Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-v7ew9avcrp
Target 9b7c41440c380281d6838a16f78aebff_JaffaCakes118
SHA256 f02cc3cbe96e51722d87a63859dd7bf669abefad2d82eaa76e53b120fd7c15bf
Tags
discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f02cc3cbe96e51722d87a63859dd7bf669abefad2d82eaa76e53b120fd7c15bf

Threat Level: Likely malicious

The file 9b7c41440c380281d6838a16f78aebff_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence

Checks if the Android device is rooted.

Checks known Qemu pipes.

Checks Android system properties for emulator presence.

Queries the phone number (MSISDN for GSM devices)

Checks known Qemu files.

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Reads information about phone network operator.

Acquires the wake lock

Queries the mobile country code (MCC)

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 17:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 17:37

Reported

2024-06-10 17:40

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

178s

Command Line

com.appnomic.cooling.master.device.heat

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڮzip N/A N/A
N/A /storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڮzip N/A N/A
N/A /storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip N/A N/A
N/A /storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip N/A N/A
N/A /data/user/0/com.appnomic.cooling.master.device.heat/cache/1582435991586.jar N/A N/A
N/A /storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڮzip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.appnomic.cooling.master.device.heat

com.appnomic.cooling.master.device.heat:remoteService

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/oat/x86/osayj.odex --compiler-filter=quicken --class-loader-context=&

com.appnomic.cooling.master.device.heat:remoteService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 docs.google.com udp
GB 172.217.16.238:443 docs.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 172.217.169.42:443 tcp

Files

/data/data/com.appnomic.cooling.master.device.heat/files/ckztf

MD5 cc087a19b7529947f3831ce8a00cb13b
SHA1 f27f46041ea758950318afae9c2ef87b94eccadd
SHA256 a87985d3f975a92eefa50b29e5c5e574be8f3ea358c981a9bfa444fd199f1aba
SHA512 4764923c8357cc788eae9704a66a65fa83b12d75e0ed4401f5025546b7bfeb54fc55e6d4e624be311b020d5272b3fda08ec94a38ca588f316734bb2dfeede4fc

/storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڀ

MD5 1b780733213cf7ed0831691c26104b5b
SHA1 db2a2ef8b6b75f83f353da914dc482a43a6b701d
SHA256 a3b9bbd7d65ebe0d329fe86cfbf7efb6d91ead866996029122d0e452d5ff7979
SHA512 24116da58e5bb1d8745694a82b720058ba8995f3c42d04ed48ead415d2d19e978da5f2aee475cb94eac18ead8437c8f9c195a33bfc38fb1812701fb0c1c4e6e0

/storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڮzip

MD5 b61845b2727329d4128c5583f11fecfc
SHA1 9c037f24c3b5cab8725f793862977e10c504a066
SHA256 99e3d456e67970262b3cb26f43bad9f65657bcd3e473dca59c3eba600a3c078e
SHA512 d928c7383ff7c3d3b11d3eaa2d1f82672daff590b236baff7fbfdfbab78030dc4887a4bb0f0aaad0dcbdfd929edea36bee1c5ec65e946a7935e8382c21e53ab1

/storage/emulated/0/Android/data/com.wݛ.uޞܝۣw.wݝڣܡ.۵ᢹஸy䣷y.byu /OMdڮzip

MD5 a93a0477c650e26eefac3da7a72cafb0
SHA1 98b4b26417d6dce3664e4c896d6ff4810e864f18
SHA256 2dd34d720573f32651832d2f60a654b52e119ac24a7b05034d2543531fd0fd55
SHA512 0881fcdbce005a45989fb4892ba6b43c066398a062c7e439fa4f466d63ac15b45cfd16e5eb5d7b37f1c6536dc5e081a8d67f66b0d970876eb8048b52ed24cfd5

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj

MD5 e42f47bba840de7c14adf88479cafcab
SHA1 ebbb76a56896c7459a9d54fe33cf428f816bf84b
SHA256 74c224a8d49e31283adb89f3f1c1608a26b805086ce2955f85a41ad9af206f01
SHA512 eb2c7ae51e94ba366d0d8681cd008b64a098cd3c86d4fe0839f3138b4dfd570f94200bc2f2a6cbdcb576efba94f638d613e98f96f003dc98754e020064164a15

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip

MD5 e175a3b5285a606c0620cd94537bd871
SHA1 2f924c2f9c52c11fa64fb3f1821f14ec5a5d48ac
SHA256 597ec1eff2136fc9a4a60007b89e6c3d9b2c33501d98c47dbab14847114255b5
SHA512 c1fb72944cf6a27ca4285a55cee6cb314158719f5b1b17892dee4b5e330659dab9e258183fe44a7d2d2ee3e21ef140c9311d87cb4194e2aadd5dd82f46ffd1bd

/data/data/com.appnomic.cooling.master.device.heat/databases/CoolerMaster-journal

MD5 683aea0cfdb4553e05eac8e5aff322a7
SHA1 646a4bd0c9b972831cfbc56c8140efcfd7be712b
SHA256 26b51ec29b93658b0ecc37c34a71f1d53a4e36c2c89bbf717e81573c6724dc8a
SHA512 b1ad823939f6c7cb77a970bbb16ff0f148aa8cae42fa3f5d9f5a20951e31d07ec8a2544d4317e575cb9d8a6eaaf113a56176c5728179698eeb0ca20ac72c60bf

/data/data/com.appnomic.cooling.master.device.heat/databases/CoolerMaster

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.appnomic.cooling.master.device.heat/databases/CoolerMaster-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.appnomic.cooling.master.device.heat/databases/CoolerMaster-wal

MD5 aef558f479a73ce6db1c4ae75816e0a7
SHA1 4b8a98b764a4a6f6a8bbba4ed1af29aed8dbdaec
SHA256 60e6e893cc5de0a0f0bc63f04bf1e71eb07171ee603d4ffc0747ba15a3be8c3c
SHA512 573a4fbcd079f52cac87705c17e89a349f86b6915d66628a1c84ca8e9f71ca8f1924f7205fe918faa6a4455eab3c417f02253524b5d712db9c25066ee82351d0

/data/data/com.appnomic.cooling.master.device.heat/databases/google_analytics_v4.db-journal

MD5 d70ad138bd1ce3f7ffdbbe2b69eb831f
SHA1 8d5fce78bbb5793625d33ebc75bdf4f4db0efc33
SHA256 d6c2fb7fadc4e4a687e81af3d29c8a4028baf24eb9361d20d8536f76894e9d28
SHA512 14d9f1d263ad19c09ef6db4054feadf63410b464165d75933abecb046f6ef0a734570b41f8a7933855b7574343e60f95f56fc2b78264c3cfba1d74c8130f1410

/data/data/com.appnomic.cooling.master.device.heat/databases/google_analytics_v4.db-wal

MD5 f8911bd7e8238c9726f76fc6421ac556
SHA1 ba296e0ea9ccb006453e5595738574014413fb51
SHA256 0c9284f23243095bdab2767f12b2f505edbc3fb32f4fa6a7515dc5e94212089e
SHA512 23ef758b17b483a137bbe05d179e8ca2e134b05c72423f8b2faa9ce813b81ac0700c110faf1cd5919e01fb13a899e9db977833be1c3e1d2f0ba36eb72ce9b506

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip

MD5 6038eace97fd39dcc6ba8d5ad7fdaff9
SHA1 695b10b2ec6dfc10b11e2e96d23dfefad150ba75
SHA256 1d9e060cc7e32bef961649c7211df25a92d9ba8edb896b9c261e984b22a2049e
SHA512 cae0edcd2274adc32470944d64f6318fb839e447f79cf481c017ca3ba34feaf4b0349a1b6e6b0843c1e2ee422d0f0b8628bdb57f8b6169ef6dcbb934f16f5239

/data/data/com.appnomic.cooling.master.device.heat/files/gaClientId

MD5 5266b6f4cfd31270bd106107fc7176b1
SHA1 ec247f68a25c7b5fdbf1fb8c317fab83e39aeedd
SHA256 d660d83b51aa8aa96f8c6727538fdd17e7a9d912d99c2a964b7b2c90c45c4058
SHA512 ffcd7c2c7345fad26d34cd0921440a33b421dbe3b94b9d3622b516adcd6474d9585db884f55a3c3a3e61317665e5ed5ff7b7c91ae9594d3828ebc1fffe742f9b

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osayj.zip

MD5 eb539244d1a329f026eab69e803c1d7a
SHA1 6b96191f813c254efe5ec1402abfa8ee558283d1
SHA256 2ef2fd32a9641a4c7644290d948f4d743f591c2a2c4dbf26a69ed2238ab1695d
SHA512 a3fd02e0530eee99d3888c380a7c6234fc5e9fc91c7b39477009b4349a824bf6a8efde1637fc3d23c3ba8d10dd8156ab642ac930dc63a46c7452516e3a7626aa

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/osqiiuji/81B94A2C9DAC130CB71C87D39B209F48.apk

MD5 678e793a60d6eb909d5672c4ee8e3da4
SHA1 2a87e630066614f884a3ad9b77b145ca11b755f9
SHA256 256035304aaf310ce73f7a86a6228ad00a2dc9f807ea5524205d88d487570db6
SHA512 51ac6f4f3fb4e6c893dc28c6a80c29cf0c7a425c1931e061067cbbd2d68c5250480061ab221f7a94c327eac8c1b99b00f80ec5963abcdc5d957c200972002cfc

/data/data/com.appnomic.cooling.master.device.heat/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/storage/emulated/0/Android/data/com.sec.qffdecys.seebydw.cqijuh.tulysu.xuqj/tquced

MD5 a16377b2826c263e14891e7252cc5fb2
SHA1 2bfb0357b939ae9dcdd682ca8b0e19edb01ecd78
SHA256 4e136d90b41190c44a2a60f531d90a1a10879e27257b516f41bd3e657a950828
SHA512 5fe66af6f93ae941d82e7d484e602a16cde9a2c6223faaaa756e4c81aa83856b02c56853ff36ecd3284af966ee1bfb3c4ffbe44418fc165b61e427ef9bef57e1

/data/data/com.appnomic.cooling.master.device.heat/files/gaClientIdData

MD5 f431ba3906f505da2f6e272c145ba27f
SHA1 b200dcd48c1cc52598949cc9a1a1a5d19a57f62b
SHA256 810aeead63c68831d383ecdf72959e46dcd7cd35ea98c5c9cc1a6c6cfedd13de
SHA512 9580e5bead30d299d416745ce424a64a76ae76cf608557dddbb8b5a45b0bbe517e24b891f8ace079a0f57704eda284bd05328ac0685179a69a7452c07ec4e33b

/storage/emulated/0/Android/data/xxh/XH.txt

MD5 ba460a4d0e1029294cf14d6c381352fd
SHA1 526ec81f22ad0eb02a73e741e27600fb19de5fb2
SHA256 a5598c3ef05198a2450ec4fafc766cabadf1d06f09a5624db14822fd48e9ebf3
SHA512 28369b4766828714c3c6e1b598f2399f979ef3ddefd59e4e06158e8f03bc08e82e672d3af3371019312deaeaa68d1ab81b50320b5498f86d19a06d2986b23163

/data/user/0/com.appnomic.cooling.master.device.heat/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.appnomic.cooling.master.device.heat/files/persisted_config

MD5 32e44bf2c5c15242e64ceae27af8de5f
SHA1 f5fc4d56cc6a38e0ee1487bd19fb9a65b48c8dab
SHA256 20e7d53b08aed82663f7542884394c79c27e021b4b13b8bf73a619394ddb33c9
SHA512 652a412dadffb08dbb9e0a40aff71033e7250c31d1ddbfe92b17dd2607978e6963c434c69055df24759d9842b74f239161ce34c562e0c9bff94fc5e6faafd1b3

/data/data/com.appnomic.cooling.master.device.heat/files/persisted_config

MD5 2c39cbeb019b625a1e3e94bcaeeeef79
SHA1 c3161d84b064a1ff22c137d54773e0233ef15e91
SHA256 1af712d409032b03ed1af09593e0ee375f243e083c4bfb5cbec7c3f4090d9e60
SHA512 d1166cdd40645e96550c7aee47476503926746e20d5ed00a0ec8a0cd60da094f8f7fcfb31cb60f3a8c688486984bc37cf20ce63f97ea8cd978b3d2c881f26307

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-journal

MD5 c87d8f5bea597e044dc303deba3dc4a5
SHA1 ea44fcd62645e02521713ec27ae401c49c68f353
SHA256 a7d6414bf4ddabf4a666016c844339c262a932ed445cdfc485f593187e9a7bf2
SHA512 d9396dedbed9f725c9e7401d7d8d894051ae8cc0a653f27818f08e18de6d0b28f4ea8e005fa55a31f216503bd94c3e7ac2a01a853972319fcf3b69796d66fcef

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db

MD5 458b2ad020c435d6bb51f714620d6391
SHA1 18db1cb0ce6531fd5afba899f7b607e6acac5736
SHA256 f72a7393b9ec7da13e1f2c4d8aa45d6c85a68a8420ff7ca096be5a024014dbe4
SHA512 d85160d5472cc5efc751a48c625383f1d3f9441b7ffaadb0b7b1f50ce555753a2849746a6b482a2b31d5c0f912a5658f88ed07eb44d07d054fbd41eaeccb9e74

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 8335c2d98c7ee8fa55dafa03ebdf4611
SHA1 c82617420085c1ec1b5f1d6c343177fefb53460b
SHA256 ac63e873b252455ee572c564411bb5ba134f8e85e9316e3a51358b13ae4c4327
SHA512 24e9f395198785fe496afdf66c27ace2a242da3be3c2c57e37e2604066b04a9b81a018b8f50fff4e1e798e24ca777f41e4111159c1b3b0d4343d8b7b8c8183a7

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 a7bec2c193637f39c6cd4f7d4620cd23
SHA1 5b52d470902ae31ce6c2c523a60984c5f1ec0f1e
SHA256 9f3ab2456d7e4e81ac441b1def5b0a48d6e47e110702c713d290382d2017f7e0
SHA512 4ad9265b868b9c9874cb6753739e2653fa9bcd9c893ff151f99bdc6008ede49aa7dd6e22e010647f46390385e83f9bc4bcbfd07fe0e767539559b784c271506e

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db

MD5 f9ca3dd8ed9bb69c0aaad4822c552eb9
SHA1 cb6fa6382c40d3e0db767a3608ebf6b088320c95
SHA256 688f734e3ab5f02ea2e65b746ffe58174f07519da99cc1bc727814e511875d96
SHA512 2eb146a93f108a4fd4fe3089d0692617772ee6fc178e0a81726de2e8d385bdee3c8014d783de119ab2aa72971d95614ca21e7e49b2518bd1086ef909b8dbbe9f

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 5f9cd228f428745deb4e755a8cfbf36d
SHA1 b5e627d1643a2be749edbde96da08e73c2383ca2
SHA256 acc9352cccf3b2bfbe55752c624b1d62ba3fc372434ccc56561878c92eb9606d
SHA512 2ca6d3eccee78a1e3f0539510f0aaeb297f37793471eea389a87c694ab347451859c8b1594704bb44ee0e4b16753000b7a93b313a85e7e9e5e8829606af66c8a

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db

MD5 0262f657c5bb3b1e3d58888c6b0d7584
SHA1 81209d35f88c5cf524ab922619997f8feaa32885
SHA256 b70909dea720ac498d2d6dffb1067b5acf3ecf60e4edcbf54512c17389c2c921
SHA512 2fa655642a70e5fbc51172cd85c58d6c1e5ca973add9a1fd3dbb38101365bfbc71b1a218df9694fcb2b084a3f4c4ff246df50f719844cd0ced302ecf11a7c17d

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 0487451c4a40fd17fc7866cb504bbe1a
SHA1 e3b250624d48107f3205ee1b0bb423833f3e7a22
SHA256 2ac6197b76b883bf7f71391e9a9067a22c2a6712cfd9edcffad9c91e57bd4018
SHA512 d92aead274ef602a4a5741c16ccd43277da3bf5cf5aa960b0081fc154563a5541895d34b99b9f90dd353a621402978de682fbd5f05d8e5182ffe3fcf71534ccf

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 fbf2ae3ebe24824dcca8267564895881
SHA1 a4c20d8543fb1d26781f4d99b7e627e5d91cf33f
SHA256 8372b5722d278a6b6b04b331ade657a512a27fdde8f7809d2acc0a8131490465
SHA512 1e32f60edbda8e91d0a6aba954e69a4d7e5dff663bfc8f33e06e44ead4ba591b968697b4c3890932c150527ffda2cf835e1de2e3b43768f394168f21bdcb7395

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db

MD5 cd6d9836094e3cebfdce0adb91494cfc
SHA1 20201467ca7bcfbd89f523a4bc8c46824a261d88
SHA256 94c412c09deebd39f671de3efab5e29c7ac690016cb246f7add4ff904e079e41
SHA512 6156b00f0749f943662132aeba8e8916fa1861d8e94716d83a48c51f1836a64c0ceae07725586edbe5330167f3e074e85564e8352ccf7688316728ae98e572a3

/data/data/com.appnomic.cooling.master.device.heat/databases/google_app_measurement_local.db-wal

MD5 f441c6bf80c385717066cb5bc550d918
SHA1 5872aada9f7a7c011d533f168c5f7360fee5d4db
SHA256 3076f25b852c9654d44970620229923e48be965d5dc141fc80f0e90f215fe9de
SHA512 cee22006361203b2a2d755741cb95971ff5ed66e18e84977687c4389c1f0a58e61c3487d079b2fbee925ceef3cb0596ebb8d273baadbad8db3d78a5df679fe57

/data/data/com.appnomic.cooling.master.device.heat/databases/EDBBE-journal

MD5 58d3dd0ffd067d7639dae1d505c320b5
SHA1 7217e20c6400d464b33704dbdb4236ab56624979
SHA256 df4dea957f3382774868e047d05029458236189e38eb5e0c7a2491c13a6d8d25
SHA512 3f82ee5fb0bcf8a6fd5b10933e198fe3589a78c291cb219cf7682d21bc31164466b86152bce486b896faf437ccc60199b8f1c9a821ab1dd8ef04c074ab3a9b93

/data/data/com.appnomic.cooling.master.device.heat/databases/EDBBE-wal

MD5 9b43721e8d630b8740ea2902cf32ee43
SHA1 8a07985d4519c5f3ca431e4961815dd3f553c5bd
SHA256 62492f7154e1a5b2ecfc15f7e05d3ebe49cfd7f26c2e7926104c0ad1ed56dbfa
SHA512 4e9da743f942e901c7351d97c039c45e9069b028c03ad5fc2e97ea3630df102c435320789a8de9fd9885927813d92852edc8dc2145786904a5f89fc10bfa38ba

/data/data/com.appnomic.cooling.master.device.heat/databases/google_analytics_v4.db-wal

MD5 2c280bb3e0cefd4994a100d626023e25
SHA1 69ad16d236136d2d40497e106feb9e455d6ed4c9
SHA256 8c84c156ad9a7e0f0edbb11fd891c34518b350cb12a6c7ce6f0c14afa800cff0
SHA512 d6b6248ad068d814be694d01880e3aee6c1416df86030e835188cb817187ba9f0f09da3231661d0d15c6865b8a71b9daccada70abf7df8ffbbba48767552cf3a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 17:37

Reported

2024-06-10 17:40

Platform

android-x64-20240603-en

Max time kernel

3s

Max time network

189s

Command Line

com.appnomic.cooling.master.device.heat

Signatures

N/A

Processes

com.appnomic.cooling.master.device.heat

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 17:37

Reported

2024-06-10 17:40

Platform

android-x64-arm64-20240603-en

Max time kernel

2s

Max time network

131s

Command Line

com.appnomic.cooling.master.device.heat

Signatures

N/A

Processes

com.appnomic.cooling.master.device.heat

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A