Malware Analysis Report

2024-07-28 11:41

Sample ID 240620-blcp8avejr
Target 19233c714b168ed889bc3132322b5214.bin
SHA256 e26bc7563731c54e46b89bc725cd15ba848fd59a5f9aeac2e8b0bbc654d2fed6
Tags
hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e26bc7563731c54e46b89bc725cd15ba848fd59a5f9aeac2e8b0bbc654d2fed6

Threat Level: Known bad

The file 19233c714b168ed889bc3132322b5214.bin was found to be: Known bad.

Malicious Activity Summary

hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan ermac

Ermac family

Hook family

Ermac2 payload

Hook

Removes its main activity from the application launcher

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests enabling of the accessibility settings.

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Declares services with permission to bind to the system

Acquires the wake lock

Performs UI accessibility actions on behalf of the user

Declares broadcast receivers with permission to handle system events

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 01:13

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 01:13

Reported

2024-06-20 01:16

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

185s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp

Files

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 dc89ec217ddb9ada99dc010d7f2db7d3
SHA1 9a98d54b93d89589718eecb427e892ec09989743
SHA256 24e28146e91c1eff8302cb03ac3c2133399231c6ab2cbb1b7bdfabefc3dd695a
SHA512 1d3582e8de556f4584c18ba94f9539e20cfb280aeb82f60dc605ccad6f5230021d7342389778ef328bcc50adc8d91299191363d69e222a1e9fe58535ef9ff6a3

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 e830a4154a92b154b29aaf08fa79410e
SHA1 3013b57999e2446bcde572c02d0d1e8e171454af
SHA256 a8619885c0fffbafafb3b6b7af90f718e08cfd4931bf5d4191cb50b0841d8b4d
SHA512 225967258562b10fff65cb91b4d90a1ec7eec0093c248c56521a0d621946ef63928ae37d89c19afcc43d63685ab2ca0019c62c7e9618f76294cff015a4cc8bf4

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 96d44d0e47851a0ffce62fed8de115d3
SHA1 1d48ac6f0fca971dee2cc60f46d5c2e0db5ddec1
SHA256 cd620bec471530e081cfbfd0a8a2a97ab253af1232c34f841a6c1a05676655bf
SHA512 d1aad9e603e4e566b80ba3289202e17e204b7061a25a11351f73ef2cbf18189310aa0f2d23e10909aa11c01cb6744976543c0fb8a552376c0691f5f9c0ec6200

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 2a66492cf6258cc47e3dc0a012724424
SHA1 3b05b41a4f0cd9931b7d07d0f2c56bcd45aea911
SHA256 6025046f2249d7a1164df657d305fab2696389634db111a17752e223cc6073ca
SHA512 b8a793ba9fe5034aae8fdaee8ddc43abff277e2189592212f5281668a6282e8dfa01a688c3d127959eb4bbcfdea1c7cbf4957a26b5106ef436ae3f74c2ab8f32

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 01:13

Reported

2024-06-20 01:16

Platform

android-x64-20240611.1-en

Max time kernel

70s

Max time network

188s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp

Files

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 8686c7a09b42e01527d066c105a2532d
SHA1 b7eefacf9dcd77573057e47e74e44e0d4d1c3c64
SHA256 7611fe11486336ff47c95e97319afde3f7e4baa8a4bfdea0b416f3c4c182cad0
SHA512 e4c2317f8a0255ea5fe8ad7727056ab4ab60793a5afec4aed09ee8bb3172a4aa24c46af16ef830bbeda0cc3c362852ca23c24e8ce9c724261e2d6e68286730d3

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 619e8fc47032bef6c0f618d29aad06b8
SHA1 30158f88777598cd6fb9d455ac57eb03d4be964f
SHA256 ad5b1aa0ea7996f7bfbafcbeaeba1725bffa0a280154744470482d12984aa812
SHA512 1e0d202a30470abb76e27ccdf46b8c8bd877fede37cdc71c9ae072d4c47c184dcf2013340f9839e2c58c3c90d702593811b139efe04b4f3b0dc9698479c689a9

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 aee47052dfbf72d2b4b1bf92e134f565
SHA1 0892478c751e6f81b1df2b7633946e7c657e3b97
SHA256 3506ea234105f33978a2352eb54da39bb1530ab52a53c5a5d6976dc2c4a66884
SHA512 f0262e1daf2bdefd64a5886e45e02b56bd82a7469166862e767726f40a8b2ee9a92190947593f49db98414fa44c5e77d112560f169255e6a3e459bbe443fb8b3

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 c44686ec286f647328fe955b4aeb2d88
SHA1 34d425f7ff66e011c09a039b39c8190e7acd9b13
SHA256 94dc4b5beb03e9c80744730db1a9a8098c2dff8d3ba2020cc5552c70be22406e
SHA512 11f4791f99b017de0d2b90ae4b21fce240a7a7016d2f85adc21d8f46f088a27141eb15237682f4d24463829a076fa543b13c95016b3a265eaa896d1fa6a113a7

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-20 01:13

Reported

2024-06-20 01:16

Platform

android-x64-arm64-20240611.1-en

Max time kernel

52s

Max time network

185s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
NL 94.156.65.236:3434 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
NL 94.156.65.236:3434 tcp
US 1.1.1.1:53 www.google.com udp

Files

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 71d933482fca54f9471869ff19009c50
SHA1 174cf283cd4d226ce154feb577df92f976959a5e
SHA256 4b3d1b1684e546db938a612ae851e6e1de0d9a5f3185d4abde05d5130b8bc292
SHA512 ec17e9d914f53d4f147e81a80f7dcf57cd62e58393238911e5c8bda593b8bc5fa7a28561e669a1490dcc90f2914a7e8e2e5173827d6d76cec4da6675650de8b6

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 48c43db644d0181c7dc577f500d0bcaf
SHA1 f6163c941efc09e9eb77a0c49781a496e347149f
SHA256 74a6838ae46c135249ef685792a8f04019107188667cd8402ffb10b22fb962d4
SHA512 ab2dcca855682db80c933854fb98782ad33d896101a2ea1e31138a8d51a11540680e1099ead9f6a4cab071f6820202bca8ef631b1a9fdf95a81a6c7e448ae031

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 0c251661e6caef26ffd581a1d21d6f52
SHA1 de960375597f2454ca9cb409c8b4e34137555902
SHA256 bd2c889450aa0dc5a301d30cf818bbdd3f16ebb02559dbc00913fe5173832fb2
SHA512 9ca8974e0c4a8be3663daa7c2a7718471688bdafe5376609d2afef0e1d5f72f026a69cb15d65a8a0a5acb209609d90c6d35ff65fbd3735a5123946ecd2ef15dd

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 1a80788d59b0601a8d77bf08578eaa44
SHA1 15d1620a10c0746fdbb09de7513bdf6d1aa8cb2f
SHA256 1ae7111eb32f395c4418dab3d44a88cdfc93fb28427496c69305bca495ad1b07
SHA512 44c5b9ebddcd9964f60d77558991328b2984f8bf09ef0f9ea1f3fdcb06de989bd42052d45188032cbb3d95787ed6bfd272f10f17af351729a236c53e57e27c4c