Malware Analysis Report

2024-09-09 17:14

Sample ID 240613-2ed8kswgrn
Target e58887019d4a937c0eaa04f6f239b72f8d700781c08d65277dd313006121eda1.bin
SHA256 e58887019d4a937c0eaa04f6f239b72f8d700781c08d65277dd313006121eda1
Tags
evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e58887019d4a937c0eaa04f6f239b72f8d700781c08d65277dd313006121eda1

Threat Level: Likely malicious

The file e58887019d4a937c0eaa04f6f239b72f8d700781c08d65277dd313006121eda1.bin was found to be: Likely malicious.

Malicious Activity Summary

evasion

Checks if the Android device is rooted.

Checks the presence of a debugger

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:29

Reported

2024-06-13 22:32

Platform

android-x86-arm-20240611.1-en

Max time kernel

18s

Max time network

131s

Command Line

com.prathamesh.disableheadphoneprathamesh

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.prathamesh.disableheadphoneprathamesh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.204.67:443 firebase-settings.crashlytics.com tcp

Files

/data/data/com.prathamesh.disableheadphoneprathamesh/files/PersistedInstallation4599351075187869739tmp

MD5 1a506c31e1a4d134cc7c76b85c5a6b98
SHA1 617449bfe8c0fc1de4b88993c7d4e77a9cd08360
SHA256 abd7f4b66fb0e42bf99a5fd9eafa471795a0d18f847f58fa3d37af6397e66e7e
SHA512 418076e4a49dab2449452ee18a88f9cb79b633407f4536c43e0c121080eeeda450247a7c957cde389b7e387228145e41fb2e796428cec18202311a15d29488e0

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 bdaeea0f3b4280c785f3deaf0395e4c0
SHA1 037198ded6a78852f4456a1dd0d4385879a50624
SHA256 6777c845705a0423051b1c810d325ab2fbfe07b327ffc24ac6b1ea09ddec3bce
SHA512 c23b3ee8327e8be4680550a58e77ff358cc5f492d0f099a8767ef420ee9880bc413bcd0b94cc9d1a3d7a5b2bf3d27626b31ead0aff3dd63260b07ec3736785fc

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-wal

MD5 68c8418f0f21c345143e7f232d11ee89
SHA1 e52d48fffa1b5569778081cd629b6c2e4ff3356d
SHA256 c4fab87b3b8ce348dfbe0f778abb11992b73ac47f57227f5bf1a6fde4fd4a79f
SHA512 c128b3cb33cfe3d9d7c390ea97ef3f575821dce0f026947063414f3919a98ebe742093202167e756de3ffdb5183fc8c4fb5d904d530ca85e936ffa7a1994c904

/data/data/com.prathamesh.disableheadphoneprathamesh/files/.com.google.firebase.crashlytics.files.v1/open-sessions/666B72CE0283000110D6C4A2D09822A7/report

MD5 1960ee8efb208458f11c06c93b5d35a5
SHA1 d6cefb2c84f8f53508b95283074706085927ae4b
SHA256 bf1123dedeb7cbdab4930f433e50593f2b866821f400bf2f524b65ae31d13cad
SHA512 462846bb62866ded9419c9710617861f7af18f06e7fe3b97b22b21471bf81f4f1dea56ffb5bece3d0b826157ee4f3864fe914e5a8da8701bc081376df1d7f0e0

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 7be94c5adf1894ae2d1c73e4d28e96a0
SHA1 dd5ba3328cc20989c288bb670b82a8da66a2e03a
SHA256 1bdae1153cf634ed4126c5db223b1a1e8c26b1bc97d6efe768cbce805d141e69
SHA512 2109b58331122ae01ceb4f4a814d9d4298ed50e99c34a9d001559ecd7eb26d1ed64d934b761ebc8d78052bc515617ad44bf796fc982d597034a096237c0de3d0

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 ee7cefa3c13b949afddf0f97a8bb811e
SHA1 2976662f8c606702f60a691b53c409d830bddaa1
SHA256 de35166677f2405740a4b4a6add4fb0f36e805b95105715d688ea9b8074359ce
SHA512 bda9e81bb52b801807655d15a7989285b2d001824af87b945d75c0b49b9d656b8e860f75057c56407e3a1873d2db249d1f32f14f0c134e6b4f0cfebb03948d6d

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 0dda446ecdb8b13fda6aa873f1163efd
SHA1 a218eb07edb54db1f4fb33857f7410ea99eb9992
SHA256 08f4d03cda288a9ad8a9648dc6c5b969c6d8dfb26b48be8b2b568df98641585d
SHA512 968625c319d954423c6ff077ad6df8a1fac0b5025aebed9771267d17a694e36ebd1723882ef01f63571684400553f85791ef7d85feaf7a4e8052eae6035b4e10

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 854303e91028d88b51688f0467f07f51
SHA1 59c48d89eb8c1e0ab70a63fbffad7d4c6f2513ab
SHA256 0a7993c493dc677c1446d2cef56e9b856ecae5d7e7d4a36122b6661df2ce50a3
SHA512 8c2232684d898e339a429742cdb2b4d23ef0e358b7be92b79efef0a3df7d3c5e154ccf712746bd763245cc230d81dccb6fd07776333b39d16a30c3d12dcf14be

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 5f5f6a4495cd88bd67f21281a96cee8d
SHA1 f8ffa0217ddea425fbe45d49bc5386cc0a502a22
SHA256 c791329d00b29581c2c1fef08911d9e731455014cc08d7a02e042074591b62fa
SHA512 f70c8d158cec92d13533d6218a7bbb94e9d2aebbf9aacc0ea5c4b9ffe92a85a05127d1865add4933747e3116ab4ce743582931bfe10f63467478212502ab47d2

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 1355d78c6d13f6a1ede1a5a86f958566
SHA1 a17eae723f065029568510f912a3f0d348b65769
SHA256 8eb34ccaf9b846320301d1a66363b5c81d798325bb3fedb048236b7f21c13afb
SHA512 1b51ccb7b5ddbb05c097ba67a7dc033fd1b91960ede911c2be929ba9088225bd54064757dabfcab65eebd6374a5d8eaf28bf66d1385197c870612d2cfff830a1

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 f5a697cd7f48e4dbde855554f44d2b5a
SHA1 b5ccd2c88928727cfa0e74265a7cde6994d442ad
SHA256 64ab39c42733a8eb87fd9c35390cf3b3e4420bba8d08b47aca0d66a853d50d9b
SHA512 006b8d0b35803f5904fead12f59fa90c0f2c520675e53c175a86b904d045796de3771fbb898e7a92518df35b493026bde74384eae590ea5d3ebd8f75d0e97fc4

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 4807468cd07423c24db982b90dde04c0
SHA1 61a26d0c84e893d180f7bcde74654ef99e50ac5e
SHA256 3003f25abd6c5f336352301f04bffd8fdee6d631dae24309792970e04cc5ad82
SHA512 3373b4cef0cb7abf3c26a2b091a57339275efedfd5783865b26ecd0716c4ad89c7303b796f06a2ffcb281d90f1ecbec61766213734ed59ec7a8eb1703cf63211

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 6521c9954e881ea25b4299056b933091
SHA1 dff8e550ff48f76411c9d6420b3fbfab0dfbd807
SHA256 98e6f237f9f645403ddf8a82172256490edd1e0c12987694acaec73f33fd123d
SHA512 ecbd0299436c59567be921aabcdd56a03600a830f8a2807f858604e6afc1d0a614ae55d425c179046c6a8ec5c73f031a4a86d1f3451d6fc36a8024eae8fe452f

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 d7d9fa24daa2f376b4fe3d4ef73293ec
SHA1 8b691b8b1a815fb3c76084b9addfca9786b79fd1
SHA256 ecbf4e2d60129d67776b0497c3a134d61fd9849805a50035567a59e0ed11d1d5
SHA512 a6cb4f63962b231b3e049375496fbf92cace5be95c46714ce6c32ae3008f66fb21f3abdf8e7be9889c0160f86e70caf6ca728161a50d27a7f0c20023be002eb2

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-wal

MD5 f8da20d5343220bb2521d776f503bc76
SHA1 ebf85512b5d894284d97a8d1f6659443a6344113
SHA256 42860fb705365d455b38fa07913754d5cab6e4e88e4cde3c652b9ce4f441dd2d
SHA512 b9535010de19bfeed5ef39d9d1701afbf90eb3c69fb43f735cc5086a87eebad6140522034367053dbf2b11682b510235c2ffe3e4f032c75f1643d222b23aacab

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

/data/data/com.prathamesh.disableheadphoneprathamesh/files/.com.google.firebase.crashlytics.files.v1/com.crashlytics.settings.json

MD5 069d6375fcae563ce552adf27cbcfbba
SHA1 328ce4aaa1253fc151a1dfb9b6c1534166985baa
SHA256 ffd9a9be721020f4968c48f76bcd12bd4d176fb1a1f17af9ac602178fd145591
SHA512 ccfc17221d9312944b686b2a8d2fe3eaab2ddc113bbd44daa1212afb3532d0c74aa2ae854da011859061c5ba595794979c2dc123d2af6b13347effe0aa48d469

/data/data/com.prathamesh.disableheadphoneprathamesh/files/PersistedInstallation5423944552118088642tmp

MD5 754379240cace3e3695ef84b809c7b06
SHA1 22b09118ae867ddbc90f1ee18c49ce406011721b
SHA256 a278c9a38f63a227e35bfa79d12a75376312f4cbe9a88887d406901f07c7eed5
SHA512 b3df775b2b2c536731fcf119542509b0e087963cdd9e6c1a39253e21fae3304b26d278e234d93371e4c70258919458b7cdbbecedff45742779173db17c48c770

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:29

Reported

2024-06-13 22:32

Platform

android-x64-20240611.1-en

Max time kernel

17s

Max time network

150s

Command Line

com.prathamesh.disableheadphoneprathamesh

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.prathamesh.disableheadphoneprathamesh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.187.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.46:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/data/com.prathamesh.disableheadphoneprathamesh/files/PersistedInstallation4291989059445668451tmp

MD5 2d957030fc9468d5ec24e30577e7d426
SHA1 09f650255b4dae79fdb6f9a5394486415abc0d37
SHA256 4852f926fc95dd142741dec7d6ce82743fd30d0c39432fe9790e76cacd3884c9
SHA512 22c4ec531a3f8249d5f307129d04ccf905dd4f169418af92f472317f085d248731a72860f0a571af65497e7aec42942712ed52daef5d0ef2f12a42817210fae4

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 2ee657a8686c5eb3868d1f600e36992e
SHA1 c8faea9e9b84e9e72adb1f071b81b0dd5e22a697
SHA256 d349db6684291531ee265edd9a3b063de066a023b4c65445f835287b31432eab
SHA512 69296e0c8e3e8008b8479a6d82d2fc40def3df31966f7d7237db596e7bef20d08b87e693db1316f71ffcaef9bb92ba00017d7fd090ebc328978ca0e44d98b129

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events

MD5 701f679efba4454188320b5e73a9a70c
SHA1 d683d280bf7d572eb47cb4dee8a9a7919c555086
SHA256 ad741c9b4c5ce0b2a9785f927529ae6430ff6708bb2dd329fddd44068a0656fc
SHA512 a841d6bfcebfc13c6c51fa5ca5eca9fba55cf4ea03747fde7895b12391dc16c9668a5666c4ac9731369f2c906eeeadfd5271ba1eb92d64a0211a772b68f1cc7b

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 c0e4d01468b5134c0de941411e568767
SHA1 f2f72b21bd8e313e6479b3297aac227dcfdc6c83
SHA256 eace43dc34094f0b69280bbbc9bca7a77d45d4fd4848a3803d376aa21d99adac
SHA512 70f02d7178bbdcfe7c5c73d9373d6f2f129163170f439157e9e30a1f26fd843bff05dd19a713ee47559b7ca30c8862353b7cf9988f02bbdabc154a3909b32db7

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 c600d21e646897c8191f0563dbd57cf9
SHA1 3ea596ff07296708a6c5c5b3199fcedc7e6cbb08
SHA256 426dd87bcb5708dba4b2756d52f872dd6851e7a33c4835101b7055ad767bbafb
SHA512 6c290318a081142b9e2bdf157a5abade2c1ad0b7d089ccfeacaf7fb2f0f02e32f854cfbc464c7c825e434a5ea78935d9a865a1342fc165922365278f49caa3a8

/data/data/com.prathamesh.disableheadphoneprathamesh/files/.com.google.firebase.crashlytics.files.v1/open-sessions/666B72CF003E000113FBF77F513FB2A1/report

MD5 0e10cb345d16cd9fa4720332b2844769
SHA1 199a4188a19ccb3ea5041cf5e44ff084924b0385
SHA256 d932baabbcba038cf290cb335e2f58f5b5d5efe7cf164c69e37eba074ae6df6a
SHA512 1c7172df4ffc4a382ee7f9a51b87c16f12b4efee4999f265734880ca8ca1c9fed4e26b1501a2fbd1ecf43809727eefa7c601bceda0dbe39ed3b7def55254ee64

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 ef3bfd62b47dc3e25c4d87a8195c994a
SHA1 eb773006933a6bfa182bac46aa2680846a59c515
SHA256 e4d10cde0e4514ba5b65290f830a10b909dbf260132e1704208824b4889db09d
SHA512 b46704bb1ac4bcdca858d3002023c1a6a6578bcfbf6a9569e9045d08d9ca0e54f198525e38cfea8194b8741c3effcc05d1cc95cb9e3a63847ef07a245d4160b5

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 e440511413ff8f3e4023237e9d8ae1d8
SHA1 53327340ed31aa3e56344bbf2400c6472383eeda
SHA256 f07eade56679820ae34b38bd1a98d66cd0a6e7b7a005f49eb943f66e14cc6acb
SHA512 b4cb44e2acb334ac35ab89ea275b9ad784fae9254d99a639d4f006630d747daca475bbd72e4319b204f8a9db0b00b0f9e4846b5845b6c0a31faa8eaa601dca41

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 9220598d6c60029ece4c8d4a39e495c5
SHA1 d8bb7ee20e790320055abe3fb520cc55500ea41a
SHA256 22bf5a232e6eeac68a9f5507e0b64ac3afa9af19c68d366dbe89065af9a8dd96
SHA512 3453ee960d0ccb00d6f1ddbd0a6c31701471506daf46551624e5d72c8ef35b39e67d50be08190bf5d9478c6e421d744b76d36e1634e30c5febccd2b8465e4b32

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 6bc8f0482cbd91246d8b843f1d471d95
SHA1 bcaccae56b211dc78329ade81fa199a3e68dadae
SHA256 8f2002f8b20efa663a423763351e4839e5cee4de0c46d09cf936fcb27289919e
SHA512 ea170da4bfec6394aa975ce708a3b171907ecbd96a7596dde29d9aa7cd0a4fb594f4291a98fc62523019a4d5c76b0b37c21cd18cf40342bf795244e9b54c7de3

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 6ac40f39892d3c05082582622e3b849f
SHA1 b8ef6f9a37b4a1ac396d7f935028a0659e6c68a2
SHA256 897e22db3f02c41da65eff7986a8d8a36ac6bb6fa3516077f5bf38bc16cb8a6b
SHA512 e577bef6ce314db8046f400e47a5ca5509ee3a0140de7b5f9a66c9d72b8df2b9bfb4e2eaf9c2729d5f790f8f116db742c6768ad7a4012665b4256b09cf919d49

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 ac6e2ab1de5f8192546b6776aac4677f
SHA1 080963a50fd6984de3f0750f53d2ad5006cf031d
SHA256 1ab43c4380a1a2fdd62b12a08eeded14b91368c140ec9d01b2c1dfc1c2a10254
SHA512 12e05468f0c81654d3d80e66734d1e5faf7e8c7bebc1afe2638170115b1c7261c3a5fa30aa9a67a8df7afd7ea19c32aae62a2180d0d1b9a322dc8e2cc0837bf1

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 b636bb7053da8fc43e32da231ab0c065
SHA1 649f74559e965733656806bf9ba197f7fe6b3bd3
SHA256 0332f506841c3556f779b3c4ead7af8df6b7fa53f81c3968667c2239fce080ab
SHA512 634306327fbb77ed062c433bd5eb6c360e862f4cd0dab762450fe0035aa72f5717ddb53562996de40d4377e4e05e81c78f4f671ec957dd2031ef782a5f5d46d3

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 e8addd6b8cfce59ee05badba9c8e528a
SHA1 8d745fe4ec32512aad7ef325da3c0b36eb608afc
SHA256 331e0b118e673f26cbb38e9f7d1f01402a8947b70aee57edb080ecb933ee4ec6
SHA512 cf6fad3b1a67176d394a11b6dbeb9d581f8712f6149773ffb247477c8d6f1d38336bb54650e4449df07b940944040f0b7ddc73d0ca4ef7c435c1b724c8109f25

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 35a6352e895b75d2c96895b42e7f3a17
SHA1 3ba37565f89b668b39a4149dc34ca8ee29f54e75
SHA256 815fd7b9c7667f070dc264a72c005201d75ea4ec87024ec237db3a44d2afffd8
SHA512 c23fe2971d1f47554fa10f9f51777efdc217b2195b77eb9b34ec4849cb50bfb3f2d3f45bc9acded1ca54dbb67baf103138079bae55892ecbbbe4d0b6898c1dfc

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 54bb27e0ff30068e42a2c26cae6dbe13
SHA1 02ed6ff05f579704a105caf02593396a6270c7cf
SHA256 7d842ce7e9c6c9afa5838c973f4600ff9ec59437b833c229f579a3c02c7be450
SHA512 5de0c13eb2ca87972c5b7c9b9dfa5b6d5363020a2b3c6b99a974d30b4082c0ca1f7bd7993a66250f0829d5cf479d0f323cceaa98e89d7f06fef3f79ffcdb0a88

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 2f1eeee3602c828b8e9f81f6fbd20d41
SHA1 d240b568bb6929702815b9a5edd05ad635671caa
SHA256 458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512 a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

/data/data/com.prathamesh.disableheadphoneprathamesh/files/.com.google.firebase.crashlytics.files.v1/com.crashlytics.settings.json

MD5 c3d9986f054a28f399fe2a6eb5d214fa
SHA1 dc6e53d7a8311f7a76d8434a063f0326c9af186b
SHA256 25c1805ba9466aa1466923c26e55b93a462498acdf799f2c6b96364ac92e8946
SHA512 75e8bbf3d088f45b7052c40cb66abc1b0013e3543e4e3901c021fe4a82b7a632b30cc51b50f546ce57211c285eaa0cfaee5831660483a13d95adc113d9171a88

/data/data/com.prathamesh.disableheadphoneprathamesh/files/PersistedInstallation3149037576315904635tmp

MD5 65114ed6d7bf816f3777feb7dc3c291b
SHA1 8ddf5d95509ef318d7d5c85656a829feedab6cbc
SHA256 6f1964ab47bcfd20098372f722ee916052e616544261643b17a389123a30406b
SHA512 f6a1c433b60a568e20b78bf1495c77f79327227233799db65d399b9abda616f63875957b8a74655742e8e86055bcbd0bc38c6a4e4d482097b9818faf7b44cd45

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 22:29

Reported

2024-06-13 22:32

Platform

android-x64-arm64-20240611.1-en

Max time kernel

16s

Max time network

148s

Command Line

com.prathamesh.disableheadphoneprathamesh

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.prathamesh.disableheadphoneprathamesh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp

Files

/data/data/com.prathamesh.disableheadphoneprathamesh/files/PersistedInstallation5189287841242141209tmp

MD5 3aa54d3684c4ae8f2c518e3bd5303e56
SHA1 f80337de005e6a92a70b704d80d055eb43dee0ef
SHA256 239449a573d3c748eee6f5d7e2ee982d639548ceadd21cf983e7bddb9c6770e5
SHA512 7c7473d7b1cecb59801c7bc10af5dd82c1f9b664040cd03fa7d08c7efd216849089260c2f5e8825dab590e14cb3b4f95a0b16f4e423643f439b52f6f14c9eeca

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 ff594d29a4da39c4a3693c5fc00e5ac1
SHA1 e29a7353b73040e2c7e74b4b6e3af273404cf0f8
SHA256 c2d043b0680bd8ef17a85547261e80fa2f6c5741fb0bb4c6058b6af9629d31fe
SHA512 b0533419a69e3f61e79c0bcceffb28bfa0b535f6e32c21452c94b3a0ea169b640b819d521de1e4bb42f7143f62a8df4908b8b8d2835dc7174f3ced5030d33481

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events

MD5 d1c22bfbf36b1b26b796e979995cd0b9
SHA1 4315892d52b6a2bfdf89512646bdd66c395894aa
SHA256 3ddfcff80eb2ac17513c0ba743126ef2ef0a4ff289464f3a14e2643e0c14d44c
SHA512 3e48959cb36136d22b5c22e67ef093eaeb2bbf29ca032a637069afb6b5d9db6f5a304498ccd5b6d0fa4546dc8b58f83c1d7d9f26cd84bda7d2ad516894e04345

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 594650c4c4995bb166177fcdf80d2aec
SHA1 4bc61ae988ffd680a23487a0ace41fcd8bdb9bcf
SHA256 0cba5bc286dfe555d96902aa435d0faaab260b5db3f820c8fa1525dee3d51d0b
SHA512 46a4d8af3d3708c6450647670d81b8ddc8d153ed8c5b6a01fde9ac16e5f343341575f8fa96d67194b51638b3140fef1ed3bbb3c16c27d541a61254e12de4f17d

/data/data/com.prathamesh.disableheadphoneprathamesh/files/.com.google.firebase.crashlytics.files.v1/open-sessions/666B72CF01C9000111CF7785CFE3AF2C/report

MD5 1acce45a27bc9ff98854084c0bc4dd39
SHA1 c8e672992ec1df1fd539e93c4c60a310e1dcf269
SHA256 7861288d65b3178605c59cc1490aff578130e8ce749a0e271afc1285627979f6
SHA512 b182d4228825449e381cf9bf329b3152abade16690ef75d94c17f5dd5d6f7eda34d8e5b5869e4269161b73923eb6f8de3df83bebc32b7cfb7a8f00970d67a68c

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/com.google.android.datatransport.events-journal

MD5 36dc070c18969c2ec6ddee19c9516fa5
SHA1 b7ffa7c13f95a0595e61a6b4b23a520d0c43ea80
SHA256 035ee2e0b33e0784238c853649f68102c05cd7b0fb7d42a0e405bf5be6a0498b
SHA512 a6a2833938500ca66cd9b4fbc31e24b88b7e90d4c102a7a7ebd06e51dbe173011df147434ae3827ac87b72b7d2f61bb2748cba40989ff3ffa99b234c41a30a05

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 99298663bbdd1f8d7d6715e162ff118d
SHA1 188368fa18745c002f220fceb5f21aa035df7d02
SHA256 2a45c201a2584170cdb03c58431d5e427cf2823f6e80eb14d5df7edbc2a597e8
SHA512 7327f89abadcbaa6f780a709160debedd0942c73d689bd83fec5f4889a4bf4dc69edb54b9e1fc8d360b856fd0d2c0239a295ad1ee1c562249b3248c65ab63726

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 c6f12c451a9ff48e1c50229072e0483d
SHA1 5abaa03c37b09a37f63757d92e34686b20ec9e09
SHA256 69823f52f35de7b2030cef7fbcd2b23868b83dccbb41a1993e6cb468df849dd3
SHA512 cf48b46481418a58a7d7130f1ca6304848738b4943a5d3bb2e5dfbad719863e7771adde02fc63647d605a06a9cd66ac1148ef81797b688f23434aa014919ff31

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 2412229b1a5167f8b89ec1287dd0b6ed
SHA1 f9de05cf498706e191ae57c8fe2e7eed572b865e
SHA256 8dac10ef20a1e6d3197fcf81f35182f7a2028538b252289d984811827d090faa
SHA512 98a1892c3faa1f78fe417b14f0456b874fe49d84c3f773c1d37c7790214deb39af94ca8ea11be4922b04825f7a08d2fd00a14d984685112d2faff19a03b43bd3

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 cd286403e165ee2b4350265045bc7096
SHA1 071304e44e1cf35da936b146fa2a9f67c4ca64da
SHA256 711dbf8d61a2936daf9a2c6936c82930f136b5581212767d8271ff1a10d08116
SHA512 1f20ec2e57fd067c3a2be50e4ee57e66a0c2db5ba72faf91af436a89fa4d40a848fdf05e83c85fd466102a0bb584de967d1c47855cce4ddde56291a8f58612cf

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 bf9c49bd668d5419906f5e95f660812b
SHA1 4f7578a65bcd56132391705a6e07ce5cf2ad90b7
SHA256 714e17286b0bf1734a8c31e7b9c9003dfef97c5515ff2eb93d6e5c8adac75a8b
SHA512 ec0e29176d72d76abf17285b9dcbb4f4e775556edb4b443a63fb150d0047bf88b0b3799ef1e0a59c2426728f0cecfde19211ed5a6870651b38cd7f4eb2521d93

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db-journal

MD5 87791f7a988d89c0481191a676fb1244
SHA1 cef1f3e1147a9d3985dd93736988fdaf2d504dc1
SHA256 030e07a2d9ba57436984b2e32fd939b0c334bbe06f07a59896982b0c5776d480
SHA512 4368c7f0f896b3673c50e7cfa8e0dc5d93f34a71f7534243d02001cb03f70fe6e90ff24066ec4bd6b3ecca01c0f8ee6f6b0364b3e7a184a359b06bd08536c0bb

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 250dfb852b6e9651749b98bf6ea31391
SHA1 ac58b596e4911535969208cf46f5a3a743ecd7c4
SHA256 9de25c6fddb5628c996480007f85ca4f9eaac2edd2068f0c3c94ac4c8de2e9ef
SHA512 eef95254afe6937134795273d70ed773033b16abc6678d2ea2dc2c6e5774f83c0845faf2c2c5f57320bc4f25e555982e1a4ca11842e48bf9d2f56b0622dd57ef

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 1b52d334839a101547a79a164f34ebfe
SHA1 47dc02003294f6aa8d148421e76d72458970eefd
SHA256 93d2d14da40546c866c9afb8cf302d39403d0462e41a384d307eeacd8646bb1b
SHA512 2365a34d85f2aee2570eaeeed29f7253d75bdb78f910cf9d2be964779eb269c980643defd5b2b801ccd8bd458cb38dda0b62c48f8654068886d72e88a968f2a8

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 ef766206ba9cc62aa62f1f0cd8b6fc29
SHA1 a5031dafbabd0e78210d0598fe063369d651aea3
SHA256 67392c69c2e50eb7f5fc5489aee4ff1fc64f9b71051ef9b7d77f70ab087b01cd
SHA512 95967aba487f4890966266fb73c5efc8a8aa6437eb43dde9d78cb160aa0d9b06fc7fd9d84a9b70d9fd222ac2d0c3f0c3f81021b4d29587bd5dffe1e090fb17e1

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 3817bdcd35a098b056c8a661a83fc9cd
SHA1 fabfeaab900bdf1b18adfd81189b2399d0489d5c
SHA256 c73ac8d03ce68e1e190323418449ee8a9b39e1c93135d29e1fcb6011ec6db607
SHA512 6772135bb991ac1c74d0bebabab2bdafb87c31531b2320c0a73e1d5a923cdba716bebd4aaea0a685846e9fbe0834609dcdca8f9bf83c14672fa78aa459537347

/data/data/com.prathamesh.disableheadphoneprathamesh/databases/google_app_measurement_local.db

MD5 818548be1885386cc995f564f36a8e8e
SHA1 008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256 b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA512 47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f