Malware Analysis Report

2024-09-09 16:21

Sample ID 240727-1w89lstgpa
Target f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin
SHA256 f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432
Tags
evasion execution persistence banker collection credential_access discovery impact antidot
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432

Threat Level: Known bad

The file f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432.bin was found to be: Known bad.

Malicious Activity Summary

evasion execution persistence banker collection credential_access discovery impact antidot

Antidot family

Antidot payload

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of the SMS messages.

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Checks the application is allowed to request package installs through the package installer

Declares services with permission to bind to the system

Performs UI accessibility actions on behalf of the user

Requests uninstalling the application.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-27 22:01

Signatures

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls. android.permission.BIND_SCREENING_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by autofill services to bind with the system. Allows apps to autofill information in forms. android.permission.BIND_AUTOFILL_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x64-20240624-en

Max time kernel

179s

Max time network

137s

Command Line

com.pasinawuwi.print

Signatures

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.pasinawuwi.print

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal

MD5 5170f1fb74156d8aa284cca7d5b3e973
SHA1 8af7a4ee6216c5f2edffb89d88f13bcc692a998a
SHA256 06423a41f745ace51477dd147fd9037ed1aa2dee71cf20c93798b70fd537ceed
SHA512 6455904b58e2bec9c4322452eeba790805b412758c81ee065742a58843392d7b69f8f997f3c799149796fda2b799c145c4b157466eb2116107432d5f9d89fc63

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb

MD5 37b3382e2c60eedf99251b51d0f7f6ce
SHA1 77bc02ab7da2e02d7d6d914bac6e76eb2e303510
SHA256 2e19ff4f4baa5d45b2d63e25892f8398f89be54f6cb9e96b5e8f614587db565a
SHA512 e8d18d561a1127ec8e28b85eb21061e9c5a20386b5da45d13c4ef1c4bffc9a2e4c5e0ee9ea2c5f04d0dd9c2d2449029080670c4c4889f29ba5c20b778fec6e3c

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 e5568f55fbcb4bcace5152c0602f1872
SHA1 1e9ce6ebac463abd5bbbbd4b21b6f9ddfb5835eb
SHA256 d47da9214f6546f5aa9e25636ac4a0541a5e752825bf6d60a110060e0773d7f8
SHA512 f47539f9488f9ed413e63ff3b7cd41faf113ead3dec5408c773999c85c01c7e84445f6ee865c843a378e0eb771d0552b2dd482ef4953d09c338169522b51154a

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 7e5a96b328c6c0267e6f32cf1a7bee7c
SHA1 a055ff62fb68c94f9ebf3e27215a125f553d8e38
SHA256 3be3bc0b0a01527b37d7174bd99c211b891b0d37162e22ca62cea0b55d61d6bc
SHA512 5e470dda2de00a32136e29283dc054d447f335c81262c0c9d58d4db55f8b208d3175709635bc2074957772490105250b357f9c9f98ca6ca2a8e5f8d11f89c349

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 318e4a6d800fb00342e8a90526de876e
SHA1 3c56b8185a3e5c7a20bb0f8c9664cb9602d5a9e9
SHA256 6b04d58f5c3ba9e8fd178573f5af390b6a5215c8819dd0bb18abfdc8a0cd5dfc
SHA512 0b13495111c7261a4546891098c4ef7fe7906378d19573f87d5008ec1b398ad2431e69eae42fc0f4d242fefd9e2d9bf7311f8a2483a569f3734d626b38e53af9

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 a1f30e03e097b22079260c153cb18793
SHA1 342dd39780450d75aa8f36818523600cc0fbfb9d
SHA256 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb
SHA512 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924

/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 6133c6244bf03ab767f8201d8148b1ab
SHA1 3d809a66ca4e9a7a68190090ea0a76e3430c7dd0
SHA256 cd1feb3d24cc4decd638ba572214b0e4ac046ed872b941a6ccc1b52d140e640d
SHA512 f92ccaa81d9aca422346d4258868f73dd5d5e73cccce292c859bfd1c0dadb5640220a965d93a19721ec1a1d8609fed7c734bb6b7c927ba2e54dc75bd1cc9125f

/data/data/com.pasinawuwi.print/files/profileInstalled

MD5 0382c50df21d68c725b206bca2640b2a
SHA1 2bc15b9d0629edf6e252fa5c5734e86733065775
SHA256 9a21623bfac7b19930b4d1c041c9b1fd6fe81669627dad7623d9aa1b3e64456d
SHA512 b4697b67c2fe87f5de672e872fe91ddef024614305e0e56b70b31e02ca68a07e0efae9c3558ade5004443548997a0c0c504b9cb6a37da482111536aff79128b0

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 d8c413edb9c1601edfdd7a1313d303fa
SHA1 ff99f2049d686b4f0bf3efb300193b18a606811e
SHA256 db8ae42627e06908677b386792e2608c1dc1e788c3388a0e11c2cb790b2dae08
SHA512 a8e3286d0abd27895bf650eb8244c78785ce4b6259965b64f7cbb2bb70cfd6105d3ac43796605f0a1fbf1727515a9a1eb204775121ad9d9f7cd0ef6409a5df70

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 7af65d64dd34316845fed71ae48f91cd
SHA1 cbf823ba1aca41a29499130cd284f0a2d6390be4
SHA256 997b6ebbfd362b0833aea777616c1a1f588978139c3dcca5603767dbb5af0572
SHA512 486a834089b565d236ddef3def02c163fe6fc6a74299e548a7c8af62ba1a8d77734e008e246146ada59b70ccc8034dd1b2c01397e065bf54f13f3239a4360a76

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x64-arm64-20240624-en

Max time kernel

179s

Max time network

134s

Command Line

com.pasinawuwi.print

Signatures

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.pasinawuwi.print

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal

MD5 495b72c3d20fa66654eef8a4ad020089
SHA1 64ffb6233ba8b845667fa47016307a78222ecfd4
SHA256 a001f57e9b6514535fa314c648cbf27ba84fc7c94f224ce2847aaacc202f480f
SHA512 c50098c5603e610b00b115ae94a0fa2bb5d1e714cd9582d99ca9b9317d639e08c0576b36c2c6922ad547de901bcf061f3ed6aac7b5bae13971191964493e5cf8

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb

MD5 daeb85ebe7bbd976a2c4a1bf8cada77a
SHA1 2e33f031d985a4d8956f0a12f37cd25c415f2539
SHA256 2edd9b8f16271895853fb823dd03b142cf0c43cf06788de0b53defa5f3815689
SHA512 037d8dd902718a3de98f3b3c2bfc74fae0d7d99a97312517af5fe55a5533cddc630238bb7a8b3b509dc95eb83f5b77a409c7aa270ecbada0bd340d53a4f8a413

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 546b126827de80544a50bfb5eb20015d
SHA1 814d2047d5cbac1ee0ff50cb3788f2ed4a47e778
SHA256 d4d1d09cd0e3b5cdd18f0388408608b19d8271a6d9b1efb5b9cca6263a7de92e
SHA512 f532721b2d0eff050c9832fda67ccf12ec5a1c777502dc3aeea18a7ed3ecc066c21c2ec75ec021e0bb2a7a844710a64775a163fec69840c319bfae03ed5f2de6

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 c7c7bef09214c4edcf218f338f3d5ccd
SHA1 8f86f02d27dabf8127a1c05811c5107875f1e7bd
SHA256 57f3e373e26732b2aeed0d6977363df3d33c0fb26c806f14099af5aba38b3235
SHA512 b3a9fa94f6860ae063601a59bf33e5604734e1a38a8953a18ce59f8389799202da8834bfe794508fdd183e31418de2b1f3bcfc78d6432781d6bf256ed1787f25

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 d97c9e6e44b48e64fbc0c2603869f003
SHA1 d9be93d89b1e7727f8dba6ba684bfb7819d5d2c4
SHA256 774d123e265b44303a500676fe5cc6b70a2a26bbab683f7041c9f20f190bbaae
SHA512 432e266cc54e813a1d803a78e1c47438ec8d2b8f4619609ceba280022196e777ed4d9d052c172e1febbde572d2496df3890e987d52566727182dba08dad7326f

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 a1f30e03e097b22079260c153cb18793
SHA1 342dd39780450d75aa8f36818523600cc0fbfb9d
SHA256 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb
SHA512 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924

/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 4a1245bc592d59fcc088c10ea3e0cf62
SHA1 d7cb90109fcf11f2fa12d6293b98c29806334582
SHA256 18f8f9acc2dfe6e6ceddb52788884de65e8ceb1ea8b36857b8aff6080e7cc8a2
SHA512 80a9dfd954779208cafb1aa0cdd9ac9484df4d7df541d2e9d38d7fad440992a8e25b7a5272a86c9be2552a22822b58017a07ba926e7650e80bb990fbba55d65e

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x86-arm-20240624-en

Max time network

144s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 tcp
GB 216.58.201.99:80 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.200.35:443 tcp
GB 142.250.200.35:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.35:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.35:443 tcp
BE 142.251.173.188:5228 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x64-20240624-en

Max time kernel

176s

Max time network

185s

Command Line

com.civexefati.output

Signatures

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Reads the content of the SMS messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/ N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.civexefati.output

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 wgona.click udp
DE 46.228.205.159:5155 wgona.click tcp
DE 46.228.205.159:5155 wgona.click tcp
DE 46.228.205.159:5155 wgona.click tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-journal

MD5 e8d6f6c5ce37ac1a0e3492764ee4c0b0
SHA1 5d57f417e441dcac1c8f0480f2b2b4e4f4dab9b1
SHA256 adab3b935c0d5bc6b33c7a321ba476bb4fa4552d667b6436b923dc3ae3ddc491
SHA512 0f35409c643881adfb91444a4ebe912ea51ba3a18e526fec09dc247f6821b64d5425388b2eb734081afdc12b5a83cab7fa245896f1dfcbf2a9aeef24aff26ffb

/data/data/com.civexefati.output/no_backup/androidx.work.workdb

MD5 83a30d38d534c3ef9ce3611936989acc
SHA1 e8131e7d2673254994da2b4affb4f073cf493317
SHA256 794ed6088fbf9c35a0bb8f6f7fc920340e203de89d89bf54b08191400ac021c5
SHA512 7b1745f8b850d1534a651bd9476d3cc33daf3eaa3dc46f55dc07157e0a85d88c53b9f5126f1976e3e0f03a86927f5e2718587ccbaa01dbae4fb76c9526c6fede

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 d535e609a5e995935c837cb693da3ee2
SHA1 96aed87ed588fc91acae16e3506dc75ec680cce4
SHA256 4a039515b1ca92b9a2bc19ff9b5cfcdf669a80bb7b875f7173d61df9d12c944f
SHA512 c5ddf9b35244472e8be7285e8b92e68574c4e2cf233bafbc46a5b1268043b4f7833996d8cc073ffc259b026450d40741d603b97a9ce37f0e4c81afadc89476a9

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 648be788e408b8656199115e69e2c521
SHA1 179bccddae67453990f0d7e03c9bf5192ccc3fb1
SHA256 00d3c933ec0a59bc7205f693176195cea0aad53e2df1fcda22abd8d2523c9245
SHA512 25b53cd2f8296405bf76e2f6942db2a00999bddf7b7e1d0fbb82cd66603793ae247598318e578d66dad1d5b1ed054b884b0c3180f9e3c13dbe52d68fa82b274d

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 0a7e85f97574a1f888b4e29de86bebe3
SHA1 71cf7aff676e6c549a0189e5939a168f4f96c73e
SHA256 f83e6bb885e13f8ad9f566a2a85ad3e122e463dc889cf87c752e561d834b4623
SHA512 3d3a46bb95ce589ddc0414b15312321d754d7f1f4af5b9412995d9a8da280505284993db5543576d129e46ed5b79cb675a6e3b00444a99f01d998a788c3730ed

/data/misc/profiles/cur/0/com.civexefati.output/primary.prof

MD5 994cade9d899e8c4cc987b80fecc58b5
SHA1 84a60f7593ee681005f38f10c143c51938eecead
SHA256 aa3aeaa7287ed5637358d1e3815f7fcdc574ae8365b3d337e72ae5802cf2a83f
SHA512 d1408dc1b4986f401717207c68e5b11d46172531f9a0d20f95fbe12d82bd13f4d8c7acf92df16a3f547845ef4b1b437dec1f087fe00a25a37d350b8112c496ec

/data/data/com.civexefati.output/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 d3456ce1a89458b416ee16b78f48db0d
SHA1 71cbcbfae7df2ed0c11785e4d4901b9a04fc004f
SHA256 e9f516d0eed94a3402d80809c47de825424f8f53cc0284e98f30794d45eba05a
SHA512 439033bfed05c978acaea51c243cea906cd36dea16bfed612ad5a3d3d0f1f228b6de2622d83156105c44ef40e483c64e718f67612ddfcd31d65852489581cb6b

/data/data/com.civexefati.output/files/profileInstalled

MD5 3cc9ed769f1a76319653e870675a5829
SHA1 8ff89604f8bf89c5119b028949d85cff671f35dc
SHA256 7333fff2620f3ff99b88bcdcd9c23a54506234d17bc65cacf3ae8ac4a0a4b69b
SHA512 0be3b585324b4b800df7bfa099e8ffcbdcab75098601b0adc9521447756d127ed37fb50ab1f8ff434ea1f4f64a5789b03227b25683eb2f8400e63e56a2a201ab

/data/misc/profiles/cur/0/com.civexefati.output/primary.prof

MD5 8f6d3e375b71508768efdb7578700b0b
SHA1 ef285ce8f70c93520ed8dffa7300671041d9800b
SHA256 905fdc0879406178d46a24d74a8a12a7ba3475da9c48e5d9f4f06af2eaa06159
SHA512 3e494486ebd925f56fa62c4a107480ff31da4d43cdcf8eb72acf0c5c735beea98e80e3b170b5fe7cd393306e770e0e775a6d4cd37d144fcbb102596a71c583b1

/data/misc/profiles/cur/0/com.civexefati.output/primary.prof

MD5 b08bda7835711ce17a70b481cbdde895
SHA1 b383168450950435f590fa19cf7d3e33ba5e3c81
SHA256 f02416df9ca481a6ea777afd3e109d32282f9f97ba9d8392d1a30242ba0bf12e
SHA512 9686c1c1edc195a806068a789ff439df8e47474dcce9686203d2b2a8e1922dda2b361cfe80c06783d0e6abc916b146563e1f63e473f7a3332decdbbc6c50d543

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x64-arm64-20240624-en

Max time kernel

172s

Max time network

133s

Command Line

com.civexefati.output

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests uninstalling the application.

evasion
Description Indicator Process Target
Intent action android.intent.action.DELETE N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.civexefati.output

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 wgona.click udp
DE 46.228.205.159:5155 wgona.click tcp
DE 46.228.205.159:5155 wgona.click tcp
DE 46.228.205.159:5155 wgona.click tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-journal

MD5 9175842e84e68bf7ac32def07ce14b75
SHA1 34d7cbf471b33b5130934166b3b4f06bd6942950
SHA256 651e497fd7847816c78f7823cc57a044e00d3088329a522f275d9ebdfc9c1b3a
SHA512 9e8cfda49ec6e2809f22347255b895baed758ba675535aac46ba969b9648830776b0c0265e8bcc8576203e93ee081003eee7f1703e69d953ecdca33d33bd1cb0

/data/data/com.civexefati.output/no_backup/androidx.work.workdb

MD5 686ac943ba91b90b3125217b082aa0fd
SHA1 35cf1fe4f62ab904f7c355ffe16289e9bbdc1483
SHA256 fcce753d3b6523147f69fab65315d734b466d394225a545fc50b8da4ec5b64da
SHA512 7859363f0bbd6a82104fe72083ecbe35b0afcc866ed2643f164ea20374228426035f3b88882c62f002e2cba7ba055881df8170b528aec9f340e69f6a5a432bf2

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 90f998ca5233ac594284f1db42e5bace
SHA1 456351614438c80e6dc1b2004f2177dc0a4367db
SHA256 3adbbd5fea47d9231e6562ffd2842cc5bda638fc6dc492a93f68ea72aeaffb60
SHA512 e340096ca3681ae5ee2c14321a0506c1f123525982662bd10e58eb6630c5d5274fc45d999c99a80db412515a5b8b917cd7cecd2596c8923501f76b072175fe77

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 b70a7898b4dc522ef7e4e6300988871d
SHA1 66ccc206bfdec96a3c81ea989f8c4e9275f66189
SHA256 4199e552cf5299b28ee14117899cc74a0109aff140181ebb504459f25041eb31
SHA512 85519a71ea7cda1e4de060664e160379055af7308570012a1e4fd44ec5f22b3f6ad78ede0e33ebb800e6fd922669997f164d5c61c040b4039aa9089bade50173

/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

MD5 4bc33446ede1b85e8fb9028609b8756a
SHA1 21f15fa7b48fba78db4fe225013b451f64e455df
SHA256 8ed28cf53c40356e0ef243c37045326d8b1c963e148ed75f7270cc035d71365a
SHA512 fa362b458e19dfd2a2fe57c107af592bad670ff7437be6f753db8fc9b7e2a9c1395b884cab110f1fe7e11f67b71238a70c6d4484ff85c0b517a3fcba7dcff855

/data/misc/profiles/cur/0/com.civexefati.output/primary.prof

MD5 994cade9d899e8c4cc987b80fecc58b5
SHA1 84a60f7593ee681005f38f10c143c51938eecead
SHA256 aa3aeaa7287ed5637358d1e3815f7fcdc574ae8365b3d337e72ae5802cf2a83f
SHA512 d1408dc1b4986f401717207c68e5b11d46172531f9a0d20f95fbe12d82bd13f4d8c7acf92df16a3f547845ef4b1b437dec1f087fe00a25a37d350b8112c496ec

/data/data/com.civexefati.output/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 0f6f0077baf20e5402f333297d371f86
SHA1 5ba383ec6db502bd41e20684f998d804b947d9b9
SHA256 b1b5c43520e48b712e85511c3513ca7e8f0edb3190f4fa442b5ea9953b673858
SHA512 ab36834961ae1daa2d307e05e8943020d1483641c94f4fb6a3d7fc1b0247279206cd7de80ee2936c26963f44c6e5e56f204ce9d0ee79ad4be367fe36b8a0cc18

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-27 22:01

Reported

2024-07-27 22:06

Platform

android-x86-arm-20240624-en

Max time kernel

179s

Max time network

132s

Command Line

com.pasinawuwi.print

Signatures

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.pasinawuwi.print

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-journal

MD5 6c94d638f23828dc7fba2d8715041ed8
SHA1 6068c7be4f1863d4b7bfc49de4f84e2f0e0c91bf
SHA256 1606e88b044c4d3d293f1dc8888e56f4c419baaab1322ae70f113bfe9c27b02d
SHA512 f4a0f24d698542d74c60ba3ca8f870b47841ac3c0c37dff988edcee2b44bba580afb8e2038ef3e1477f86fcc3d09fe98b043f8e3e41858be348bfd2dda96297b

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb

MD5 9502ec5b5f50f04312c9ff6b2c0dc259
SHA1 3064052671275b64f5f42f3934d6c3b999e66d2b
SHA256 82fbc03182c8a7e012f08bc63a3f3a227ad5ca2495d0a671f359778322af303a
SHA512 39860a3765d7b1bb7a92667bbb4fc3bc01d5d29373cc5099172dec501d2416e543e211d5a5dd00e84fcc50be7aa22884b7ff6ff74f79ce9c8551bad5e3c8dc62

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 3348006d288d3b162c1bd23a5489dc3d
SHA1 0c679a3cc77a98e7ea5405bf2af44f6f95944845
SHA256 2795ae65d995d33b8b1b27242f8223625d5581fa42129a1d10f9552b535f9607
SHA512 a27efa74bedc5a16a510a7769096e44a1b6e57b18eb1a254b4e9f95b5e5590190d61184e4fe6e0a4d9988694f485d0cae984b3ea3c12c74eb267b24e708249ab

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 564c0c1e8d39b9c49babca6e28dc5c19
SHA1 b5fe05fe8c62e7f30aa7c1bfd3222f45fed100a8
SHA256 2a0760068cb0f0bc9da5493af901ce8eeca4babb4ac4e797fb670f2a48d32c31
SHA512 a579ae3dfeb9095e6ea090329a0663ee9fcdda06e31522aa43a891db82a31cb851418870bf130eae476922c6c3ff71f6a52531ed81ccaeba26d01b8b6eda6083

/data/data/com.pasinawuwi.print/no_backup/androidx.work.workdb-wal

MD5 abff36d571d784e9dd8876243c9ac252
SHA1 103aef2a2dd44f76f16398a8bc69891d3893dcd3
SHA256 eb6fe85b75e5918039a626d244853e454dac30c522ca3c70d6b6c59e46404526
SHA512 845c1a02c041dbf1e796927361b774f4f695d1f78f7ad38f24235b19b196f9c3d6819acc4205b1f71138fcc6e8c30a6b287b4f1d4e73cf598ccbbba8a80a1d33

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 a1f30e03e097b22079260c153cb18793
SHA1 342dd39780450d75aa8f36818523600cc0fbfb9d
SHA256 171566a793af907d14566b651d0364181226e9fd7d6b54f4105fef2fa19f86cb
SHA512 8786d047b7ba946b7cdb0ca78379c369726127b9197b21867f5e9fe133999ace6ae91c3e65c06e2a7b09a4a616c86f4592d3aa3db8552dd1da03234b45dc8924

/data/data/com.pasinawuwi.print/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 6b7a5d300a8b005536908fe5e763e8f8
SHA1 cadaa55eda6c183b03161bc30c6e8916059948ae
SHA256 44eba11a66e7850a0828978ed800ad53024a7c5c9fa7f39fd1e228c911a7756f
SHA512 6cd16311f2b833e21adcec61bc73e99bfda8a4a03856ec2dfbc31e05fa4557e2199b17bb27b16be8c18b64c1589ad6a28ca11352174aa9b6456920dba0029ed7

/data/data/com.pasinawuwi.print/files/profileInstalled

MD5 ec7628efdccc0044a6b2d2a15f523c19
SHA1 9c6256c0c116fbe041bc9ea3605e98ef84c284b1
SHA256 027d50cad055ce36a54858f2c835025f648387d741c9ad9c3e16d89f6d9c2eba
SHA512 9c48bb12d11bd2f7d832d33f680f54f0fbebb02c1c7df40323776484c9136bdf33c6095448b060638497bd03df660c24d8172a2f5fcf757a1ccff58eb3113de8

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 283abdcbe4245d34f879f215e2a01ef1
SHA1 677588d7da6936bd96483952442b22b67dc7dea8
SHA256 26b72fb797b3539dd35ee9f33945827164154d781c3360060ef41429104ce14f
SHA512 6770aac45803138c30394af2554f573c1af2053f344676397628f767e8c0d4f9cc72326859c703515d8aedbb6065d06c92eb10957595c453213ac61c90ee91ec

/data/misc/profiles/cur/0/com.pasinawuwi.print/primary.prof

MD5 459e862bc25e1b92893e62990357947f
SHA1 acd2dc138f7b859d21223bd6f20751adb5dfe652
SHA256 4ee43c8bf1a023932cdd1bc15237d1e47c39e278d2cf7593e8fa9c57d97bdf5f
SHA512 3f5f859a55c83b639e8a5800026619f39dfc450fbad1da6e4a322a53dd3a8aa22ce42d24b36203a4f9ab195b06ca97de0a776831bd04a1600f98e97dd6bff72b