Malware Analysis Report

2024-09-09 16:30

Sample ID 240609-te8hesch49
Target Hamster Cоmbot Bывод.apk
SHA256 608bccf44f236542d708efc9e8d81372bb1a941969f267b315772acd370d2b06
Tags
collection credential_access discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

608bccf44f236542d708efc9e8d81372bb1a941969f267b315772acd370d2b06

Threat Level: Shows suspicious behavior

The file Hamster Cоmbot Bывод.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery impact persistence

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests changing the default SMS application.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 15:59

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 15:59

Reported

2024-06-09 16:21

Platform

android-x86-arm-20240603-en

Max time kernel

318s

Max time network

1061s

Command Line

com.example.application

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests changing the default SMS application.

collection impact
Description Indicator Process Target
Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.application

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
FI 77.91.124.14:260 77.91.124.14 tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 b6d3ca5f8b1bea3f243673abdcbc25f4
SHA1 917a67c3b5fd9814adc01e81c59ed08c70db70ac
SHA256 1eadd2d3de1286832ab2ff6ee7eaba4fc116b53981008593219e9afe543cc9df
SHA512 03bbd5bff2f967445e1f62da8570063f2aae822c3f0bfc67a42d7d0afc893ba5394e3d5d525dcd7c4569fe0f0e9a904b0fe5044c138a2427c46879bd7ae6a4e7

/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 68159bf082f55e9b94fe8c2650a6ec66
SHA1 9198c95879258972a781eae892e3f28fcb64f810
SHA256 d39bc8c4ec4b986360d62d794d9d15ca35a6dc093b956ddacce200e9cda64b98
SHA512 e5b7efa61989190a9a1a36c655808705c81c68a8996dd96c2bbd5c11e09fa63ec453d9c6c05484b53918a5bc7f74df6ecadef9552f553721812a5d085c82f9fd

/data/data/com.example.application/files/profileInstalled

MD5 c28c3dbd96e3f51b0e0c9b7b170c5742
SHA1 e43a4d0527749c8260f4bb6458a5cc85b8e5a3ed
SHA256 1a77da95370288983e2f2a4df4b62e2e0ec495b858b61c017785871c596d43bb
SHA512 f7fa8ee49c8e475471acf9bcce2b61da3dc7e5678b14bea248a3aec9285e36433803de9e323b8ca849e97f7b30a6705029d1c6129c7214e43d257a4a7d828422

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 33b45e9d4f2e1da359ce022afca33615
SHA1 74144dc9e9f879ce7f1217421ac0599612ad652d
SHA256 1e490be703e70f03304477a6cb7041f5674093b8820ea1c32211f01628fac5ed
SHA512 b722597c2f58548260434d9a3b9cbe5839eccfaf07f0e550d143c62fb8572b8c21a5a17d7b2484df92a7214c3f2cfb5f0228cbfd41362fe3131327002802987a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 15:59

Reported

2024-06-09 16:21

Platform

android-33-x64-arm64-20240603-en

Max time kernel

1032s

Max time network

1082s

Command Line

com.example.application

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.application

Network

Country Destination Domain Proto
GB 216.58.212.196:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.196:443 udp
GB 216.58.204.67:443 tcp
FI 77.91.124.14:260 77.91.124.14 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 157.240.214.11:443 tcp
GB 2.19.117.12:80 a.espncdn.com tcp
US 151.101.129.16:443 tcp
US 172.64.41.3:443 udp
BE 142.250.110.84:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.234:443 remoteprovisioning.googleapis.com tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.178.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.178.3:443 udp
GB 216.58.212.196:443 udp
GB 142.250.180.4:443 udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 voilatile-pa.googleapis.com udp
GB 172.217.169.42:443 voilatile-pa.googleapis.com udp
GB 142.250.200.4:443 udp
US 162.159.61.3:443 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 udp
GB 142.250.178.1:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.1:443 tcp
GB 172.217.169.1:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.4:443 udp
GB 142.250.200.4:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
RU 178.248.236.218:443 tcp
RU 178.248.236.218:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 udp
RU 193.17.93.93:443 udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 87.250.251.119:443 tcp
RU 5.189.239.94:443 tcp
DE 31.172.81.147:443 tcp
RU 178.154.231.214:443 tcp
RU 178.154.231.214:443 tcp
RU 213.180.204.90:443 tcp
RU 5.255.255.77:443 tcp
RU 178.248.239.123:443 tcp
RU 178.248.239.123:443 tcp
GB 142.250.187.232:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.178.6:80 tcp
GB 216.58.201.98:443 tcp
GB 142.250.178.6:443 tcp
GB 142.250.187.226:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 voilatile-pa.googleapis.com udp
GB 216.58.213.10:443 voilatile-pa.googleapis.com tcp
GB 142.250.200.4:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
DE 31.172.81.147:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.68:443 udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 udp
GB 172.217.169.68:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
RU 193.17.93.93:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
RU 178.248.239.123:443 tcp
GB 172.217.169.68:443 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.212.228:443 udp
RU 193.17.93.93:443 udp
GB 216.58.212.228:443 udp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.212.228:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
RU 178.248.239.123:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 udp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 193.17.93.93:443 tcp
RU 178.248.236.218:443 tcp
RU 5.189.239.94:443 tcp
RU 178.154.231.214:443 tcp
RU 178.248.239.123:443 tcp
RU 5.61.236.9:443 tcp
RU 5.61.236.9:443 tcp
RU 5.181.61.0:443 tcp
RU 5.181.61.0:443 tcp
RU 5.181.61.0:443 tcp
RU 5.181.61.0:443 tcp
RU 5.181.61.0:443 tcp
RU 5.181.61.0:443 tcp
RU 5.61.236.232:443 tcp
RU 5.61.236.232:443 tcp
RU 95.163.52.67:443 tcp
RU 95.163.59.196:443 tcp
RU 95.163.59.196:443 tcp
RU 95.163.41.56:443 tcp
RU 5.181.61.0:443 tcp
RU 5.61.236.232:443 tcp
RU 95.163.52.89:443 tcp
RU 95.163.52.89:443 tcp
RU 5.61.236.9:443 tcp
RU 5.61.236.232:443 tcp
RU 5.61.236.232:443 tcp
RU 5.61.236.232:443 tcp
RU 95.163.41.56:443 tcp
GB 142.250.187.228:443 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.200.42:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 vkpns.rustore.ru udp
RU 5.61.236.9:443 vkpns.rustore.ru tcp
US 1.1.1.1:53 ip4.tracker-api.my.com udp
RU 95.163.217.21:443 ip4.tracker-api.my.com tcp
US 1.1.1.1:53 backapi.rustore.ru udp
RU 5.61.236.232:443 backapi.rustore.ru tcp
RU 5.61.236.232:443 backapi.rustore.ru tcp
US 1.1.1.1:53 api.vk.com udp
RU 87.240.190.75:443 api.vk.com tcp
US 1.1.1.1:53 e.mail.ru udp
RU 94.100.180.215:443 e.mail.ru tcp
US 1.1.1.1:53 tracker-api.my.com udp
US 1.1.1.1:53 ts.tracker-api.my.com udp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.21:443 ts.tracker-api.my.com tcp
US 1.1.1.1:53 stats.rustore.ru udp
RU 5.61.236.232:443 stats.rustore.ru tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
US 1.1.1.1:53 auth.vkpns.rustore.ru udp
US 1.1.1.1:53 api.rustore.ru udp
RU 5.61.236.232:443 api.rustore.ru tcp
RU 5.61.236.9:443 auth.vkpns.rustore.ru tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
US 1.1.1.1:53 m.mradx.net udp
RU 5.61.236.232:443 api.rustore.ru tcp
RU 95.163.50.79:443 m.mradx.net tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
US 1.1.1.1:53 rebus.rustore.ru udp
RU 95.163.52.18:443 rebus.rustore.ru tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 5.61.236.232:443 api.rustore.ru tcp
RU 5.61.236.232:443 api.rustore.ru tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
US 1.1.1.1:53 static.rustore.ru udp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 5.181.61.0:443 static.rustore.ru tcp
RU 95.163.52.67:443 tcp
RU 95.163.217.21:443 ts.tracker-api.my.com tcp
US 1.1.1.1:53 ts.tracker-api.my.com udp
RU 95.163.217.21:443 ts.tracker-api.my.com tcp
US 1.1.1.1:53 ts.tracker-api.my.com udp
RU 95.163.217.21:443 ts.tracker-api.my.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 1.1.1.1:53 ts.tracker-api.my.com udp
RU 95.163.217.21:443 ts.tracker-api.my.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 1.1.1.1:53 newsstand.googleusercontent.com udp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
US 1.1.1.1:53 i2.ytimg.com udp
GB 142.250.180.1:443 newsstand.googleusercontent.com udp
GB 142.250.178.14:443 i2.ytimg.com tcp
GB 142.250.178.14:443 i2.ytimg.com tcp
GB 142.250.187.238:443 encrypted-tbn0.gstatic.com udp
US 1.1.1.1:53 social-magazines-prod.storage.googleapis.com udp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.200.59:443 social-magazines-prod.storage.googleapis.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 tracker-api.my.com udp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp
RU 95.163.217.26:443 tracker-api.my.com tcp

Files

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 86800d48a00de0a211011e9356cd7371
SHA1 aaba899af40fc1aba33cbdf52d4f8e2a0b9dcd71
SHA256 4c3f5ad9ca5623b2ab5f655be042f18fb156101295381757fa76d524143a25f5
SHA512 71c6ecf46af762b87f05c5b2253711b641f62c0381623364d98181171566b7c879eec22884af047f1d4563de2a7ca78d7a073d1ab5625bb8c171f4941b26edd7

/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 1fa1d0505a128cee7236ef686a448579
SHA1 e67eaadcf33d1d00e04cd1bd4e7688253b064bcd
SHA256 9a07efd72d6d36d993506f8e9509af558f535ae3380cd1a4811656169eb4c852
SHA512 5e26218d2777df44c064488bdaf523efd31b2a4da81773d101cb38eb101c8181d488b478a007cf061579d94dc37f244dd8a7ed239290ee4ff4d11f1adb4a40f7

/data/data/com.example.application/files/profileInstalled

MD5 4eee2132a511913a91bc3570b084e6f7
SHA1 d565e5e044335019c604dcc14f9ca78db121c7c5
SHA256 2f91dbb8f7a2348d8f71dfe5059e355b764953505818ade41250a0bb8fe1e79e
SHA512 8f22ed692c1b3165506aad207120cb8d8ac654723721dac7a9093b60a760671d6f607a413076e8f1abd8ffdb8f852d310a3cd7ee4fcb6c2c7f559b363de0cb86

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 1dbcd3ae623f136ba82818fa2d47743b
SHA1 db8503f6e1546242cd00b3c16705f2b4efa40f83
SHA256 35da73f888cb559111c189078f3e43a29850b79f74a9eee6e05b8214d2675965
SHA512 395c20398de2606f0b40e9eccdc731ba1fbe5eb3bd7ab26b96cd79c25aeeb793a90795c11c9be689d4b9a6b2f71c1b32df85072c0991cf5d31f47216319985ac

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 15:59

Reported

2024-06-09 16:21

Platform

android-x86-arm-20240603-en

Max time kernel

317s

Max time network

891s

Command Line

com.example.application

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests changing the default SMS application.

collection impact
Description Indicator Process Target
Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.application

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
FI 77.91.124.14:260 77.91.124.14 tcp
GB 142.250.200.3:80 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.187.226:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.178.3:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 b6d3ca5f8b1bea3f243673abdcbc25f4
SHA1 917a67c3b5fd9814adc01e81c59ed08c70db70ac
SHA256 1eadd2d3de1286832ab2ff6ee7eaba4fc116b53981008593219e9afe543cc9df
SHA512 03bbd5bff2f967445e1f62da8570063f2aae822c3f0bfc67a42d7d0afc893ba5394e3d5d525dcd7c4569fe0f0e9a904b0fe5044c138a2427c46879bd7ae6a4e7

/data/data/com.example.application/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 a2971d5fccdf26414b90406801a0713e
SHA1 9003cced499a697d9747b519dc6a13f61d163515
SHA256 b8b895824a718d84202e4c0cd29aa02f28fbbb91e523f15c6436101d8703acd8
SHA512 afc29c2ab75ec209323562e936f0f264aaf9110879fe4f4c1c86b31b144842e606383abda1691d03110e580e58caf1fe1ae2e7a2018ee9f90c926020c77f149e

/data/data/com.example.application/files/profileInstalled

MD5 d3a16f85362a118c6af497538918cc4e
SHA1 919a1500c20415816c83b9b7e0a9d301e531ed79
SHA256 c17f7240042a67e4756c9d073547d4764ccfcb3188428850ea3d5cc193621b13
SHA512 17be84b5a2abdc3aed800161239afdb916bb1be6702e1a2c36e87d7ab61fa9b37031d690f97f0e56ead0aec78bbc517ad1d58a3d7362c3c3d9ac1ad43c122a3d

/data/misc/profiles/cur/0/com.example.application/primary.prof

MD5 9f9a6dec95c10078f489395f78ae8250
SHA1 59648660eabbee81fece7e06cb9d2b13f529e2d2
SHA256 299abf3d0fc913e2b63b2cb3b2c0a2ae777d17058e431eca9abe0668cbdec803
SHA512 a62f76f2507d4e7cfc3ca0776e6a04df6d63ffa25bf6b91c6274c1d1d0185230893fb3b1cbda31ecb1a3f718efc8aa065dcd24e30786d6032cf3aaccb05c9c17