Malware Analysis Report

2025-01-19 06:56

Sample ID 240522-pfzjpaaa29
Target 673c16c3bffbb516ab32203e923db00c_JaffaCakes118
SHA256 92df33b4cd6ab2ca154607cc384060e0090e65e83a936505724c380874957efc
Tags
collection credential_access discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

92df33b4cd6ab2ca154607cc384060e0090e65e83a936505724c380874957efc

Threat Level: Shows suspicious behavior

The file 673c16c3bffbb516ab32203e923db00c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery evasion impact persistence

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Reads information about phone network operator.

Acquires the wake lock

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 12:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 12:16

Reported

2024-05-22 13:41

Platform

android-x64-arm64-20240514-en

Max time kernel

176s

Max time network

150s

Command Line

com.appmk.book.AOUDFBQDIXPEWOUQ

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 N/A N/A
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.appmk.book.AOUDFBQDIXPEWOUQ

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
US 1.1.1.1:53 media.admob.com udp
BE 173.194.76.139:80 media.admob.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 029b964327f5bd43e6efca5d8b14dd4e
SHA1 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4
SHA256 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5
SHA512 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 43ea8416e34c2f93a6c029288e719fbd
SHA1 b1aa4310e7239198f90a433dc474b82743664073
SHA256 c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e
SHA512 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex

MD5 8a6397324b42a0697dea0f2bc6cc60b9
SHA1 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb
SHA256 b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968
SHA512 c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 e1fe23e195eddc5f0d0304fe7d030c45
SHA1 8d3d68fb4d2026cc14be9470420d9368ce6cfe3e
SHA256 b20387cb9ad3a05bec0510f2cf76e6891c7ff84f08f7983410b8f58c06d09c56
SHA512 4484533f4ebbe44636de9d879216ffae42d9c058d3ad3695c30f06ebb9829b11e0488b172e97a3357dae55741a87a3bb9da882fe5965c5d759ddd2fb933006a7

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db

MD5 527bd17cbf090fd8bbdb392cf1599e5e
SHA1 5f8b2d27f8e011bc387fbce540badfd5a5c07fcf
SHA256 eaf1143a4f3ee6c1e13982700ee46d028057c43b8ed2a08cf2c43aad5a16ed66
SHA512 113b9431f2b44464e516a205890724511514d7efea90c5bc1ca0834ad7890a972fd147ac1b164586ef474732a842ac1024500c36babc12891313d36852bcd3b9

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 28d7345d8498151f7cf0eb0454762581
SHA1 c6c6dbf4087fc710f2a82a59a58170f85c21f80c
SHA256 7645d72b3f3a60fde2ec6c6a998b29a9351a04a9d1d76f2503a5f0591321f9fd
SHA512 adc5f276d6e562aecabe4cf64fc0a439228962374d6cd6905ea030be168494c95d2c9b87411e77dead870935e0a475444af276f0fb7540896c23e6eae9b9f486

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 e6702a7575a407b51505a69ddaa1d1d4
SHA1 361b50e42a9c07c260c4ebfc8b1a5e747e4dda55
SHA256 c1c14a09e0dd86082e3dc815988f46d55096e8df6e466c730b321806622d0151
SHA512 49ceab6db67c3a8adb9a89d7f976dc69d883b8fd4203409d868da9c400048cdc65847f9e8893a5fc3745695951807ac1444338cf3ed0bc489c35035f294227b1

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 42739bc79a24b40cc56f5fcbb72265d9
SHA1 901a6c9185b29de0ed2fb7b7bb5874a4ad8abf65
SHA256 fbb7edd96c87104ee9cdecb3e1d9476aef776c186df5a12fbebdbc97fc4b8c89
SHA512 c11d7598a4f06594a80e75f036c0a3669a59209d1f60d90581e40d90580a04cfb01930db33014c7ab76d4623cbd6bd5664ebb8ac4e0dcc4b8abb11f21c6dcf78

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 1aae0b8768f1d93a4236abe786322d9d
SHA1 8e36233d0ee0da55706fbffaf553a0e9b2d8880c
SHA256 db0075e51c7ec8c9f56772ad19417f019c2d56266a100640954f2bbd5a2761ed
SHA512 5ade5f80c0af3d86d827c50dbe0c001b9a400642f791a5879a5573e3cb49f3dbee47bff26f13dac9b7677ebe34e2dd786b19e4c6bd4f8767d73a19fdac03445b

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 2d73fa043cfede6dd6361fa99a5f7913
SHA1 2837b7d876a9d92446f098d9b3668b2b530f82b9
SHA256 b44a0baaf836ef22ee5dc6c01c8ce43618bc80c6cc9b778e8f8ef25cba795c92
SHA512 715940a532bfca2c75bf930e36fdb3f1b4402381bd8f70de63d99f7e6aa6056fcc7f6221f51f35b4ab1782d5b3b60432e2d8686ed54f0f7fca4c4e90f7625872

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 5e91e619c01c9799e802464647e3a9b5
SHA1 ff3ea4062c197d34a455d06725311d8ba847d71a
SHA256 7c292b2f11898260761c4bf4460d31afe6f7ac302729dd0aaa59ed1740c6215f
SHA512 7cd0bcf7a2535ea2a29803d370abd3b2cd00c78df7be0325be6ddb1f21033f95bae3683a52a8771be631fb6ff24844142d2ad90b0ed70e74d7b702e383b06f75

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 0ac34440a8ea68c15551bb8c9a75e93d
SHA1 af0d79a9b8bd741646e796b0a0aaddae9c4035cb
SHA256 ebcb30f14ba450438827dafb125bb54584768f71fe1eb999a6e0376738d8fa7f
SHA512 1ad8759b6d7735464c53d1f3dbe230bb0386d507b31c3a42c67223ec036380316d7e047d3101a5940c0e969ef409119d410302a3e23b273eb320263448ae7834

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 032a30785b73d19c915dbe69266e0b26
SHA1 13dc09d44e2155121515c9850f9e014f9d23718f
SHA256 334fb775a91ecb41f9c938e912c2242012e2dc22a3beef6705cde146e12d0f43
SHA512 e7b66a96056315a1be33fb4c0e66ce048ef092863d4e3440dba2538b06b4d90b9ce21596b98d96c1b6d2ba60936d406ad9b48b2d7596e6ed20b2fe2db026bc3c

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 c7b05bef16c0bf750bd20eadc415dcdf
SHA1 f3f1af56754adc2f33743cf53d5388e3020aa9de
SHA256 70eef848d64ecc0cdd0aff7dc68170af69b63a7fb9b851b16e12dab9c12414f4
SHA512 566f9ada9379165830d2795edf7230fe0b660b4e1726a280e0df56673f39ee019535f3b41dfbd8178956015c487db5cab662e2b3651119efbaa0c750c591502d

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 6d996de4b06203d8174da9feddd6e335
SHA1 cc2f93e1f1ff88c482b2ba4c4c6db254992c56c5
SHA256 7413ee5a6569652efe9fedca18ef03258a4964bfdd57bc8c8c07526325394101
SHA512 5aa25259723c7e5e2fb88c93e47afb9f7ce93ba37fbbdacb3e0e5b89bdf59f312a06bd0cd45b33466e217b8a4b01c506869a3d8940d1f7b1d02e9cd1ddf9f45e

/storage/emulated/0/Google/google.id

MD5 1b039ee4bb6f4b87ea61384401da5fab
SHA1 94e63d086ca37ad12ffe1183881310fdd31fd3ce
SHA256 e0b929a2ed4604d33defa01d5af3c5d8651b77b71504d8ce9eb4e504d28f3523
SHA512 edb8ae521c110341481fc5af99f8486c76345c8249b5aedb5a31765debffd93f0ba06b8c6eda0aa31ce30b2254663f092b66b09ba8d91e09976ee89705a7c12a

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof

MD5 466fc1019c5de4d580e8a2a571157bec
SHA1 9dacf5d12a35f691a0e800cbb8047c8302a01a4e
SHA256 ed134ef728218fa172c07361cbb154d4b225cbd1285da69b703a9aececb51474
SHA512 6b347fb711ae77b4910bfa44f949d645c441693c853c26bef9d54f5eaf1e12a8235e10c0d3165af38aff961c6d3611732310ec9d328c7c325bff1ddf8d6f51de

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 12:16

Reported

2024-05-22 13:45

Platform

android-x86-arm-20240514-en

Max time kernel

176s

Max time network

159s

Command Line

com.appmk.book.AOUDFBQDIXPEWOUQ

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 N/A N/A
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.appmk.book.AOUDFBQDIXPEWOUQ

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.200.14:443 tcp
GB 172.217.16.234:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 media.admob.com udp
BE 173.194.76.139:80 media.admob.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 029b964327f5bd43e6efca5d8b14dd4e
SHA1 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4
SHA256 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5
SHA512 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 43ea8416e34c2f93a6c029288e719fbd
SHA1 b1aa4310e7239198f90a433dc474b82743664073
SHA256 c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e
SHA512 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex

MD5 8a6397324b42a0697dea0f2bc6cc60b9
SHA1 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb
SHA256 b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968
SHA512 c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 68d44171e4211ee63c4f1a710c46279a
SHA1 7a50f202953c12925912c70bc42a4aefcfa587dc
SHA256 888ec3b528b78cf345bf6d618a36da8c2ece793a1df7ba9bf999793ffb15d9bc
SHA512 6f91c1bd49788e48207742370538012c50ada79fde9119834c2cbf64c0d29c37ed43b4a350d05c4fb8f750f2f0b6446bb7acdc93d0d0478f1d9d87d7e155d037

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db

MD5 2be7f7e0844bf8e3ecf98a9ebe0b3c9e
SHA1 a15ea61dd7d8866e95bf5102051a0be789fae952
SHA256 787114429f0d3ff01956b94c8290e9f1bcb29e364faf46e02f99b5f9b0aae6c6
SHA512 ec7229b38be445b4fc746fd6a3bf306e9df39cb4e55ec024b52bf153b2dc9ddd237dea7649253f055d510e6b29ad0181940b071e2f67974784402de4ec2e1dbe

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-wal

MD5 4ed14e2b46c28a318f4ea86e4e172740
SHA1 30e8f410b5840394f78de727e98e58c4b06f59d1
SHA256 8a775d5e94fd19815c93a12fa5b42dd0ae7ff5a01b3ff0623d6ed704b1faf6ea
SHA512 9ddaa8dcb3c5ea708c57ffadbddf0d40217818ca653052c4c0fa54e3fa6b1e9edef09a6587804eb09bcadca9f5708b1bb834e34ac8a4a56c03ec315f7fecf0bf

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 38f0b69079c6d4d72b9bd9c9c2b1fe34
SHA1 028d3b231e2edfb4554d46fd54241fda6613948e
SHA256 62d3cf2ff56ed23b23e68916c4677ab7b674e65785e1cb8b69fa95e9abfcd608
SHA512 331aab20282d81e3359757491864afad0b6f2a9f49d75b479150c53a63b7bcaedeaafb7556b64ddadf1c066401c8d24c9059c991bd64a2588da8d99d4d1b3367

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 860e7cac30aa1882a769a849dd417ad5
SHA1 95578c10f8863f0e18ab4416ef61471d9a72333b
SHA256 86fd4fa856b93d7477ca143b458b8ff0ce8074ab4fafff71b187e0716c97de85
SHA512 769da84b3269f9c586bb5cfbe86ebc8d0695530a71d033fac6c42a7449c195b60b375caf8e1200ab27e1ecf7ae53dc2c01984d4abc7cdd5d1e81ee5a1f65fadb

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal

MD5 3b7ba96682c0bf4d8aacd784ee7d9b00
SHA1 4b8ac77d5b4f9eee65e673e26b0f0fdca6b7e593
SHA256 567aad021e1fccbe4c19360588efaa482d138bbaa2988ec6675d9c823e7d8b39
SHA512 624e8cacd0d2747e19b97d2ef558f84c34bb08cb20cbe5e799314af0283a9fbcb26811ef3b511c0784ff792666e52cfbed8a843fad824c70cf81735491f2dcd4

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal

MD5 bcb8b9a1cd79fe3c905ff23e449a0157
SHA1 32b5ba3512836a74b9ca8cb1e5fe295b5c625da4
SHA256 29bd448adfde396092e464f5a1fea9f84f754fdbb3270ff71ee1caddd2958374
SHA512 6561e77dd704520361d3140fab95bef9964f76fbb84088d85ed24b559f27042281aceb16cecc2257d7c569650844d9008c24bdd4f048486084aee7d43bfc0e17

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 237dc4a5e4864458a50a3242c286e0d2
SHA1 c4f17b0259c3e16b7c8a708c5f46919e330e1cdd
SHA256 cc21e42fffdb986456e160f5a8888fcc240100031e4845bf6f86597d30477781
SHA512 6ad6a9f1594717b449c3553c4fa9afe89d79fca17866f1ccc5674e35d33fb6997043d8561abe1c58ae949588b5420f57f22c0d3c19a5bed5c6b20f837080ae35

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal

MD5 9345c418d2e7580cf5dc3dd1eb47c93d
SHA1 8643c48eb4c030611e1225e2a03fa60f32880365
SHA256 00bdf97582e8536c1f1ba30d78bfacf84c3fc7042cecc9c933521aed68e647d0
SHA512 f50992d7f8e947a81d5880512bb12dc9496919f0f905f480d46aca7d21dada964adb3602ea312dd721dedb46e9895cda8c0fdc6984ba6281c0fa21935f8c6838

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 e84534730af269fc4230e42fb3877091
SHA1 bf209fc8f6da267f61b03b90744af919fb3a25fa
SHA256 a23ab498eabfc8505462a4babaf3be49a75abdd5062e2513f57e8971e5ec5457
SHA512 51fe946073153079ef86b8bf08a57f402f916e8cd058bab74df581b2934eeae13383e79d6540e5ed560341d2cb70f200199553fb9f5bef1a38a35b6039ce4c2d

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal

MD5 b44074a9481bddb75c39ceac8768eea1
SHA1 458814b0f6029f400744ec3c3c9c045eb69ca36d
SHA256 c75bfe47f5bb1793fbb34ff90409136e9a93d3d2d28254deeca82d595d98221a
SHA512 5d3c6a2cc8c214753500a89108534b88d5bf49d863acbcb631866d793e3066b781c1d4f2f3f2acda76ca60625c0371ac871651c8c3d9d9c695f8d02a8ba522ad

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 c8d618c938aae9f4fa1426b03c7271ce
SHA1 4167361b189b8d176215975ad6423bf610c6b03b
SHA256 188f6f2b697d4aca79348e851ea6f484e9975e001628fbcee3b228f2eef20072
SHA512 9415225626cec85b922fed9607f60a5e62d06b2c5ce8598747c30e0d8c2c6b4d822a2f2bd7020b4bd971084f51a0a4a3ab5651b22505cde3243cd6832e9a147b

/storage/emulated/0/Google/google.id

MD5 83a0c702cb81401109e40deef4413963
SHA1 9b1dc693b61326c8f8472b9abe17f0f97a706b5e
SHA256 09c0b1d4fde0ea8b39bbb89dd26996dcbce5ea3f1f41fdad89e33cf22bb42bcf
SHA512 01425d730cdfe680f51e083bf4d4e458c8c84c296dc2d3528dbaeec89bc54acbc65be03ca4a72cebd4852f14ca2ddf86731902b93b6474ada31823a4af381731

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof

MD5 33c979aaabdca07464167aa075a9c81e
SHA1 64b13fc648e6228515a56ef6b9e53310c59c5031
SHA256 c1062f3d2b4ea65cceb8deb444c182e5edef9abab0a38083ef0aa9fe9c1c737a
SHA512 248427268d29ec96c5ded31b4c8735668f95a118770956b4373702b5d803ae523b3768b02aa762e56eb5f4f9cc35221ef847a05b935679159e17565fd52557e6

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 12:16

Reported

2024-05-22 13:41

Platform

android-x64-20240514-en

Max time kernel

176s

Max time network

158s

Command Line

com.appmk.book.AOUDFBQDIXPEWOUQ

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 N/A N/A
N/A /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.appmk.book.AOUDFBQDIXPEWOUQ

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.jetrohe.pw udp
US 1.1.1.1:53 ssl.google-analytics.com udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
US 1.1.1.1:53 media.admob.com udp
BE 74.125.206.139:80 media.admob.com tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 029b964327f5bd43e6efca5d8b14dd4e
SHA1 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4
SHA256 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5
SHA512 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7

MD5 43ea8416e34c2f93a6c029288e719fbd
SHA1 b1aa4310e7239198f90a433dc474b82743664073
SHA256 c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e
SHA512 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe

/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex

MD5 8a6397324b42a0697dea0f2bc6cc60b9
SHA1 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb
SHA256 b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968
SHA512 c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 2907ac7b4116123cea439013ef1fb1dc
SHA1 5cfb55584e5ec886bd91292478965c5781ba22fb
SHA256 f8abc0adcdeff018e950a29295ad246e7e1ba125826c20ad6b6ebdf9d7a643bd
SHA512 8a3a0fe4bb912a6d43ccd1122ca3133228ffae1b7e46ec2d385a117203754dad33d72adc44c8afb13b0f2d5bf1e1c7130939f8efd8f97cf7968c1837601a81f8

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db

MD5 1ab976bdddad8fe64ca6e2766a3dda7a
SHA1 f7fafdaae4a2e8041f4830c4c36c45bf0291eb0a
SHA256 d434d153cec84dbc770d203b242a75ad7cb14f25aafc2aac2d29ac8ba97fc27f
SHA512 afab5a22fb34fd1fb4770870afa8dbdae1f8c86f1bed347bbb7c1e6fc43f025b5b57d3b466e265daf2ae7edd58c2165b3f1d80404f64ea99a796bf672b827446

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 e3171641f420fa59d430a28f6dea73ce
SHA1 7a1cc7a4910541bca478544fb9b75bb14dc63973
SHA256 43fbf10359d97e5a32e147479a40e3b57c8095f8d9bab0b8fa3d1713938da517
SHA512 ff394b8f378a0072cbfd15c4aee9cf818f8c968f69237c3778e0937356de4bc22efcbc62716e8e223a584e05d6782041bbac48eb27aaef48485a48e8d010ca29

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal

MD5 0e523defacb2e5630292d2d95f4be316
SHA1 1c3c8417fbe3a7859e81c00b8595f8cde8e1066d
SHA256 489bfde070db8f5843a160a9b01c65d157d07c88156bef4b06fed16d0de8da5a
SHA512 466b1d85e6a59b47cc77e87b4dda64b11d307cd9db25b3efdbf189f584bb24c2d135f7ac1ab1a9e6cba462c1f1805b4d5b95a14b89b8252025a5f6e2a6c1de44

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 10c121954f25286f915b135c0d3d2488
SHA1 e910053e8802a828588a229dc1299a7d2db37b5b
SHA256 c63ca04c47c7563ccf53220210557ed58a4997cdf892dcb295753ccf83b9da56
SHA512 8781e1e1611615d76428682eba5be58c965ead0c9f8f7723934954d4eb42374de36764e78522a5ad6f46ff7064224ab9781596ca9c0b12ffbbd266dcc1f48ae1

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 9b51e801ffe2d31ae51e17082fe19ac8
SHA1 41fc8eff398d4acd7fa745c7e5de8d63a9bf117c
SHA256 918b5240eb640e7399699e474bc1fdbbc92ccaf5e39ecfb81742a90111855224
SHA512 fc2e8008369a46627a03135d082619864d05ff7b899f72d43d9fb182715807f846ff676e66d007b825d3952d4a7dc5a025a46bc93f84d293c3003e0c7d55c3aa

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 fc3f13515ec749ab519c642c268a7be1
SHA1 9c91e97ae93b2d17bf57bd5400b67c757720db96
SHA256 98096e0fdc2241fb189d881106ba1fa6513dcfe30beb2e5d490af7fbbf836da5
SHA512 14632970123b415c1dc13315b4031efd136706b1ce0ae00e49e278d89fa96565dc67be60f8f0fe5ed8d09e592e3a890c024ca8cc806caf9024be03c986ee37cc

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 4e03dd98473ad833fc4106253a880cb1
SHA1 58e3bd0833cb920c612ee608142baa08d6bc9e9d
SHA256 c3ec6801c32c34a9cfee22bc340fc567f285ae361f9c4aa25c8e45980c9f4381
SHA512 513156a7821de2c23297415839194a7573174c39d47972939602ee7f9464ed182b35382e2efe1e4c4edb20207d6b6b9d3343a78deaf985645f6dd3c44568b115

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 849ccd0285c952b96bedfc5b53df3e3d
SHA1 ea1605e783c2a2dbb72bb88e8af6165c380eb20c
SHA256 2a0bbb6381f1fa57d0c9f11aecb9c115157e61477ef8e30bdaacc948809c9884
SHA512 e8efe1308e90a993a02e79a64fe72416c9cb562c2109fed2f9d6a43b75a65abd558eb2ca196b98325f5f1a152fac0d16d9376500f2597888ea9368cd58edd57e

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 29d00667736627ce3f48b79b7914a04c
SHA1 c06953a7fa7e1e5f4c0b4e61324c613dc13dd50c
SHA256 4c8d2d15e0b7acb9e16ca32ea423e9c85f6904681b32ea18116edf61ac00d246
SHA512 e9a155af5b645e06ec1254d9a03c296a6b65a6479cc7e5f735ac08363ecda69b1fc279d9426f42fc0e77f45f9e8540ceb07eb791aff1b6a284e313c23c33d45d

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 a8ed44d72a4c4c762c6bae99f5d3efba
SHA1 371a1ad5d464505411f5e295fa0a2381e85d4640
SHA256 786ceb8b5f9de313aef0b7c81a5407ae3312cfe9120c71e5f07faba7e6a508bb
SHA512 149a4e918cc15f2949718e6ff7dd63690caeb23e5185f7a29320f03f75f0d1b05deb0ab84bd7fdc057e0463750095627d474c8640c4b12dfe6cc1d871fe66777

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 6e7ef3cb480cedb12249e5181120a943
SHA1 0e5a7777cba402874e14640003c79c7453a9effe
SHA256 f0e66a521689333109417f9a74039e678cd690b02716623c31d4a1e5948de182
SHA512 edc3a7806c78459477ce2f2f33493be0e6f977ba78d7191fbae892bd79c647a8b0337826fc9547be885ecbac8d0bf83dd9177992f1940c6c28eb83bf4c7edc77

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal

MD5 b30aeca76c3824980c610591d47221b9
SHA1 c0ea740166be4f920d86c9cb143f810e36afeb07
SHA256 3eee020a738e4ee6a17678c50ba937baeab71d4c17e1f4fc3f37f3912046dafc
SHA512 b709bae5e908453bca7b8e18d610f693f0581f4580bc8ba789ae30b101e7619cb9a29ca51e33406520c32201d3369f1db3b5f95b36f4c7a02888280fa7083549

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db

MD5 eabe94366bca1fa56a76af6fc183f71f
SHA1 6e84bf595849c837453d02a38e5a93b24f7590c5
SHA256 8622b65bcf0b51b132b0e79747d58deb2d6a23f84d0911753bd508c3a830c34f
SHA512 3f42954c98fd4ed8a353c08d4a230d839cf8d7370aaaf71133319b205e6d94edca120a8ee8b284169d97cf9ac6eb438a6d70a2ff08eea59fbca66f7f2b880948

/storage/emulated/0/Google/google.id

MD5 6f6aaa4f867e3fa7c9c390f617612186
SHA1 37ede93d1b534985363c98095fa24ca47bf997e4
SHA256 85be1981039baf4797a3008303ba5df86957a481cb80414ee70967cd43009a4f
SHA512 d56fe2121a0e5f0a4eae05b81937535bede3aa85ac3498bc3ff796bb4a5e7d4f4a556ddc2dbca99790787d32f7558de8bd408717113223da18f964798bd801aa

/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof

MD5 3c04aba18d83bb3800782650d4e2f691
SHA1 9caedb59ce70c3bdff45d81736a09a7e3a963201
SHA256 7225b606730188902c7664f2d4ac55c6b8b8cd3cced50a9ac04fed50a7a44ccc
SHA512 f1b57047b76da9abb291da9aee5f17665051bf1ef396cbff5fa3ee55f61f131d1ccbc75b5e4e74287fa99f81391b6a71529d6601cee0f72b2448c6422bd321ce