Malware Analysis Report

2024-09-09 14:34

Sample ID 240625-1xh4taycrj
Target e6c0ef7ef87316d2c02b1a41fcc307b6bbbb2c3c60b2d8b99b4dbe213326403e.bin
SHA256 e6c0ef7ef87316d2c02b1a41fcc307b6bbbb2c3c60b2d8b99b4dbe213326403e
Tags
ermac hook collection credential_access discovery evasion execution infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e6c0ef7ef87316d2c02b1a41fcc307b6bbbb2c3c60b2d8b99b4dbe213326403e

Threat Level: Known bad

The file e6c0ef7ef87316d2c02b1a41fcc307b6bbbb2c3c60b2d8b99b4dbe213326403e.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution infostealer persistence rat stealth trojan

Hook

Ermac2 payload

Ermac family

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Reads information about phone network operator.

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Acquires the wake lock

Performs UI accessibility actions on behalf of the user

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests enabling of the accessibility settings.

Declares broadcast receivers with permission to handle system events

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 22:01

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:07

Platform

android-x86-arm-20240624-en

Max time kernel

6s

Max time network

137s

Command Line

com.appd.instll.load

Signatures

N/A

Processes

com.appd.instll.load

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:07

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

136s

Command Line

com.appd.instll.load

Signatures

N/A

Processes

com.appd.instll.load

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:08

Platform

android-x64-arm64-20240624-en

Max time kernel

9s

Max time network

132s

Command Line

com.appd.instll.load

Signatures

N/A

Processes

com.appd.instll.load

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:08

Platform

android-x86-arm-20240624-en

Max time kernel

179s

Max time network

131s

Command Line

com.JiDpzrKa.WmqvXSVh

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.JiDpzrKa.WmqvXSVh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 1 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp

Files

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-journal

MD5 f625f8e400cd1d0463edb840e43dd3dc
SHA1 a4fe45d2b9185e120aaae22da61449d37fda3924
SHA256 c0c93f4da5d11ad140701ba492efd9108045684622b129d5e5237ae403602d7a
SHA512 208cdf75d7e2b5d6ecf2592fa0d1043d53fcf24c9b5ba7524aa9928b609a94d3796d52866ced02226a95473a95a74b2c35cba746ac45d0b1b9d4bd675d379071

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 135cac5b2ac1ad6ec666ded99da71f41
SHA1 e7a36945210b5ac59f67109da4440685634506f0
SHA256 c94b5bf7c8bd8b4dc5ad79361d144c1d93638a16683ced39eff51cd9b0d10061
SHA512 b94acbc941b278ebfbba0b12d69c845c0b89acf9b68161c4d0fa58214122963198a97f0a2567c3372baa9f1725d212592ab0aeb1f64c4231ae4bf13062091e18

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 2af8c64d902f0b17de405794efd3ea46
SHA1 38d6fa956fad22de3ec36f04d36e661490542275
SHA256 33826c3369c5b9824ac0f5667efd5503bc5d35138cf8f60c3ae810142eef731f
SHA512 9deff53b00818ca67e339e5dae3cc12cfe43c78e7b87e99766c2722e405aa58b48f89a02089218e8f1d95e2988c14baa53aebef061198e3d484fc027ad67315f

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 407eec393a828da5a14c9a1d81732737
SHA1 9828682a3fb7837295549522257730a9dca8da9f
SHA256 421f7e769649014acff1cdaa7dfe1de8be1c88e804d67611a6815960c414dd77
SHA512 b1508da74cad16da3164114034887fa2075eebbf5c3c65e5e39d6ae0629ee584db803060511e11c7376199372af9bb810def1f9ffa301d7b432d4fe45c86eff7

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:08

Platform

android-x64-20240624-en

Max time kernel

178s

Max time network

145s

Command Line

com.JiDpzrKa.WmqvXSVh

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.JiDpzrKa.WmqvXSVh

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 1 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-journal

MD5 bc62686bf7b462a6ed80d65078640a49
SHA1 d3a3f184900a138a6ea2aebf2d2cd6204a897def
SHA256 d318b3661109245b00e5f04dd504d9af3efd4ae68cc5ad85e6bf7ea8b55487a9
SHA512 536006f469edb6d8dd7241a6575808df7e3826c099885a3d5363cf088b9f51c1339dfaaa448ed8c511389dfc9a05cc3df0344c0a24fdf423bd2447509f66fc0a

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 bed2fb54e57bd90ac3eb6fa527dcc7e3
SHA1 a8ec6ae15a0d2f7b143ac9807daae94f85191b42
SHA256 e7c8fd195bf52a57194b8abc3b543bcd20a40d0a640a25150eb2b8eaae7650de
SHA512 cffc7475cca603f285ba796a0ec4c30d74f1be96006b2cda0f62abe2b29cb0a8f1677f1aa8d70b0aa555b0cca99e268525003f851f7ec3e6718e6d156863a240

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 9fb64f5987f7d6bea3f09e2a11045041
SHA1 b2ba42b5fa1c3086736551ad6c255a1ff0263a73
SHA256 a9e3a19f029d4a3bc551afc57d4c04b74ad1b85f6ee9cd9b214bc2449356948f
SHA512 1ff11fca5fcdbc5f4ec676715f56a8cdb73c8017b2dc259e856439496bbfaa079d7e81fbe6b4ebe77a0eb4355173722809816d051f36b0a05d8f2502411d9168

/data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 b1216c7cd9c5c47b01d7b6271f9859a8
SHA1 e2524965140be756e522772cabd6466a870f6b6d
SHA256 043bf7392fbb8c1e9f84aa5e1ecccc7febaa11ea62ede42e1b0a6536842abb4d
SHA512 753bf8fa16539ea6a0732c256e6ac1ffc1cb1906e58a6ba48841b5dc791cf93e41ef1dc5c38522f26612fc2ec64fc4bd48763f67fcae060124bb677f122155d4

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-25 22:01

Reported

2024-06-25 22:08

Platform

android-x64-arm64-20240624-en

Max time kernel

179s

Max time network

128s

Command Line

com.JiDpzrKa.WmqvXSVh

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.JiDpzrKa.WmqvXSVh

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 1 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 www.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp

Files

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-journal

MD5 7a13e48099b060ef3a0fd5b3299505ed
SHA1 2555abe79b57dde05562dfba00ed476bd206f6b0
SHA256 5ca58082ce2b53911a70087eb068fb7ce622d88b0d1db2f1fd80564c3a238cb6
SHA512 9dddd5b2b4627ef64d51747f8b88e409b27b1dcb70e97a2ebfa9ae19cd3f4e1a05dae7d5937079ddae1a7c6fec4364f768f31804a1735ca2456d672b6d38b353

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 c9ba32d54265238bf84cb2d7341433a7
SHA1 2b09cabcd3192bd23d02b3b68d2489813650f11a
SHA256 715a561ea3f34d8122391a8d99988ea141601f4cbf879c7919bc221d153ebf32
SHA512 fd3a2d6de635bc071572b1992e6ee1f49a2c21ec04bf30c3fabc36007c0b3cb70edd71bdd8ddcc8258c338696819243465faf3524e632256dddf65b6515bd7e0

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 853144e523f99627c4fe83aee2a045a8
SHA1 66caa27a8d2fede500549d8b0b6e087494dced82
SHA256 23b48f56f9396064b20fcfd192510a6a83065da2f40a4171b7ed9d372767c837
SHA512 fbb5fbf95a09cf2ad53112e24376e929a0c97c738ca8f2b2c5ae3717be2eb32307f80899696792a9f4496e767b5659d60f10ddabec840bbc9850c738d0d8be22

/data/user/0/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal

MD5 a583fd82b570af9ebf19b5fd2310fada
SHA1 85aa12f32440d91e9664aa9329a93a5e07287837
SHA256 b51c7e0c6b198bc0a4d05456e61f5e4e5ba0f62e4a977ba1ecdabe87d2fcfef2
SHA512 3fb2c28eb93c74ad220589c6f5f82506d419ad67b81aff90adfa9c6a010c747909230141802a9eeaf0c2e6b622c474cd9de0fdd6b84d6b30dd9c449c18e98cc7