SHA1 f3fc4297988004d5955079e34324428b929fd7c0
SHA256 5027c690dae6897f250d1714ad978b252f21110af97017777d133681c375d1ea
SHA512 9b1ad439e4de9dcee3ca5cac29dd1b37269657cda3b6ba6b00c569e6c739505d6b2d560af31cfaac3dc0bf167e05219feba310aa341a3e02ffc4c0642a0cdc6c

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 46ac0a907f03ad2826cecf12ed4163c8
SHA1 fc2051f9ff34fb5addfbb040d5e344f87ca5b96e
SHA256 b1e5d3fa3dea3d17fb76f46e60af3b4c9e2baa5bd868d1127658ffc7610db129
SHA512 193c657055e134ff1940cae935e11d3c03a54db66504ec995363e4e775762238afa03148efdb1b88ca255ed7802260bacefece5f8710254adfd015239edcea5a

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 bb2b176f4e640944adb894b7111ab3db
SHA1 98ffb1d5abb012c13af1b150360a3fa2b7571670
SHA256 d9e67be8326c7bef2a83a6e0d7638b5bfa096ca7ef109226106f2bd2138082f4
SHA512 4c84214a9b6b41cb3b19a80a8bb8eeb4eef6d05a1998ab99b5acb57704636bdfc37c4181f00efd0f75c2cae77f2b3518a61f2f0c64a87556feae1a1c0b34f2f8

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 b85feedda18c19dbeb68d8d9ee57b0e1
SHA1 6f13a26477cfccbc9c9ffed1b73fb7eaaa974d94
SHA256 e0e93ac13882d59f1d1a9da82dcc40384665479f020cab9464dd04621c9c2e29
SHA512 192130680b7ef7d5c5c408f12d068c793541b8e9f0ba1786cd3844ed7e4048e5126b8eca0978ec7a9a0d8bd55bd25b26555bcbbad8c5277f695a936d4d976418

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 2a3ad9a7f972e571e7ffe5abf8dfdef3
SHA1 758d92e10a10feba661de97b23d95682be0a8b8f
SHA256 b1f50f7f71f7bab31904854e1f4ed2c453cd5fa5ac5b7eb1ac89c6139ca7508c
SHA512 4f5a4bc3a3923303948991d3a40a42ad57c294f2db5642a4e334e71aca0962f451e718ac0e6af06801c0b28e9f4e67babd19e11aae1236af59b2ed29001ed4b8

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db

MD5 57ba6fb5c16cebb2b377c4c0dc8685d5
SHA1 43592bfe128adfe08e02ba7b43ea176002ec42ab
SHA256 891682a0bbf599999c187279457c34ab477263e0ea3c6b27845bac574dd49081
SHA512 a9eef032e9f1de03fa7b4029fcdea7e86da8330956feb2362ebf82b4fde4359f004c67a7bba8c6a874448ec870894ecf4675bf7a6f6c929a3727520524a73e22

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 5c2d98e4fe4e770b64aa36b985d01f70
SHA1 881e6c849bc08ecb26b41770ce1da9549b6dac6d
SHA256 12951d00ce3761de69987d8c59ad7b3a9c1184e9e1e2cc6339a7a5e584f79de7
SHA512 5146c79070c35f36311106b930413fb83b5b532cb4572f74b46778f26def9601d738c4ea77916c84f0bbafb08cdadb1d0e7511793a4dd5b3bd775a4f6e468e2d

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 ac245488efb442a07865b5785ec7a035
SHA1 d770cb5e73c9554d9df6cb4c1853a8e2577e94f0
SHA256 dd80b5b69dc5b30fdd5c2c3587a1aaf131ae3bb35094b21a9759c6a06001b465
SHA512 bf896c70619b4378660b3e6bf20214b9cc7b864f6ee4195dbdd06fc9b03372b3db1afca342ba75df03f32fc412e01f6d3a9b346de758bc1fab1ba7394e273588

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 b1484ae733edcc7ff083621afb32108a
SHA1 fd9e758a6b44ce81a93f7f0de4a575dc70d0c810
SHA256 cafd6931e79e60becf2d20c1180c9d9f9c13424cf4951ed6bf5cfd7f6f5763de
SHA512 9cd48b91e6667994171d64b7367cbe944169b971bd5950a6a28d95b0b7e591f18258e2272bd76f47fb924615454844992f0b13551d5a36481fe79e2b715d608b

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 a33559366c3230163fbe2521a90ab043
SHA1 bba87b0f4657be6af780c14a27ade4e74e7d573e
SHA256 a49f4e66fe40db685dccfc096674bf56d780dc2f2e6e58ef4b4ea3acfa94bf7b
SHA512 6990300c466ec9b3bcf0384d656e62cfe531eea31b20b879da57ee1187b52bac041d5f0b85e4f9e107b37291e033f365e82f34b5c7c21c6a5092eab1544ecd9d

/data/data/abnehm.app.low.carb/files/gaClientId

MD5 19f3f001afa869f0c97091c7bf8f87ce
SHA1 d5d589c62006f5a8fda174810ec01a879325b335
SHA256 5d315dd24a5855ab737d3b3357ff8025cf5e432f29baca1f315ddf58040c7769
SHA512 48b2b70ed99a6dca9cabde1f726ba3d254f0ca8845b1bd06de5987c27762a0e347ae47b4241d43ceb381ffea27a478ce9ba848faffb06518b9c49164031c602b

/data/data/abnehm.app.low.carb/files/gaClientIdData

MD5 839510cfc6cd6daba25c6d686a8b7ff3
SHA1 7d2c20d1f3eca36fd998c48dbc5f0434318f85eb
SHA256 43a46ab91c3dfc2bd182c782e7910e1cff85f110218d643453010faba7f4c0d5
SHA512 1be5b46090c22194da887888a196a6d98e010f48dce461f87f98033437300006b5240a1dc5a1ea08f9c7e30bf6aa5b8fb185e88aaa1424ff25dd0340baa01809

/data/data/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 b6aa3c34b0a4805bf10250d62fdbce6b
SHA1 9e05c98ca201360c18f7e97617203baa2a523a1a
SHA256 6f5819d7bbadee48a71f1db0d6f340a924e3787927f542abccaf0d1eb4643b28
SHA512 08c4e18af65eec55fecc359e18acbb88ab11d9c09365f5e6ddb0a3129c9ba9891b5822ad4e8055e6fd4eedaf9394252c7f1663eecfc38b758ed2b70db4064da3

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 920fa42790f09d0ebd3d51921d7cfeec
SHA1 e6ffe9a6c4d72eb413ce8773168cc2a3cf118e5e
SHA256 05a76ec527d7b97a9f83de1ac2a3653263acf84fa5cbaac73433db144d0c2e9c
SHA512 9fa40e47be37defe3be983fc94bd470e693ad6c82b37c368230a60ce1c7535aa00deaf44035fdbb9bf32ee154e5b14cad578204d9e935eb221cd0cc1e8182812

/data/data/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 05089db8f2b9c1c2b115c85f55c1105e
SHA1 9dabd312c02908d7efc637c8b405787acc42fcd5
SHA256 c97d0dd720551529633ee1864b0be60453390e918f7d4f5ecff07dcb899bde0a
SHA512 ec8db49a23d5b86c95b7145b9f7de39eaaaa7fd08a915ed2655db72434330f96e6b45d54ae97b5bc554b35f0ba6a31a86a9894232e3d975f5a00a770c7d43196

/data/data/abnehm.app.low.carb/files/AppEventsLogger.persistedsessioninfo

MD5 9484454072df79028a339d6397e3b3a9
SHA1 040c0e8e0819fa2e07286220d8cc9db24c4937ed
SHA256 fa6854eee64fc3179c05e5fc75b3a5b9fc3db5e17d4b7e9747ae93d774cef5e7
SHA512 67df761f5c061c742f99af9b3561bfe0f41071bc3da6dfe50c6f2e83d881313c6bddc8182479e1307cf8df644524f469f676347b4e2f9053ac9f6b0e048847d9

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 01:20

Reported

2024-05-22 01:24

Platform

android-x64-arm64-20240514-en

Max time kernel

168s

Max time network

133s

Command Line

abnehm.app.low.carb

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Processes

abnehm.app.low.carb

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 dev.fitnotfat.de udp
US 1.1.1.1:53 app.fitnotfat.de udp
US 172.67.159.144:443 app.fitnotfat.de tcp
US 104.21.57.56:443 app.fitnotfat.de tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 4fb71c538aab66600b9b77fc8cc16492
SHA1 939f9fb98cbe54492c053e8551f5839fcf42356c
SHA256 1397c576c5cf45078d70b4a6b2894d8a2bf97314afba5bf4cdf7af54ceb886ef
SHA512 28266903188d4cf2f01e70ee2f0248bdc05712c5bcb68e5e955b897189c53fde902030b0657a9ee4bc6ea63eb835c964b55dcae2173ee4edd482b712f0381418

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 25eca3b922b272489aa70a396145acb4
SHA1 9b3c1153fd7982181f66deff07d8e5222ba50cc7
SHA256 30c7938df96236f12bbe4dfd5aa7e446504c5d7511cc8156292d54310bdf4957
SHA512 5a197e544fdc57b1caaeb693cbd5ea63eb47742f09444db70c7b67a12dd17a505e27c53dbb4976a04b9e99ed4505a4231e50497d0086e356ba57ac67bc6c6213

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 a9a811cf3da35d3ba8aba8ccd6fcf420
SHA1 f3a7f1705f8a6a147109092284f0c0f0764fc1d6
SHA256 f1b48dd7de056934df864046d8fdcdea058c5b39d6a1e56eda7c04f48617824d
SHA512 2ec3a3169ff4c7ca56668e5ea1e191cdfd532ae28993c75559d946ec7434dd753e98f18562bd111bbe5531d25628fbe0d3fbc6078a9923e78941217f397a828a

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 d56795edc68dc5a7453d59eec059a608
SHA1 0dfdef9cf606c7854afee65d5ca00d9e2e6a4717
SHA256 14a2a2a5d605ffbc031481af046ab18527983c8dad41002bbef07a48695d6f3a
SHA512 3a7fa1db48c8b5e782d17614290aa286e2782ec87ec519d31ba2f7653a3c0f4d06a77ba06d5e4713a0404c201d948c89dc5d9210de01697824f68a2232901d6c

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 c4b1ef4c8d7910c8658c983597c2e1af
SHA1 3b698c4caa0aeca651ac9dea0fc0c303cb7f0abe
SHA256 8dd44dbf2288fc7977a40a0f96cf564b9793862dde591e9b203f6d5e03618ac5
SHA512 ea91bbb7633941b862d7044816e186d4da067e24ba55c608d8f3cacce8f57b73ad3a35573ab48617caa2fde7ab15456ac7eebd8f831d2240acfc9a2bb0ef71f5

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 56e3eb7332ae1cee49be3c5f4472fd23
SHA1 19b6795307707893297534b4b412365303911b43
SHA256 35f355890e99cdfbc42be6e81b7af781e2d9e95d2d995cb7adbe21d36e13b8aa
SHA512 ead7132ec809bad1c6f6000d51f5c8a1eab34748f58a0bc2bc6d670f119785aa29c212130f505af1f1990332317b609680281807ddb25bd30de02a8113dad8c6

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db-journal

MD5 351996a5909288ed4c9d223e61637eb7
SHA1 d77f51e819e50535aa5b44e356ab82004c72360e
SHA256 3d6996e41666f7cfdf03422e10d46454b5ae03dfc9b425ecba87a4740ba88d2c
SHA512 8b7a6b33090ce61550112a69fe4d071dfbb9d33ac04121c77bd31b05b9a2184ac94c5cc70a02b24ea71dd2ffb4e4fa3c07ae42a44a5cdef0f6f3ce54948d86d7

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 63f92ec5018c647fb744e7bb8938af72
SHA1 caf694b838fcec93e7f1b5f431b764c5abe21b26
SHA256 d9beb15fc7450bc44f012a956fcb38086e2f2354dc51e702854b359d1a352cfa
SHA512 e58d435f3c58682cc717ab815dc6c4647c4e211d226020d175d40ae08f39edba1bc384d107f139a761074313cc91809d3d3a4ddeb84a0f4a1bb875785369dfa4

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 9bdfe5af5c8d59fd63ab2af328f0fde6
SHA1 46a2aede2a4fc9ffa48cc49f8244db9f21650293
SHA256 a0455dc4ff4b9853cbb638647c90795a9ea3845c67a5cdae54a7b4d7dab30ccf
SHA512 95a551deb22ad8e01c2d8d06997fdce59ffd8977d74176a2d172e2cf79c8509f12eab1e8de0ab6a0ba01c43feb2d1425b24e3cc68031a1f3de46f7b152d91cea

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db

MD5 a1faf31ee42533b9810eb52bbed5c09a
SHA1 a4114b133cbb35061b4d54cf0b5983e638caeb4e
SHA256 893b6dc8d795edd8d52c1229a994059cab3f2ae6a9719a864e4f35ef0ad53b77
SHA512 658e273b2ec6cd2ebf440bb07e9b903d3c0ac10cdb1c794521487dfe1fe0bf8fac2f96f83b6d8ee824d9421942aa110392c59a87d090b4596f6830b0cb7a03ce

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 1d6a0477a0256dbdf106d89eaab78e54
SHA1 960ba064a8703f0f04b71028cdc686477cba5813
SHA256 619c6be67a237b9244004c12bc4bb6b8bc6a95a75374d7b5d44ae851dc3914dd
SHA512 8f454bae8f2e4ef42b1d4f1fd90737ac48986d160d63594039a4f35f5151e961fd62b973f9a4e94decd1012202225e6bd97c869ac3d75be2eb0fac636c7b7e2f

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 929671a390313a25f256243eb771cd30
SHA1 4bdc2006b93ebd1b298bfe6cdd65dcf63430c6a7
SHA256 e2d8cb6fd63af3efabb6fb4d18c4341ba6fccebb20e3cd15bba00e9f634118d9
SHA512 96e916fc9091d162334d1c271a6b1a85703bb06b2c955d09d27677bae8fb21d9459dd2dbf4157c8b9daf5d6f2672d6429bbcc8e22d9841babeeaa8e93c5b710e

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 a7a889e08e0699f413b0193151f0fc89
SHA1 29e6e7ae2a69950f9caed64e344dff154375f1ed
SHA256 376bf1651fdca3d874983e3f71fdf3345546b9d21326f7ba4d408aebf88a88ec
SHA512 8d6ca4617dea130d5ff42571e739292477b11f092e6ed1b80d02b984947910b61ab4f5ddca2c17f6b27142014475165b3341a379477bcdc1fac9af449695225e

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 93ca58ae367b7c5e9a3095a875d47876
SHA1 c2738bdabd2e37c306c340570803c43e3d45a46e
SHA256 9f955c61ae2db0314ca97933514ea2ac6b0febed84dad5313da2b72aa4244db2
SHA512 becdfbdd130201ab4d9ea2773350436e1fc9c808af826fd631d0fcf34cfd4fc2e83c219fe8cc0e1019a05577c49f6924c714c40aecd47332ef8c09ce7005bd99

/data/user/0/abnehm.app.low.carb/files/gaClientId

MD5 fbf6830e098316397492e189abe3a25d
SHA1 ac8ebd8fc47888cc9dd02823f015a62a2f902f64
SHA256 557f146d19b273011653fcb902fc895aa89c0cd07e59909623cc49d4eb209520
SHA512 02a46914245dedca793b6452ecec6fca2e9c11afeaf63c8e9e0e5b6ae46e2eb814d7e166f94a4f62b99df52d06b5032382c94caf31355f0c9ccc7526c91e1dcf

/data/user/0/abnehm.app.low.carb/files/gaClientIdData

MD5 bb5b50d742e153e0cff6a5e6f3d42513
SHA1 7d7affbe79e7b7482362becbfe3031647051c7c5
SHA256 543aa717061ecdee1e0ea13a900a396ee7c71ff123cc950134587abb6d7df851
SHA512 ef4eeb66a0102bf143a4d88f247b3603b8a7f142ba6633d836ff2aebc18c1c08cb40103f632d4f94cb5623b7ff2378586127475e853535a338c40b428f1ee42a

/data/user/0/abnehm.app.low.carb/databases/google_analytics_v4.db-journal

MD5 c608501264c78f86b48b4702c70502da
SHA1 5a311043cfdd641ed9d9a34c7840024a1af6360d
SHA256 cfaeb3c5733a5efaf77b294c12cd6d8711e6bd946fdbd60563b8283c864cf811
SHA512 a8e1291389047bb198bb57da1f9040c33cd0c0903dd4261a6873bc4a1a0bf2b7c5cd410f15a7e943b5997f1cdfb73cbade50d363eb6b5dbce916fce526240559

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 61c8bfa4dccf88f887e6b476165c0082
SHA1 d9cbb74af168727bad9a29a3c5fd26a6b4f84fa2
SHA256 1c8a674720d00f995fdff7722266b64147ea3316219b25ac0307fa1bb98b8fd1
SHA512 d8bb4e255424b87832f7c1a82d8ebe7c82cf8be316280adb516bac02f92aaa1177eebc5e2260488b4e39b0e2b83c465d4083a650c3646da68f3b4970de8d9f71

/data/user/0/abnehm.app.low.carb/databases/google_app_measurement_local.db

MD5 621acb03f976e94c180caaf1c0a57f84
SHA1 8f5e2736a7a740a25959e5923418c1551bec5367
SHA256 d662a8274924e2427aa58d4f99d6077afa6e7be1ff6eb174c90a395a86801abe
SHA512 5d4994b05c0f09dc1813695fe96338379df9e484064e83f3122e1bb5be098d3d636df59470d29fb2ddbcd495cd8db59f53045eabfc07285a222153ffb8aacb66

/data/user/0/abnehm.app.low.carb/files/AppEventsLogger.persistedsessioninfo

MD5 a0bc3c9e4ab57315a64ec9e5879bb7f3
SHA1 612c95896c5395e7bf1a3c4898dcd1bd9b980a06
SHA256 fe6cbd32f64093de0593dadb5cdd25b63721f2b105728e0e6959b6c276748fb3
SHA512 43104ee30943ea2dfce89ba2dcf8c0989e5895d0eaf4c2ef8d6891d835f154578b3762b5a31c84828a93fcf61f65b44d130be98a65b77d6e46201bea9b6f2d71