Malware Analysis Report

2024-10-19 11:58

Sample ID 240706-dherhstepq
Target 82267a649aa0a1dbaea09a422f292fdf.bin
SHA256 57a47b81fdd3f5f95c8fa7925eec1338440efd2e626e8f5b89d1f481cfb697ac
Tags
discovery evasion execution impact persistence stealth trojan collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

57a47b81fdd3f5f95c8fa7925eec1338440efd2e626e8f5b89d1f481cfb697ac

Threat Level: Likely malicious

The file 82267a649aa0a1dbaea09a422f292fdf.bin was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence stealth trojan collection credential_access

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Queries information about active data network

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-06 03:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-06 03:00

Reported

2024-07-06 03:03

Platform

android-x86-arm-20240624-en

Max time kernel

132s

Max time network

176s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 2b5b73cbfbe3f87c0f26997e2ca88f00
SHA1 8e6db6e12ac84ad0d8b6693d35c70ae9ee4421f7
SHA256 2b98a61e9fe269f3f856af426257b4ce9315aab25806c692019468c1974d4322
SHA512 6caeb1cae1a6c3d01b81367fe9712f69b33638f2f08261fd5ccecd71859efaf971b30d688b66d26345a8503ffa9807edfe909d1c54201b6e3bd8414758e243a6

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 ac26a375d5d673c2a7b39bbe42efacaa
SHA1 a7384db83f153cce2cdd67a97a20df068f6ecd67
SHA256 001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716
SHA512 45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-shm

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 0fb04bfdb7ab4fa4ddb3fb35d0230381
SHA1 7f362a2590493b1533215451228b6b4a146fe835
SHA256 b3c9adf82b33b28033cdae6655c6bd5dfd05a304e8d577d98a9122b5195b0c9e
SHA512 cf42d6238e3d9231a24e57b176381bf485688b5d1f4c82532c5528d2c3d482c0bba23407fbc953ca3b01fa0bdf6fa196d0d32c848993204fb8a990b1f7ed455c

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 7f2cf946c509b9c9ba21a102499a3dfa
SHA1 883948aee7b1e2a089c08180009320a90ce39026
SHA256 5e07e4b8def2f31b7ad1ccb1c53aa40fb6fcb90cb8aefdabd0c14f671a95d314
SHA512 0a3db857ec00f5cb8c67a28d4ff0271ae212bdcaf2836e31398603a9a8e0766b57f396d16fe93a93bb1a2d48379fdf0cdac4df91850172793b5e7191b182d048

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 c1630ef07ad9b6d8ecf067c040f17b6a
SHA1 3a805aea06f4509a92bfca79a52b5fe48802a529
SHA256 5a6163d2f2a8c0ccad599f8661a567423b473581e0a8ca36c4ca617a5f7e112d
SHA512 9167c0ce59858f09b03261c508f5ac704f49d71fae7c38acc5fe5495f8ab6d5af5956f4b2fa69989944a8db62a11c4a40194fee939f96256bd4044518182e6af

/data/data/com.cover.the.dumb.roll/files/m

MD5 bd4eb24f0e06a03b241823f5493f3f60
SHA1 0db2f96bbd911c2a86034804500be711cf05ecdf
SHA256 a0d6eee815c6ea1d4af16134954eb4a6f38222e43f3b92b2fab24dbfa8c20188
SHA512 73a5306d5043750872e19bd3d3f9c99115aa0d3cf88d96ac171f9fed7265f2f427ff14b608894079af8c228fe0b6aa97c40704cf1207e830423a546ef17ab7b6

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 e1c47b2f72664768d85db7938071635a
SHA1 14a34b13fc12f35ce16c45c644f34088e6d71a83
SHA256 fc7e5c312f65672f8a1e70ddf4379961bf7ea77261c4a5e6cd5077cba143e5bd
SHA512 88594777457b90408494c2e8e5703bcc6be3db0260a592c940b67674469798c45dc658f9491bfacb797ef528edf8dfaf00ec777e452106a41f14e68f93370ae7

/data/data/com.cover.the.dumb.roll/files/m

MD5 84d26341beca5d6adaa47f3bd5f9b321
SHA1 b270ab001d46914998e4e1948afc2272de6eb995
SHA256 d1f2b60fde91af15e4a98b43ea3bfdd7ab401936a0675d2fa9df6ef9211a5879
SHA512 5c22524672730f3d7dc8766401512c010e649d72ec57d2d3f0f5af57021813cc59282b18930bb7d67e5e9c20c3c554f810ab39cd66005a13a0e22517356688bc

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 adb7b33eac8f43c27d36c8d9a939a3b6
SHA1 73ff5abeffbb10c20260081292432bfdfe608dbf
SHA256 62137d440010fde40907dba3bd095a5ae4a731369963e4acb5891ad826da3ee8
SHA512 e878b502cadf41df3a5c106a79a94d4d1d1a8d044abf3ac425a5142ca3eb5ad7f306ae25c32fc87443c0723a7e114d2930e3d3ae62f89c5972dd9d7984b20149

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 9cdedf9dc4af2969fdea32813eacf16b
SHA1 ff373001e7306a194ca8c21047d32bf83b3cf55f
SHA256 9854a04a8d12ff14214bb14988eb8020a808b156b83fe9c4cf72c2472af9fb02
SHA512 813adef2ecae00a64e45ae984f70d0831a71797dd9f2812c9e0b3c323b143e11781302cbd8b946a6ef368834651c66e38ca346273f5fadbe43bdb531cb10ddd4

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-wal

MD5 cb0aabad0e8ff28bf00dde77a3f51043
SHA1 05b99855ef3230304df92528b28d80b8bbe3208a
SHA256 3ad5a10ecaacd50547fea5cf5f35f927b2404df67d5d244d365fdc8ed76403e4
SHA512 cfe3c7b3794b2b8c4d2fb4db13c5cc87a1332cd8c652128c72c7f3e8df4749194886f93f4e18bea14b98782a8b22b2afcf675427c79b8cd4f21cc46163438c03

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 3f39174b332324f2c043856add748250
SHA1 b5c84d2172cda5f93435c22c8a56113db68719f5
SHA256 ea64d88c2de66403ac04eab4ca81a22194ed5d7c5d604edb43d081768b4245c2
SHA512 7eb94c6a2d68012ea316fae6ec9ca012dc5d05ea4129c5f5d55ab4bb69a1ea09a10b126b23b3c141323794fac6eafc13fb9e085f5b7a9e97e37bff38414035da

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-wal

MD5 8321b3e764933519cdbdf47a0f25029b
SHA1 b930a3596344e503cbd41a24b7bce1741ef0bf65
SHA256 d4d4d10cce8b02c86badd036c9ffc8aea1a82446c353174925501a045f208d22
SHA512 a62795d1eae9b5d455c684e09a3794d9d15a6aa31e2dd89637adbc2eabbbf345a9e1a37d8f9e9c585473077f6bf18ddc684dec765faf114c255177a093007eb2

/data/data/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 1c3834c547a99991a65e989aa3dbdd08
SHA1 90189a0947713d2f2223795ca82384e9606ad120
SHA256 d7ff4b231e584a995611ed0dd63fa1d15f3fe68daa76c943306c7701ecc2789d
SHA512 333943d6da1b3c36d27854e83cca44225b6d22f5c6f6eccb30f961d54a469ba80bad30975187e79d138572fd23a6e9e86d4ca2c8b2e5be2b9062e4eb590b5fb3

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 34bd1fbb99b39252a0e60d44da7d9b32
SHA1 c442a3de9b945a2ab48dfe617652644a2fbd8000
SHA256 6901da1e0b869cb9877254db2c84c4192181c025a027ca24fe1b579825f26d6d
SHA512 eec3e6c7569e2d6ef188c2f29d12bec9da455ef8995554669cf2c4c797a3c84e1360f93102b81c685dd3b80fd33d413c3d528e824867faa4cade36cbe3692b5d

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 74858c019d1b775f98f4f4f8a2a085eb
SHA1 d88da72ca7a3aa716d5a366c66b29a9eacaa6628
SHA256 fce330bb28d8f33597b06df6393bb3b91bc436d590d22630f72c8fe5bfd77ced
SHA512 0284219308db09da67fbf4097c388eaa51b4e195d3bd75648d10fcdb2cb71c5329e275e50ff405221207d519a22f38cefcd21603ad1945fd2ff33037d7b8f65a

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-wal

MD5 5bb1b92bdbe40a2a07fca29b0fa3b5aa
SHA1 44df0b599b16e6176b65b2869dc97a5b81af6e2d
SHA256 f87402c6f5f7a735464c6a63e1dcf0eca04e26aaf8c50ebad62554d160b9e1b5
SHA512 866f2037f3b6a19b61372a38f6ae1483d4d2219378895991d0b1d31c8e259b9588cbfaac2becb15322922993f4e9ef88cd4b576a2a6c72afb93702b58f2aad13

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 59c1b6e9ac2fba65f87a5f351f0e28ab
SHA1 5ac1e4b268503ba9a398d5f82bd2cd7dc37b323e
SHA256 cd23c6f15edb09b83200c49042fa7a5eb3369b2ee956f393c209ec63e3a83e4e
SHA512 b390d25bf82b82e0754c958fcd175fc00f3a4c75d198c7965596acc75174f9b11fe9c22859689c3ce0ac5aeaf9d4af9c2d5f83f9dd147b9a6e2522567874f753

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-06 03:00

Reported

2024-07-06 03:03

Platform

android-x64-20240624-en

Max time kernel

132s

Max time network

156s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 9628ed2345e64e9c2d25d52bb296cea8
SHA1 9cb506567f4ecf2dd568f9e2ed58e953ec15fe5f
SHA256 9102a6115ef9a46278d7f91cb1e5ed6749ac600bae784b400cc4d126815f142a
SHA512 e49a1991195b7bc6ecd3ea8333ae93650463d17fbbdf784baed54d35903de1c9dc0c6d10a6d92ca11d37001e6d2e7fc1c0b4759d6a66c7bac93f25dd1967f680

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 a0a548793a510f9caed081689f935eeb
SHA1 2d1aad0213b2b86bfe52dd2485741fb00eb02f3a
SHA256 4564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5
SHA512 624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 4940ccffe0bf009a9f11df82fed4e3ba
SHA1 985c4a3304ce6fe2c707918b6d8e79477347523f
SHA256 2a2c40fa63349df51f2f80fbfd290608957ff7510e85a5fdf8ffe4aff966e214
SHA512 42c80a60c4d2dadcae081a3798013f3cc843b31e9b2d01ad8e1bea994da5358489dd4b5bb34a9645741c4e82cec7fa246cbf9c2b83d088c390dc67feaadf7f06

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 df9ddb8c5d1b3eb6b34b69232c7f957c
SHA1 f05b2d71a527d00ddff853ffcd21c6c8487419df
SHA256 5327c9503c20d5fae9a072208c35e4f8e5932f3ba9297cf62efd289ebd167066
SHA512 372dd7b3986bc1b3fcb5fd81b03d168c30cbe7bce862bd87f34176daebe637e5aabfd7ce0fcc36974aff8a71e758b2b91119dfacea2487f2b69b397478898842

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 39e0c9bfbc098e4585b734752a126b75
SHA1 2edcf11ed4cbd6dc7ec89e288fbd08aaf48060a1
SHA256 67ffab13557b4cde682bf9bca0d70064ed7ccee7155ac4086a4bb09a56996e5e
SHA512 1834296fbfd4dd8d24884734cc03e2f2134d0e1dbc32d1c718535ca01992c39c8587776b69b9d153201d4abe71cef71fffd9acdda9106aec6f2d591906b1ad80

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 fc26bb0153382385b7d29af692c77059
SHA1 b93075e459bfb36f8370b84997e9108f13942f2e
SHA256 0c72c2c53f59c1dfa3fbfee8b1a0bb158e04ab31808e225045ca4ecf09288ee3
SHA512 4d7b965a7bd3c8746817452dd1fa3d3518b985f1bbaf7f9c96fb0d4b52d0bdc52a6dc2bc417af396ea28aad002f618fc11d8b10318521a2836b8f63ad3951580

/data/data/com.cover.the.dumb.roll/files/m

MD5 7aec84397cc7efaac9bdf58654b6d14a
SHA1 f7a1b184b47cc96bc0c1555a848adec9f27c9c19
SHA256 520c582261fe55006ded8404aec0acb52f7bd8d59eaff11eeb1e382c69090ff0
SHA512 4ba78526636c71948fef9c062361bf8b34542fbc644f1ed9564d5a0abddb2a0668a11c82e3e818ca605eeccaedda4ac1080d0e4ab4c8f34d3c8cd1416a478950

/data/data/com.cover.the.dumb.roll/files/m

MD5 e2da854cfbd2dd93f2cd8e9c985fccf3
SHA1 4ce21be3e10e06dd33ed9d44a6c0697b8200b79c
SHA256 cdb80951ec9142dc96018bbbb55cbd23ea49c750ae2a96ba2537f1d37812035e
SHA512 4b1cc55209a272e9a217eb155b45fea9b897bf281d05930f1b92ec92f3436406566e0d9be6e6c1fe54d444b0516f1ff1d7855d0a7041c22e748b600bc7f92993

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 c0271d23616aeb174e9971e5585c4bf6
SHA1 ce466870fa250bf211e6bd19578ed4be10124beb
SHA256 1eb494274d44f7d531162a2ea73d9647f87eddb50f0b4ee4442baaabc1cd7593
SHA512 a4f10c5bca5c3890dce704fb3dadbe6846604a7d0e56e3cf72223059e88ce740f09259f06f7f37138280b2a9cabc2ee660a594d4e32c3406a37be6d652beae34

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 d1a8a9d8dfc96e0ce3743da08398af02
SHA1 b44759f35df59b7e997ac8f5b7169dbd5c7f0891
SHA256 cc4d89c025d129612fea8191f877df1b07b2a446f110c73940521274718f5fbf
SHA512 8157789dcbf5719597cec91275611ad6265abd6b999fa559caa11bc9aabcb47a2a0d78866eefff0d1a737363dd62c9f6f0657011476a1ad120d2d451ad85e4eb

/data/data/com.cover.the.dumb.roll/no_backup/metrica_data.db-journal

MD5 a2c45d1c5c7042ac89ac55c9424b7965
SHA1 48cd3f2542fc1f78dfaf0d3fbef4bc88c48bb1f1
SHA256 3de85459a7abc07637ec02be361bbf41429a07096bd69c279158502507bfac76
SHA512 5252537c87bf5a38f02e15da76292177d618a0a96e8dc47163028fefc555354e7752ef7ca6b7d268245f3ebbfc1163594b5418eb6015d73828435dd2503e391c

/data/data/com.cover.the.dumb.roll/no_backup/metrica_data.db-journal

MD5 9982ed95bfee80a89c9ef7738833884e
SHA1 817c232833d1ab42ab66bdc55bf3932d6e6223ad
SHA256 d0497718e2537c4cc9e75b5bedbe9e8575cfa5ae05d267e01554e1d4f15d5596
SHA512 6f63252d2ea47abcb2e0717f5f3c1fc0bcb3e28bf02e625557f88bbc84c8535405866de9528ec75fc95213c156944008dd9855e10d1b3c876b3918811123c55c

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 0668927c104d60e3c1dde507d69d8374
SHA1 51827eceb2ae557da9ebd0c0c65be2cf63312816
SHA256 3a3c2c128bdf9bdfd5ff1a18ff918d5af7fa9cf090851adc5f59009202148818
SHA512 1e2389205759fbccaeed3051a45720c302ca5d3c69513895395b52e06d7a2005c6dbc2502f31f5c0f38f4742097b53c8c9d878f339cd04d83b442feba266083c

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

MD5 11c9500b14d3666af5b6efefb6c68e5f
SHA1 fbcbb2619a57b27122460a36d344bbb70072dd03
SHA256 6fbfd08e376d1ec80ecbbd26282c78d75ef630acccc377055addb52dc1970f36
SHA512 23d93b53a62d0312b66f9847b615a1a80adb79a1dd1a8f562611fa72e296bc0bf287c8f409a638e7d0c24ad4dbeee0ffda5b1b7e82393426cf1044fbf7724e92

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 d89c19b9d86d2dadc32a0125c0600f04
SHA1 83c6e7035c2b475bc0a43e27fbb02613c60443c9
SHA256 0451c01f935e6f387cebb076f0e9ea5650cb9cf3de27847b1a0c0b40e8dc7666
SHA512 c98c8cf061045b61470051a3e9fa5852413d65e06d7b00aca790e75ded86c0d94aa8e17603cb46b54446e895327200c5251f2ba5e6ccaeae323e2fefc3012abb

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 72f3ca3adc742b39886d225f1c63ad3c
SHA1 a954b3d279923f5b76848ac874979834b86d6d9a
SHA256 fbef47aff0b5572d011fca374401b31c60b1464574cd37f206e0ac8d8b742156
SHA512 e89318a7a661f0aa12c859c06324a3e63debe338633600f40e1aa2337ec5103d53ba75cbf26c2be3824a1e6b638a161b77cede9d76b8bdf75360c336cf193fbe

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 2c14388687d421516db858dc4d28fc4f
SHA1 f99d4fcab54c5c3edfe8d13c41c734426a1d814c
SHA256 ef3063f6ef5ce7e30d073501006f0a7e5aa9389d39d05221cde80e4b0c977c71
SHA512 22a2352df87ecd70f5383a01fa9b711963e06aa365e65e85a3e330eeb2cf97f565ad9e1cab153e9b9cdb8f3fffe1a7b76394ab5cfc26dbebdfc0da36d4a3f20b

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 b87e2cf81d6f6528507a8fb18b09bdfa
SHA1 f459f6e22d5a00e3a31f7697245eab5e9e4e35ac
SHA256 ff1e2130f9052649fe562b026f73288917b3918f8741d2a4b21f2e213eddf2f3
SHA512 e9f0424b47e8f11c6851fb812cd12062f20600ae79c1722841d7862f29a2e38dda8105f75c5cddfbd129d1262f298cd66aa192bc2e598c25592abe26b5d28a30

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 bdf4a4e60954bf853dfcf14267b78fff
SHA1 e1e8418e533b3186e4890ba9d928e34a49d56874
SHA256 3783b760b25d40998103a7087f66aec04fcb0746c623fc9382fe6a6ecb4c3585
SHA512 0761c1206cd4fae55cf4099051df63565b1848a66971dac282e1714aa2573ec2d21266a78576682023c89420568f16661a0ba50d8be21e74a72a32c8ff95a077

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 07cb222a14b88ab39f4949129a228bc8
SHA1 fdab0529f8703aa61de21db14ae6911663e3c0ee
SHA256 1f4c6c70536bb8d6c63853f4b72cbaaf276b15fe4b126ecf59c57d04ba577068
SHA512 965d2c0bc4ec8f8b71bfa0f50bc5bdc6d58a3e7c20edf109ab2318a37d17fe5701fb4295c6246d5cdff1365470bc38517969365f3a5c9e603a846b319635c486

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 587959b119cb109b86a61979d81da4de
SHA1 8c9f5aeb99779b167335dc2f6f7d43fdd0a2e434
SHA256 2f0300217e6694132f9509fbebc6ea8a6d31b05a224945e6216f4585bc35c912
SHA512 2a66c8b0febc3fc99af8d63e034f8324148adf96245a3a22485794418e33de633fc6019e5cd03124824d3b0e7b1ecdd9861cfaad90782cf779d25ae60de2a51d

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 70815147387f612f4f116c533bbc98b2
SHA1 146f1ee3110827e35cf7e19b0e11706d619cbe53
SHA256 f49bbf10eb2b72fd2efbc451fe05c0baff193fbe2cc4335661db319ce6ddca77
SHA512 11dbc00af2926f9ceda3aa05c250020d80a61681d5d575dd87d8adf6592f1671492c65c2cc5d86f5dfb771a958edc33799c087972dfda39abcdedb5015c46da3

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 a2de13948963523e5a9317c6884d51f8
SHA1 26c708cfd4bacff8d808dd54251a664870fe0ed5
SHA256 085879cbfa06ef2f7424c98721050bc78909a425baf1fe53e1a4df9c697a3f58
SHA512 6f9ec698d8dab06ce6c2aa0c3c632d16cd18d20d84159a0d8d7511749842854f0aa96720c2ea05edc01235b39ae5b4b12abf5e12bbd388362b7a51441b5cf074

/data/data/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 b9655a5944f17a5d96488e5a1ad40db9
SHA1 4353bbab6a7a29bdb722e076fc6ba8e67b02ebbc
SHA256 6361305b2b0fdc65e8e26a4c0017863edb55261825d76006d812f9e0cfd493da
SHA512 b02140ebe6bc0658ef4c4231e73f7ab2cfe3a3169a6b0bfbfd9b543dbe950bc3fd9d78b11def29701a239137054ddaf295e6509e69a03a773e40b2ebfba20c3e

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 958620de9da698e905576f3487c417a3
SHA1 d13f01b561bab6072b37e9f4fc9105c3458affa8
SHA256 86ef3179bec860de773036a649d70ca53071f069603a6e605cfa4d3ddf16c421
SHA512 1cc0cdfdf9ac5b6748c9f905bbd1df845231d69a97651d20061f5705f6fd4d4cec5f938c0b98bca884ca538a11cbe57c8323afeb426c4c702383725b6035a468

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 8eabb32cbc705ece33da43a435a75d56
SHA1 5a1c77c5c6a791b8504a497af9aae4f69cb5aec3
SHA256 318e238ab11401255b00564afc6483c412ca6285183a6731541c89dfb12cfb63
SHA512 921ed465a5d7aacf2ca23072c8e330ab6d529a15aedceb4115767bed584083137a3062d311a5aae473ffd82a2cce9d0e353aac09eca2d6adf1c10d5bb66b88fd

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 79a0514c11da3e2f102e6f5ed81afefa
SHA1 f51a34030453e094c93afc5c43dc2b2c9f10e14f
SHA256 650af52127f48f93d230f53c43c34d517427f0b1aad485330fcbb4809c1624e5
SHA512 88d0326e39c16b22b9ebfbcfeb378d7c5655860212c0c66c6c4f84cc3502f0f9efd407f22e4c043f8bc3590c3f50c03444235c709ade86c00a9d6242e79ae02d

/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 af31c5ffde9c6bf191d2f0f04f75ca2c
SHA1 edb44691d4c0da1e0d62d70658f1af06a8a3c9a1
SHA256 32cb6861289d7c91f6ad541d56edccaabb1d9d2dea74478cc32459b1598eba1d
SHA512 c08a231f9786f9cd61a1d9779f14dc506edf111d4829bf634be39c4725817df06e45d81ebc60a166075653d39cb5bcda7eebb44b71496e57ca59ad44c889a5ca

/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 c83ffedacf6314ba77393059d9e5fc62
SHA1 c4c4af55a14d3c20a69bd4669365a17e78bbf195
SHA256 5f8535f8fa4d6bbf04be4c4bf4c02633b730fe214239efdc5dc25295fdcff1f1
SHA512 834e7e51fb5016f9747741a964dc5c660841f7dae2598ce511aa39f2d4be29050ae16d52e30ab6109680e056b8084a6a62a0671fc595e53fb485702c233b56dd

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-06 03:00

Reported

2024-07-06 03:03

Platform

android-x64-arm64-20240624-en

Max time kernel

133s

Max time network

132s

Command Line

com.cover.the.dumb.roll

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cover.the.dumb.roll

com.cover.the.dumb.roll:Metrica

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 vypakawleftervi.info udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 startup.mobile.yandex.net udp
RU 213.180.204.244:443 startup.mobile.yandex.net tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.14:443 clients1.google.com tcp
US 1.1.1.1:53 report.appmetrica.yandex.net udp
RU 213.180.193.226:443 report.appmetrica.yandex.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp

Files

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 31b824407c0771e5dd072eab2a211b5c
SHA1 fc100c49f78b1b6686134e5eeb5c863fc761a6a1
SHA256 c3d85be967a36bbb8865a1a217cf0176448a4b6a21a55f0b3aea04a26fc59913
SHA512 85f917eeab00b70e82a10fc866ff178bb7f5aeae0e8aa0754b89343d2108dfd67488d207d1bb611be5eccc21d318a77d12143e18ce35c641cfc73c751b516508

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 fc318483a677c71a725dbbe6e9516df9
SHA1 8ac3af9cbfb464e53b709028d1f64a4d019bb2f4
SHA256 d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9
SHA512 0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 bec04b24493758de0f4887b69b5b2e74
SHA1 34efc023613ab14253056c161b745e37383d000e
SHA256 ca345853d76424c1b790e13d4e83d31bdd2140d68d3286559548ab085ee84cc3
SHA512 b0fe1687ed9a750c06007a067a80e3e9555d09f5f6fb605600013b3490043e2d42e70d146b20052223b7d65e1950ee788bf32c4ba294e2d6d5cb979b3881393f

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 bf398573da4e7b572fefaded4012a9b1
SHA1 04bafeca672cd66a07dee82619a10652286ac0f4
SHA256 4f3669a336b629cb9aa78cceb69c1a907587870d85f76f7de069e3ba3d35518f
SHA512 c0422d4cbc193c8dbd62558b9e7944e59e31c4af72f9bcf6abeb42d71f63bc16bdc75ce8e275c7895a016c130602463d0be417cf60fb89a90398775b3cd13141

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 03d13871e67973df7a557ef0fb1c6bde
SHA1 1d1351cbb9c9036b1dd011075666f6271c631131
SHA256 319e1a5065f3e625c15c500a9039c893ae49aefc9728b0f61e3aecb112b5dfcd
SHA512 114d213dfeec70c84b20e49749fd65df56f926a6d01ecdb5562f2f1709f1c89d35db7d843da26a003db2cbbc49e82f047bcbd4f8b75ff839f7da1b762414e69b

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 12e19738b8d95b9d4172adb0cf670b68
SHA1 140b9593ccf3f1fa3beb86ce9d2dc3a8316f6594
SHA256 4520bb0e07d672002a402c50881e0d16509cbea58441a55c9c5e6f71b8db491b
SHA512 2d83bcc6a6b70c114033c147acbdd8ce7b6450e11a96ac718b4a7fd21affb874f49fe01f2aa7133db2655c43521c50983b56bf3fa9b37634142ca467cfcc0d9d

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 7f465fdd66587ed84fd0abfcfc9e489a
SHA1 75380b04ccbba1c73c3d2f75887a14bfef2f6128
SHA256 270fc160efe1673d3058dbd78957f1297e2fbb7d362d3a9463d1254535a47335
SHA512 1eb2cb4d3d5e3ba34b85f4ed7b65fc188dce840d5882335bcd01ac730b40f4120484195b1ccfdd45b3543d6f4e57891a188cd2eac3a53983c09c0fef8d9de463

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 68f944b6aa09db7bc40ce748857bc1cf
SHA1 7f805678c5f0de2ad48fb44a7c005c9b9c7ce284
SHA256 f8e511aceb4da4aa5a51eeeca31865e28f9e11663d5d4cf6c50d0d160bc0185d
SHA512 3d4718074115e1bdfd2303fad1b25c66df6035b370c527513d4e3efd536eef527ba0c5f914629912db0e8ba41924129137c413d676497844ccfa153838f899ec

/data/user/0/com.cover.the.dumb.roll/files/m

MD5 9476f7d41c26698b51378569eb9a23f7
SHA1 b28175e06aff5939ab7416cf4ef067fdb1bdb25f
SHA256 0fac060c79c9ca0c543e4d3df83a6d63d3c370c3e0b23999fcbd8ceeca84b874
SHA512 50cef934fa6b134aa5b8d3edf57ff806a465c3dd38952c65b7c1f76b61f45c8b5c3e2ebdced5279922450554b659dcba698d12f059ea59f9914ca7d2470c6704

/data/user/0/com.cover.the.dumb.roll/files/m

MD5 3783bb4c5c1b53615cca5ddb556d5846
SHA1 3e7b0ad4815e3919d6ff54548fae10b4ed3b0703
SHA256 8ebefd3163142c039247d31456b8472d0fc06c11c07e4a10b3cbc04cbc3aace4
SHA512 a03bca32b42a88b6e8561df159c4ae155b0959989670bd59d4f13a114f32bcb6027a8769f529764d8b3ed55f331cf97fda3fbe59664bcfa17315ecbb1fc6631f

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 1b29459316bc535c3e933ceef445a369
SHA1 d266fb9c73f7eb569e32cbd73b726c65c092fafc
SHA256 08ae9aedf7f276d68e7464f87ee47a3cf4d9ac976ef92926c40bbb8a01b2ea8e
SHA512 c37067b1cdc6b575a0ee078340255de6d043649399e4bdf6b93f6297b7276a62d2027c16537938a6a74c5f59cfed1e78d8dd3f270b6b44034a3f58e41439278f

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll

MD5 ddc3e051e7ecfacff39a30c4b51672bb
SHA1 16c57b3edee1789565cfbd6f1536200658c8d725
SHA256 7ebf6713f2e2a8fe65801ebebab99db6de08502a66a625732c4ac90c400ab9b5
SHA512 4b7918c4cfb12e3664e214a8067426bf298c33656db0954e0d215e4171b59c746cbdbfb306a50e734851ba7eaced8b5e0f2b34af0c8078323b68bcb09ac8cb21

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 5b0b7ddc53333dfd2d5def95b2729653
SHA1 8e73a2a28849088d584c368a32c726a6031b40bd
SHA256 344980dce5cced048b8001dc8fed992dfe87e2bf0055ff54f2c78642c4b1dc9e
SHA512 74874158df65cf93e5587c1f968d22ed2a14b601c7aea345aa986f070b694d748f18dcfcb83cc650ba74d2987a8ce0999e8d3e0a26963e5e86a4cbbdbbcb7c4d

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 0b0f90348cdacdb0579a41fb443cf684
SHA1 efc7610056f761c3acf3c039a516f19025dc18b6
SHA256 e4605279cbfa594f9d7cb517e94983b541d7abb38eac3248060c95f4b088c291
SHA512 1528d899eadb828bc5b6da47f9ecdd122bb5ecc336dd4512339cf5f169ffad53e3243460a90664b12e6f4c45b2e93e631b8778086588a8e5c262e78bc35c214a

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 ab712e9ec7eedad6e17af269f27acc45
SHA1 499a220a543c2e5802cdcafedffeb464618dad36
SHA256 d90c968404cda879d312041c3ba4b6241422cbccf993b9d769a8a6835cb29017
SHA512 1b190641236df17f384533a57c7c1a10532baec7444586f58b38913df92b91ca1f73bd2ab9d2948672cd962cc9023a5d58b3dec0c097b144db4619e9daa5cca8

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 8b0dd50c4d3e390b35cca52388b0b2c9
SHA1 592e815d1dd3727b996b9b8dd05f7d052ef797b0
SHA256 83649d0df76bc148287ecfb45c9d092d7d2a40dfa39d01393c471493576e076e
SHA512 d2313756e6c82d98faa472fa87e443ef27eda677ee579c639aa5fa85379e53aee1cc827b9586fd9260b5730a98ab50097afab874455fa4cef7fb91758a1d3f12

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal

MD5 ce53276bfecdfe62018a1cbff34c012f
SHA1 4ab740a5af2d2e1aeb7aa689bd1569efa260fe52
SHA256 044a544dcfe577d4496e21e820b47660a532d319f5ef30fe0e193273d264b72a
SHA512 e6946c8fc3e7e1e128760a9154654542ed708ef6b6a0204abe3ec0d17a3f19fa43727941e736554866b977c2f2796fa5d3d78a1ebceeb84efba0d09e1ebb6e7b

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 167cea203b8fa93781a9e98663309b51
SHA1 2d7956ef642e1dd8369ed7775da36279b7c1ed23
SHA256 3310d36b906aecc0adce0a7e22ce07e1b6b0a786c369c4bb72a62f1c611bdd10
SHA512 dcdb4459875be739bd4310b5200ea0d640cec0ffb12a03d4b9358a1ce21aab5e379ea593d64de3dac2b5a8b4b9691014a527cd6293085111e15b2fb6b18eb601

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180

MD5 210893cdc782878f64df1c7cecce59e3
SHA1 d86482020101a2abad481181b925b080a7b2c1c4
SHA256 153c531d7faabccbef62421c5344b72b89be9276de386fea99f3e1364cf0f207
SHA512 3a9c141bafe39fb724f615820e06aa5db3eb1442db4ee26645fe6c59c8121158224cf50fe9ae2bd1fd6d5fd0f13e690f7ad745aa24938425c44255cc741726d1

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 aef1179f20e002e9a6325ead2d792681
SHA1 25182272ef65555ea7d7ee1dfc6c7cc1b82e55d9
SHA256 289d37ce4c53cbd018952326eee11b1394258276b58ea915be1422ced31ae8ac
SHA512 14ee3b67e641d1a3f83d6b23365e4ee241ad498322874f24112ace5d7fe2e1a9fd1e9a41e58fb67ebef21bf35dfc8f8cbcd00e15ec9008f117118462cf651da0

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 3d74ca56290f6f164a48803e66fea9c1
SHA1 b9b92a1c66d2c36f85559fa89d6d21401c8d739c
SHA256 1ae170b1dbdca480f410f3cb71a3ef08a95426c80da5181c737cda5a70e22eec
SHA512 12dfaab6e98355fec8392b17d1f42144b6d06d69bd76f612ae71d6252af5b9849844e7406346db3fdef28ed9c664d06bd6cfddf68a23c05b181f6fd0fba905a3

/data/user/0/com.cover.the.dumb.roll/no_backup/credentials.dat

MD5 97a7d5a9311a1e25179833f792345f37
SHA1 80d6e5aeaa1610241a5293efe1d2825114cd8832
SHA256 fa350ed52bdad7ff686b6feb652a6a2cd691dea970fbba45f98f6c2c0fef0e3a
SHA512 e6e3ad8e1c27d391194e2b8ec686cec3d865da4911e0f9aa6ea62896f6376ee71fb363b15ce3caf6c90193af8d841d4257e5f034c265d8152735b848cd8f6365

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 b53f5ca687b02c7adede757e669ef287
SHA1 a514652a5bb7a31bda0c517d4a839cd516c734aa
SHA256 1a18f4b316c86e90a3e9bfc6dc6c285307887db2df0eef90f07446c0aa41b591
SHA512 741887c69dbb99e0af567876eb4892ea72079b6b987f99408e0a078ef023a7c0b84c85e3cf9e239f5795baf9dbc9b046a79606554c539b7005e88cde01b953a9

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 3c7ec192855062794c847e99ae497176
SHA1 bffcb7c414dfb1c4ebb5f63a30bc70190fa58c50
SHA256 baaf51cdcf523da39d06ca47fb27b9aed5efb82adf276d23563d967edec0147f
SHA512 23ad0fe7e3cf1144f0d6b72277ad7146be66fd2c78dd4f2d66b41367d923dca0bee553f0f283fd97e76d819ff50b4094f491e27891b45e407999dba842d1e9f5

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal

MD5 035e8751110983fa53563c2e796bf42e
SHA1 1863865026ab2bd4bb06c40906b7ac585a330a9e
SHA256 93f6fc3069d98e9894570acb6c1864e1edb4dd8b7a0e1a2d2e52f4ab58e03d43
SHA512 74b6dd26c364ec4803da87032e9b106f46399736c852068ae9e93b4a3a2d0790fb19bda367ef223cb0fcccd512735965b35b071e4fec5034ed72dbe9cfab65f6

/data/user/0/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal

MD5 06219277d2e6c1d8c37715f1bf3e205d
SHA1 d32aae5e425b57071fc25ce9c74a4e68b1a4c5cf
SHA256 5ead21f50645c1d3214e662b12cea8c3dabe6f0e4d8e2eec7b8d8d67aeb22953
SHA512 4b92f985d609ed4b669915725f7d889a7a49df830843b91123d985544c66d61782ef07bf3dea37c66286f2493d0d28c9074b03707264cc16608f55c92fe8352b

/data/user/0/com.cover.the.dumb.roll/no_backup/metrica_client_data.db

MD5 99d630a85830241bce5217a45a80a02d
SHA1 cadbcf287bb6c42c76383a1cefb29fbbafd2c3e8
SHA256 0f70c868539092f95080bfbe70a35bba14c1c819e4407009bdf65a56e98bde53
SHA512 8f890bfe8c9ed553884f455d8dac3d300195fa687b9c0e4de64b8679cf9465b3c5afbf148b0b8b35fca1b01c7fb088d00b3f8bede7bcdddae3488efd7a1fadab