Analysis Overview
SHA256
92df33b4cd6ab2ca154607cc384060e0090e65e83a936505724c380874957efc
Threat Level: Shows suspicious behavior
The file 673c16c3bffbb516ab32203e923db00c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Reads information about phone network operator.
Acquires the wake lock
Checks if the internet connection is available
Queries the unique device ID (IMEI, MEID, IMSI)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-22 12:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 12:16
Reported
2024-05-22 13:41
Platform
android-x64-arm64-20240514-en
Max time kernel
176s
Max time network
150s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 | N/A | N/A |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.appmk.book.AOUDFBQDIXPEWOUQ
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| US | 1.1.1.1:53 | media.admob.com | udp |
| BE | 173.194.76.139:80 | media.admob.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 029b964327f5bd43e6efca5d8b14dd4e |
| SHA1 | 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4 |
| SHA256 | 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5 |
| SHA512 | 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 43ea8416e34c2f93a6c029288e719fbd |
| SHA1 | b1aa4310e7239198f90a433dc474b82743664073 |
| SHA256 | c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e |
| SHA512 | 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex
| MD5 | 8a6397324b42a0697dea0f2bc6cc60b9 |
| SHA1 | 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb |
| SHA256 | b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968 |
| SHA512 | c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | e1fe23e195eddc5f0d0304fe7d030c45 |
| SHA1 | 8d3d68fb4d2026cc14be9470420d9368ce6cfe3e |
| SHA256 | b20387cb9ad3a05bec0510f2cf76e6891c7ff84f08f7983410b8f58c06d09c56 |
| SHA512 | 4484533f4ebbe44636de9d879216ffae42d9c058d3ad3695c30f06ebb9829b11e0488b172e97a3357dae55741a87a3bb9da882fe5965c5d759ddd2fb933006a7 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db
| MD5 | 527bd17cbf090fd8bbdb392cf1599e5e |
| SHA1 | 5f8b2d27f8e011bc387fbce540badfd5a5c07fcf |
| SHA256 | eaf1143a4f3ee6c1e13982700ee46d028057c43b8ed2a08cf2c43aad5a16ed66 |
| SHA512 | 113b9431f2b44464e516a205890724511514d7efea90c5bc1ca0834ad7890a972fd147ac1b164586ef474732a842ac1024500c36babc12891313d36852bcd3b9 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | 28d7345d8498151f7cf0eb0454762581 |
| SHA1 | c6c6dbf4087fc710f2a82a59a58170f85c21f80c |
| SHA256 | 7645d72b3f3a60fde2ec6c6a998b29a9351a04a9d1d76f2503a5f0591321f9fd |
| SHA512 | adc5f276d6e562aecabe4cf64fc0a439228962374d6cd6905ea030be168494c95d2c9b87411e77dead870935e0a475444af276f0fb7540896c23e6eae9b9f486 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | e6702a7575a407b51505a69ddaa1d1d4 |
| SHA1 | 361b50e42a9c07c260c4ebfc8b1a5e747e4dda55 |
| SHA256 | c1c14a09e0dd86082e3dc815988f46d55096e8df6e466c730b321806622d0151 |
| SHA512 | 49ceab6db67c3a8adb9a89d7f976dc69d883b8fd4203409d868da9c400048cdc65847f9e8893a5fc3745695951807ac1444338cf3ed0bc489c35035f294227b1 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 42739bc79a24b40cc56f5fcbb72265d9 |
| SHA1 | 901a6c9185b29de0ed2fb7b7bb5874a4ad8abf65 |
| SHA256 | fbb7edd96c87104ee9cdecb3e1d9476aef776c186df5a12fbebdbc97fc4b8c89 |
| SHA512 | c11d7598a4f06594a80e75f036c0a3669a59209d1f60d90581e40d90580a04cfb01930db33014c7ab76d4623cbd6bd5664ebb8ac4e0dcc4b8abb11f21c6dcf78 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 1aae0b8768f1d93a4236abe786322d9d |
| SHA1 | 8e36233d0ee0da55706fbffaf553a0e9b2d8880c |
| SHA256 | db0075e51c7ec8c9f56772ad19417f019c2d56266a100640954f2bbd5a2761ed |
| SHA512 | 5ade5f80c0af3d86d827c50dbe0c001b9a400642f791a5879a5573e3cb49f3dbee47bff26f13dac9b7677ebe34e2dd786b19e4c6bd4f8767d73a19fdac03445b |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 2d73fa043cfede6dd6361fa99a5f7913 |
| SHA1 | 2837b7d876a9d92446f098d9b3668b2b530f82b9 |
| SHA256 | b44a0baaf836ef22ee5dc6c01c8ce43618bc80c6cc9b778e8f8ef25cba795c92 |
| SHA512 | 715940a532bfca2c75bf930e36fdb3f1b4402381bd8f70de63d99f7e6aa6056fcc7f6221f51f35b4ab1782d5b3b60432e2d8686ed54f0f7fca4c4e90f7625872 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 5e91e619c01c9799e802464647e3a9b5 |
| SHA1 | ff3ea4062c197d34a455d06725311d8ba847d71a |
| SHA256 | 7c292b2f11898260761c4bf4460d31afe6f7ac302729dd0aaa59ed1740c6215f |
| SHA512 | 7cd0bcf7a2535ea2a29803d370abd3b2cd00c78df7be0325be6ddb1f21033f95bae3683a52a8771be631fb6ff24844142d2ad90b0ed70e74d7b702e383b06f75 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 0ac34440a8ea68c15551bb8c9a75e93d |
| SHA1 | af0d79a9b8bd741646e796b0a0aaddae9c4035cb |
| SHA256 | ebcb30f14ba450438827dafb125bb54584768f71fe1eb999a6e0376738d8fa7f |
| SHA512 | 1ad8759b6d7735464c53d1f3dbe230bb0386d507b31c3a42c67223ec036380316d7e047d3101a5940c0e969ef409119d410302a3e23b273eb320263448ae7834 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 032a30785b73d19c915dbe69266e0b26 |
| SHA1 | 13dc09d44e2155121515c9850f9e014f9d23718f |
| SHA256 | 334fb775a91ecb41f9c938e912c2242012e2dc22a3beef6705cde146e12d0f43 |
| SHA512 | e7b66a96056315a1be33fb4c0e66ce048ef092863d4e3440dba2538b06b4d90b9ce21596b98d96c1b6d2ba60936d406ad9b48b2d7596e6ed20b2fe2db026bc3c |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | c7b05bef16c0bf750bd20eadc415dcdf |
| SHA1 | f3f1af56754adc2f33743cf53d5388e3020aa9de |
| SHA256 | 70eef848d64ecc0cdd0aff7dc68170af69b63a7fb9b851b16e12dab9c12414f4 |
| SHA512 | 566f9ada9379165830d2795edf7230fe0b660b4e1726a280e0df56673f39ee019535f3b41dfbd8178956015c487db5cab662e2b3651119efbaa0c750c591502d |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 6d996de4b06203d8174da9feddd6e335 |
| SHA1 | cc2f93e1f1ff88c482b2ba4c4c6db254992c56c5 |
| SHA256 | 7413ee5a6569652efe9fedca18ef03258a4964bfdd57bc8c8c07526325394101 |
| SHA512 | 5aa25259723c7e5e2fb88c93e47afb9f7ce93ba37fbbdacb3e0e5b89bdf59f312a06bd0cd45b33466e217b8a4b01c506869a3d8940d1f7b1d02e9cd1ddf9f45e |
/storage/emulated/0/Google/google.id
| MD5 | 1b039ee4bb6f4b87ea61384401da5fab |
| SHA1 | 94e63d086ca37ad12ffe1183881310fdd31fd3ce |
| SHA256 | e0b929a2ed4604d33defa01d5af3c5d8651b77b71504d8ce9eb4e504d28f3523 |
| SHA512 | edb8ae521c110341481fc5af99f8486c76345c8249b5aedb5a31765debffd93f0ba06b8c6eda0aa31ce30b2254663f092b66b09ba8d91e09976ee89705a7c12a |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof
| MD5 | 466fc1019c5de4d580e8a2a571157bec |
| SHA1 | 9dacf5d12a35f691a0e800cbb8047c8302a01a4e |
| SHA256 | ed134ef728218fa172c07361cbb154d4b225cbd1285da69b703a9aececb51474 |
| SHA512 | 6b347fb711ae77b4910bfa44f949d645c441693c853c26bef9d54f5eaf1e12a8235e10c0d3165af38aff961c6d3611732310ec9d328c7c325bff1ddf8d6f51de |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 12:16
Reported
2024-05-22 13:45
Platform
android-x86-arm-20240514-en
Max time kernel
176s
Max time network
159s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 | N/A | N/A |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.appmk.book.AOUDFBQDIXPEWOUQ
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | media.admob.com | udp |
| BE | 173.194.76.139:80 | media.admob.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 029b964327f5bd43e6efca5d8b14dd4e |
| SHA1 | 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4 |
| SHA256 | 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5 |
| SHA512 | 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 43ea8416e34c2f93a6c029288e719fbd |
| SHA1 | b1aa4310e7239198f90a433dc474b82743664073 |
| SHA256 | c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e |
| SHA512 | 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex
| MD5 | 8a6397324b42a0697dea0f2bc6cc60b9 |
| SHA1 | 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb |
| SHA256 | b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968 |
| SHA512 | c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | 68d44171e4211ee63c4f1a710c46279a |
| SHA1 | 7a50f202953c12925912c70bc42a4aefcfa587dc |
| SHA256 | 888ec3b528b78cf345bf6d618a36da8c2ece793a1df7ba9bf999793ffb15d9bc |
| SHA512 | 6f91c1bd49788e48207742370538012c50ada79fde9119834c2cbf64c0d29c37ed43b4a350d05c4fb8f750f2f0b6446bb7acdc93d0d0478f1d9d87d7e155d037 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db
| MD5 | 2be7f7e0844bf8e3ecf98a9ebe0b3c9e |
| SHA1 | a15ea61dd7d8866e95bf5102051a0be789fae952 |
| SHA256 | 787114429f0d3ff01956b94c8290e9f1bcb29e364faf46e02f99b5f9b0aae6c6 |
| SHA512 | ec7229b38be445b4fc746fd6a3bf306e9df39cb4e55ec024b52bf153b2dc9ddd237dea7649253f055d510e6b29ad0181940b071e2f67974784402de4ec2e1dbe |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-wal
| MD5 | 4ed14e2b46c28a318f4ea86e4e172740 |
| SHA1 | 30e8f410b5840394f78de727e98e58c4b06f59d1 |
| SHA256 | 8a775d5e94fd19815c93a12fa5b42dd0ae7ff5a01b3ff0623d6ed704b1faf6ea |
| SHA512 | 9ddaa8dcb3c5ea708c57ffadbddf0d40217818ca653052c4c0fa54e3fa6b1e9edef09a6587804eb09bcadca9f5708b1bb834e34ac8a4a56c03ec315f7fecf0bf |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 38f0b69079c6d4d72b9bd9c9c2b1fe34 |
| SHA1 | 028d3b231e2edfb4554d46fd54241fda6613948e |
| SHA256 | 62d3cf2ff56ed23b23e68916c4677ab7b674e65785e1cb8b69fa95e9abfcd608 |
| SHA512 | 331aab20282d81e3359757491864afad0b6f2a9f49d75b479150c53a63b7bcaedeaafb7556b64ddadf1c066401c8d24c9059c991bd64a2588da8d99d4d1b3367 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 860e7cac30aa1882a769a849dd417ad5 |
| SHA1 | 95578c10f8863f0e18ab4416ef61471d9a72333b |
| SHA256 | 86fd4fa856b93d7477ca143b458b8ff0ce8074ab4fafff71b187e0716c97de85 |
| SHA512 | 769da84b3269f9c586bb5cfbe86ebc8d0695530a71d033fac6c42a7449c195b60b375caf8e1200ab27e1ecf7ae53dc2c01984d4abc7cdd5d1e81ee5a1f65fadb |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal
| MD5 | 3b7ba96682c0bf4d8aacd784ee7d9b00 |
| SHA1 | 4b8ac77d5b4f9eee65e673e26b0f0fdca6b7e593 |
| SHA256 | 567aad021e1fccbe4c19360588efaa482d138bbaa2988ec6675d9c823e7d8b39 |
| SHA512 | 624e8cacd0d2747e19b97d2ef558f84c34bb08cb20cbe5e799314af0283a9fbcb26811ef3b511c0784ff792666e52cfbed8a843fad824c70cf81735491f2dcd4 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal
| MD5 | bcb8b9a1cd79fe3c905ff23e449a0157 |
| SHA1 | 32b5ba3512836a74b9ca8cb1e5fe295b5c625da4 |
| SHA256 | 29bd448adfde396092e464f5a1fea9f84f754fdbb3270ff71ee1caddd2958374 |
| SHA512 | 6561e77dd704520361d3140fab95bef9964f76fbb84088d85ed24b559f27042281aceb16cecc2257d7c569650844d9008c24bdd4f048486084aee7d43bfc0e17 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 237dc4a5e4864458a50a3242c286e0d2 |
| SHA1 | c4f17b0259c3e16b7c8a708c5f46919e330e1cdd |
| SHA256 | cc21e42fffdb986456e160f5a8888fcc240100031e4845bf6f86597d30477781 |
| SHA512 | 6ad6a9f1594717b449c3553c4fa9afe89d79fca17866f1ccc5674e35d33fb6997043d8561abe1c58ae949588b5420f57f22c0d3c19a5bed5c6b20f837080ae35 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal
| MD5 | 9345c418d2e7580cf5dc3dd1eb47c93d |
| SHA1 | 8643c48eb4c030611e1225e2a03fa60f32880365 |
| SHA256 | 00bdf97582e8536c1f1ba30d78bfacf84c3fc7042cecc9c933521aed68e647d0 |
| SHA512 | f50992d7f8e947a81d5880512bb12dc9496919f0f905f480d46aca7d21dada964adb3602ea312dd721dedb46e9895cda8c0fdc6984ba6281c0fa21935f8c6838 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | e84534730af269fc4230e42fb3877091 |
| SHA1 | bf209fc8f6da267f61b03b90744af919fb3a25fa |
| SHA256 | a23ab498eabfc8505462a4babaf3be49a75abdd5062e2513f57e8971e5ec5457 |
| SHA512 | 51fe946073153079ef86b8bf08a57f402f916e8cd058bab74df581b2934eeae13383e79d6540e5ed560341d2cb70f200199553fb9f5bef1a38a35b6039ce4c2d |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-wal
| MD5 | b44074a9481bddb75c39ceac8768eea1 |
| SHA1 | 458814b0f6029f400744ec3c3c9c045eb69ca36d |
| SHA256 | c75bfe47f5bb1793fbb34ff90409136e9a93d3d2d28254deeca82d595d98221a |
| SHA512 | 5d3c6a2cc8c214753500a89108534b88d5bf49d863acbcb631866d793e3066b781c1d4f2f3f2acda76ca60625c0371ac871651c8c3d9d9c695f8d02a8ba522ad |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | c8d618c938aae9f4fa1426b03c7271ce |
| SHA1 | 4167361b189b8d176215975ad6423bf610c6b03b |
| SHA256 | 188f6f2b697d4aca79348e851ea6f484e9975e001628fbcee3b228f2eef20072 |
| SHA512 | 9415225626cec85b922fed9607f60a5e62d06b2c5ce8598747c30e0d8c2c6b4d822a2f2bd7020b4bd971084f51a0a4a3ab5651b22505cde3243cd6832e9a147b |
/storage/emulated/0/Google/google.id
| MD5 | 83a0c702cb81401109e40deef4413963 |
| SHA1 | 9b1dc693b61326c8f8472b9abe17f0f97a706b5e |
| SHA256 | 09c0b1d4fde0ea8b39bbb89dd26996dcbce5ea3f1f41fdad89e33cf22bb42bcf |
| SHA512 | 01425d730cdfe680f51e083bf4d4e458c8c84c296dc2d3528dbaeec89bc54acbc65be03ca4a72cebd4852f14ca2ddf86731902b93b6474ada31823a4af381731 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof
| MD5 | 33c979aaabdca07464167aa075a9c81e |
| SHA1 | 64b13fc648e6228515a56ef6b9e53310c59c5031 |
| SHA256 | c1062f3d2b4ea65cceb8deb444c182e5edef9abab0a38083ef0aa9fe9c1c737a |
| SHA512 | 248427268d29ec96c5ded31b4c8735668f95a118770956b4373702b5d803ae523b3768b02aa762e56eb5f4f9cc35221ef847a05b935679159e17565fd52557e6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 12:16
Reported
2024-05-22 13:41
Platform
android-x64-20240514-en
Max time kernel
176s
Max time network
158s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7 | N/A | N/A |
| N/A | /data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Processes
com.appmk.book.AOUDFBQDIXPEWOUQ
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| US | 1.1.1.1:53 | media.admob.com | udp |
| BE | 74.125.206.139:80 | media.admob.com | tcp |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp |
Files
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 029b964327f5bd43e6efca5d8b14dd4e |
| SHA1 | 7aa3a89fda225b03b771eb6eede2b30ffa91c1c4 |
| SHA256 | 510f9e1f90991998b1562a05e86579d2eac4edc80baccfffc164e56b4fb930c5 |
| SHA512 | 3854ad064da0e80e439fbc756d1844436c2d447613e87b3f8fdc1db099f648a85ad9da5f4b299e580df89b8f6a864bf1ca6efbe8c48a3027835bc8a6d4a32a13 |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7
| MD5 | 43ea8416e34c2f93a6c029288e719fbd |
| SHA1 | b1aa4310e7239198f90a433dc474b82743664073 |
| SHA256 | c41bde1680ed6dce7bfc10ac1e259578841e77cac6fd9f62aaafeb8f4420703e |
| SHA512 | 0129aa8af7f13f4b6706f242c70a6e73975b90476f5bb77cf7390ba2b42f80a2001c49eb3bd4c6a7b4633d189496532a2d2d5abee8ff8d7570c4052de0ecd4fe |
/data/user/0/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/54C60F40A1E7070931441F087A708FC780D8B0B7!classes2.dex
| MD5 | 8a6397324b42a0697dea0f2bc6cc60b9 |
| SHA1 | 86dcc1ea7aede0f6c3d0077bf586dbacedfc42fb |
| SHA256 | b17f4e70c901748bcde11f115d83a516acd7dc32e25573d295ed19234d5bc968 |
| SHA512 | c80a65adf9b9365ec207a6ff57ac1681273d4895a89fb74cc94c1016261581b2d0cc55359e8656ebd2000d003ae0e5c52ebf0edb91e881eba7f5f32fbf604cc1 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | 2907ac7b4116123cea439013ef1fb1dc |
| SHA1 | 5cfb55584e5ec886bd91292478965c5781ba22fb |
| SHA256 | f8abc0adcdeff018e950a29295ad246e7e1ba125826c20ad6b6ebdf9d7a643bd |
| SHA512 | 8a3a0fe4bb912a6d43ccd1122ca3133228ffae1b7e46ec2d385a117203754dad33d72adc44c8afb13b0f2d5bf1e1c7130939f8efd8f97cf7968c1837601a81f8 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db
| MD5 | 1ab976bdddad8fe64ca6e2766a3dda7a |
| SHA1 | f7fafdaae4a2e8041f4830c4c36c45bf0291eb0a |
| SHA256 | d434d153cec84dbc770d203b242a75ad7cb14f25aafc2aac2d29ac8ba97fc27f |
| SHA512 | afab5a22fb34fd1fb4770870afa8dbdae1f8c86f1bed347bbb7c1e6fc43f025b5b57d3b466e265daf2ae7edd58c2165b3f1d80404f64ea99a796bf672b827446 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | e3171641f420fa59d430a28f6dea73ce |
| SHA1 | 7a1cc7a4910541bca478544fb9b75bb14dc63973 |
| SHA256 | 43fbf10359d97e5a32e147479a40e3b57c8095f8d9bab0b8fa3d1713938da517 |
| SHA512 | ff394b8f378a0072cbfd15c4aee9cf818f8c968f69237c3778e0937356de4bc22efcbc62716e8e223a584e05d6782041bbac48eb27aaef48485a48e8d010ca29 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookMark.db-journal
| MD5 | 0e523defacb2e5630292d2d95f4be316 |
| SHA1 | 1c3c8417fbe3a7859e81c00b8595f8cde8e1066d |
| SHA256 | 489bfde070db8f5843a160a9b01c65d157d07c88156bef4b06fed16d0de8da5a |
| SHA512 | 466b1d85e6a59b47cc77e87b4dda64b11d307cd9db25b3efdbf189f584bb24c2d135f7ac1ab1a9e6cba462c1f1805b4d5b95a14b89b8252025a5f6e2a6c1de44 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 10c121954f25286f915b135c0d3d2488 |
| SHA1 | e910053e8802a828588a229dc1299a7d2db37b5b |
| SHA256 | c63ca04c47c7563ccf53220210557ed58a4997cdf892dcb295753ccf83b9da56 |
| SHA512 | 8781e1e1611615d76428682eba5be58c965ead0c9f8f7723934954d4eb42374de36764e78522a5ad6f46ff7064224ab9781596ca9c0b12ffbbd266dcc1f48ae1 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 9b51e801ffe2d31ae51e17082fe19ac8 |
| SHA1 | 41fc8eff398d4acd7fa745c7e5de8d63a9bf117c |
| SHA256 | 918b5240eb640e7399699e474bc1fdbbc92ccaf5e39ecfb81742a90111855224 |
| SHA512 | fc2e8008369a46627a03135d082619864d05ff7b899f72d43d9fb182715807f846ff676e66d007b825d3952d4a7dc5a025a46bc93f84d293c3003e0c7d55c3aa |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | fc3f13515ec749ab519c642c268a7be1 |
| SHA1 | 9c91e97ae93b2d17bf57bd5400b67c757720db96 |
| SHA256 | 98096e0fdc2241fb189d881106ba1fa6513dcfe30beb2e5d490af7fbbf836da5 |
| SHA512 | 14632970123b415c1dc13315b4031efd136706b1ce0ae00e49e278d89fa96565dc67be60f8f0fe5ed8d09e592e3a890c024ca8cc806caf9024be03c986ee37cc |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 4e03dd98473ad833fc4106253a880cb1 |
| SHA1 | 58e3bd0833cb920c612ee608142baa08d6bc9e9d |
| SHA256 | c3ec6801c32c34a9cfee22bc340fc567f285ae361f9c4aa25c8e45980c9f4381 |
| SHA512 | 513156a7821de2c23297415839194a7573174c39d47972939602ee7f9464ed182b35382e2efe1e4c4edb20207d6b6b9d3343a78deaf985645f6dd3c44568b115 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | 849ccd0285c952b96bedfc5b53df3e3d |
| SHA1 | ea1605e783c2a2dbb72bb88e8af6165c380eb20c |
| SHA256 | 2a0bbb6381f1fa57d0c9f11aecb9c115157e61477ef8e30bdaacc948809c9884 |
| SHA512 | e8efe1308e90a993a02e79a64fe72416c9cb562c2109fed2f9d6a43b75a65abd558eb2ca196b98325f5f1a152fac0d16d9376500f2597888ea9368cd58edd57e |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 29d00667736627ce3f48b79b7914a04c |
| SHA1 | c06953a7fa7e1e5f4c0b4e61324c613dc13dd50c |
| SHA256 | 4c8d2d15e0b7acb9e16ca32ea423e9c85f6904681b32ea18116edf61ac00d246 |
| SHA512 | e9a155af5b645e06ec1254d9a03c296a6b65a6479cc7e5f735ac08363ecda69b1fc279d9426f42fc0e77f45f9e8540ceb07eb791aff1b6a284e313c23c33d45d |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | a8ed44d72a4c4c762c6bae99f5d3efba |
| SHA1 | 371a1ad5d464505411f5e295fa0a2381e85d4640 |
| SHA256 | 786ceb8b5f9de313aef0b7c81a5407ae3312cfe9120c71e5f07faba7e6a508bb |
| SHA512 | 149a4e918cc15f2949718e6ff7dd63690caeb23e5185f7a29320f03f75f0d1b05deb0ab84bd7fdc057e0463750095627d474c8640c4b12dfe6cc1d871fe66777 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | 6e7ef3cb480cedb12249e5181120a943 |
| SHA1 | 0e5a7777cba402874e14640003c79c7453a9effe |
| SHA256 | f0e66a521689333109417f9a74039e678cd690b02716623c31d4a1e5948de182 |
| SHA512 | edc3a7806c78459477ce2f2f33493be0e6f977ba78d7191fbae892bd79c647a8b0337826fc9547be885ecbac8d0bf83dd9177992f1940c6c28eb83bf4c7edc77 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db-journal
| MD5 | b30aeca76c3824980c610591d47221b9 |
| SHA1 | c0ea740166be4f920d86c9cb143f810e36afeb07 |
| SHA256 | 3eee020a738e4ee6a17678c50ba937baeab71d4c17e1f4fc3f37f3912046dafc |
| SHA512 | b709bae5e908453bca7b8e18d610f693f0581f4580bc8ba789ae30b101e7619cb9a29ca51e33406520c32201d3369f1db3b5f95b36f4c7a02888280fa7083549 |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/databases/BookConfig.db
| MD5 | eabe94366bca1fa56a76af6fc183f71f |
| SHA1 | 6e84bf595849c837453d02a38e5a93b24f7590c5 |
| SHA256 | 8622b65bcf0b51b132b0e79747d58deb2d6a23f84d0911753bd508c3a830c34f |
| SHA512 | 3f42954c98fd4ed8a353c08d4a230d839cf8d7370aaaf71133319b205e6d94edca120a8ee8b284169d97cf9ac6eb438a6d70a2ff08eea59fbca66f7f2b880948 |
/storage/emulated/0/Google/google.id
| MD5 | 6f6aaa4f867e3fa7c9c390f617612186 |
| SHA1 | 37ede93d1b534985363c98095fa24ca47bf997e4 |
| SHA256 | 85be1981039baf4797a3008303ba5df86957a481cb80414ee70967cd43009a4f |
| SHA512 | d56fe2121a0e5f0a4eae05b81937535bede3aa85ac3498bc3ff796bb4a5e7d4f4a556ddc2dbca99790787d32f7558de8bd408717113223da18f964798bd801aa |
/data/data/com.appmk.book.AOUDFBQDIXPEWOUQ/cache/oat/54C60F40A1E7070931441F087A708FC780D8B0B7.cur.prof
| MD5 | 3c04aba18d83bb3800782650d4e2f691 |
| SHA1 | 9caedb59ce70c3bdff45d81736a09a7e3a963201 |
| SHA256 | 7225b606730188902c7664f2d4ac55c6b8b8cd3cced50a9ac04fed50a7a44ccc |
| SHA512 | f1b57047b76da9abb291da9aee5f17665051bf1ef396cbff5fa3ee55f61f131d1ccbc75b5e4e74287fa99f81391b6a71529d6601cee0f72b2448c6422bd321ce |