Malware Analysis Report

2024-09-09 12:58

Sample ID 240614-lbhhtsxhrr
Target Truecaller_ Block Spam Calls_14.8.8_APKPure.apk
SHA256 288ed7edf3ca5303aef6a3725636d17742be198206527399ca2b0ed108941a84
Tags
collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

288ed7edf3ca5303aef6a3725636d17742be198206527399ca2b0ed108941a84

Threat Level: Likely malicious

The file Truecaller_ Block Spam Calls_14.8.8_APKPure.apk was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Reads the content of the call log.

Queries account information for other applications stored on the device

Checks Android system properties for emulator presence.

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Queries the mobile country code (MCC)

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Checks the presence of a debugger

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:21

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls. android.permission.BIND_SCREENING_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions. android.permission.BIND_CHOOSER_TARGET_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE N/A N/A
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Required to be able to discover and pair nearby Bluetooth devices. android.permission.BLUETOOTH_SCAN N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:21

Reported

2024-06-14 09:25

Platform

android-x64-arm64-20240611.1-en

Max time kernel

127s

Max time network

158s

Command Line

com.truecaller

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.hardware N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /data/user/0/com.truecaller/[email protected] N/A N/A
N/A /data/user/0/com.truecaller/[email protected] N/A N/A
N/A /data/user/0/com.truecaller/[email protected] N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.truecaller

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.178.3:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 account-noneu.truecaller.com udp
US 35.190.118.8:443 account-noneu.truecaller.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.16.234:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 172.217.16.234:443 firebaselogging-pa.googleapis.com tcp
US 1.1.1.1:53 dlsdk.appsflyer.com udp
GB 99.86.114.124:443 dlsdk.appsflyer.com tcp
US 1.1.1.1:53 inapps.appsflyer.com udp
GB 18.244.155.59:443 inapps.appsflyer.com tcp
US 1.1.1.1:53 conversions.appsflyer.com udp
GB 216.137.44.111:443 conversions.appsflyer.com tcp
US 1.1.1.1:53 account-onboarding-noneu.truecaller.com udp
US 35.190.118.8:443 account-onboarding-noneu.truecaller.com tcp
US 1.1.1.1:53 launches.appsflyer.com udp
GB 216.137.44.128:443 launches.appsflyer.com tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/data/com.truecaller/files/ls.pb

MD5 9df22f196a33acd0b372fe502de51211
SHA1 0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
SHA256 929260ad9b9ea9fe0f3553dd964f4ff3deb5792efd031a2b90f573fe91f012bb
SHA512 5fda97a131fa4746fa835caefeb6f6d64f2b12ff5a4e42e840639af3dd747cf3627fec8039733e5a77d9b99aba473dae4b08134bb4e39006dcd06cec90c76371

/data/user/0/com.truecaller/[email protected]

MD5 9b8164be4f0ffaedadc82125e5346c14
SHA1 c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA256 8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512 352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

/data/data/com.truecaller/files/PersistedInstallation4186935958139067051tmp

MD5 ad9c9b3557ed191a7e6de2928d7b2199
SHA1 68d2f32972452ed27d587375d75697c54bf840f1
SHA256 b0c5fb92c0de19eec5a4a17d3f4d174526383eebf6860d104935d2aa22899f07
SHA512 f981268a35955852f26401875f585cc68c77b4b22ed6042dd9a5e5f13b734adaacdbbdca09c2eb898943260fa1a7b5f103835ef6e9edf67d481b22cb9a1b57ef

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 e1626f18d3bd1e64375089f340692d62
SHA1 155dc43791cefcbcb732b20a2d0886b61762c229
SHA256 3a9bae57ad43d4f71dc6d4106ec5e61d9765bf33bba4a8d0c73921b98d4231f3
SHA512 b1db55da9752506d5c291294e731112f4866167424f039ba12d2d742e9b41312c005fb7f31c54e7c100ddabe1a4367307dbf642b46ce6dff98bc90010c337865

/data/data/com.truecaller/databases/com.google.android.datatransport.events

MD5 b36d624d3df4500edab74721c2441b56
SHA1 ff5a351576edc3400e1279bd46d7c146c0bab891
SHA256 3cfc6c10414ef52083e8464c439be03dfc45b6caa9684dee7779f311c610ab41
SHA512 c4ef6036ceab5d1d0ed7b376088406fe2819d68dc6c5bed1072c304a2bdfe475d557a8bf7f970cd29fe0640ccc6ae0ca3a88d2296fd355aecb90117ccb14c568

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 bec23940d0981d7d8e3a735275297e77
SHA1 20e5f1af6c4913fc39592b5726929aa9f1f2d1f0
SHA256 988504eb8ca0da0ec0e5eda8bac206d318f6c30beec92ef623ad3046ecdcf1c1
SHA512 a3cd976586aeab05046b912d85b5166950f6ee847602f0f09e742c3d138b3cab776c59c2e61bfab7943bfd7c7b065a07eaa3d2fb61d63cb8833fed3e775914f6

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 13037b18f0358e2ed15a60f8056d7fa5
SHA1 3fcfcef29b33597f672a57b02bd2764f2eba0a1b
SHA256 66074fa88333bd1e8d9ed3f4d343c9db1c4a76f50ae1616465d6e5e5d10f409f
SHA512 598ce676e8f1d3f226250bc8d318f53769826f01a8276246c96de0add7c5e99ba23e891469aa05cab7e411d6447b1f948e0ba942685e6524c68d093b47441bd7

/data/data/com.truecaller/oat/x86_64/[email protected]

MD5 a07eb21814dd4287563d3a857841b823
SHA1 9f88d406a23f3fd256ec8ed03f154de36d9b3bb9
SHA256 3a586964edaa35d8184eba79e6874924656c7b351050204254cbcd2e2f8069a9
SHA512 0461382866e834fa137e48a4163c57f6856415a1a8c6f2969b3c0a9a76e66986137afab61224ec4d9a256f83c430c5334c8f0cfbe0aca7299e844e57832cc91c

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/report

MD5 3a92f4cfe1921eb9790171649c827fa4
SHA1 6de2ae7f40fbad8c82c9606d3655ddc154ce014c
SHA256 06563548db7535e70f7644ef84d6f40d6c29c0fc05c08425605f99bb828b9e0d
SHA512 433eb6d0bf52c0df0119b0df0d7b8b3ca214fb702b0af2096401833cef2ad2f67738a7b7f7af19c5291fe945cd0e7fca23a2260dca25cf4274e745559384a42f

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/com.crashlytics.settings.json

MD5 b01ea0eae084dc4752718a7c49b69333
SHA1 9d90b35290e6c7eba8037fd44f763452a760d28b
SHA256 f8b96af8696e746e3b32f9c81445e6bbec495d5303ad6808cdbdfc73d50d5f30
SHA512 e071d8838aecbea9f18b1293d6b3b86512d5ca4b77689c86025a78e735ba066142feea56e1261d605a877a50969392dd83ba2bda05dafad235950875f0e2bb5e

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/internal-keys

MD5 bf1a44be3259c34d050ab67735ce6a6d
SHA1 84f192654754ffa37ffc6db07edda8ae20b03bb3
SHA256 b773ccd5d4c467a871a9cc491c4fc566b2bdc030f993c95301124ab86079e296
SHA512 77bcd31ca3244dc473b45c036c45b9562611311dee377c5fcd23fc9b387af23adbecaf5a8c692681de9cb6e39e526c649a3421775bcc9313328bfd3386bc05b2

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.truecaller/no_backup/androidx.work.workdb-journal

MD5 9f5ff2cf9616cb14f0ebecaa8e4651fd
SHA1 3210e4b58c3d4339037e56c9832c772e55cb5c77
SHA256 4ba1f03b4e09d9da4eefddf448fd225f84390a34d1206433ef4fc4637df2acfd
SHA512 fbe8c404a5c6078c23fb558ed0502db28a9c15f7e0217853cc9f6a8871d683610561230398ff414d472da6bce2f4c47499d8d513da55ca80819d32fe86b1078c

/data/data/com.truecaller/no_backup/androidx.work.workdb

MD5 47b0a740bfafd195d4136aa8625d5166
SHA1 9265da9f9866dc8a1d857c3f23c23347cbd5270d
SHA256 fc6a054c2728d48e710a8fb87861bf6608b4cc9a82c0734c62279c6657f18e21
SHA512 028e0dbb0ff6496340f366e27f34836a11fd0c937a23743dcc1b2151ef8ea474cefd8195b616628e280841f2212055df6ca55630c4d72f5cf8b4aded7f3753d2

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.truecaller/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 3945685a13ccf6471334768c947beef3
SHA1 5fbf8e349a1f6a37815629aee2dc4eaf71927c09
SHA256 c30c72a62b16d6f40c3114b87f03010987e286f934530d4b76f395b45d79fb8f
SHA512 f7fa9e2b93f5b83d409c5c90259079141bd8d10b3ec569b7ddbcb045c9351eb4db217a7d3bbd37b6f499b22410af7a0fb91b04c16a0c2d76a3791839748a908e

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_settings.preferences_pb.tmp

MD5 b773efedf91563639c5e724e6247d6b7
SHA1 43f2b9f1b190af5eeeb3205f59d6c67d213714c5
SHA256 de3d1ea2b175a689bbd4f728798adc08d789bdb3212e4fe08a5adfdcf49ae08f
SHA512 294511b04fcad105661c55598bb93d80e4d99ea449efad2c4a2950f16fc333eb62bccf2c7a7bb2aa4ae7483d467a57c50d80902bbe8f6f7c5c66165f226bf064

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/user-data

MD5 c6f6e518362d67a60d5127c3a3d359bc
SHA1 c2598614d26939700d0d4868d1ddce3d5d32c486
SHA256 8e364aa00d68bb3d0f514a8c2e30d6d2326d5d870055fa73f332979928f6ff6f
SHA512 6d3ce5aa165e76049f966c6aaa7f1331f59c2e258a872f863baa551f9a75d3613b52b5ffb552fef9d9762af2c41a08f713133aeb79970ef402d057f34f07e8c8

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/keys

MD5 328e0e1fad82abfe205b19a36153dc2f
SHA1 e228898ef0eb8a2740d86d07920633d4d6b2fa19
SHA256 114a6e8f5c43bea09a4a73b24b44b030440a6f3be212bbe943becdb363f15e29
SHA512 6b38ad8681bead6a5a58db08ffdf916e0eb6cb51c3f94fb2451a272e433aaf90dcfb5db8f15a1ee6458690e29faa3a4de65b1a427b45d364afdd45bc3ef15d58

/data/data/com.truecaller/files/PersistedInstallation4807916125191555377tmp

MD5 f4a48702872679a01a248b6ae7f248a8
SHA1 200407f41e6edb81fcf7cd1793e12926cb9e1916
SHA256 de3461c7ddaa6e48630b3fc25aed5950a7d270886c5fa129511dc96d006b4645
SHA512 4b63aebbb07dea523524a8fd77d8bbe904951856b0d79b3fefae0eee46ab95bc589cf780c0f44feee945a8bfadf7986742e0e33acbfbead094f46b43dc3ddb93

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 4500182fe52c308b70bf3cc93cd6189b
SHA1 2e4cf71e9de75462b5ad1e0bd10dda1e6d8ef2e5
SHA256 a1f1d15af14c1967e6b3c451045d9b4311e60a58b87d30637e194c6fab1dcb9e
SHA512 7b281f37ed61b825b2d460983ad59c7aa76b50ae6809f3894df3b3a6865d5ac4569d8c40afabac283901a5ff47e9cf85f42692e358d5391f7473e76e62e17295

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/keys

MD5 486ad34af72205ef84d45cfa8d9c070f
SHA1 db6a64fed03b31a63eabeb6f1630a0ad7c1f4ca3
SHA256 501f0562ae0e51785ada163df3e231c5695ea36d355dd752daaf1834d738bbbd
SHA512 5149892ef31bca7e9bfb44cef5e4bf8d4e26264d5e98352be9d40f82eb9b9a1c618f6153eaddb8bcbf4424b831958d1232120b8288044cfe9064dfad05112108

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/keys

MD5 f401579c551ab530957264814bade35f
SHA1 b5ef372cf2172a0de3b1618835eef06d0084e973
SHA256 6cae6c409634b8218cac5fdbbdeeeaf5892b1272b320f08752d8b321c10f7cd3
SHA512 51632dc8cbeb0cbf4de061fa38ac6b19500a106f419b989876e683cb0941b31bc63e93711d730d6bafdc96de2aeb973f84cdb3def6c13a9c6cace55a66510b2d

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/keys

MD5 68601c0f2816455d33082c867101191d
SHA1 bc1a1f2d72f19e6827b13724e65e096695c63cda
SHA256 f29d9ce5065c777c5c648f0586df714bc8132c1c2855892a5a0c80d3ec2fc44c
SHA512 5c4e952ee86647519c3c92223b9a6f6c9e4f27b4b6c76b1b8d054cb1ba4beb2eecc2013e68ca54ebcb30efe04ba9ffa4f04617a3c97326b1ee87bdfa561a4fbb

/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_firebase_defaults.json

MD5 239da7ae1a09d380c62a51503da5ab40
SHA1 4f7dc90ca8e68101982087a6dd5a08ffb4587165
SHA256 90289b9d8bf46c3dddbdf83749255df4e3ab9eb8f40995279c9d848fde5c2a95
SHA512 ffe65316cf9ddd6fb90950402b4b8f057d1b729e2832421ac2f4751c1382103151d9151fa57f1b98ebd82366458b3872e902605ac702fc9d14146af4ede5a6d8

/data/data/com.truecaller/files/countries_v2.bin

MD5 ffd6ead1123a97c9dcb94f47ecb9d19d
SHA1 a59dfcca34fb426476b9ec289c7e1e7a35d6b1a7
SHA256 cd0eed00dd19f4c830dd992df859d2d960832f845644e365ab9ce3928f41a3ed
SHA512 fe75ceb3700fa95b0c48d0fdb0e94b85a3c29b12af2c51920530430715d51d9b56602415325810a80b604e813a1536415cfbd689ea3e169b002af164f88fb78a

/data/data/com.truecaller/no_backup/androidx.work.workdb-wal

MD5 9ff5196be67ab3df2c40fdd2b3761c9f
SHA1 908958ea555797f7649258c7aaf1e7148462b016
SHA256 2f75ee8f203f14460d20de7689f3eada12c56e31cdba2dbabeab69cc3fcee103
SHA512 40f369e5d0b34839f4564ca4102407fa4a043072859c61072670dfdadd881cc1bed5ae1251a5cfe01c4304c47adc0fbaf0efcfa5a16de05447608337ec97e6ba

/data/data/com.truecaller/files/datastore/backgroundWork.preferences_pb.tmp

MD5 428955c70f5d1f15eecb85067a61a79a
SHA1 feaa09ecef773d361fc87f4f839aa8dd2ff49c2e
SHA256 e578fceeb978037133fa0de8c19cfd3921d738d128527dc8759f86f3c4f42cc0
SHA512 4a432a4b2bcc2b3dd6e9a2f4edf61234a10dfa47e354fb53031f1dde119690d28f364648c5e80c4ded96178dacce845ebd5c297f47dd124219a88cda28f6cdf4

/data/data/com.truecaller/files/datastore/backgroundWork.preferences_pb.tmp

MD5 abb81bdc2311d7e56c378e76361ceae7
SHA1 d805d79d6fbb79f5db11b95678d310bc7daa6bee
SHA256 0d5cd4502600e33764a0483910b0c836d02f3d99a811b4f22b1f0e75c8d492f5
SHA512 1887baf7718616c4220eecfa41d1d544a272178ef0c4fd071bb457bdcdd97e003a17a10150d14ed3213df4c6e210d54e78ba7ad59d7fb4f30d6cbe8fec208965

/data/data/com.truecaller/files/app_starts.bin

MD5 16ddb91b2eb9482abd3ec6d37e7dd75a
SHA1 b1bfa53a395fcfba72020dbe642258d0fd63085a
SHA256 a76d998214add5fc27fc0f3e610ec9a09dd7edb9cd2e320d1f955da6099b1c10
SHA512 0e73814f975f0389ede51a5ea9d92be79bcaff918eb04c234ef08eb793487898c6fa6355220192b189887f9c329989323237196d5f796f3652df1f1e3e33bdb4

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/keys

MD5 8432dd18249bc63741d141b625168d82
SHA1 f73c90936aee6297b11ba019210612ade2cd8e85
SHA256 2be72273735a2bb190a318868b41d62aff3b8d2907938331030bb79701c925a5
SHA512 63bfa8d6ba81d4485e35f2a72f6c95c199777c1fa2d5dd461afc5235e7277c67847acd2a4d9ee1661ab20f9ab856a1d946eeac87dd4bf036b56c69ea839dfd31

/data/data/com.truecaller/files/countries_v2.bin

MD5 018caca6d069ce0df878008acc044641
SHA1 c506e9c03089eff5bc3187a398c36296c70b2e78
SHA256 92e3d5875c638db21ca75a54efac89d44b06df261c185f750f9d65cc7198eb55
SHA512 93f3366f93275e702cf4075531f580f990b820c4418e91fc5c72899a56b1d1ad748b48cd5534d3dead9d165b5f2175edba2fd69149d02b837d8f629e931587e2

/data/data/com.truecaller/databases/analytics.db-journal

MD5 f55a5ebc7dcb16158b36a39983295e0d
SHA1 bbe9752830a9184dbc023b3e3622078e26e2ec0f
SHA256 6e257f4aca16b7bd697f50edddb2668c61b366c678b1bd2edac679b0357917fb
SHA512 96de6a96d49f9df36fef3a447edb7ea117e366fdbcb8b6f31932f24833e963a20f7f131fb62a19a6f9e70acf60d6fccce806eab1e74bb773b7709bb4d5afff29

/data/data/com.truecaller/databases/analytics.db

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.truecaller/databases/analytics.db-wal

MD5 07e3e02fde1106b273e85b16c28d5957
SHA1 bab7175cfba68e9cb1673e99a67360efda51a5b1
SHA256 84a00c8b39c497a32800e6f53fe2681317acb595a7609650a34e9b47db7f6702
SHA512 3ed68f5c6ae2bc92381c4f65926ffcb7deb6160d5fb24e142c163960249e55997c7f03c3ed75a54112b021689402349c2fade75c717346598255a9a82fc8196b

/data/data/com.truecaller/databases/analytics.db-wal

MD5 41c42fbb35d7fdda3b39792eabc211cb
SHA1 2206f80a4efb905c32cdf17d02b22f23d4d60f56
SHA256 54c48fd99642e93699f596144c62f9fff91de77ad3d981faa319f17766a69fb7
SHA512 80956f1eff30593441b42aa0d5bb99ea20051bb2c3c4e272ef24d79f5abaf313a3908550c62efe7066ecf53669d7287658164471f5aad412104eee659587e80e

/data/data/com.truecaller/files/datastore/firebase_session_Y29tLnRydWVjYWxsZXI=_data.preferences_pb.tmp

MD5 7a203fdaea96e6310d8e0ef99235f1a9
SHA1 d3f526279a355969f47be13c6bed1161b1f56e04
SHA256 cc37ac4c549d8e8b0a8ee3948c84b94813912c1d18f1cc2666f29bec11298b67
SHA512 c45196f0d7dafa3de4d79b526f20a210287cb31c2a792b52b73dd8ae88dc5365a6e48d3a84504842a7531ed7990ee067719427c191fe10fbae1bbd116f08f9e1

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 2fbea595a0004e9cb3015c4a953bc17f
SHA1 27eb1b44bd97b4d06245e6d1c8858587d97db09d
SHA256 2cbbbcd8ad5a8c143f31045e2284025720d937924803d9defe0a54712a456cc4
SHA512 87bd4309e99a409c2ef37452e35d0788f1102c1d3875510c2bea6f5819d3f9ae4481f1c8cfb38901dc578d3f75dbd119c443b8e2599e9dcd6af1953f9b5758e1

/data/data/com.truecaller/databases/analytics.db-wal

MD5 fe65eb4277e7c63650c7bce48f9386f0
SHA1 02736705d2e2d023bda8a0d588e2be1144ab454a
SHA256 71ea68aacd34f2fe220b67da3724c90a6567c40e21af3fbb8d6f1deeb7be4288
SHA512 7715fd5f561cbf40917e2a7568e8dcd262354fa3515151b9f3364f8b502107a13baa25336943ba7d55b70564b4f3e548784539a8681d56d57792ed6a5af4602f

/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_firebase_fetch.json

MD5 b0b89f6d2a33257fb56363e743be049d
SHA1 e38fb1b2c1dea0ce2c97593d76a2fa3fc39d5ae9
SHA256 6e92c5d213094e1aec255164e1c91539dd5b91014fef6a3edde033ed126fc788
SHA512 d572054fbd9de0ea946396eec5325a13589852d4570248db20d1140e4e614831396f4f1552a6ec3dfe7ee4d6f268846ef81919c1245ae5e2796fc1092b9f280e

/data/misc/profiles/cur/0/com.truecaller/primary.prof

MD5 8a6ac263b90d9e6ee2a11ca5012e624f
SHA1 634515b7e72d8f86ca05a8e93d4d0f8f565726c0
SHA256 66dbd0df5f98112744218a302eebb26afd39123690224197e69fa66c672a6e69
SHA512 4726d6557ed46c15a356033ab708b07429806f686e55f5f3c89e32f08832bd654dd9815d6fe8fda2a994942d034048f76234bcee9099e64a4ccc98e437b65258

/data/data/com.truecaller/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 0db8808955a92631b598b3e3d3c2c099
SHA1 393a01313852aee03df09c54183980922b5c1591
SHA256 d17a32b80b27008d6abf60f0f36bb6781a92e3c02b4b045719f7856da1d9e232
SHA512 b81aa25fd9e027945374c154645e4d507a3d3bbb7b438b8de078ba3d54aa1f4acacd0409a6a1d78216fdce78db19e1aed0c5b96d4bdd066b09a7b0153f43b294

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 84e6915d6f77a8da5cbbd1e714fe3143
SHA1 082c7a7e32eb58382f0d394712631607ea73900c
SHA256 2e1615aac8489397dfb834152cb48c03a969eaa564ca401504bdac1009cb3a3e
SHA512 2a4259c8410fe602988267150680c9970692b78658539e396c4de164c32f592f834150f5b88cd9ba3e41b1745f56d4a6b6b4316e3b711a0c1a0a65447390ba83

/data/data/com.truecaller/databases/com.google.android.datatransport.events-journal

MD5 24d35de1d84a67b60b801776755e8b62
SHA1 6b7d55549e5dd46fa029b17124c275992a234d15
SHA256 f8de27b7202b59de4125870e79b245141d0002fda1edf009a74dc775654e3c1c
SHA512 bfd6c232e9344e14930e70c546440264f725c58c2d4678326caa74011bc1bf64c9817f698c30d3cf0ab656e43d4b9746e8b4cddf5d3fc5faf47de99c628d5131

/data/misc/profiles/cur/0/com.truecaller/primary.prof

MD5 3d08fa9cd01cbaf6852261b210af0fd5
SHA1 f9b40693e07c68283caf8f19a526665597b9b007
SHA256 6e8031ef776f1eb89e4dfd27aa9b6581d6f571415a10d7b3aa054c24057d83fb
SHA512 3ae5e901bfe086ef323a8d62655f297ac52ec3b460fc412953a35fae882f417227d207e0eeed31e46589e575a532f45b29828747cc298bddf5a2f51e3389e932

/data/user/0/com.truecaller/[email protected]

MD5 89586afce2181c4415592d5fa2a11986
SHA1 5c9675a1080c1004249d241b0e9199b6cfad8a6b
SHA256 1d42b43a4f2ca277b3dcc147c5f3d4f4f84b6b170b8912287b486fb7343fc1fb
SHA512 9aeb884ffeb4dfb3c04713bc31f7c6389a4a0d19ccb3dbacecac47ed08d85f8ffa522084a0c26d01ed4bb9d5eaac4773e6cad7e4da273b69382be8ba1a6f0c8c

/data/data/com.truecaller/oat/x86_64/[email protected]

MD5 47bba311b1f871ca7f685454eb87038d
SHA1 0b5d83c1d7edf76b18ce031d3a004eda080ca0e9
SHA256 20b19c037ce623ef1da05d70f6a43a04fda625557a1978ccefd487d110a8e619
SHA512 644da53c3fdf518eb727bb296fbfb42b3c4fb229f2de5a8b1bea1b343cd12723f9f20a1e6056b91d9dd11d38f06a7ef6f9ead4a6d159592596bcbde4f7f3b499

/data/user/0/com.truecaller/[email protected]

MD5 a2c570972e59d8a9b3bbeacfcfe3485d
SHA1 387746b2dfb1580b22af855fddd800ee9fcceaac
SHA256 328a8ac2b779f0af03eb1e17b0eecb78b1b4c8bedff561f58ad4d5894e71d35d
SHA512 d492487c9efd650e9f534d12c0705481e31c8bc58008f414e5360eee810feb0aa932da76ba08d8942c034cee47648455af87f9229080ce65df90908647d137ba

/data/data/com.truecaller/oat/x86_64/[email protected]

MD5 48116fa6f7c4ace3165dc284315a534a
SHA1 aac8b829f99c75853b627310e6bfe6494fd47c73
SHA256 92c8bafe57df6e07e3dc4a5f66a209f482c4cd74b57ac02cde7958c1cf504c34
SHA512 a06cdccffc408401425019f0c0c09020cc8436f022f3d488ead1bf156819bf4e6915e65c30bf96333cad1849eb57e8d237bb0522a769c09f22347933284eb279

/data/data/com.truecaller/files/frc_1:22378802832:android:d040f8b97ff358e8_fireperf_fetch.json

MD5 21822e44810033e312482717a0460ede
SHA1 65a64f30cb23219c5a3521b42053d3f0e6aab21b
SHA256 6f4ac9ccb6f7b0bfa9214e65a2cc6d10acf965be0d0f745dcc9a6b99220bf960
SHA512 01e6ebd64a7ee0dd974756e1b74b69a559ae2557eddef9210bf88c7765cc5f1c5ca2096b52504b436437568df1ecd4aa985034f486cc1d93ab2fd320fb4cb94f

/data/data/com.truecaller/files/.com.google.firebase.crashlytics.files.v2:com.truecaller/open-sessions/666C0BCF031400011168BCF18CCC2B43/event0000000000

MD5 bf4d75a9b53f72e6d863abd3667b55a5
SHA1 91cf3e3a5e548d1eb09fb602a032498687a03a40
SHA256 f612381dff9caf3de5bfe50a84025e9e02c47693563f72d81962b2463d1ef80c
SHA512 e856697f1801909cb38ff52ad599d464fade84271e15fc77aabe5557d1b82ad9da1aa071b033e89f02e734e4185d56ef506fa84c11daafa05ac3525d6efbb3b4