Malware Analysis Report

2024-09-09 12:57

Sample ID 240614-k9wyfatgqh
Target Truecaller-Premium-v14.7.6_build_1407006-Gold-Amoled-Mod.apk
SHA256 b6f106e263be14e276a1b637bdeed5c2e9d42843957773824fbee3c92bf2fae4
Tags
collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b6f106e263be14e276a1b637bdeed5c2e9d42843957773824fbee3c92bf2fae4

Threat Level: Likely malicious

The file Truecaller-Premium-v14.7.6_build_1407006-Gold-Amoled-Mod.apk was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Reads the content of the call log.

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about active data network

Queries the mobile country code (MCC)

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Reads information about phone network operator.

Checks the presence of a debugger

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:18

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls. android.permission.BIND_SCREENING_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions. android.permission.BIND_CHOOSER_TARGET_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Required to be able to discover and pair nearby Bluetooth devices. android.permission.BLUETOOTH_SCAN N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:18

Reported

2024-06-14 09:23

Platform

android-x64-arm64-20240611.1-en

Max time kernel

87s

Max time network

128s

Command Line

com.truecaller

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /data/user/0/com.truecaller/[email protected] N/A N/A
N/A /data/user/0/com.truecaller/[email protected] N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.truecaller

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 account-noneu.truecaller.com udp
US 35.190.118.8:443 account-noneu.truecaller.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 dlsdk udp
US 1.1.1.1:53 inapps udp
US 1.1.1.1:53 conversions udp
US 1.1.1.1:53 account-onboarding-noneu.truecaller.com udp
US 35.190.118.8:443 account-onboarding-noneu.truecaller.com tcp
US 1.1.1.1:53 launches udp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/data/com.truecaller/files/ls.pb

MD5 9df22f196a33acd0b372fe502de51211
SHA1 0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
SHA256 929260ad9b9ea9fe0f3553dd964f4ff3deb5792efd031a2b90f573fe91f012bb
SHA512 5fda97a131fa4746fa835caefeb6f6d64f2b12ff5a4e42e840639af3dd747cf3627fec8039733e5a77d9b99aba473dae4b08134bb4e39006dcd06cec90c76371

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 a778846f660e23169c6a3ef684cc0b41
SHA1 92e9aa17800aba6b74c79dce85ecb584bf987a28
SHA256 01ed0a35ab20e779d19f97f72258a6b73d498e2e63c3bb05046168be55f713c0
SHA512 f6c0cc9439884b447e417489ff8001ffe85460a738cf9b59464a70ef42a93224553d7331768a053ddba617e3857f8f1ecafefcefe192d468706c863ee963cd6c

/data/data/com.truecaller/databases/com.google.android.datatransport.events

MD5 f4c0bb9986266084c9a0eb6cfeff5916
SHA1 fc41ddf6a911edb8730cde8c48dd1d1dfe3439ec
SHA256 9a084af60ba702ec3843c8c4a1d8a10b35e9a74c2c8aba9dc80f8d037ee74cea
SHA512 25a46355884855f2dbfd05d391f826bd890001d10be84f87fb5c86a26d34b94bb9efce0fa37ac202e0bf3cf212303d396baba09d7f1932786bd8215be0e7c085

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 59669453e48165ee2cd9ee38fbdcb306
SHA1 dd149bf7f00b6ea985ae5a8a86d6da1210da3a6f
SHA256 a773f16babb9d418cc46426b9adcf3ad09ebd7f08a67c2f468dbf72bd7a35aaf
SHA512 a50951cb310b75b0d02888d1542a2e50291aa48ec3e5b98a78ee7fd237ada1e5298e7a7b4ed43ae838f8bfaaabac18286bf707e85eaad41cf19dc5cf239f6905

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 b0dacd1be379a3d0fa55575926b4cf9d
SHA1 83f6fbafce69a8be1808987ab0edea6256dd70f6
SHA256 bf1775e2ed6e448dba29ef3e6b0f9423f0bf879cbeed7c5f1db7ebb1c6cded86
SHA512 16bc466768d6f116822af3a7e55c2290056e11ee160615dc0a252328ca979171d13759832e208aa7b9640126c899bc93bf537e35882f82c4f1d6067f53a7910c

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/report

MD5 f01ff6d40281aa1f009f92464d8df70b
SHA1 a267b377467095a4ab23bc780c3d5a206ca3abab
SHA256 d3513beb48fc0af944497bbb2eee2b326abc8858c59060d01c1b5719dbec07d5
SHA512 86a53eb4ac05d7e8a65578fffd1cf1dd9be60e23de38dcc3a5b70869cae604cd74592e18bb49b1893d57835616ded70c8c2434bf135bf32b4ec968bb6ffb5fef

/data/data/com.truecaller/no_backup/androidx.work.workdb-journal

MD5 f3e6bf38acb69b7065e99740e1edf020
SHA1 cffed11cb6df0c49e7457f32e2369b9aa19fdaee
SHA256 e6d93ce6f41464a692f22b4d2f532caa646a2a14d551e9ac0312927a06c20539
SHA512 6c941fc411e5c8d8825bd0a41abbac1140690381eb5cd6a9a1adf7fe9895a39685a01d4598551df48d55275e268a1580a5816b75ff04efedfb1f5ce1870f532b

/data/data/com.truecaller/no_backup/androidx.work.workdb

MD5 71a4fff3cf73d0dc9c5913a1ff8a448a
SHA1 44b579f726970afb1d50b350547ba18307960015
SHA256 65fff8e7f980296fc58759898a7687681df0ddb39c5d6003595553fe0493fab5
SHA512 1822515df8c64dff2f3d14ce34f316c4005a7e8c2f293be46fcd9d87ae432be5f1b3cf1f22f087444ed254111f5d73adff7f6c6cdc9961aae7a6d285a840e80e

/data/data/com.truecaller/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 ac68277a2c4297a258169f052df18b9a
SHA1 8ed786714b05644485ab5190ff3615f27300112c
SHA256 d68b419387df56a2991eb84e7470a240b54006454ca08208209fc0a0627df89a
SHA512 af41a4f0ab6c405c4d3918b23265ef527d8c1a789681f291009a5e30e50c9520074f1a3216cf755780d5dbd7db0953368f026679a956af7ffdbed5ecdc907a14

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/user-data

MD5 cc1da451e1720d8d85b653f800caf5de
SHA1 91333b9b33e75f679332048177bc43de203d563c
SHA256 cb5632c7e426eda9de8bbed6a04fa3db4f3b867fcc9fedf21a1b0d03f357aee0
SHA512 e48a99daf271b05b1d5966c8ed00416fef413ef79655fc7b56e3cdc159fe77b9977c6dd015ec445c90313995c10f66b6b7096751b8df0a34dc7151b590127b19

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/keys

MD5 328e0e1fad82abfe205b19a36153dc2f
SHA1 e228898ef0eb8a2740d86d07920633d4d6b2fa19
SHA256 114a6e8f5c43bea09a4a73b24b44b030440a6f3be212bbe943becdb363f15e29
SHA512 6b38ad8681bead6a5a58db08ffdf916e0eb6cb51c3f94fb2451a272e433aaf90dcfb5db8f15a1ee6458690e29faa3a4de65b1a427b45d364afdd45bc3ef15d58

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 45ba67e8ecf40c04719825746a366f1f
SHA1 ceeedd23bcf233c1c917a7940582c0d5f2364ec2
SHA256 84ff5205b1b09140b88fa72d64796c081f230e590670856de5d10e856fb9932e
SHA512 f6cd93a6aacb71d530214accbfbdfee0480ca9fda310918c526f447e2a7aaba088ccaf26958f4eb46a27b2638d34e585fde8a06bbf21862778cd16d272ea249c

/data/data/com.truecaller/databases/google_app_measurement_local.db-journal

MD5 89f1be3ffcbdd6b581670449d8d878a4
SHA1 696bc260dead91c3a0756d03c7210fc146afb751
SHA256 cacb38704d9329f920c583c973bfa175b37e3a01e8f09195a85d2919648b55f9
SHA512 61e5a4a13a02e57c87b8883d234af8e9fc6d147a5be55814927b0272ceb230c29ea03e0d435ef1b519903cd6dabdce5b940fd777083318c1eb42f453f4ca103c

/data/data/com.truecaller/databases/google_app_measurement_local.db

MD5 138dea1a72b76471e2e7e947006d127b
SHA1 6dd3b2d17aef9a6fd2ea292553c3b7b71638da42
SHA256 d5a5dc273e29058ef64f7f8f06e73747c61f9ea7c4782a7b21cdb39c6f6fcea0
SHA512 e80a4eb9045fa5d2769a6d52733772fba6dd595308ff5fe72dc9e525870ce3f1140dabe7d6dedaca55d643f2027a906dc03be02af2d88c8df478cbe752bdaf99

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/keys

MD5 e54b103ccf69118527bc9c6564a48de4
SHA1 40efb703aa0068b7612be64b0480c9b5c9fcde84
SHA256 e90d2e9d919ec5a2739ceb1cf0f93091d4bd1336ee80125d944023d4779047f6
SHA512 246cc616c39070b419e602a9f62ed0f2a9729eb8e08bc0fce11543ccd58c08a5212f0520973b4667e49cb71f62f0000c21a9f4c6576c586002fc6e7c348a0453

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/keys

MD5 c821df5c84073293cfa081b9966ef6dd
SHA1 bb4574ee8540aa714fddc96e60e183c3ecad1c4f
SHA256 bc9dec39368ab98805c3652e6987a855bd2ad6b6b069e4687bf69e53749b8b08
SHA512 0863f96d40ff7c1e1f25b3bcad3a8d928ffb829814bea7fded61843b3ca34dc092b0ba10d4875e45c71ed3469f76a71043ba8f39434f95b499fffe916aae18aa

/data/data/com.truecaller/databases/google_app_measurement_local.db-journal

MD5 0c98c703ba128fed7b3653ccf752e31e
SHA1 26bd1a606661ac7b9724c657c1340952050ff041
SHA256 ab87a2fd450f8d80b4996ad2901d42fcd373b5aefc4e72ea3fd422854d3580a7
SHA512 d776aa71c942bdaf5b234820bd6aa6fe2885d9480db90f684f6e8367bbd1622783d2cb0ddea3544b2fd77ebaaecd8f04ac5af188e2ae9bb85e43729df7778ed3

/data/data/com.truecaller/databases/google_app_measurement_local.db-journal

MD5 ddbec99fc636a51b3786f6e43d1fcc9e
SHA1 3c15e0f6415bef950035df525c77cef2df1c19b0
SHA256 a57c7b3cf97d7e75a00e94963e8e0dec4b962435cda9bee703d4d6f2e4ae9597
SHA512 8a6109b6b3f6dae329506a8ff232b6a7e1b740613bd9a809ba7bd3da3fc97f6f9a70e4b7ff09633c0e9fb8a5883e323084e572efc8ba56b4bfaab1a70e937047

/data/data/com.truecaller/files/countries_v2.bin

MD5 ffd6ead1123a97c9dcb94f47ecb9d19d
SHA1 a59dfcca34fb426476b9ec289c7e1e7a35d6b1a7
SHA256 cd0eed00dd19f4c830dd992df859d2d960832f845644e365ab9ce3928f41a3ed
SHA512 fe75ceb3700fa95b0c48d0fdb0e94b85a3c29b12af2c51920530430715d51d9b56602415325810a80b604e813a1536415cfbd689ea3e169b002af164f88fb78a

/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_firebase_defaults.json

MD5 239da7ae1a09d380c62a51503da5ab40
SHA1 4f7dc90ca8e68101982087a6dd5a08ffb4587165
SHA256 90289b9d8bf46c3dddbdf83749255df4e3ab9eb8f40995279c9d848fde5c2a95
SHA512 ffe65316cf9ddd6fb90950402b4b8f057d1b729e2832421ac2f4751c1382103151d9151fa57f1b98ebd82366458b3872e902605ac702fc9d14146af4ede5a6d8

/data/data/com.truecaller/files/datastore/backgroundWork.preferences_pb.tmp

MD5 428955c70f5d1f15eecb85067a61a79a
SHA1 feaa09ecef773d361fc87f4f839aa8dd2ff49c2e
SHA256 e578fceeb978037133fa0de8c19cfd3921d738d128527dc8759f86f3c4f42cc0
SHA512 4a432a4b2bcc2b3dd6e9a2f4edf61234a10dfa47e354fb53031f1dde119690d28f364648c5e80c4ded96178dacce845ebd5c297f47dd124219a88cda28f6cdf4

/data/data/com.truecaller/databases/google_app_measurement_local.db-journal

MD5 a82916b92c02c0415956a27d9f6e9be1
SHA1 df12a27afbb5728c2a12f982c7c7630b3c160e62
SHA256 1cb196ea9d3e1207ceca92fd450e82c60a2dcbc72d077e1ffcccf028405301a1
SHA512 6fad13c3b2c5e1b9046c97e7d4e4d32caf15192d04eed92582247a6a902ce53fb8639969ee76c3afc92d55c9ac1b20b88e1ad5db0918f406b5d49e5cc5eae8fb

/data/data/com.truecaller/files/datastore/backgroundWork.preferences_pb.tmp

MD5 abb81bdc2311d7e56c378e76361ceae7
SHA1 d805d79d6fbb79f5db11b95678d310bc7daa6bee
SHA256 0d5cd4502600e33764a0483910b0c836d02f3d99a811b4f22b1f0e75c8d492f5
SHA512 1887baf7718616c4220eecfa41d1d544a272178ef0c4fd071bb457bdcdd97e003a17a10150d14ed3213df4c6e210d54e78ba7ad59d7fb4f30d6cbe8fec208965

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 956a4fedf2421a1311d2008c0b96a890
SHA1 f7c6d65b63dd4b2bd1caaab8632af3faf33bf8ad
SHA256 aff3c83420e5e10c31a92b5eb6fbdf82377cb9ac051175493e716ba7847d5b51
SHA512 fb5c1871d30551414b23f1d2073d227edae2386f6f57efce6e3400ed78707063a8d84d5b75203275bd6f10c41bfc497660c86761d6bc991c4008dd3bded13474

/data/data/com.truecaller/files/app_starts.bin

MD5 920a36df7889de9a214959cf9dcc0c0b
SHA1 faa5284c1347172eb2f0d04924b3c6ad1b68beef
SHA256 41f39a3eb3b35749d405beed3b3b7051d1ac490cf88b3b4234c3278247d43590
SHA512 9fc4b7c8fbf1078bbe2cbd996e1e655b9f7436b5d79330bd2773910dc37c7a59926ca2c271586751482876f3b1438fe9fcb7fcb63b5bef0f6f4b280bc94a6ce4

/data/data/com.truecaller/databases/google_app_measurement_local.db-journal

MD5 669ffa082db65b2b2ba3601ae8b9d35a
SHA1 3090288b6f8a42b34e60d825994f910a48c5cf66
SHA256 4e031c5e4b6111986c47aa26232c67f0cecf3bff9164160e9c29d9c61f7b20f7
SHA512 c5d9538d089028b9d9d0c28de25f46dc2b657aa9e664ba358ae968dbc80eb17bf3548781e0602dfc4e596edd713da817b4ba6d4553b09ea758ff8e80ca979d59

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/keys

MD5 b44a931a3f3c66f314b7bd6534ac7c4e
SHA1 30f9faea149cdcac33c12835b805d32c321d0530
SHA256 3b2f3df2dd261ebceb99fde9de472e9497f16273d6b5869071f55bf7c7e2bc0c
SHA512 1b7617d3b158b18c00edfe33b05d159b8a4d012966973b9314f1dbfaf7ebfad01ef9a487a1c4fb6bdcac7fb3e23ef62988290f94d773f3c29347031b576a2233

/data/data/com.truecaller/files/PersistedInstallation8677524632856337202tmp

MD5 f5ff573aec04221a1109bc0d7298e2fc
SHA1 229254aebf1fa1120a02bf6a29d4d74ef3b88ac9
SHA256 c506ca2d1e706791f5a2ac1f8bd728c11cb05355612c989464cf656409a31998
SHA512 240aa5ff3d1945be6ca5b0ef2cd0a5826348452ea038d60ee6608f3668ed4fcc6ef42d4969dd2cf928d3d5ce4d884ee82f7370927046e98f3a541b93d4bbccdf

/data/data/com.truecaller/files/countries_v2.bin

MD5 a38f55f6e657461dbff3d67a3f3b7435
SHA1 7c9902888e0d96a05db2c735130f81a2657fff08
SHA256 67eec34a220945b11e85aa93d92ec06b3ef80e84d4151bdbbab702429b18ecc2
SHA512 03a2c78997855459ac70b34bc28bf553e6f64d4dac9784a3f86a0e9882a66e6b10e6c641ae5e8a27aaec3cefc38bc0e09235af0a6df29ac9292d4bef9879d7a7

/data/data/com.truecaller/databases/analytics.db-journal

MD5 505e12a0eb01fd6fc98a3c4a9f351bb2
SHA1 fa279f38901eaecb2e6ec59c4e98994289d667d7
SHA256 2b8af984f1c9c3c4e4da0e991f83fb24861f2931bf3b3e2454f16ec49df176d1
SHA512 107caac8625280423b1c416668cc93bca580d225c9ca53b4186089ee976256f41bb080eec6b01e7882a7a5e7f0ed0c10928aea6c6ea475a45359c0136392ed85

/data/data/com.truecaller/databases/analytics.db

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.truecaller/databases/analytics.db-wal

MD5 79129603f0676a53ab72129eaf294d66
SHA1 dd3ae4e3daa6e2a86652fe17ea0392fee42e06eb
SHA256 c2554c0c5ffa44c01cbafb812560b92923099ab328509f47ec010469f0de24a1
SHA512 b05848a8b4eb2a8c7abe74c65276e5236b36d40613808a43af45479d253ae05d89fc5fd7cdc4a72d3362292d9a60b024993805ff86985e27be8b933afd028bc3

/data/data/com.truecaller/databases/analytics.db-wal

MD5 3e92ef6798e252704bc1b69d3d9ee0f4
SHA1 b11d833054f56ae7c4f58a95063ecbad382cff5b
SHA256 38d03943d3728d4aaf885d412e2cfacdfebc7a19cb50afe4d399d2ba380260b7
SHA512 c20b9ccddae7426ca4183a7191648e01ac3b851ed833181dcc13a888e9e61482c11a47fc0ea789662d881a59f07eca4b20620fbc4010a74edd6156ff5ac7f8ec

/data/data/com.truecaller/files/PersistedInstallation9056295479671374935tmp

MD5 521029946b15ef25fa8213bcc0ac6de8
SHA1 b6e44eef424cc6e9152d2b4025a4e7b442fac255
SHA256 34bef2af3c9974670687903adc3d1c7f5dce55d899057554c533e0fc023426d2
SHA512 bafcf2ad3ca552ae3e40fe5a6ef8064c3f7d3a40a16b80d6b4e7bf9cddf082ecb905e60c0a049317c17c9f02b61824943215498bd29130349e0fcf0ce2afbce6

/data/data/com.truecaller/databases/analytics.db-wal

MD5 d2675e6ce4efb9ed0567f92297311bec
SHA1 b25ff9c75c0ec8933ec0bc866f49252bbf900a13
SHA256 14a5cf6b7a9b4f354ef8ff0a842112fe792a27b3161a1d5a04bcb94218689179
SHA512 f8fb028f708eddd2d2e1812ab7b51f0827460cda3b73c3339e4bff12c4eaa396c6490d3e173cde85a85c0aa8ed34e917742cc2c13d6fe625641dfc214fda16ee

/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_firebase_fetch.json

MD5 1eab48aa71680e5367f789c88b379d31
SHA1 6d6c66e97d44a5051ba021f4c982c9682db81ece
SHA256 6b1ac8de6fba555473d136110a49248b286f6da776606e32da381c1fcb1e20c1
SHA512 063fed1befb0b7c3186fcf0fe60c0ceabca13e5293f6cae786000b5069d7d11233f48f5293aaba74f33be167e3070b4aeeb4eaf63e5e8ee6b6d79ce2dd0fe94a

/data/misc/profiles/cur/0/com.truecaller/primary.prof

MD5 9e23283aec23c67f1c511e411d6fa183
SHA1 d355677052d923bc69f1b212dcb0091127732f9f
SHA256 6d4e2e69fe9eaa4e99929fd64c728dff9a141f601f3a5a0f8547d3559e232d16
SHA512 2130be8b92046e7abe582b550d4e177396641f584b8816a6dc7e7dd0fdb0a67d56aefd71f28914165427017d89e39979282d3bf81e482bc326596f308f331349

/data/data/com.truecaller/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 5f8b636df2262a9e17b4f405349eaa55
SHA1 772807b67c62afcce7487797f87a8e06fb9ea58f
SHA256 c6909f2c606a33b84d36e7c2f02f34227522b91eb64fb8245bae6bb3e852261d
SHA512 dc97ef582f2c3dc7967e7b14b17751b3a6308b46661d52f659d4d1b947c9b1dc66ad1df73d2c518d7a9a6ac442ba90b203695ea5ed26b3680a96a692062f22d5

/data/misc/profiles/cur/0/com.truecaller/primary.prof

MD5 40fb6f2385811dd4bbe5044dda3b5797
SHA1 3bf0d31817da295e3397e8e658fa960b24e28bd8
SHA256 7297bf0c6c4e1600ccaea27d0d24eac482efa959a1d1c198e4ed59ffe927021f
SHA512 3aaeb639d1bfb01b1cc0a29428a202149775d79bad72ef1e7c05d388b4734c3442df16f9b39883719a59e0fe5eb49c4a417d4dbdb66dcfd47d4d6868d4f82948

/data/user/0/com.truecaller/[email protected]

MD5 89586afce2181c4415592d5fa2a11986
SHA1 5c9675a1080c1004249d241b0e9199b6cfad8a6b
SHA256 1d42b43a4f2ca277b3dcc147c5f3d4f4f84b6b170b8912287b486fb7343fc1fb
SHA512 9aeb884ffeb4dfb3c04713bc31f7c6389a4a0d19ccb3dbacecac47ed08d85f8ffa522084a0c26d01ed4bb9d5eaac4773e6cad7e4da273b69382be8ba1a6f0c8c

/data/data/com.truecaller/oat/x86_64/[email protected]

MD5 f2124fc8cd243b9c9e57216abb5e6e88
SHA1 83bbaa490a2234a6fccba9aee182cc1a37f7abf4
SHA256 e2f03bd8b6d9e794dfe467b99647bc5249f6525eff82e33574ecc280c800f18c
SHA512 0bec9b1cdc6498ce0af094b781f495787df57eb0b015dfc76f279fd26a373cd7664df340d52a07f5f41c4984007b4417ecbcf83ca4e4429816377ab5f0dd2003

/data/user/0/com.truecaller/[email protected]

MD5 a2c570972e59d8a9b3bbeacfcfe3485d
SHA1 387746b2dfb1580b22af855fddd800ee9fcceaac
SHA256 328a8ac2b779f0af03eb1e17b0eecb78b1b4c8bedff561f58ad4d5894e71d35d
SHA512 d492487c9efd650e9f534d12c0705481e31c8bc58008f414e5360eee810feb0aa932da76ba08d8942c034cee47648455af87f9229080ce65df90908647d137ba

/data/data/com.truecaller/oat/x86_64/[email protected]

MD5 39ec14a58d7878fd0c952a64e67dd329
SHA1 d7772c89fa63cbe4fc22022cab044d249111de27
SHA256 8470b0d3cb113d8cfe9c22ad738e8b7935dc068073974ee37e5c6ffc579b0bf0
SHA512 30b646e850fe7bd980de0f21972a647682300dc3457492ed56cf3391d17517333d7674894c0bd42262ade073a9504698b113b483b3e2a957bd8ae1245c357fab

/data/data/com.truecaller/files/AFRequestCache/1718356867417

MD5 dcfb40d3624ab0eb445c6f107a958cf0
SHA1 bf51c65e54dc79da9c24125a7cdf9ed0606e9d00
SHA256 1db95dc8d45294628f72334dc0f77ed933bb90256269bdaa793a53cc13ec508d
SHA512 042740badcc67b16f383fc575f0e0d47f4b43bf820d6a497ee1c2abea36174b84380c2013f998bbef1f027e8c630455be02156e139c6d2c447e6fc58b2d7c95c

/data/data/com.truecaller/files/AFRequestCache/1718356867782

MD5 bc1b8a86928b37a8aba49c9cf063c966
SHA1 f7cd38fa4399eb560e467561833ca7277d906d1a
SHA256 d4db23ac90fcbe7ffdd47d5703b9f9d41407f899da90ca93173d1182ef0233c2
SHA512 9beeeefa53689cd4bae3705668905cc40fc649e45e08a18e2402f03effc588f1c872c563bbe639a900d19412fa9ca19925f0461be42646f631e97c58fedc8fd2

/data/data/com.truecaller/files/AFRequestCache/1718356874575

MD5 bba0990ab49084508d0ef7be2e04bf0f
SHA1 58b66c6c9e8531cf2708a24368fe4fdfd85d14cc
SHA256 ccda84a1a0857cdd17b824d1a76573aea47bb982fdda1cb9c944dc6f5357a98f
SHA512 c5a6804b140d62a9254bdaeff8714c01796846ffb1ac36c7ac8712580b5abacec6cc3bfa75c30563ca688ffaa4763a2cbf92c5b0b6faf8e9d3db74648cffac5e

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0B4B02930001124411C8D9A8652E/event0000000000

MD5 67eaff0ea95782a0999b1c26156ae2b2
SHA1 b989403ded1e10ce003302c535909fefed56381b
SHA256 b628c52326e3d5737f74a5a11325f87a12f52325ca932133ccdaaa8887f1da8f
SHA512 6bdc23fb6ad28a1b4aea00750b992e1b2899bfff3b14e253f39e1c68834c7ed6574c92e0f5e47adae9fe3da86f3ebd855bfe5d63f13d94506ec0cbd4401db196

/data/data/com.truecaller/files/AFRequestCache/1718356876207

MD5 ef0b62505d615ca9f2f8fe408585b9e7
SHA1 e0a23db1a9c9d4157e120c48b3d6ad31c7e0ac02
SHA256 2ec8478abf0eb785d98687ca0e591b7ef28a72fe945e5fa2287e1a9ad8aff1c7
SHA512 f1cd87e324ad010507aaafa321cadac8d4230a90f936d7263d3ba940a01e68bba806be2a4674a4966c125ac585fb79fce8cc0aec2bad717630577dd338141f44