Malware Analysis Report

2024-09-09 16:16

Sample ID 240612-rrckeayaqd
Target 09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c.bin
SHA256 09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c
Tags
collection credential_access execution impact persistence discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c

Threat Level: Shows suspicious behavior

The file 09d4a5a09adb12d0153535d046d96849d4d83c8551b0be818626505e206e4a5c.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access execution impact persistence discovery

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 14:25

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 14:25

Reported

2024-06-12 14:28

Platform

android-x64-arm64-20240611.1-en

Max time kernel

27s

Max time network

188s

Command Line

com.hadifetrati.notebook

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.hadifetrati.notebook

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 fetch.adivery.com udp
IR 87.107.167.43:443 fetch.adivery.com tcp
US 1.1.1.1:53 cdn.adivery.com udp
IR 185.166.104.4:443 cdn.adivery.com tcp
IR 185.166.104.4:443 cdn.adivery.com tcp
IR 185.166.104.4:443 cdn.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
US 1.1.1.1:53 events.adivery.com udp
US 172.67.218.193:443 events.adivery.com tcp
IR 185.166.104.4:443 cdn.adivery.com tcp
IR 185.166.104.4:443 cdn.adivery.com tcp
US 172.67.218.193:443 events.adivery.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.204.67:443 tcp

Files

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 b4d657eb9d5314ab67dad0783fa29042
SHA1 bfc27cfc84eeefe229f6f2501d5c3281ebbd18fb
SHA256 3b77c2a0f98f0bad152b357c959482f3172d8ca7a98fbd450bd6809a629bfa18
SHA512 337e5efba2d0619c84ef8d5a180167b8de55d26733631bf77289f5daef8ee5638764ab3f6703ee040833ffe887c8d61ab417a7a45634a4279a7c427be7e03ba1

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB

MD5 4a4cc7aa82867197b9a26c9113881ab8
SHA1 5412e3ababaade4a7a41179c2b46e73308e1a83d
SHA256 f69543e3f82a93b09485a066cae47cad4c379c7566095901282f651743902a2c
SHA512 1f9614303caa1f9fac74c5625a4ddc668b6557f91d04099852be8c2ef6b3df77e269fbe8843d9d9979bfb9e20684d7476c48065991bd284262b12ec224fce869

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 59cfed1e91649828d11bce4be1809ed2
SHA1 0c3c30638675b9eec49ca146f961bd1b37591329
SHA256 e26a08bcbb32b4c87247e709488efde75dd310078766dd6499bb2f1b71836a21
SHA512 9cce31e6ebdd5f36bdeadcc0394a1029a8cd0a405a1986af1613b61550b0b87a1d7286f8e74f71f27250bfb260b1083992f8f161d1cf531f6305721a214b8791

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 b1a441b577a243c85230fdbda287da85
SHA1 37669ff2600169da4b57c60f2b3622151ac45610
SHA256 4502c343e7c5a63098370564e117134865085f0586a9efdb55a087baac6a0df3
SHA512 f409d23ae97a09dd4a0b1a9dbbe5bb0ac649099b5e252a14fef23637cd94abfd6de6a2980c635e881fce10841561b9fee8fc3689994efde75eb0988878981ed6

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal

MD5 02aa7617466618b3779ab6277311cebd
SHA1 d2a3f92b8ed0bd02b2e1fce79ae5ba22fc2c6d2f
SHA256 6137eb801938d6db6f81ad0b5d900d3a6dad8bdf7655d29b19cba72a8e18cb99
SHA512 7fdbb48568b9c6677da7dc50ccdbd3f8acefb0649675b103d4110f1b5f89076eb936f69a82a8c1564d8cfb6dbb29f6fb018cbfbad87a72964aa9c1c1cc36db6e

/data/data/com.hadifetrati.notebook/cache/adivery-cache/4hi9t08341wkp6zscnhairpuc.0.tmp

MD5 d6345ae86733f4ab79546cb0042c4c38
SHA1 9eb418ec4e87e666afcd42782e64328aaa762b72
SHA256 b1eea634f7e4a5a915f4316968b3a9e028211959c38c5f789aa7699f25424b56
SHA512 531a1a3364f0173230b8fac9a7c474a4c444e26b0462aa943bdde1cbc519b1ef4c1f6aab190d788ad779bc0b34b44418316340b63d833655c00838a808d0fbae

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2mpzv0ywwt0br3layyg7kosn0.0.tmp

MD5 b4ba18af5e4803b5406d04d682f9eb51
SHA1 d6877e0b6c25047129e54c4629d9814b5b6845a3
SHA256 4a23b0af124d823f1d9877a51fa42fa8fc959810dc9c7efd23ca9e610f0a45d5
SHA512 fbef24e61151fe8c19339306a06752b4d6bfec9b7f50cee518c419ba277591af24a17d87a0e5b4d8e65936d63f14fd598e0fefe53b73c4f59c80e1895d4a9cb3

/data/data/com.hadifetrati.notebook/cache/adivery-cache/368xkuacxmfeo3v0oesx88paw.0.tmp

MD5 54914bafb1b97d16e353be49c81d8392
SHA1 fb33d0b5d200a61d37ac22c44e2fba6fbf53a8ad
SHA256 233142bf36cd7676c6e18856eac6861081c42f83cb4f7c865791d9c67b0636ba
SHA512 d7d495e3bdf675c5136d6bfd37f78cb75c847f770fe6a1b44876aa2ff425ee3a16774acf308ce992edcaf61a8ec2baa9251bfdedec0a5b4165562a30a3c7d5c3

/data/data/com.hadifetrati.notebook/cache/adivery-cache/1qr8dl8wps1jpzi951vok34zi.0.tmp

MD5 5aaaec90a9729e4f660795be2fd48620
SHA1 5297e2b0cb795ba6e6c23ec90384bea31b3ab045
SHA256 a36b1c41a44eee1682fe431661ea0ed622582637d5f49609c8ac7f8bf48c66a6
SHA512 4c91460ccacd7670cce042841968c1b49252d6fa54dea3f9c385ab160c30c1c2f51badda29abc9465134b8f53c6543c5196ac73efd2aac1da314f5bea553011a

/data/data/com.hadifetrati.notebook/cache/adivery-cache/4im4mehi8oql8ccqtzqzuowhp.0.tmp

MD5 bd00afba56e1517c53505a42fabb198e
SHA1 2b5a85dd2767bf33b2a57129226d00c48508d83c
SHA256 0b8ba338ce3b657a75d98d659fce4bea3e578a1af4eb845da33b9fc25ff357a3
SHA512 3eb6f611f33ff2ef5f632ca79f0595089c2ada3620f12ea38ed3ecb307ded38562eb953d0774115ad84004260f903d62c909e55f9c60a5c913ba8cdf2316abfc

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5pbo4a7hddcsyz1wak1oojwhr.0.tmp

MD5 4a3e4671e240fa87f955b86c32818358
SHA1 09c94521f832b980c3196436ef5b5bb9a0f5291f
SHA256 3ac0f177e2a226d398c51f1052c330b0af38e2c925579ab5a59b2438861d9324
SHA512 2b5a0f56a9eb7c3340a0080617179eb83d9880158120c23f44d38f72a7718725954b3fbe4c66f99aa74d8cc1f506390d20352af4e57a59d27b17ea35a46377b2

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2uhrrdkqo8jjq7ppyhxsxfdm.0.tmp

MD5 9c9d3dd3fb276bee23da93f639ae46ed
SHA1 cfaba0922e79567ed03dbb2f7b4c6c497d27d8d0
SHA256 b857723004b2357dd3152b526403cfb2b91fafe2957a283975c1358f28cc02a8
SHA512 b94c2329f973208de3002542a21fca629643caecbb6b83d100c69a2554a1a371e35ffa4a555e595bd44d3c472dbffa5c4c86049c3f54ed5f5c81ccdaf4a2f82f

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2iluxnebe51hekcjg8v1g5fq4.0.tmp

MD5 8efefa3227e4d782a80d5f9da22a0058
SHA1 934293af173c80e3ca62e717d619acb57005a517
SHA256 fd9db8d1519624107a19b6a69985d592c5cb178706f1ea62bd13719400618fe2
SHA512 e9e2f3ca150c6b1cf7573cafe7d5866057094fe28a1eabfcfe2e86df7885a4ddcafde12dce53224c4e263fe2047d68dc626be45bda2f837756a3a8b2c606667b

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5s1oib9dxsbip0phnnqxsx10i.0.tmp

MD5 68cc7e7ff81d72b65082da5d0d9b4718
SHA1 6c2ffd9d0b3505ad7efc9ef22bc0bbbcced4ab55
SHA256 11bde99d5cedb1d5aa1425ba3807f8cee8c60f16c6f607027553d167a11eb6df
SHA512 848155ff51abaadb475d7900e8e8494906c02ff85e21f8113f1a48c9002616c07077a8b3a7272d6eada0d5ec7ba2dca7cd021190eb0802c3a13e41d9ae69c68a

/data/misc/profiles/cur/0/com.hadifetrati.notebook/primary.prof

MD5 b74110fef75f6bd788b075005de35e9d
SHA1 a80e76ca6f3e770dd1671fdc25c15ee755632300
SHA256 49d617b2ebf59a9dc83afe76ffb69cc54f115d5e0e4bc3cd6742cab5975f0b46
SHA512 6f1e6a39fb607f1c7d4710552cc8bf8f194bd0823f4e6cb50542ce294a5292ad265b91e9d856a8d824869063f19c18815847243ce9ece31aaf1f48405434106d

/data/data/com.hadifetrati.notebook/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 3774e74b00b338d3bf50dc78cbfce532
SHA1 d8b77fa949b1b3c89530ef0c44063f4b9fa36b2b
SHA256 a673868b2b2233c84f0b7a0a1e0dc86f92cbc7882f94c37b23aaec17d38cfd41
SHA512 8d8ab176aebf0fb05d47d86111dc64f0833d8b7d246f435ad30fcc67b7ea0946e59af1d6e12cdd6177954d597c277b92f9cfa4d366c1a8266f3746047af330df

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 14:25

Reported

2024-06-12 14:28

Platform

android-x86-arm-20240611.1-en

Max time kernel

155s

Max time network

185s

Command Line

com.hadifetrati.notebook

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.hadifetrati.notebook

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 fetch.adivery.com udp
IR 87.107.167.40:443 fetch.adivery.com tcp
US 1.1.1.1:53 cdn.adivery.com udp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 87.107.167.40:443 fetch.adivery.com tcp
IR 87.107.167.40:443 fetch.adivery.com tcp
IR 87.107.167.40:443 fetch.adivery.com tcp
IR 87.107.167.40:443 fetch.adivery.com tcp
US 1.1.1.1:53 events.adivery.com udp
US 172.67.218.193:443 events.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
US 172.67.218.193:443 events.adivery.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 13c1f852bb49678fde6eb27b366aae47
SHA1 6d4143dec62bbf9bbd2bb4327d55b1634c413470
SHA256 025af7a9861decedd839b3e379e317f5eb4b11f56e0bf0953fb23e147afe67ff
SHA512 c7f470542a237ecb8b0f3ced09a9dce29468336006a92d96453d000c757a4a62a777b00fe3734f022614dec4957f68fdc4fbca2051db157eee81cc7f0f0e1077

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-wal

MD5 231ec15cd3257684ce0f6a286d5a1c6c
SHA1 c2e009e9fb10b07a8673aacb6bb67a66a7b6bc20
SHA256 9154552f7b13fafe648c1c21b5e37a3f8b249164309e74439b46910ba3ea01e3
SHA512 c9da6ac19aa240116bdf91e3b6c01541652241fcd3269da73742abb92e7fc62bffd3f858995dce99284113afae53fed05111eaf325e2063b5d3124577df1972b

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal

MD5 8bd57fae94079dc0c1de5bcfb505bc48
SHA1 fd97ca983b4fb35ea89e650cf75d8e108ffc6f69
SHA256 d415ce7d1cde9d60139af7fd6e33d94e248187020faca7c263e847d5110842b1
SHA512 c5169a63bcb8db7b930039dca8aa07f15132ec58cd116fd61a049821228e250140ddb8e1c6263fa271558b1dad905746b8f897dca4885a5ad8ab21613714b9f1

/data/data/com.hadifetrati.notebook/cache/adivery-cache/4im4mehi8oql8ccqtzqzuowhp.0.tmp

MD5 bd00afba56e1517c53505a42fabb198e
SHA1 2b5a85dd2767bf33b2a57129226d00c48508d83c
SHA256 0b8ba338ce3b657a75d98d659fce4bea3e578a1af4eb845da33b9fc25ff357a3
SHA512 3eb6f611f33ff2ef5f632ca79f0595089c2ada3620f12ea38ed3ecb307ded38562eb953d0774115ad84004260f903d62c909e55f9c60a5c913ba8cdf2316abfc

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2mpzv0ywwt0br3layyg7kosn0.0.tmp

MD5 b4ba18af5e4803b5406d04d682f9eb51
SHA1 d6877e0b6c25047129e54c4629d9814b5b6845a3
SHA256 4a23b0af124d823f1d9877a51fa42fa8fc959810dc9c7efd23ca9e610f0a45d5
SHA512 fbef24e61151fe8c19339306a06752b4d6bfec9b7f50cee518c419ba277591af24a17d87a0e5b4d8e65936d63f14fd598e0fefe53b73c4f59c80e1895d4a9cb3

/data/data/com.hadifetrati.notebook/cache/adivery-cache/1qr8dl8wps1jpzi951vok34zi.0.tmp

MD5 5aaaec90a9729e4f660795be2fd48620
SHA1 5297e2b0cb795ba6e6c23ec90384bea31b3ab045
SHA256 a36b1c41a44eee1682fe431661ea0ed622582637d5f49609c8ac7f8bf48c66a6
SHA512 4c91460ccacd7670cce042841968c1b49252d6fa54dea3f9c385ab160c30c1c2f51badda29abc9465134b8f53c6543c5196ac73efd2aac1da314f5bea553011a

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2iluxnebe51hekcjg8v1g5fq4.0.tmp

MD5 8efefa3227e4d782a80d5f9da22a0058
SHA1 934293af173c80e3ca62e717d619acb57005a517
SHA256 fd9db8d1519624107a19b6a69985d592c5cb178706f1ea62bd13719400618fe2
SHA512 e9e2f3ca150c6b1cf7573cafe7d5866057094fe28a1eabfcfe2e86df7885a4ddcafde12dce53224c4e263fe2047d68dc626be45bda2f837756a3a8b2c606667b

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2uhrrdkqo8jjq7ppyhxsxfdm.0.tmp

MD5 9c9d3dd3fb276bee23da93f639ae46ed
SHA1 cfaba0922e79567ed03dbb2f7b4c6c497d27d8d0
SHA256 b857723004b2357dd3152b526403cfb2b91fafe2957a283975c1358f28cc02a8
SHA512 b94c2329f973208de3002542a21fca629643caecbb6b83d100c69a2554a1a371e35ffa4a555e595bd44d3c472dbffa5c4c86049c3f54ed5f5c81ccdaf4a2f82f

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5pbo4a7hddcsyz1wak1oojwhr.0.tmp

MD5 4a3e4671e240fa87f955b86c32818358
SHA1 09c94521f832b980c3196436ef5b5bb9a0f5291f
SHA256 3ac0f177e2a226d398c51f1052c330b0af38e2c925579ab5a59b2438861d9324
SHA512 2b5a0f56a9eb7c3340a0080617179eb83d9880158120c23f44d38f72a7718725954b3fbe4c66f99aa74d8cc1f506390d20352af4e57a59d27b17ea35a46377b2

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5s1oib9dxsbip0phnnqxsx10i.0.tmp

MD5 68cc7e7ff81d72b65082da5d0d9b4718
SHA1 6c2ffd9d0b3505ad7efc9ef22bc0bbbcced4ab55
SHA256 11bde99d5cedb1d5aa1425ba3807f8cee8c60f16c6f607027553d167a11eb6df
SHA512 848155ff51abaadb475d7900e8e8494906c02ff85e21f8113f1a48c9002616c07077a8b3a7272d6eada0d5ec7ba2dca7cd021190eb0802c3a13e41d9ae69c68a

/data/misc/profiles/cur/0/com.hadifetrati.notebook/primary.prof

MD5 b74110fef75f6bd788b075005de35e9d
SHA1 a80e76ca6f3e770dd1671fdc25c15ee755632300
SHA256 49d617b2ebf59a9dc83afe76ffb69cc54f115d5e0e4bc3cd6742cab5975f0b46
SHA512 6f1e6a39fb607f1c7d4710552cc8bf8f194bd0823f4e6cb50542ce294a5292ad265b91e9d856a8d824869063f19c18815847243ce9ece31aaf1f48405434106d

/data/data/com.hadifetrati.notebook/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 0f559d4d91b4e5b0dda6b546aff4f9fd
SHA1 704e642b78bbfdf7526f6015fc9fbf387da6ee95
SHA256 64e13286bf08ee868bbffae662f67aa930d8643344fe5807d1e4a8447bc65bf3
SHA512 6865962497167dcd222fd5f4864ec9ab03c555d46e4c637346db54d834a282fd151128eb3eea4eba2c7be70596c222d5424c1981b33348586f0606cfa70a3246

/data/data/com.hadifetrati.notebook/files/profileInstalled

MD5 237b1cebb1e45f78ef3066fd978fc8c3
SHA1 896f58607f9ebde702f52c92ea803cfac4d9915b
SHA256 caab166e8335e98c0f03df4ff2896c2be31011d170114a103227d4c2e36beb22
SHA512 23af7d9fd7e221b74acc0b59e23fc31420cad93dcfd7cd1841354d0fc092940dc434e3a30dfa1737f9240be9ca45d92bdff2831240eb9aa685b698ecdda238a5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 14:25

Reported

2024-06-12 14:28

Platform

android-x64-20240611.1-en

Max time kernel

156s

Max time network

188s

Command Line

com.hadifetrati.notebook

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.hadifetrati.notebook

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 fetch.adivery.com udp
IR 87.107.167.43:443 fetch.adivery.com tcp
US 1.1.1.1:53 cdn.adivery.com udp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
US 1.1.1.1:53 events.adivery.com udp
IR 87.107.167.43:443 fetch.adivery.com tcp
IR 87.107.167.43:443 fetch.adivery.com tcp
US 172.67.218.193:443 tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
IR 185.166.104.3:443 cdn.adivery.com tcp
US 172.67.218.193:443 events.adivery.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 f27159658d0a0fa99419939f9fd7bb2a
SHA1 103cdee9443cefe7f634c33228e5c11e2a746710
SHA256 c055b9552c56ac5968edf4f5e69ca990877e4e6e9a85d52848020b979df2afce
SHA512 116404e70c6623dba0cd38e6f68fea8132548153a25af1a9c4163899e4bd1fead9258f469aac31e8b5ce93130a521d704d704f7aca11a597d7a63ec8fa07d403

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB

MD5 6cbd101d9bd7e6912efd40db4d7cadf2
SHA1 806296677bf0c7fb943b6280394cf2c4c19afe90
SHA256 6bca2118bf418147d3dc0c9e4d83249422a0036ade1245ff3fd897956f0f87e5
SHA512 c16cc2b56e1d4b19dc1eb5e051fda8a8e444980b7f8a6bd83150e1242cf7a3a085ef27177f57f72b42836bb3da0f5deca0a1506de7e93753a675c22bcc7b6fb3

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 b587c5dbf66dcf68058a6a611994071b
SHA1 90e509d0bd91866489a10aa892bd98a48b2323a5
SHA256 1183a06e1cdfb8ecffb2edaf8f8374c556078e92c221b793b43c1dba57a6b71e
SHA512 2da1669b22fbff1bfe7aa505f1235883372d886371c7c316714e5c7a4b60144161f64e3a7847abc226355fbdfa3f5ae723e555bcf3536deed65d8f116167fefc

/data/data/com.hadifetrati.notebook/databases/ADIVERY_RESPONSE_LOGS.DB-journal

MD5 ef7d10abbe971d8e062e5cfae5948441
SHA1 2147c030eb270d5c36b0dc97d4bed5afb492b8c1
SHA256 e4ffe55285af109cb3bfce758216f0ad02d0ebbbec9a2a264778a3dc899a2fcd
SHA512 811568b5474cec8465917ebfc7cc211c9de9a31f0455416fafb242f83fc39b1dfe61d7dd80b36fb1be9abd7b2d71637889cc8399edfa3461949b05a609043ded

/data/data/com.hadifetrati.notebook/cache/adivery-cache/journal

MD5 a34339b75f4f6b7dc52236707c4b3086
SHA1 7fc2f5d160a431a5c7bbaf55af2254d94721f85f
SHA256 1f2efd96644a84276264dd7ba22cdf959a1ebd8484894e11d8c3d12247cd0a67
SHA512 b5305b8106dff18dd43f69ea3051fa05d56369b80b49bae34be2e79b7f0debd5a37c4ce3818e777d730decaddfd317a7fadb27b97ee974dc473fcead7afcba40

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2mpzv0ywwt0br3layyg7kosn0.0.tmp

MD5 b4ba18af5e4803b5406d04d682f9eb51
SHA1 d6877e0b6c25047129e54c4629d9814b5b6845a3
SHA256 4a23b0af124d823f1d9877a51fa42fa8fc959810dc9c7efd23ca9e610f0a45d5
SHA512 fbef24e61151fe8c19339306a06752b4d6bfec9b7f50cee518c419ba277591af24a17d87a0e5b4d8e65936d63f14fd598e0fefe53b73c4f59c80e1895d4a9cb3

/data/data/com.hadifetrati.notebook/cache/adivery-cache/368xkuacxmfeo3v0oesx88paw.0.tmp

MD5 54914bafb1b97d16e353be49c81d8392
SHA1 fb33d0b5d200a61d37ac22c44e2fba6fbf53a8ad
SHA256 233142bf36cd7676c6e18856eac6861081c42f83cb4f7c865791d9c67b0636ba
SHA512 d7d495e3bdf675c5136d6bfd37f78cb75c847f770fe6a1b44876aa2ff425ee3a16774acf308ce992edcaf61a8ec2baa9251bfdedec0a5b4165562a30a3c7d5c3

/data/data/com.hadifetrati.notebook/cache/adivery-cache/4hi9t08341wkp6zscnhairpuc.0.tmp

MD5 d6345ae86733f4ab79546cb0042c4c38
SHA1 9eb418ec4e87e666afcd42782e64328aaa762b72
SHA256 b1eea634f7e4a5a915f4316968b3a9e028211959c38c5f789aa7699f25424b56
SHA512 531a1a3364f0173230b8fac9a7c474a4c444e26b0462aa943bdde1cbc519b1ef4c1f6aab190d788ad779bc0b34b44418316340b63d833655c00838a808d0fbae

/data/data/com.hadifetrati.notebook/cache/adivery-cache/1qr8dl8wps1jpzi951vok34zi.0.tmp

MD5 5aaaec90a9729e4f660795be2fd48620
SHA1 5297e2b0cb795ba6e6c23ec90384bea31b3ab045
SHA256 a36b1c41a44eee1682fe431661ea0ed622582637d5f49609c8ac7f8bf48c66a6
SHA512 4c91460ccacd7670cce042841968c1b49252d6fa54dea3f9c385ab160c30c1c2f51badda29abc9465134b8f53c6543c5196ac73efd2aac1da314f5bea553011a

/data/data/com.hadifetrati.notebook/cache/adivery-cache/4im4mehi8oql8ccqtzqzuowhp.0.tmp

MD5 bd00afba56e1517c53505a42fabb198e
SHA1 2b5a85dd2767bf33b2a57129226d00c48508d83c
SHA256 0b8ba338ce3b657a75d98d659fce4bea3e578a1af4eb845da33b9fc25ff357a3
SHA512 3eb6f611f33ff2ef5f632ca79f0595089c2ada3620f12ea38ed3ecb307ded38562eb953d0774115ad84004260f903d62c909e55f9c60a5c913ba8cdf2316abfc

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2uhrrdkqo8jjq7ppyhxsxfdm.0.tmp

MD5 9c9d3dd3fb276bee23da93f639ae46ed
SHA1 cfaba0922e79567ed03dbb2f7b4c6c497d27d8d0
SHA256 b857723004b2357dd3152b526403cfb2b91fafe2957a283975c1358f28cc02a8
SHA512 b94c2329f973208de3002542a21fca629643caecbb6b83d100c69a2554a1a371e35ffa4a555e595bd44d3c472dbffa5c4c86049c3f54ed5f5c81ccdaf4a2f82f

/data/data/com.hadifetrati.notebook/cache/adivery-cache/2iluxnebe51hekcjg8v1g5fq4.0.tmp

MD5 8efefa3227e4d782a80d5f9da22a0058
SHA1 934293af173c80e3ca62e717d619acb57005a517
SHA256 fd9db8d1519624107a19b6a69985d592c5cb178706f1ea62bd13719400618fe2
SHA512 e9e2f3ca150c6b1cf7573cafe7d5866057094fe28a1eabfcfe2e86df7885a4ddcafde12dce53224c4e263fe2047d68dc626be45bda2f837756a3a8b2c606667b

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5pbo4a7hddcsyz1wak1oojwhr.0.tmp

MD5 4a3e4671e240fa87f955b86c32818358
SHA1 09c94521f832b980c3196436ef5b5bb9a0f5291f
SHA256 3ac0f177e2a226d398c51f1052c330b0af38e2c925579ab5a59b2438861d9324
SHA512 2b5a0f56a9eb7c3340a0080617179eb83d9880158120c23f44d38f72a7718725954b3fbe4c66f99aa74d8cc1f506390d20352af4e57a59d27b17ea35a46377b2

/data/data/com.hadifetrati.notebook/cache/adivery-cache/5s1oib9dxsbip0phnnqxsx10i.0.tmp

MD5 68cc7e7ff81d72b65082da5d0d9b4718
SHA1 6c2ffd9d0b3505ad7efc9ef22bc0bbbcced4ab55
SHA256 11bde99d5cedb1d5aa1425ba3807f8cee8c60f16c6f607027553d167a11eb6df
SHA512 848155ff51abaadb475d7900e8e8494906c02ff85e21f8113f1a48c9002616c07077a8b3a7272d6eada0d5ec7ba2dca7cd021190eb0802c3a13e41d9ae69c68a

/data/misc/profiles/cur/0/com.hadifetrati.notebook/primary.prof

MD5 b74110fef75f6bd788b075005de35e9d
SHA1 a80e76ca6f3e770dd1671fdc25c15ee755632300
SHA256 49d617b2ebf59a9dc83afe76ffb69cc54f115d5e0e4bc3cd6742cab5975f0b46
SHA512 6f1e6a39fb607f1c7d4710552cc8bf8f194bd0823f4e6cb50542ce294a5292ad265b91e9d856a8d824869063f19c18815847243ce9ece31aaf1f48405434106d

/data/data/com.hadifetrati.notebook/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 d664731a655d45ae11b8ac66898d917b
SHA1 8dc009fa757c810af0cefd202cd3c752fdc57f49
SHA256 b79bfbe82195cc14d7227abc03d5dee58bbb4fca362331ad3b928c98f3ff52aa
SHA512 e29f98192f2e5a5ca7b25bdf596922d8d83b27e430ec776df27a4f293d7e1db2ca0328989f065db7558f22b06e31ef88b681d58e46b653b5fe8ca98108cc374c

/data/data/com.hadifetrati.notebook/files/profileInstalled

MD5 82cd761956cb22df519bcf6e89fb9720
SHA1 70d8284f6455c51190dad142f63d92b4fb49af84
SHA256 f4c8a171f556700aedaeae752c2066f96047ad63c7d09ef378fb65fc0f664f14
SHA512 afa28af2eb57c26f5228898a161ecefaf366d94f5f453facd2abbdcdd305f63ca8f9fda0b83fa445914ce47077856e9cea45b38d28f1e5ad67d553d0f7a6c0c8