Malware Analysis Report

2024-10-19 11:58

Sample ID 240705-caxrpasbmf
Target d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.zip
SHA256 d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
Tags
discovery evasion execution impact persistence stealth trojan collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

Threat Level: Likely malicious

The file d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence stealth trojan collection credential_access

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 01:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 01:52

Reported

2024-07-05 01:56

Platform

android-x86-arm-20240624-en

Max time kernel

132s

Max time network

179s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.35:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 046193d1abb515ebe25b83afe7d00ab8
SHA1 1bee5f49bba9f1ecc1c659c7ff4d92b7650a9c57
SHA256 ec365a27afeaf03bcec09d3600ec6224bd41359a7a0085e5db96756227112690
SHA512 7b7c68a80b6437f9fa172821e5fe2efaa571703f02377d3148661cdf1ca8359836ec33a96504bdd07a22f9df0e2c43fb6748a31a8978f3f50afac6149752d64f

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 ac26a375d5d673c2a7b39bbe42efacaa
SHA1 a7384db83f153cce2cdd67a97a20df068f6ecd67
SHA256 001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716
SHA512 45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-shm

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 4333e16b62aaf966b4aa8f1c3e02fcde
SHA1 b5dfffc4111780c2d52ba45826c757d00c8d9f83
SHA256 44b278baf62a53292bed6d4ae7ef112a8fe35fe149502f58f88d946714bfedc0
SHA512 3189af9b404b13df2b9de79be964f89035148dbe66e6737417952ee214c307de7808456da9d3d5d4ef2c43e2f62fa4382606947fe759400f027d67dbe3b5bc7c

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 610cec2be58972b9e305644c8a3fdacd
SHA1 8602f9f452645bc6c8dd1d80f6472ea336c6c53a
SHA256 72917aa9b9806157fae1f754fcbd12091de3c4cc163625bebd8bf16574d10328
SHA512 056e5189769e92a12a3227f9cee9671e7e1bd82ccd1330f27c11b1ea41e17180f8a2fdc6c38b86cb94180f1c8ff712c4c5b8fbb70248c1c4456b8049b52eb2b4

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 6ee7fe1180bbc52b3a127c1e1e2f7bd7
SHA1 1fa740a57d5962e712f29b782f64928c7b9bada0
SHA256 b3af205b3495b6d450551a3198615272ba229c736b0afb5c73d953c8ad313d27
SHA512 79add18414c2790e1eb68be569fcf174b7f0a1698cfe6cff36e1b8376da12bf9be80cf88a576f7a593c03c21a0006acd8b56d127f224783f70b7028ab2b52e34

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 41c6c1f40cabf68f0e8948ce555b7e3c
SHA1 d6b137ee17cab83a8c2cc6e11285250191152441
SHA256 40120c223c1c12d21dbfdbff57c5738f7f74f1a34711ef17ddfd2b74eeacd3d1
SHA512 5971d47d728c4063db5c7ea2f66959da7efa41fcea958ded9f5944a570b6ba1f1477c3492f6dc57e40f5199766d7bd4bcc17656efb820fcec0a3ab3a8b3ccef2

/data/data/com.cover.the.dumb.roll/files/m

MD5 c2c47592357037ebee2620e24eba829c
SHA1 10cf558444de7510a0a166d11496dd8c8238f2f2
SHA256 524c9a70855677d5585944132728ea275844a9ab99a0698d19fc4924cf236e3f
SHA512 2ba0e943b5f39479d26e8bde0ed1305d7f9f928c08a3d63ed116f534e7fafe1f431ab69aba43af9bb9a2f9051f31ffa7543b1bfa58304746f76470b80818ef3a

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 f8245320fcb01da479b4c7c430a51e23
SHA1 084cbec91a5498754cf87d3adf4dcee59e8d3e4f
SHA256 65978cddc1520a1a27d60321cc4552647f59ef665f539022ed8b5270197e5e9a
SHA512 35717af08a2bec68f90f9cc53a3e21ecc9f27a3f51ad06b913940472573fab5f14c67431613ca29d62d2418e80de6e8d223c706541d75bb7c6f6395c7e78c77f

/data/data/com.cover.the.dumb.roll/files/m

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 8e39576b2d6cd4d249e483a09f73a215
SHA1 27847b0b3785c65c52ac55b83f8ff6c42b80670e
SHA256 782061faebeb001b99be77224a2e9376105b30c807fbdbeb665480a08284c19d
SHA512 abdc49ad9f05d75f2ca21f2de22ebe17f69868a380489b4ebef2dd9f263a73d91892d848c066fb6c97ce2de051f3c112c0043d292a274f71a6b60146d41c7b3e

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-shm

MD5 30367b7e3e9a8634cffb5c5afeeafff9
SHA1 a2f2634397b55543386b19adf38bf1c07c69685d
SHA256 30a5aeb02c5dafd0d468215eb757457653abffc63be4ebf39c41056ba8d6a96d
SHA512 1c3e42e142643ea8a3fa97f9aba7b79e70cf8697214e8836b439972181a265f450660796fe30989f632323eb1d7fb666dce93b060cf58285bf25c96809203903

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-wal

MD5 d9428bf8adc7e295ef9a6bf5fb2d7019
SHA1 80576c1c4d662812b304324c9ac0561fcb488152
SHA256 2e21d37b3f93fa1272351682ed22567972128706b68e1a536e59f5258ecc49da
SHA512 3786017db881dae3fa36f2a68b1122e311943f98763e5f1201080512f9343570a963a5df3355ce6d67fb3cd1a605e0b5685aa2b44d46ed544d401d3e26f49ccc

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 843d1ab607fa3f8e61068972b5372168
SHA1 3d77c78f240a704ccfd1823896e4cb46b8a753d0
SHA256 886fef23c26b32a1357bd3084ed3b0a2c0ae68f6ba240e16838119f3e645bece
SHA512 4d838954186a4108cb8acfab42319ca7980d6a65240c15f1f4aef8096762f2c8db960b139fb3897032a3f4ab765a9ac6896ee2af550e703cd079176185bb0b90

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 3360c7bf0e6c43c25502694ae3eeccfc
SHA1 a89ee5272f6882277d29525b2314e97e14b77a51
SHA256 60a20c5a042ace21ba3ded555e9a6b19f4476aefbe4ef26ff75ef68b7c3cdc70
SHA512 27c11733014b292bc98327215f4621c358ff5d63b487114df15356065e103c67ec469cf1444bfb0aa676a43c80c6cac330ecdb546bb8fc26c2c85c4534fa862e

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-wal

MD5 6fae88102620b5fb07385869fe2570b1
SHA1 9c124dab29ca9383f24ef1c19e31103b556084fd
SHA256 9cba525fae98c656619e8cc6ab26a0dda5f3ac4f2544d37970959cb3f5ebbbe8
SHA512 069299a87353c0ddbfc32750d8608c9a4ea9973f7957f9dd908eeb2661b64036a04487e4b18737d8fcc8631559d0e588f5e0ec10c3903535ad8d9971183dd880

/data/data/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 f7c648de5712e68eaad9fe3dfda3279e
SHA1 e77993531378568137856c2600ac130b1fe6e2ba
SHA256 1b885919cf0c761b7b0809266db2766386c0dcaaa4429f4f21a778f8a8f79b9b
SHA512 49b5911fdac1a69de1e77d33a7cbc8322b8b3da53ae8f45e6cbdeb12187ed4c2bb6fac48887bc14dc7aa176731b52a7867cc81182a905a7ad42440ea74338719

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 f9d5f4f3db44b5afa1edfebfc7d3b4c0
SHA1 c839398fa088dadcee1394758d35520760e9982a
SHA256 351a1e15a670e29ae2275934d407ff5ec3b882d8f4799dffcddfe7deccc0367b
SHA512 8ddf5a6e8a77d20a772b6aeef5ebacc385e261216239e2155e9b1b6f657f6bb10efcbc053d305b964721462f7dab33a5394397e5b7feb568af6930b2e789e647

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 09f6f05aa973f061a112822000aa27ac
SHA1 43e49ecc4b3309f0466658c569f4f6aad0bf2753
SHA256 707023226368eed1d661c53f62b79cb5d346f56327bd4ecc3a2fabe8120c2b05
SHA512 b2c35fc5a16d31f2453122be1a251d1795c4a1fddbac2e8ec84952240ceb2f294fe346c0db15ee055dae919736e7ac6d43fdc5dfab1ba3b4f267f671ed9a53c8

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-05 01:52

Reported

2024-07-05 01:56

Platform

android-x64-20240624-en

Max time kernel

133s

Max time network

177s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.204.78:443 clients1.google.com tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.35:443 update.googleapis.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.212.206:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 a484a6bf72db244d4d4f167819971ef1
SHA1 9265c37dd0d727d8cf299a2f0c3aac80fba63486
SHA256 6338e025ad7c4880c0ffe67cbccdc86837f90dd0f7b28f76612fa60d9e96243c
SHA512 e9a7f2ee190d264c38810b78787b6acd72c3c99a03b667f025edae753e9cb6cd33b14a2db7f41b300c96afb495b4a062fed510875cdb2f10fef452abcfe8642d

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 a0a548793a510f9caed081689f935eeb
SHA1 2d1aad0213b2b86bfe52dd2485741fb00eb02f3a
SHA256 4564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5
SHA512 624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 7ff08e8fbb99302ef3ad9f1125725aea
SHA1 0bde2d68317f60599dda5a95a992a5204fc81b39
SHA256 5352338af320690bac601e68fd1d212b412f4871a69501da5f306bd41a482a05
SHA512 b496e658d4d282554437af65264fa6e8c6aee847f96043fba53c397d76d7e198920c52a225481a055dcb950c0ebe9c4010072ff94d6bf2127081ad8239b303ec

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 6aa627184a45be0c9ee19e92efc51888
SHA1 5960a0852639c3835cdac282e205c228680deb47
SHA256 e8020f59fd1d9872cc8bc10b01004fe02b7dd0095641f40967e536c422096d48
SHA512 309bd80ebcce09178259d73db847f313bab07f610ebbba5092d4df92ec85459eae8f862297803eaac4dbef8850265f82bfdca49e52f45b201c482e7c401a98e8

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 736a5ac52fb09370f56b0148ec8200d6
SHA1 b73e5ede7cf2e85ef6cc55aa42af0a171a557525
SHA256 141d3e387d375f33627ad6915596fd5c65b5dc444cac0a6ffa0b123a890eedc5
SHA512 af555b79ea60ade25a0244670ed557be27ba1dae8aba5fe327d0bc1db5b328f604da82655cc6de76562361c2b84d6b189b292e36377529c4123a5b4faaacfe48

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 51fbb8ddc25ddbff6f68ab248cde13c5
SHA1 29bf1f62990db50074c1b31694749caf79051870
SHA256 6d99bbe40b24127f7709355d6798b9f81bd7e1022e5c89ff2d4e303126a0a680
SHA512 e12b9e13282965ce0062294ece9dbb74deab8123c6a81c3ec7a1dcf6b018f4feeef016ca2906243c18e92c23cbd08bd88ff354155cad55182768ed745e24aac8

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 b8fba084ee2695fb44238b666c955cb3
SHA1 e26b141a4c984a8646aa3903993beece48e2b0a3
SHA256 21dfd09577cf5a927810d568a68d95d6f8f3a5c21d6529eb68e49e3ec710561f
SHA512 36530fe6ad7e66d2ec42119ad9f4345efc63fce28f324e1e84cb8a813e9fa5cc8f83f2c58bfd88761fa9bcef99cf03ff9e007fa938188a1a5baa4865c01556b9

/data/data/com.cover.the.dumb.roll/files/m

MD5 9f80af715526a1f38713041d465116cf
SHA1 75aad5ffcb2db62a08e46e7e91d2653cf9c9c7e0
SHA256 fa1c05bcdb89d53880c23e73b4e72dfbd9128d17dba0cb7ee42a78be0ee9a81e
SHA512 87a9105016c058eab8dd13240ba8e1d3a5e29d4533ee87d67fe5016e13573fbb443062ae459ed8a50ae796dd6019bb1bf5711f73f78cc892eb3cfab62a3aed85

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 87a46f4c4113a8dff979d5a7289ba27b
SHA1 a3a8fef34847ef6532a7ef898d5befc95dfa4570
SHA256 36e5b739059b5f1341967b6fbd00ca5b390b3abb40e0cbfcecd92cae7d696052
SHA512 8125d21e3a9cbc77cb04b64cd1a0e7ec13adafc0b417ae31b3d8ad257f5cc5b5064633b2dde8607a19b53ae279ed8a4e0fe1afc34fc3ce3256af4d39c6b3ad86

/data/data/com.cover.the.dumb.roll/files/m

MD5 5dfe389461dfde8646b3a610515a4d71
SHA1 deac69958bbb97a048096cefe89b17f5770712a0
SHA256 d2ac0e3c663dc0bfee815e9f7ffc0dbb63db2e8caacdf53f0102a0d6d02ee753
SHA512 88dc0c722d9b900174b4d233cd1c6a1e144bff5b871228e4d3b703a5f1c52173d623eef68aace2e804822bee2fec95f4444cddcc76a73f2c7af58148a4b599d0

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 193f5f607db44880d8ab20dcd416bb01
SHA1 a6be073120b40e787cc4bb942d66f6b697ad766d
SHA256 6b8c685177acc2a7e8b6ad5ce501fd4bf703817d8f8f28db1dd0a0d45f16301d
SHA512 d8aa6f27aa0fa0d52a50c40bf17f1a057d38781bb50b33ed56ad05d6dc22449b5039c45c0db567bd8d9fb34144d323ab5bd328e55f63b707b2e20e5696b87a93

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

MD5 6396afc07d2ad1c1212f749673524403
SHA1 74169aa821ba03d2edc01b5dfbfb10ebfd63fe2c
SHA256 a6b97f842fb441403c6f24955cd5a266a68bc10eff2db4ea4d8a226a0b5fafe2
SHA512 584892406f25307a339a0aef7159c75a86670afc97b52f9eb21ad7330f315db1d50781abffde27ccb040d8ad47753d30254f19e8d8427bb60cc0ea8f9a691458

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 d3d099d116f484591b39adc2c9ea7df5
SHA1 236dba104ca7f9877fc6d40dee192d1966c78753
SHA256 66ae42b7b657bc2bb48955c9bd1a05c9e58bf30da98502b2fdf5e0f97ac21e59
SHA512 1f7e95726781d0eed226480958eee0aafbe7fa1343e33519edfc247512528c41aaadf063e1fb8de60696effd3e6cb5b605eba16b5fa1b49597e0959f42316e9c

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 366e569053cb044fa389c92383b8341b
SHA1 21d7467985ce8eac005a1d485c7660b4c6db2dc1
SHA256 a4b522e2a3aa4293c849e20eb34dbece45d87503eb24231c5666376bc9409675
SHA512 f828dbc1eff978e296d75d2425630059fddd1a6e2629ed484e49c382066a134eb72450f54a1e318e33d5781c7b9a3005630704e42a38b3ec6351eea46215150b

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 fd4044e274f694e464ed13b04a25794b
SHA1 1ba285de9ab9d8d967033ee93de67fb28949acc6
SHA256 738a43753d601bef7a604c2fbf001ec371e066c1eff1235ac690ae8d82d6eec1
SHA512 69bbef42a0dc57a48e8154450f9bc3b0b8072cdbfd989915d437bfb8b33c2ff78ca04c97ce0f719a35cd9d7ec6153ac14a5581446340be752c87e48f7290db34

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 6f0af01d30f842264484d35eccc80137
SHA1 0554fed1301f55e8bbe3804dd50f9903ce905f8a
SHA256 d1153d2cf34904750ef7758457d9de0081f65c3a5f49155ed57b05b9041bfc3a
SHA512 aabf3216991a516e21b8612ce8abebcbd1130b34a0b5f57e8a015fcd3439e7e066a7dadd42d20c283747cefd19d955fe1deecb67c0a83b5a56516ff011827c87

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 82585dccb0c6fb72b46467a8a481679c
SHA1 16dc8c08279dc9580e7a4049d8f10a6e1c7e33c9
SHA256 176f34dc9490ff18a2221fe4ab2e30ac122594c369d9ef922ae9418e6ffddb9c
SHA512 2c3aa26a07d59d95eb69767a65c8cffc2118c97eed8d6b2644fcd274ef2c1e536032d6763c0f55c54f919962851d38a7b6176c7f2c7d8d149d8feaf80d50b2b8

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 5b147aadc9d76109cac8c73e2d174c78
SHA1 23d4426aa47237bc64c411a56b084b2a80bd2965
SHA256 9e8e69f02cb15c746e519fff236ee913c0a78cd316f6ff2324fde9aa5eaedfd7
SHA512 5064cd97ee40dc488486f2e72329a6cb7ae7e019cf0f14f76fee95ed0c99b8596dddd4151657aa71cc58ad0ebf891f2c1312620decb1d2c38af22ab013af24db

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 d80d53444fdc8a7593c7e10de3ef2842
SHA1 632d7b12b82d0fbf9c13e9e128ffd5f325e9a2a4
SHA256 bb4ef68b79c50133a232ab05f48b5e788b2eca2b0764b1d2286f1888dfafe2a0
SHA512 edecad5c3be22320c6c909ce62f1a55ae77d37873fa539c961e2148ad834cff64c557d5b58dced4ff8fd87f66e3a520977d5e432e3e7471f232ae8703382b0cf

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 c55249e7ffc64232908b996a1ddf127a
SHA1 4a0a9eb1be4835afc470492ec2edb11b924d5ff5
SHA256 42347dd900778ef077db1321d60b952644afa563bb983ada8d1dd035a1e2507a
SHA512 3a3416c9c899c9e601e35b5436be86913f5e7e39651b26c4c4d41436ac5cd3ed114d6d604b4f3b8753d4bcb780921191aeeb75a49b503537ab8ec543d06beb95

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 ac7f9da9da7ab79a265a6e6aaad15c1e
SHA1 d05b6aad79affa91f6937f89f0cdc8ff4d1ad66c
SHA256 ddda61dbff6088f158e96f2a22955b9c9a625aff522a68ce0595bfbbe8d43eca
SHA512 c2b023a00549aaa938e402a30c0193876003c6b6ffed84cd399faa2570c32910ac0b8a3c13b3c8051377f71cbb9c728c0ee8ef2cf738cfae6fc39eefa8282e80

/data/data/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 ed12dedc93d21e7bd1d28227d7f1b097
SHA1 405f415ff42bff5165cefafcd565cdd751254307
SHA256 5d0ba9f86079fc4f39e902e4db2d8e8c1f85c6cfb2e09dc23646de074faf928e
SHA512 b569795a388c5ca78e61626409ff59f5c5d27f0d6bcea93d35f5ae0c16f37326f43f02a66add759e4023204c6b9c5f5b28b4b4a5433211454a9fa23a1841692d

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 414b431a5e001e492277301f2cc17958
SHA1 9632b58030e1fb422bf521aedfe009a0ca184299
SHA256 4d29f80cda4d070a7d80da767761cb14c40289fe4724f691293433aa303df1b1
SHA512 98f24b31140aa31b7bfb67c87ea1b05ee2a2f03cd4b2f99e1ff98a19102551cd2879339184fc0791c92676bd86964ab959d77d9a298782fd54cc9483d0a318e3

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 bd0c327ea3fac1d85960edbe0c285396
SHA1 468c3443f29f6e3a3bbaab2c1463b3705f12e2ac
SHA256 52df7131b4abefad451f173933d51aebadd0b556da92c5019ea4102ac2b6107a
SHA512 16832cf5aa0dba9764717b9304175ec37af78ec8e597cf34fd3f26765f1a56ca321e52a3ca273fb96489cd21cc98a7fd903e7442770ecac7490dc8fcc23dbfa7

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 43c6f5b25a8aeb3c6e3c317aa6278519
SHA1 462eae86037c1c663e50752c1f2d81a3fcb41c30
SHA256 f07f531329c7e373683d5e9bf6a11d7f7da17ed792e438bd43d2286b783903ba
SHA512 4b78468efb5a1235517c55aee41744b00e80efe85b7502919f8a83bd25546f13e9348135638994e49fa5415578c05fe7852ef673f9b0be50dc91557dd2057909

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 4d7404eac73c627d879d5addd7a85146
SHA1 f7e55c9d2c54f1abd93f11bba83d1de6f4a9ffc6
SHA256 70189c1bfe16a52d601a6ab5b794e30c8016bef4eebb7de473820497eccc62b2
SHA512 1900f7945a95ec75b1ed8980785cd24b10e1f4aba2758451fb2304668c1f7a7f2ae683c48815e19570d7aa2241f906e7388d2946eb125e934677a1da4f76cd86

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 b00cf635401b1db5309ff2d45e820023
SHA1 ed39566f4887e146a01f422506e54e7e5f227e3b
SHA256 2c846218908ee1be47bba7d3370e30133c5ec67411a16cdc576e97c46a1d69fd
SHA512 2b40eb95f0237f4db9f5a95dfa1c05318e9e0a6be8ddb68983a3129d71c1043b40c8cc4faa38cc8aaea618de978c3d93db6c8466139997efbe07fc7bbf3f59aa

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-05 01:52

Reported

2024-07-05 01:56

Platform

android-x64-arm64-20240624-en

Max time kernel

175s

Max time network

141s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 570ce85c503f02ad8e4a14b596e074f1
SHA1 a9d58fc6386c7309c8538ab656d0f1b95cc8e8a7
SHA256 ef66d37ea3aae421405aed2614b99687e0ceed4074dac7dc32e87b14ed7b8afb
SHA512 31b1cee58a028e6b04159da226f91b9ba3bb9ded4997c544d2ac2479ffd2e27439f4ea92f633dc59c25128dd631e11b9f24cb13aff3c3201d337c779605098bc

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 fc318483a677c71a725dbbe6e9516df9
SHA1 8ac3af9cbfb464e53b709028d1f64a4d019bb2f4
SHA256 d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9
SHA512 0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 f35eec7ed20a9b7b6d44b918c99aaebd
SHA1 b7d36c30bffd761b3749a037ddc350bf2f31b82e
SHA256 b36f0c3dee79ea2df12844490e336d37c18b3436e66b72a83f83e81ee66d612f
SHA512 179ede3eafd9d79be21a7f126b0fbd62b74737eaf76988712c8eab1797c4a7351cbd3f47ca73377db168a8b071455577a807eee7ce467b492a2c68c197ca2f8b

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 a35d44b255d8ea1bd1115937a854bcbb
SHA1 0f8dfb3aa9f44bc42e6f7360c14e4a76d54cc07a
SHA256 1eb1139da4ce664555376517f8341b9e93b2c4ea97325c6f35bdce1d9fcd6791
SHA512 ad7a241413bbbaef995ab97e6ed5b208272694fa98b5ccd3bf0107744508f2d9420624d4a2f6a07c7b8b1bfb316f579d06c50b312bdbcede7c66faccec6fb9b9

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 0ca901bbf19286283df175890b4016c0
SHA1 0e5d2194cd3b50d6af5b318be2c97c31f7715a30
SHA256 9190f425329b8459afc76f8bf399199753672c62152f867fccc10fa88e490489
SHA512 5487d053062e6428e4d299da87284b4d796058fcc2421b9882ef8f7f77161c8a1a0e33963ca3f6e6399a914310ea1a00445099ab2bb8dbf1057022db1f32f066

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 5aaa6d9e0b2afe2df3039b6f9748aae6
SHA1 561b174f7ab37aeb15d50bbc4421fd24502b3e04
SHA256 e76b817467ee952bea2441d8550ca9191894e3e7a0c5312271fc3ff80a0bc448
SHA512 42ebb4777d383a6f1aa30e678e3344a073fb5e3b4e1dde83ac8957fc55c70df2c8a1196e9d18c90e3a23c1ac3422d2378396a32868d7d89ef38b7f75029b13f0

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 95039dc7a3b1586b33987e549a8828b6
SHA1 609819cf4418e2de70281fe1a9debe4e4c0ff970
SHA256 bed6d9d67c77750fefc17f289c52f0f297141448c978c75e36f4042ebaca4a6b
SHA512 043b09a04f057dd436f37dbab9e261af005fe84e4dd25422fef73a04bce64b942869478ac2e135d2cd4d1b8ee5dc9be58520cdd39061d4fc13ff1f187ea0c482

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 e56207a54088e5b8ab2b84949cec98c1
SHA1 992ab7e16042c224442f7003ebdca78ae370bf73
SHA256 35a4ae43c0fa3c01320bc6ae60cc001b68a4244e1407b34ef6acf46b4437ca7b
SHA512 2c84054f829e3e7a11a266df48d791afed9e2d027a6e95830c3c9146ef98b061036b4a8a1602c509006b4db1baade8bc3560921daea841fca352aef4a3bd6f97

/data/user/0/com.cover.the.dumb.roll/files/m

MD5 53c1fb5808b4241eebc5b77f7020241e
SHA1 bf61bf71f040c7ab7d28a8477b2b90bde1474f49
SHA256 e82b60117239f6310dd9898fecfcdd9ba21b9a87334394b62e20e0b1ec7349fb
SHA512 3e88a8a008412e379487ce04eb1d590d9246aa7c24617350611ec86139ff49fc64169ebdc0f5acfcf7a27474dbbbb82c6600ed8c21791a8de87e5c02ce9a20cc

/data/user/0/com.cover.the.dumb.roll/files/m

MD5 e0023e28402d8a9a9e023e18377fe550
SHA1 27b727e97191156413deaa0afba5aaa793fde135
SHA256 3babc583ca4dd395e4ef76ae8a427fa9cf9ade5bb8b8457c3e37ca92ad621971
SHA512 602ac60b1d1dc7baf9b2b284f0d422eed2e2d791faa327fe1af0f5a58a9a38f6ec999fe2652daea2311a2d2ec209cadf3b522f9906cd2b5e05350f9f4521a3f4

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 dd3439f8f72a5a99a34ff9b034620f71
SHA1 88e7c5ade0868b0d8e1fb76fb81072fa39d5cc00
SHA256 a8284d4c58ab2951192a5655b9649a6719cfbaa6d4875e6209e6c7a76680581c
SHA512 291a51c65baa3a13ba55ca69ad7cb04f3fa01ae136f98b4a8f62954215bacc93a472372136dcf2fb2ed58032598e05c5d3dcc3d56eb5db8fb69900fd98e96b3a

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

MD5 360dadfbff406efcbed833f8faf4cdc8
SHA1 7d8d60eb35775c85c9091c8413dba2df86b1516e
SHA256 82741fcbdc09c44a3231290427406898b27f52fa719a48c3f9c50fe53600a6c2
SHA512 bed33666dbeb41acdcaf16d1b5e48a71aa74d124d78746f6580706ae15322ecb3398c7562f84f9f1fa302f089f8460c4ece7ec79b2d4121e1185f0b3920d4869

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 6a08a328e866e8c983302ea033ca1da1
SHA1 986dc8b3e4d9977c91c94861a10a834b8dc35640
SHA256 87bf902d378150413534bf7dd67b986d704bd9551cc3afcd3ab4b04b4783b004
SHA512 497d710e8e620c3a0f120604bab6c5e5bfecc5c470ceaad8ee90363b6e068af4a7a4d7836c4d2fb70fa7a0d786f70a05f8a12f42453b5df8f39ec0f1aaa43d5e

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 1bb568bab892b779e19f4c5c21b9182a
SHA1 7b5c177fe13fad48eab7970bacb77140ba2afe52
SHA256 14edeeb8c8361ffd645ebcc20ba6b4e1f5de7b55053d2b3cfd21eecd73e8de67
SHA512 7440e58f1642a0d1b588359dbeacc2afdf573e6dd84fce2b3b1fd303e19a2fc14556ed91920d28a140ea2e466d4a1259e693195970ce20488e7a99fef6fb696c

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 e397c8d451d1483d8712d870b2cef06e
SHA1 40a16156c34cbed512e9c2001ba01b8ed9454399
SHA256 a99b9974e07fc5596ad515525e961884c6f34883d58dc15cabdf86176d168539
SHA512 9130a3b55ac15f487d330d3fae3cd6602caa7f3bd421eb5c66749d332e6a01a3f3664f3bef334ed8f5af0d0e128d9d178ecede49656e8cddab080db7791753ff

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 bdd74d068b6f078d6ebc77dfa920cf55
SHA1 7ddfa3f2f4dfd159140be8cea8db2e949bc5d6f4
SHA256 367c7ee4af5326eec18ce0e5e56ff934240b0a669d45687a7b2891b988d0c348
SHA512 a802b2584bdea964b2efea0787e0eb431a809e535bf2a32290140020586b9ecab0132241d1287c697779c137d2d0592a53256052ff43e30721f61e5ffab92c20

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 8248063609b564136cd912eb54e885b3
SHA1 c09a46f95536daa5992baa2a9f7d021445e28585
SHA256 3347dd98c186d778f7a1e0b71035ef2f9af7b3567ac0f9dda94127174df9cba1
SHA512 819c2e425799d3585d8d41d6e5f8d248129405e284b7c7647ec9ba540f98b9b872a1c715778c488c324249259c76a8fa837631d185aec27139df89e751b38e61

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 d19a2a6b02bb83101afa4b1d88ba7f92
SHA1 65c112fe0954975ca95ea200537f74f0b0d6c760
SHA256 310f512db5f494e483a530b4755be2e6799f98cb1fc0de87b59f37565d21b54e
SHA512 3d75da1cf6158d67af567ff7a6425a60f4590cf7530f4f136d883e0dbdb0a992a0747b5005093211339088a9ec1a6116cb0a661cf5a62760f452214084dbb8c7

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 ca275fa0527e94b1d61c4b418ce0c346
SHA1 649c16efc8d1622eafc366da08e9efe8160c0c21
SHA256 c3ff91f0c2c7fafb3516d425df0dae0ba4397a46a8a1d8e185fc33b41f213235
SHA512 8c5c9c79efb3922806afd302e95de50c222050bc81beee020364598d4dbaad699a8376634471f814e5e2313f7ed775be9124d2241b25eb8ba8485870379778a1

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 2a58509166e5d82d6f233dc201f6074b
SHA1 234625261a1e5ac497cbeb47a17416c772941c81
SHA256 8d690ab32c9f35a05555baee05b24a4f124f8e795606678c170f48cfcb61f830
SHA512 9fe035324172418cb2f3d7f6d62adbdfc332a25f3f12f66e3c019bad6c670d9aff5093755e0d6623ab41b106c8bb05f44ecb1f80d864fb7b7851ebe4374abcea

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 d48bf3365b56288a0a67e3919bc62942
SHA1 199c4b39e7094ad5063fe8e760bd047b79462668
SHA256 7f66ab95f01f5fd7bc748acf54685a2eace3da16924c71489ad2c646022bbfad
SHA512 fe4daf4ea1ba3e0502baa2126b5a060ee950c3c7be84b36293fa3647b29150f8f08f0bfb55ae0cae6d6fa0b64fd076f4a45391df29ef2fc7e3b6e15035d195bb

/data/user/0/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 d40f882769ba82fed72f28e745a1df0b
SHA1 99e33ecff4e34774e8cc662707451117a98d8d65
SHA256 b513776adcdd5e81135aa931932744b2d61841010e51d9271d389b681545fbda
SHA512 a386eede661e9b4ab34835e2220c131477c66cff2b3c3de265c744bcdace84fceed28a571e1f4cc05c868774029d5f291c357d75420f4669fac33abb4c01f950

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 1434ecdd8972edaed2bd51b5b48c13c6
SHA1 d1965bba70634c4824ce2f9ad07b4aa0c39bedc9
SHA256 d27ff93ef18bf228770b769e938d33f10d556fb23b495f66032604f2692a6752
SHA512 a2c015fc9ad2b089779bdf646d3de738219fa4ee22b4d6b4ef65aa01a0fd2b1a7d895397770db35dd9c8cef75c6ec5d347ee5c01f7d886aa7df24312b8055237

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 4103f4f99d0e5db0a859b12c04cfc41a
SHA1 bcbfd204e0b0b2774c17bf67703184b98ec36149
SHA256 dd073648cfbc88b824f67321a0be5045ee18eedf282264e34180b80a5823fe17
SHA512 3072a9c447fec51bb111788a12da571ac7b2711a58153926acc330c2aa31b787c377de8862276ba5fdc1c8b3928ab1c2a65555597f7fa5d7e9ab656086b156be

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 2debb682865cb6245476bb743f23d199
SHA1 4995aad382cef5b98e95fccc95c53086043fb155
SHA256 6b5a2770449bbd95e7a2c11b1aa985642a127915a1e2745a234b8b57f083dda1
SHA512 dd98c8b227da227df0e1d191470759f494f1fc0eb71c14748b6f52519eb58353af0a35b8b160ac1ccb8f42e35fa3324301f0056e0548ccb8687194a809563f39

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 122556625e712d8b4081a42240f412c1
SHA1 6d14d8b34405a9de045f689d37f82950083e68cf
SHA256 c9a99cee7069f7504974fd1e6c77617a9cc3ca0bb661424c4285dc42974d4d1e
SHA512 73fe9229b18978824cc8561fd99e9d0420f1d8ee50eaef4faf58eacb4872c388d08ef0648fcd87c173fb0b4b00b89d48d7703ed988df497b40b40f899c307395

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 a1e4ee55a246713de10ede65b5cc8de7
SHA1 ef914f8e1d942ec7a78abbb19145141df45c9b2f
SHA256 59b3534a8706ec46ba1b5813b6e5730e7adb2ea5be8dd6562b653810499cce8d
SHA512 f07c53582dbd8a518ae5d1381b4170feabe0a65692c755d59b9ad8d501644ae85809879c02a67ba55935372a21cee48175c8dcbf4b89468507d56fa17854a293