Malware Analysis Report

2024-09-09 14:23

Sample ID 240524-pq8v4sca9s
Target 923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
SHA256 923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
Tags
ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad

Threat Level: Known bad

The file 923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad was found to be: Known bad.

Malicious Activity Summary

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Ermac family

Ermac2 payload

Hook

Prevents application removal

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Makes use of the framework's foreground persistence service

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Acquires the wake lock

Schedules tasks to execute at a specified time

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-24 12:33

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-24 12:33

Reported

2024-05-24 12:37

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

186s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 1e5b40b9fba6e7732dc2e119a7246858
SHA1 d38e1238a73bfdd2d429272780dba205ea8a59c9
SHA256 badf424656dbe4055315f5cf426c0b66cd617813c01be1fa8d388bc9249c3fe5
SHA512 84a50e70b797eb43aa8be6a819ac6b9f1385565153b63576971d16254d64a6d4f0fef2643b652e5edf2653dfa895200f988559a6f14787fe487c177cf8d606f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3e1c6961353f75d9580faf8eb98780c2
SHA1 2cdee9e406a77a29116f48a45e91f5dd79ba0f85
SHA256 b543105df3ee421b5ecde7caaef1597bae96381827155bda0ddedf791175b5ca
SHA512 a2d2f2957fe4c60448452c53c06107962b756a9d91a9c9aecf2dfa6f9ccae6a0b96ef4a6956ef1260624faf722ef5c672764edc26604eac3cae23260ab72b2d3

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 9f8d854628abda5c420eca1e7bb3d934
SHA1 7673cf3a52b55d3f61fb82d2b720d788ba88e402
SHA256 0d02b39f83525f5b2f4008b2346c858a018d1d8b90b4d0b722f9226763cb7860
SHA512 3cfb469107f1d05fd0dd6b99031afd219dec4ea1d01e004845845cb3bc1eadbf29019075b9dc994b91b4580229cd211d72a4fcb705b8abe0d550ce21e6549beb

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 da3103774afc805bf3848679f23f02f4
SHA1 cfda36d45ca14184dab2291bf86b2fe60f60ab02
SHA256 8e539a30a27297ea4d4badbbbe2a1e60a5b9299edb30f960d5822612c03d5e04
SHA512 ad8ee9bc72f3bb93b05c5f927e110c77021035dbe852fb5a9a1b9884476af49c1d74c4a61eede6329d09725128bfa2ce46f54e6473b1d98d7403f81c6448f9a1

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-24 12:33

Reported

2024-05-24 12:37

Platform

android-x64-20240514-en

Max time kernel

21s

Max time network

188s

Command Line

com.tencent.mm

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
BE 66.102.1.188:5228 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.187.234:443 g.tenor.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.16.234:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.178.1:443 lh3-dz.googleusercontent.com tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 80eea3c1e955c3e3d0e1d94334ab03d5
SHA1 b9f5e32bb54a155c6f80181d4d4d4e8c92cbb0e4
SHA256 002c812731300de553b2cdbd9f6dffc4dfa177387f7ca200a632c35b301149eb
SHA512 f88cb273fb7c7e4517e5d1d15e1df9dc1bf79586a30fdf2d44a014844cccd224fb4bfdf545eccf90260f1b64b4c17b2a389719c1000414a13bd6df3d27591adf

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 4fbde58bc0e1a9a0371740940e4b6a56
SHA1 b6dcf683eea29ffb6385f4a2cb5a306bd1088f4e
SHA256 a413ed488503b0bd73324eca00d1f414e6b5becd97362c81a7df3c99ea28e610
SHA512 7dfc6b55d6e08cc94d32d7ea63ff549c70ed99c3d6547df1040a5952621ad70bb3c29eabff1bc377f3d3952419d2601f90982bc15de66159cf945623c03dd770

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 d252a9cfe618b6c47c82a15c1ea8d83d
SHA1 cac30b7de1f5bba7edde7e3a329923c0717e4d71
SHA256 6257bf0e848c96bfca6c39caf64d80fcd93826da21a2905e5db203b2592a1495
SHA512 3ba8d35a8d554e12e07f780431297d3247fb6735d73a7d26ca553e13b5388c1c4524df0da43c8660e8dbc7022046ce84ff4ff876ff4a6cb40024529aa80d46a2

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 94e162717e4a524c3a4242960f6dccae
SHA1 264dab1314940371c474efe0fe8ff2c6d20bc480
SHA256 e89c616111df5e74ea04b6bab1671f1172f5cc87fb1276df134e380455530359
SHA512 110b9cf2c1e4b793a92c3c0e1fa5d027680e0c4d830aba3f09e7b9e7fcce08003a6ef079557707b2d26bdf09b679af90d5a463d1bc5c2f9d9447ab9742ad165c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-24 12:33

Reported

2024-05-24 12:37

Platform

android-x64-arm64-20240514-en

Max time kernel

24s

Max time network

190s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 185.208.158.109:3434 185.208.158.109 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp
US 185.208.158.109:3434 185.208.158.109 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 f96fc766d78fafc701613feca848e783
SHA1 9760c64f88d6685328a6616c968a01e96b2b41bf
SHA256 973aef53583658fcb6aeda9e175742fb6931dbc5b0cb793819235c45db9af83f
SHA512 455341b503a8b10be09b54cc4bf76fc3daac8d9b4788f1b5803a74dd524682f682e03689126c8cbc38f189fb3a901b5b7c6ecb90c7c668daeb1957626c57bd92

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 178f5b82e67fb69e74b5cace9ac0eadb
SHA1 efffe21d4e39060ce64f5dfe01c243021d0e1755
SHA256 e0fcb26e8a44c614c073150262afed906202c63aa4d071bc79891203ae53e0d8
SHA512 473f9e7a896f264e2f049faa272e8a3dafdda6d2d93b5286ec34f8ea15b4ea3b811af8d1603698eed0daeb2a1910bc644d558c40cf2e7f1b412dc55b04fd27fe

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 e1e1bdc122efac0f6518f6e4d96a4f0f
SHA1 92c80e4719284548f7d17bd1ffdb65443dfdbbcf
SHA256 bacfed53c31bf7e97123cdacda7f3cff2274c0f879f8f70d3c36ec1dd42496cb
SHA512 235b0abf97640c8000196d321e800b7254e3f7b4cdc56975c9ce3dbe3798fee31e53b01a03111b174acbb09593034e3407e0e33c65e8530845a791132e0d6129

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 f4b5d1e552c76784ae33611ed879b174
SHA1 3f7e763205cb2d0f221c20ceb32bf9732ba96c4c
SHA256 8f2460d9ac8e04cf9863d97c6eed486d860745ff827bae24a60cecc5dd469197
SHA512 353bd0282585ebaee7bf8d7ddd961a3c75785ad07c3376b266a189008cddae07afe936ba04fe8dbc7665ab21f638cba9aa9d4270e53c146ccdb9a5b424dfe487