Malware Analysis Report

2024-09-09 16:03

Sample ID 240614-j68x6asbma
Target a8b2c7c244518b9cff8ff6620d176333_JaffaCakes118
SHA256 9d2ce612426fa45aaf1a5e533ff1ddca698543753f1fbb20156c3af62fbc3103
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9d2ce612426fa45aaf1a5e533ff1ddca698543753f1fbb20156c3af62fbc3103

Threat Level: Likely malicious

The file a8b2c7c244518b9cff8ff6620d176333_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Acquires the wake lock

Queries the mobile country code (MCC)

Queries information about active data network

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:18

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:18

Reported

2024-06-14 08:21

Platform

android-x86-arm-20240611.1-en

Max time kernel

47s

Max time network

130s

Command Line

com.Fraom.IrideUI

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.Fraom.IrideUI

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.bigdx.com udp
US 13.248.169.48:80 www.bigdx.com tcp
US 13.248.169.48:80 www.bigdx.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

/data/data/com.Fraom.IrideUI/files/gaClientId

MD5 dc9cedadb190404ae567792bb2943870
SHA1 6f9b0eae18e4733187e2278088bd76ffaf1d5b6f
SHA256 0a6af7fb65270161807d567c76050a86dc8554bc942751f33e9ae6c47d4280ef
SHA512 e8cd193751cc093bf7fd4f8ee819c7ff149487f147fe58ce33554cae33b7e28f5466af16b0d952f04480a80b2f889a3d6d9706788f33ea3aee5f87b00f28a686

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 d789c41dfef50e3a19aa67ac8647ee72
SHA1 95e8d42f2a02101da6aab603f0faa3f8f7b64917
SHA256 be7c8a853a43192962e0745a5ff667a43f63b8a7f91007c4cabecb1943d2d3a9
SHA512 a51bafa3252142ec2ae3726afa3542eacf13166c53382d04dbfd4db707f4110e2739d8d250cb90e8558b45fc33937bdc6b723730cd2ff90b6b41fdfbae68f8bb

/data/data/com.Fraom.IrideUI/databases/devfraom

MD5 d17d150a1e2d992a7ed0a98f19ec7958
SHA1 559e8fbd5fa1eaf2b685b2bf4e457e1bc8132ac5
SHA256 4843238884d35e81a7afa30f077a8b7b207cb20db8cac44d3f98c1ef3b8bfa64
SHA512 ea0d6bdad7f1cf0193b8691d7b93e49e15976ab2082a65c94eb05a826769ca30f41717a832d91abf6ee6f07cde9d8f44c61beec7892acbac27c62d1144771228

/data/data/com.Fraom.IrideUI/databases/devfraom-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.Fraom.IrideUI/databases/devfraom-wal

MD5 1980cf95e3209ae561d9eda59b149e92
SHA1 6bcf7b8daa519b2500c1736fbc68fd38e04a2564
SHA256 f7a154be27b93fc194a6bb0f382899ffbe439297aadf214c40083ecdc140133a
SHA512 2c24c92e9b0a1b9f00ba4f89b5d212d1281884814c36d20e0de5e48406c8c5956f3c8429f192ee339526ee49dbe4377cff88f8e81b5082c48cf604558dd5a287

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCCE01DA-0001-10AA-97D3B66A8D07BeginSession.cls_temp

MD5 26fc2e5f1bb8ad686107454fad46a29b
SHA1 63dbbdd44cc238b5395becd1f8461c57dc7b4c02
SHA256 d6f1ce3e5513c3e79b8e5dc6926b2f2c728cbea2143333ba7a1920c18eb1db25
SHA512 53f26ea0fece97b5c495ac2848aedff160c54837707e6dac5147078803d9bb998930ac369fd3542f9860ef500fc1109ee3cdbd3b04171122c8f4ea54700140ad

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 a73ea3d47b59b950467cd00b13e4567d
SHA1 712cfe94e7557b78b2e61aa084e2c237725d1066
SHA256 96b742194c907b597ca94b1beb8b0eddd65e8752b2e33954e80872ce64a9c292
SHA512 a2d78f2a627f7dc5e1646099624de64334502f198172e45819e5a516cb6b01323542bff02c3da8f31e774f25cbaf1ab30b24efb36457d68ec7910ed98caa3999

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCCE01DA-0001-10AA-97D3B66A8D07SessionApp.cls_temp

MD5 9fdbdf98aabed2c93a6f024f07b01b7e
SHA1 82675780f1774d55cb3975dcc898fa48196af53d
SHA256 017c1de216aa25dfc6ed04c2fb0084300e8cd5123a413ef2f03fd71225c9f2c6
SHA512 d740b443c8d4f3e8ca16ed207d45e402f99d0022a3a93d50525032749b565cde2c481cb873c1d4224bfe8ca0bda119b4987657c608d4ae0e3102d066f45f4c99

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCCE01DA-0001-10AA-97D3B66A8D07SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics_to_send/sa_89e6a6a3-7422-4709-86bb-0d37ad8b230f_1718353102753.tap

MD5 bd0f5ad49fa37fabf41a2c17df92e975
SHA1 7e53899aad3d5d687d6f4c8a133677565f8c9bf3
SHA256 90eee81f1f2ca510a01e9b703cae63d8dcaf038c2c851c649ffd8068dbe073ec
SHA512 52f9a4a689b87d76f72c4ec554e4640511e6cce1000940361dee6f76dee9667b790f4f3571a1529adfbe6e573421c26ad547ceebbfde22517766b74521a32af5

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCCE01DA-0001-10AA-97D3B66A8D07SessionDevice.cls_temp

MD5 853a986df5cd0267e267ff9f39ac4daa
SHA1 f40d0d4be5b32c2d5811023d066a151841b94922
SHA256 43a0673abbed46093103e675704215780ffafa893026e6532db6cb8180e09cec
SHA512 723a0d6c15c1c62b8c5ee5b21179e121325d77db322ed969784f09b5647025118ae439942e6a786cb122ed6730d903a3a0d291c91a279890c3ce115ec832b88a

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 b2f04eb96b277e24ead4de322964bdd2
SHA1 11fa81955dc89acc7f5d30a148bd38974b089dda
SHA256 a3c4ae8d5952ec7e6fac316a30ae7f757c805974bb06ba7cb9302de48809bf1e
SHA512 6cb501b74b0db894439c5cf3eb4e83937d906aecf7102a625b5c61e89ec3aac95a69c39a743c1d261f4daa33afa481a14900e79f0755683c30a22632b288dbaf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 08:18

Reported

2024-06-14 08:21

Platform

android-x64-20240611.1-en

Max time kernel

54s

Max time network

135s

Command Line

com.Fraom.IrideUI

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.Fraom.IrideUI

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.bigdx.com udp
US 13.248.169.48:80 www.bigdx.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 13.248.169.48:80 www.bigdx.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.Fraom.IrideUI/files/gaClientId

MD5 b3eea399f3bfe025ac61c3dfc45dec11
SHA1 b9b0a9fd82fdcf8583199e2aab37b20dc3413ebb
SHA256 4deb79144e7a887a77cf9b0e97ac0fa9b099d2b6caa6ef328d74a993e3be00dd
SHA512 c0aeab3653c3b0aac91351ec91c40611e544a817954fb9e947aa00f69480dd7ed89497292c5a105d80b187583a1942a364e965454886be70c375635153619b33

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 1550ae8198cf64acdcedb0b02b11a54e
SHA1 e0e8cba46c46c4ee72d6042671cf94ed86d637f7
SHA256 9abdbb5cb70f4fcd82d6fba78cb5ae50969f20722997d0cdd0cb48f36c430206
SHA512 df4919e85ec8cd0ed6f038cef205f3b13c46f203611b465dae54039b0a9c73160b2806562e3a8d2ff71373c56fc4203f7d7292283a21971fc6aaddd080947984

/data/data/com.Fraom.IrideUI/databases/devfraom

MD5 118ceb2cfa0cd36167bb4c4474d297d4
SHA1 c1d0a8b8fd9d532f0559e9e015f8431403e6a3e4
SHA256 7f01e2281c6b6dab476e76215e0039b6bba7bab3c2c49d8624ef8f97933d0334
SHA512 ff929a6beedaa5366c6ede87c24022ab59cb85c78cd269278686ab0c8f72728d0478222f3f58adbb261442c7f42be321fc8d4f47fc718c07635744b1b45ce310

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 6186723f703b27a6aec288ae207785b5
SHA1 f051b9332e425ce4ff1d366998e641ff8897f392
SHA256 7fbed5a90f5d89bc4f82e640b32a173fc1b4ed97f92e3d1fb5cbc63bb2b43580
SHA512 6c70ecaf6b03fd0d975fcaca04074a10a8f7574664c68e1a4d6abb9bec7259bcea07730f85425914eec062718ac5d1c115833e47777a04fa6f640be92dda397e

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 282f7336b49346fc04fe3d8d80ee7775
SHA1 b20171b37faaf58618ae80e2bf24c65f5aec3059
SHA256 fd0ed81be07b62fbdbccb28337ee02d8a2401afe1e80ee16d4ba2b8692942250
SHA512 581ba4a83420d0f9a85ac8d7d9d22390bd6fceb1ba0e364deb90e924c803cba6db598ef8802015d5ae459af7e48c58c8380272387cf4faee2efa8841646b5bc6

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 c4e1e6d2e279e111d61520ba43d33de3
SHA1 59c3d5f30e8519f364488eadc76a87ddb147fec3
SHA256 486203b162b6ca401928b3a600c0f6f26348272091489ce214a3f22665283dc8
SHA512 533add409e06a335c74a08726f6f0cf786688a53c495170a8ee156ba503ff08e11b0a65a73b29406ea17c7277bc0375b3380096c5470261153b8ca7685938ae6

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 ef34fa2be83a3a7fea7212171c535d45
SHA1 19a9203bf30c8a4d70edf0d3d9b67765c6e42492
SHA256 435d179a042d22f820111d563984ce27a5b46174fb0e0bf2f1698fad35dbd4ba
SHA512 1314ba9b31b7421521720f993819c6253968199740d72dc9c25c5bbd64374b69084b12645512c5d957520e5f79a382b6b8710c84ba7ccf9311fd50856e558934

/data/data/com.Fraom.IrideUI/databases/devfraom-journal

MD5 4b1eb00bf092cbb57cd9de87b50a23bc
SHA1 7926e1195f432d8626f6685f33fbe6400f285375
SHA256 c00119dc5690d4778d2122a31d62f5a6301877558b8f6d1408dd2c286102895a
SHA512 91aa8a917b3eaa7139303e7a7b841d6175f2f58821d35d43a4cabbd21b644a207b97ee941fb6e5cbf6dd767f7af3cf02fa9395b208948e78daac5c2739ab372b

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCD202F3-0001-13FE-0A3B0703C406BeginSession.cls_temp

MD5 3aee91a58cfddb6dd3bf54a8732b7159
SHA1 a5714ff6238b6fa2c24d60cce274e17f4e19d3b6
SHA256 c1f7efa9b33eb8decb2e81fc695d2dd3a75cb821ba6aa269b4f28a116951bde5
SHA512 a1d02cb125a0e66bb5ff63714c5f3e4ea1b63105ae1e047eb32a42f60cb1048c716bcce09c0dbd48e56955de7cd68f303184a38cd316cf1f1893b0f5ea69af75

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 861de557f8df180bf0cbc40f9e3891db
SHA1 2dd02ac580d5a0f762ba270792042621bb90547e
SHA256 b456caa58672f14094b3719745911d3f2247103e641eee64f7e4bb6edfc0756a
SHA512 0e051c0963ce04e56eb8a8530c22017ca410d1aca387911f972b65a2d9c80e4d34733d4fb121ca9d9ba4bf1eb07162bf3ca1eabd5c9d98c9bc81591e191447c5

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCD202F3-0001-13FE-0A3B0703C406SessionApp.cls_temp

MD5 596a1c1f9c1c4bdf55d321673306ca87
SHA1 6f147857f1a12fc3529e6824386c883e440c1ed2
SHA256 19703a10371580558209cb53d1ad0eb4c27c04ac9daacd90e8c5105d9428f401
SHA512 ebbeba47cae4877d610292ad1feec971701dada32f2e740dc6a14fe043ddc42cd7bc1752c4375e1d2cfaed2b86e24bd56abfd6238e72bec76979e272e1f2e298

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCD202F3-0001-13FE-0A3B0703C406SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics_to_send/sa_c4501f0f-90a8-4418-a23d-28e541a6165d_1718353107189.tap

MD5 0d6880432097081c7e87af852cf94a31
SHA1 2c0a9e10c6e7ccff2695af89c784eb0491394f1c
SHA256 6a9c72e1dd933a3c98f63754ea7bd2ccdebe913885c45dcae82c2906859d4fb5
SHA512 1aa45757692e6f90d3b327e6e15ab5dd1a394a6f5932def5f82d69534a31a4afc1aa32c5ecc97ce78ad3a3931c77b705b7584fda062d8283997890ae35407f73

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCD202F3-0001-13FE-0A3B0703C406SessionDevice.cls_temp

MD5 19e2c0f03b01db158bdfd58543e659b2
SHA1 987d0cc8562ea5b659acdd70fd6f7661b4b14347
SHA256 f5dba9ce6d8adbccb964a23133e1fdde9678d993d83b866ad956c558148f1a5d
SHA512 5ac414bd53471209ca9cb61541d856bb6dcd463b508522944d6fa8695b86a3723c3530e4385ead73bc8e7497e5ebf365854c83b523d89e761fe3360772c67430

/data/data/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 4ab4d5e5d313d4230523e336751c1507
SHA1 eedbe53f5958fd2f56044faf8aae6c6e4dc9c10f
SHA256 35acf8bd8b38c15cc8f370993b177267d29cd207479409054c66d67f64b151a2
SHA512 a57b1745443bfb8bc6be94cc28a393d15673efa48c04d3937681a49f5d5046458c472ad12ec92fcdc18fc1665bd6f03467f254d4d868b77080578baf41b532b0

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 08:18

Reported

2024-06-14 08:21

Platform

android-x64-arm64-20240611.1-en

Max time kernel

50s

Max time network

132s

Command Line

com.Fraom.IrideUI

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.Fraom.IrideUI

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.bigdx.com udp
US 13.248.169.48:80 www.bigdx.com tcp
US 13.248.169.48:80 www.bigdx.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.Fraom.IrideUI/files/gaClientId

MD5 17b072387575f44ef574a81729ffda9f
SHA1 adcee4b984a7f0e6235787e09b376174395f4ffb
SHA256 da1a23cc90dbfc899a49eb1192c255d09e98f36a7bcc8edb179cb15b57e71da2
SHA512 2f4752d255d082fe4b17e46baaa13f15dded6c5de741ee5e5b0129956a11df41c7f9333352a997711cbb1c2ee70d784aa7b4ba437cf3352a4a11dbf756b37a01

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 24a9614e84476d8efa607dee2274afd3
SHA1 a9f4c6f5e121440e3c8886b6a1802958a5136ad5
SHA256 0543d5c487b3e98d7194a6a9777c48463d6ecee1baa8a5cc597f1f5c1e31a419
SHA512 a85cabfaab9d8c3258c9345591abb90995de28d5e0256ac254241d606e76ae5168ad7931a48fa729a1f0aa901985ed49ea487e19454a5f12fb1f923f7edc1387

/data/user/0/com.Fraom.IrideUI/databases/devfraom

MD5 92fdb26f9bdb0ddf8024f75f3b1f43e0
SHA1 d3c423481475dfee70382ae270445b08386b8d11
SHA256 2f8bd00eac2ab8bba73ca4c95df9852670149dda10490b8d05ddad310eaf5b84
SHA512 4b789f0b5184eb55575ed04a8d20a8af5c22b40e2f1b13e74dec9939a6a7ed18a8a68aadd52a1b426077d1dfeda4e2661dcce8b2858b9ec9f1ede546b4e24a73

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 eaf42139955021332bcd50578db00403
SHA1 d6889457864dee5e63e5032978997ce5bec54a5a
SHA256 5054098c90829913aa39a7a6b1cd06c6f7be190e9f279c70bf2a1dcfdadbcb08
SHA512 fcea99e69e4aa124a165e04dd23380c81ac9c3147bf9531a97241be5e043e4a9767056796e5da7e4045c7543f5cdb75fbc4783b33ba67cf93cf3e8a262d11b05

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 3a37dd3f1bbccbe54b33a194e869a4a6
SHA1 c7e58c4a1d16b8030c3d36d95d8a0ee01e439912
SHA256 d0a3355dbad62723984d7a0fd512f621f9e457baf70651095290dd6a628bac52
SHA512 cd5f0f03e5f9383386eab41f5ac282e7bfa3a764e5e2ac2377bde1cfbb33e49d824dcc799ba65bfb5f45a617c7b2b8fefef8f51469a2f23dbbcd07fb6681e4d5

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 c52eddce79ad5c079ee4395f9e4e5669
SHA1 9c5c281a7a92469c43d4d982ddd34780c43d7cad
SHA256 54331560814cde3314fb61ffd9dc379177052e29247abe11e0c7ed4594578aa4
SHA512 3ecf92a0288e2040f0f5e67a906c0d0d44b9ef5810a83de341805d8f2d78779505ddc98c197048aeef650d1b6ce2e6855d7703e8df2c35e077fd1a6bac1e8172

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 069696b9ca7268f48872f42a80dda355
SHA1 415daef6f507a931a91374aa8599cb4e2b39400b
SHA256 e3f53f91f4db190bd04b6f42fbba6cfe55b9fadd16aa3e5641e8596d540e0f0a
SHA512 c2b0eaf8986d1dac5709733ec7be793aa03db56a3445477844cd10287ea48edf9e0e1bc11b97d650f2128c172a783a2e1c9499e93226c655ebaa07f5d3d52f75

/data/user/0/com.Fraom.IrideUI/databases/devfraom-journal

MD5 c147ddaf555ea83f81dc30dcc19992e1
SHA1 15f5bc3270a33c58220cae8ef3802e134d94e536
SHA256 34284ffa90ddadee1eea8a09b648be3a615b98a775bf095e0aea1462e103df21
SHA512 50e41d5066458a12bafa086af40b2b83edcdc1d32fbd733ac9b5c90ca5f5d92ef2cae7c5f0a39bf935e8bfdc7e358d234940849249ce34df79fdc2544b4355f1

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCC801FE-0001-1253-DC344F4BCB63BeginSession.cls_temp

MD5 67c5296f9807a94e0b88709eeabeccd8
SHA1 4b9348edfc821d9539b0ae95c7fd0bc5e027bedc
SHA256 ed7352966e26c55743653e3c569c52ac136b4e517fca32702420d289f1576f66
SHA512 93705a9cdfd5fc2111a89ecaf0a6e25b6b29c35005bc043471ca77abfcd006acd874ff246ad21652cc0905ac543867ce1be995e0f140ee89230125eda2bbd6df

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCC801FE-0001-1253-DC344F4BCB63SessionApp.cls_temp

MD5 5f8cf04382595285bf715dacfe91ebaf
SHA1 b29555ba73dafbeef7e2cc1afd3904dcf0114983
SHA256 7c8e911e3e1e7ecad7dc607cb61e97a107466422eab3dbcde09b06335a563ee9
SHA512 60f2cc2eb8d6cf044231165d052085225978f55a0a5610ee685df2cc4658939849b56ee5d5cadf7c7da50583ad942d261dc72dd0da48112a9ac334ac0dc13293

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 f58696a93123bde9ae46bb414d4bd970
SHA1 cce98d358c11f371cada8be34362ef058dcede2e
SHA256 3a371e0ddeced9d8ba03ab5f721e86f48a896e8e3de2c6442c8d54fa31efd9fb
SHA512 2a76857eaef851c1f22e9dbfc507b28ac8ea96fe0fb573bd11a00eb4a8892779d5a6dc9b09cbf4c38f3561622c96cf023681477811293c76ec0cb2a0603c95e1

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics_to_send/sa_61837cd2-9f9a-4f79-896b-84e727c2f2cd_1718353096816.tap

MD5 56cccdb05377d032029326e1285a767c
SHA1 f6fc79d3bfe9f6f38e02a8356e5b605726e5c81a
SHA256 fbe2be9a32a01b0165954350155f10a5c5fb34c181832c3626d31a965f7a8f5a
SHA512 294fa5529b9b8583222a2ea405988d16f5d3ea825157c57154e4fbd710d903a471909f336f6fbfa9f0ae2b4ea4d98d9181880acc460133a855b8252f95cd7f2e

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCC801FE-0001-1253-DC344F4BCB63SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/session_analytics.tap

MD5 13cc073d4f06d6121b3281b5040de26c
SHA1 4f34d5f6e23e5091fd9ff22742ffedf05eabd1ca
SHA256 be9ca6a4f37598d529f46e422b1b1db23c2fbb502cc1ab9b0f637936a01a01ac
SHA512 bac6422afafcbfe50f8fbe08721b4619af9321e119922aa279f7c4b1455f5e098038c172fadd5abb9ca1b1b856d22a9a458888b09c885f0f7e594ab5a8cb8430

/data/user/0/com.Fraom.IrideUI/files/.TwitterSdk/cm/com.crashlytics.sdk.android/666BFCC801FE-0001-1253-DC344F4BCB63SessionDevice.cls_temp

MD5 e940041f9a672dd944051d378c708560
SHA1 d3bef10218aacd2282b71385854b4a01f28e7e0b
SHA256 79906bc89141252745d3fdb8ef75305762875346945e1987a06c78cadf8082f0
SHA512 3d04576d693b35a051cd1f50a115975784cbc380a8f5b334fe6b4e5b87cfa93a019c9730774ba124ebded0e11a3fb88378e01ccd2bcf68ba4c5326eb97f769e8