Analysis Overview
SHA256
f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432
Threat Level: Known bad
The file f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin was found to be: Known bad.
Malicious Activity Summary
Antidot family
Antidot payload
Makes use of the framework's Accessibility service
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Reads the content of the SMS messages.
Obtains sensitive information copied to the device clipboard
Queries information about active data network
Checks the application is allowed to request package installs through the package installer
Declares services with permission to bind to the system
Performs UI accessibility actions on behalf of the user
Requests uninstalling the application.
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-27 22:01
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls. | android.permission.BIND_SCREENING_SERVICE | N/A | N/A |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by autofill services to bind with the system. Allows apps to autofill information in forms. | android.permission.BIND_AUTOFILL_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x64-20240624-en
Max time kernel
179s
Max time network
137s
Command Line
Signatures
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.pasinawuwi.print
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal
| MD5 | 5170f1fb74156d8aa284cca7d5b3e973 |
| SHA1 | 8af7a4ee6216c5f2edffb89d88f13bcc692a998a |
| SHA256 | 06423a41f745ace51477dd147fd9037ed1aa2dee71cf20c93798b70fd537ceed |
| SHA512 | 6455904b58e2bec9c4322452eeba790805b412758c81ee065742a58843392d7b69f8f997f3c799149796fda2b799c145c4b157466eb2116107432d5f9d89fc63 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb
| MD5 | 37b3382e2c60eedf99251b51d0f7f6ce |
| SHA1 | 77bc02ab7da2e02d7d6d914bac6e76eb2e303510 |
| SHA256 | 2e19ff4f4baa5d45b2d63e25892f8398f89be54f6cb9e96b5e8f614587db565a |
| SHA512 | e8d18d561a1127ec8e28b85eb21061e9c5a20386b5da45d13c4ef1c4bffc9a2e4c5e0ee9ea2c5f04d0dd9c2d2449029080670c4c4889f29ba5c20b778fec6e3c |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | e5568f55fbcb4bcace5152c0602f1872 |
| SHA1 | 1e9ce6ebac463abd5bbbbd4b21b6f9ddfb5835eb |
| SHA256 | d47da9214f6546f5aa9e25636ac4a0541a5e752825bf6d60a110060e0773d7f8 |
| SHA512 | f47539f9488f9ed413e63ff3b7cd41faf113ead3dec5408c773999c85c01c7e84445f6ee865c843a378e0eb771d0552b2dd482ef4953d09c338169522b51154a |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | 7e5a96b328c6c0267e6f32cf1a7bee7c |
| SHA1 | a055ff62fb68c94f9ebf3e27215a125f553d8e38 |
| SHA256 | 3be3bc0b0a01527b37d7174bd99c211b891b0d37162e22ca62cea0b55d61d6bc |
| SHA512 | 5e470dda2de00a32136e29283dc054d447f335c81262c0c9d58d4db55f8b208d3175709635bc2074957772490105250b357f9c9f98ca6ca2a8e5f8d11f89c349 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | 318e4a6d800fb00342e8a90526de876e |
| SHA1 | 3c56b8185a3e5c7a20bb0f8c9664cb9602d5a9e9 |
| SHA256 | 6b04d58f5c3ba9e8fd178573f5af390b6a5215c8819dd0bb18abfdc8a0cd5dfc |
| SHA512 | 0b13495111c7261a4546891098c4ef7fe7906378d19573f87d5008ec1b398ad2431e69eae42fc0f4d242fefd9e2d9bf7311f8a2483a569f3734d626b38e53af9 |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | a1f30e03e097b22079260c153cb18793 |
| SHA1 | 342dd39780450d75aa8f36818523600cc0fbfb9d |
| SHA256 | 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb |
| SHA512 | 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924 |
/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 6133c6244bf03ab767f8201d8148b1ab |
| SHA1 | 3d809a66ca4e9a7a68190090ea0a76e3430c7dd0 |
| SHA256 | cd1feb3d24cc4decd638ba572214b0e4ac046ed872b941a6ccc1b52d140e640d |
| SHA512 | f92ccaa81d9aca422346d4258868f73dd5d5e73cccce292c859bfd1c0dadb5640220a965d93a19721ec1a1d8609fed7c734bb6b7c927ba2e54dc75bd1cc9125f |
/data/data/com.pasinawuwi.print/files/profileInstalled
| MD5 | 0382c50df21d68c725b206bca2640b2a |
| SHA1 | 2bc15b9d0629edf6e252fa5c5734e86733065775 |
| SHA256 | 9a21623bfac7b19930b4d1c041c9b1fd6fe81669627dad7623d9aa1b3e64456d |
| SHA512 | b4697b67c2fe87f5de672e872fe91ddef024614305e0e56b70b31e02ca68a07e0efae9c3558ade5004443548997a0c0c504b9cb6a37da482111536aff79128b0 |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | d8c413edb9c1601edfdd7a1313d303fa |
| SHA1 | ff99f2049d686b4f0bf3efb300193b18a606811e |
| SHA256 | db8ae42627e06908677b386792e2608c1dc1e788c3388a0e11c2cb790b2dae08 |
| SHA512 | a8e3286d0abd27895bf650eb8244c78785ce4b6259965b64f7cbb2bb70cfd6105d3ac43796605f0a1fbf1727515a9a1eb204775121ad9d9f7cd0ef6409a5df70 |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | 7af65d64dd34316845fed71ae48f91cd |
| SHA1 | cbf823ba1aca41a29499130cd284f0a2d6390be4 |
| SHA256 | 997b6ebbfd362b0833aea777616c1a1f588978139c3dcca5603767dbb5af0572 |
| SHA512 | 486a834089b565d236ddef3def02c163fe6fc6a74299e548a7c8af62ba1a8d77734e008e246146ada59b70ccc8034dd1b2c01397e065bf54f13f3239a4360a76 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x64-arm64-20240624-en
Max time kernel
179s
Max time network
134s
Command Line
Signatures
Checks the application is allowed to request package installs through the package installer
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.canRequestPackageInstalls | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.pasinawuwi.print
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal
| MD5 | 495b72c3d20fa66654eef8a4ad020089 |
| SHA1 | 64ffb6233ba8b845667fa47016307a78222ecfd4 |
| SHA256 | a001f57e9b6514535fa314c648cbf27ba84fc7c94f224ce2847aaacc202f480f |
| SHA512 | c50098c5603e610b00b115ae94a0fa2bb5d1e714cd9582d99ca9b9317d639e08c0576b36c2c6922ad547de901bcf061f3ed6aac7b5bae13971191964493e5cf8 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb
| MD5 | daeb85ebe7bbd976a2c4a1bf8cada77a |
| SHA1 | 2e33f031d985a4d8956f0a12f37cd25c415f2539 |
| SHA256 | 2edd9b8f16271895853fb823dd03b142cf0c43cf06788de0b53defa5f3815689 |
| SHA512 | 037d8dd902718a3de98f3b3c2bfc74fae0d7d99a97312517af5fe55a5533cddc630238bb7a8b3b509dc95eb83f5b77a409c7aa270ecbada0bd340d53a4f8a413 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | 546b126827de80544a50bfb5eb20015d |
| SHA1 | 814d2047d5cbac1ee0ff50cb3788f2ed4a47e778 |
| SHA256 | d4d1d09cd0e3b5cdd18f0388408608b19d8271a6d9b1efb5b9cca6263a7de92e |
| SHA512 | f532721b2d0eff050c9832fda67ccf12ec5a1c777502dc3aeea18a7ed3ecc066c21c2ec75ec021e0bb2a7a844710a64775a163fec69840c319bfae03ed5f2de6 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | c7c7bef09214c4edcf218f338f3d5ccd |
| SHA1 | 8f86f02d27dabf8127a1c05811c5107875f1e7bd |
| SHA256 | 57f3e373e26732b2aeed0d6977363df3d33c0fb26c806f14099af5aba38b3235 |
| SHA512 | b3a9fa94f6860ae063601a59bf33e5604734e1a38a8953a18ce59f8389799202da8834bfe794508fdd183e31418de2b1f3bcfc78d6432781d6bf256ed1787f25 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | d97c9e6e44b48e64fbc0c2603869f003 |
| SHA1 | d9be93d89b1e7727f8dba6ba684bfb7819d5d2c4 |
| SHA256 | 774d123e265b44303a500676fe5cc6b70a2a26bbab683f7041c9f20f190bbaae |
| SHA512 | 432e266cc54e813a1d803a78e1c47438ec8d2b8f4619609ceba280022196e777ed4d9d052c172e1febbde572d2496df3890e987d52566727182dba08dad7326f |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | a1f30e03e097b22079260c153cb18793 |
| SHA1 | 342dd39780450d75aa8f36818523600cc0fbfb9d |
| SHA256 | 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb |
| SHA512 | 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924 |
/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 4a1245bc592d59fcc088c10ea3e0cf62 |
| SHA1 | d7cb90109fcf11f2fa12d6293b98c29806334582 |
| SHA256 | 18f8f9acc2dfe6e6ceddb52788884de65e8ceb1ea8b36857b8aff6080e7cc8a2 |
| SHA512 | 80a9dfd954779208cafb1aa0cdd9ac9484df4d7df541d2e9d38d7fad440992a8e25b7a5272a86c9be2552a22822b58017a07ba926e7650e80bb990fbba55d65e |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x86-arm-20240624-en
Max time network
144s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 216.58.201.99:80 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x64-20240624-en
Max time kernel
176s
Max time network
185s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Reads the content of the SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/ | N/A | N/A |
Performs UI accessibility actions on behalf of the user
| Description | Indicator | Process | Target |
| N/A | android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction | N/A | N/A |
| N/A | android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.civexefati.output
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | wgona.click | udp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.34:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-journal
| MD5 | e8d6f6c5ce37ac1a0e3492764ee4c0b0 |
| SHA1 | 5d57f417e441dcac1c8f0480f2b2b4e4f4dab9b1 |
| SHA256 | adab3b935c0d5bc6b33c7a321ba476bb4fa4552d667b6436b923dc3ae3ddc491 |
| SHA512 | 0f35409c643881adfb91444a4ebe912ea51ba3a18e526fec09dc247f6821b64d5425388b2eb734081afdc12b5a83cab7fa245896f1dfcbf2a9aeef24aff26ffb |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb
| MD5 | 83a30d38d534c3ef9ce3611936989acc |
| SHA1 | e8131e7d2673254994da2b4affb4f073cf493317 |
| SHA256 | 794ed6088fbf9c35a0bb8f6f7fc920340e203de89d89bf54b08191400ac021c5 |
| SHA512 | 7b1745f8b850d1534a651bd9476d3cc33daf3eaa3dc46f55dc07157e0a85d88c53b9f5126f1976e3e0f03a86927f5e2718587ccbaa01dbae4fb76c9526c6fede |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | d535e609a5e995935c837cb693da3ee2 |
| SHA1 | 96aed87ed588fc91acae16e3506dc75ec680cce4 |
| SHA256 | 4a039515b1ca92b9a2bc19ff9b5cfcdf669a80bb7b875f7173d61df9d12c944f |
| SHA512 | c5ddf9b35244472e8be7285e8b92e68574c4e2cf233bafbc46a5b1268043b4f7833996d8cc073ffc259b026450d40741d603b97a9ce37f0e4c81afadc89476a9 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | 648be788e408b8656199115e69e2c521 |
| SHA1 | 179bccddae67453990f0d7e03c9bf5192ccc3fb1 |
| SHA256 | 00d3c933ec0a59bc7205f693176195cea0aad53e2df1fcda22abd8d2523c9245 |
| SHA512 | 25b53cd2f8296405bf76e2f6942db2a00999bddf7b7e1d0fbb82cd66603793ae247598318e578d66dad1d5b1ed054b884b0c3180f9e3c13dbe52d68fa82b274d |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | 0a7e85f97574a1f888b4e29de86bebe3 |
| SHA1 | 71cf7aff676e6c549a0189e5939a168f4f96c73e |
| SHA256 | f83e6bb885e13f8ad9f566a2a85ad3e122e463dc889cf87c752e561d834b4623 |
| SHA512 | 3d3a46bb95ce589ddc0414b15312321d754d7f1f4af5b9412995d9a8da280505284993db5543576d129e46ed5b79cb675a6e3b00444a99f01d998a788c3730ed |
/data/misc/profiles/cur/0/com.civexefati.output/primary.prof
| MD5 | 994cade9d899e8c4cc987b80fecc58b5 |
| SHA1 | 84a60f7593ee681005f38f10c143c51938eecead |
| SHA256 | aa3aeaa7287ed5637358d1e3815f7fcdc574ae8365b3d337e72ae5802cf2a83f |
| SHA512 | d1408dc1b4986f401717207c68e5b11d46172531f9a0d20f95fbe12d82bd13f4d8c7acf92df16a3f547845ef4b1b437dec1f087fe00a25a37d350b8112c496ec |
/data/data/com.civexefati.output/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | d3456ce1a89458b416ee16b78f48db0d |
| SHA1 | 71cbcbfae7df2ed0c11785e4d4901b9a04fc004f |
| SHA256 | e9f516d0eed94a3402d80809c47de825424f8f53cc0284e98f30794d45eba05a |
| SHA512 | 439033bfed05c978acaea51c243cea906cd36dea16bfed612ad5a3d3d0f1f228b6de2622d83156105c44ef40e483c64e718f67612ddfcd31d65852489581cb6b |
/data/data/com.civexefati.output/files/profileInstalled
| MD5 | 3cc9ed769f1a76319653e870675a5829 |
| SHA1 | 8ff89604f8bf89c5119b028949d85cff671f35dc |
| SHA256 | 7333fff2620f3ff99b88bcdcd9c23a54506234d17bc65cacf3ae8ac4a0a4b69b |
| SHA512 | 0be3b585324b4b800df7bfa099e8ffcbdcab75098601b0adc9521447756d127ed37fb50ab1f8ff434ea1f4f64a5789b03227b25683eb2f8400e63e56a2a201ab |
/data/misc/profiles/cur/0/com.civexefati.output/primary.prof
| MD5 | 8f6d3e375b71508768efdb7578700b0b |
| SHA1 | ef285ce8f70c93520ed8dffa7300671041d9800b |
| SHA256 | 905fdc0879406178d46a24d74a8a12a7ba3475da9c48e5d9f4f06af2eaa06159 |
| SHA512 | 3e494486ebd925f56fa62c4a107480ff31da4d43cdcf8eb72acf0c5c735beea98e80e3b170b5fe7cd393306e770e0e775a6d4cd37d144fcbb102596a71c583b1 |
/data/misc/profiles/cur/0/com.civexefati.output/primary.prof
| MD5 | b08bda7835711ce17a70b481cbdde895 |
| SHA1 | b383168450950435f590fa19cf7d3e33ba5e3c81 |
| SHA256 | f02416df9ca481a6ea777afd3e109d32282f9f97ba9d8392d1a30242ba0bf12e |
| SHA512 | 9686c1c1edc195a806068a789ff439df8e47474dcce9686203d2b2a8e1922dda2b361cfe80c06783d0e6abc916b146563e1f63e473f7a3332decdbbc6c50d543 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x64-arm64-20240624-en
Max time kernel
172s
Max time network
133s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests uninstalling the application.
| Description | Indicator | Process | Target |
| Intent action | android.intent.action.DELETE | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.civexefati.output
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | wgona.click | udp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| DE | 46.228.205.159:5155 | wgona.click | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-journal
| MD5 | 9175842e84e68bf7ac32def07ce14b75 |
| SHA1 | 34d7cbf471b33b5130934166b3b4f06bd6942950 |
| SHA256 | 651e497fd7847816c78f7823cc57a044e00d3088329a522f275d9ebdfc9c1b3a |
| SHA512 | 9e8cfda49ec6e2809f22347255b895baed758ba675535aac46ba969b9648830776b0c0265e8bcc8576203e93ee081003eee7f1703e69d953ecdca33d33bd1cb0 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb
| MD5 | 686ac943ba91b90b3125217b082aa0fd |
| SHA1 | 35cf1fe4f62ab904f7c355ffe16289e9bbdc1483 |
| SHA256 | fcce753d3b6523147f69fab65315d734b466d394225a545fc50b8da4ec5b64da |
| SHA512 | 7859363f0bbd6a82104fe72083ecbe35b0afcc866ed2643f164ea20374228426035f3b88882c62f002e2cba7ba055881df8170b528aec9f340e69f6a5a432bf2 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | 90f998ca5233ac594284f1db42e5bace |
| SHA1 | 456351614438c80e6dc1b2004f2177dc0a4367db |
| SHA256 | 3adbbd5fea47d9231e6562ffd2842cc5bda638fc6dc492a93f68ea72aeaffb60 |
| SHA512 | e340096ca3681ae5ee2c14321a0506c1f123525982662bd10e58eb6630c5d5274fc45d999c99a80db412515a5b8b917cd7cecd2596c8923501f76b072175fe77 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | b70a7898b4dc522ef7e4e6300988871d |
| SHA1 | 66ccc206bfdec96a3c81ea989f8c4e9275f66189 |
| SHA256 | 4199e552cf5299b28ee14117899cc74a0109aff140181ebb504459f25041eb31 |
| SHA512 | 85519a71ea7cda1e4de060664e160379055af7308570012a1e4fd44ec5f22b3f6ad78ede0e33ebb800e6fd922669997f164d5c61c040b4039aa9089bade50173 |
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal
| MD5 | 4bc33446ede1b85e8fb9028609b8756a |
| SHA1 | 21f15fa7b48fba78db4fe225013b451f64e455df |
| SHA256 | 8ed28cf53c40356e0ef243c37045326d8b1c963e148ed75f7270cc035d71365a |
| SHA512 | fa362b458e19dfd2a2fe57c107af592bad670ff7437be6f753db8fc9b7e2a9c1395b884cab110f1fe7e11f67b71238a70c6d4484ff85c0b517a3fcba7dcff855 |
/data/misc/profiles/cur/0/com.civexefati.output/primary.prof
| MD5 | 994cade9d899e8c4cc987b80fecc58b5 |
| SHA1 | 84a60f7593ee681005f38f10c143c51938eecead |
| SHA256 | aa3aeaa7287ed5637358d1e3815f7fcdc574ae8365b3d337e72ae5802cf2a83f |
| SHA512 | d1408dc1b4986f401717207c68e5b11d46172531f9a0d20f95fbe12d82bd13f4d8c7acf92df16a3f547845ef4b1b437dec1f087fe00a25a37d350b8112c496ec |
/data/data/com.civexefati.output/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 0f6f0077baf20e5402f333297d371f86 |
| SHA1 | 5ba383ec6db502bd41e20684f998d804b947d9b9 |
| SHA256 | b1b5c43520e48b712e85511c3513ca7e8f0edb3190f4fa442b5ea9953b673858 |
| SHA512 | ab36834961ae1daa2d307e05e8943020d1483641c94f4fb6a3d7fc1b0247279206cd7de80ee2936c26963f44c6e5e56f204ce9d0ee79ad4be367fe36b8a0cc18 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-27 22:01
Reported
2024-07-27 22:06
Platform
android-x86-arm-20240624-en
Max time kernel
179s
Max time network
132s
Command Line
Signatures
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.pasinawuwi.print
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal
| MD5 | 6c94d638f23828dc7fba2d8715041ed8 |
| SHA1 | 6068c7be4f1863d4b7bfc49de4f84e2f0e0c91bf |
| SHA256 | 1606e88b044c4d3d293f1dc8888e56f4c419baaab1322ae70f113bfe9c27b02d |
| SHA512 | f4a0f24d698542d74c60ba3ca8f870b47841ac3c0c37dff988edcee2b44bba580afb8e2038ef3e1477f86fcc3d09fe98b043f8e3e41858be348bfd2dda96297b |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb
| MD5 | 9502ec5b5f50f04312c9ff6b2c0dc259 |
| SHA1 | 3064052671275b64f5f42f3934d6c3b999e66d2b |
| SHA256 | 82fbc03182c8a7e012f08bc63a3f3a227ad5ca2495d0a671f359778322af303a |
| SHA512 | 39860a3765d7b1bb7a92667bbb4fc3bc01d5d29373cc5099172dec501d2416e543e211d5a5dd00e84fcc50be7aa22884b7ff6ff74f79ce9c8551bad5e3c8dc62 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | 3348006d288d3b162c1bd23a5489dc3d |
| SHA1 | 0c679a3cc77a98e7ea5405bf2af44f6f95944845 |
| SHA256 | 2795ae65d995d33b8b1b27242f8223625d5581fa42129a1d10f9552b535f9607 |
| SHA512 | a27efa74bedc5a16a510a7769096e44a1b6e57b18eb1a254b4e9f95b5e5590190d61184e4fe6e0a4d9988694f485d0cae984b3ea3c12c74eb267b24e708249ab |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | 564c0c1e8d39b9c49babca6e28dc5c19 |
| SHA1 | b5fe05fe8c62e7f30aa7c1bfd3222f45fed100a8 |
| SHA256 | 2a0760068cb0f0bc9da5493af901ce8eeca4babb4ac4e797fb670f2a48d32c31 |
| SHA512 | a579ae3dfeb9095e6ea090329a0663ee9fcdda06e31522aa43a891db82a31cb851418870bf130eae476922c6c3ff71f6a52531ed81ccaeba26d01b8b6eda6083 |
/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal
| MD5 | abff36d571d784e9dd8876243c9ac252 |
| SHA1 | 103aef2a2dd44f76f16398a8bc69891d3893dcd3 |
| SHA256 | eb6fe85b75e5918039a626d244853e454dac30c522ca3c70d6b6c59e46404526 |
| SHA512 | 845c1a02c041dbf1e796927361b774f4f695d1f78f7ad38f24235b19b196f9c3d6819acc4205b1f71138fcc6e8c30a6b287b4f1d4e73cf598ccbbba8a80a1d33 |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | a1f30e03e097b22079260c153cb18793 |
| SHA1 | 342dd39780450d75aa8f36818523600cc0fbfb9d |
| SHA256 | 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb |
| SHA512 | 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924 |
/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 6b7a5d300a8b005536908fe5e763e8f8 |
| SHA1 | cadaa55eda6c183b03161bc30c6e8916059948ae |
| SHA256 | 44eba11a66e7850a0828978ed800ad53024a7c5c9fa7f39fd1e228c911a7756f |
| SHA512 | 6cd16311f2b833e21adcec61bc73e99bfda8a4a03856ec2dfbc31e05fa4557e2199b17bb27b16be8c18b64c1589ad6a28ca11352174aa9b6456920dba0029ed7 |
/data/data/com.pasinawuwi.print/files/profileInstalled
| MD5 | ec7628efdccc0044a6b2d2a15f523c19 |
| SHA1 | 9c6256c0c116fbe041bc9ea3605e98ef84c284b1 |
| SHA256 | 027d50cad055ce36a54858f2c835025f648387d741c9ad9c3e16d89f6d9c2eba |
| SHA512 | 9c48bb12d11bd2f7d832d33f680f54f0fbebb02c1c7df40323776484c9136bdf33c6095448b060638497bd03df660c24d8172a2f5fcf757a1ccff58eb3113de8 |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | 283abdcbe4245d34f879f215e2a01ef1 |
| SHA1 | 677588d7da6936bd96483952442b22b67dc7dea8 |
| SHA256 | 26b72fb797b3539dd35ee9f33945827164154d781c3360060ef41429104ce14f |
| SHA512 | 6770aac45803138c30394af2554f573c1af2053f344676397628f767e8c0d4f9cc72326859c703515d8aedbb6065d06c92eb10957595c453213ac61c90ee91ec |
/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof
| MD5 | 459e862bc25e1b92893e62990357947f |
| SHA1 | acd2dc138f7b859d21223bd6f20751adb5dfe652 |
| SHA256 | 4ee43c8bf1a023932cdd1bc15237d1e47c39e278d2cf7593e8fa9c57d97bdf5f |
| SHA512 | 3f5f859a55c83b639e8a5800026619f39dfc450fbad1da6e4a322a53dd3a8aa22ce42d24b36203a4f9ab195b06ca97de0a776831bd04a1600f98e97dd6bff72b |