Malware Analysis Report

2025-01-19 05:19

Sample ID 240817-bgxvla1gmp
Target a0a4c2feedf1a6dbb29f1d099110e03f_JaffaCakes118
SHA256 37dc6ba5da49c380f1e6e13a39b16f735047c7e5f0a0c4c9b6506623414237e6
Tags
discovery evasion persistence stealth trojan collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

37dc6ba5da49c380f1e6e13a39b16f735047c7e5f0a0c4c9b6506623414237e6

Threat Level: Likely malicious

The file a0a4c2feedf1a6dbb29f1d099110e03f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence stealth trojan collection credential_access impact

Removes its main activity from the application launcher

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries the mobile country code (MCC)

Queries information about active data network

Requests dangerous framework permissions

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-17 01:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-17 01:07

Reported

2024-08-17 01:10

Platform

android-x86-arm-20240624-en

Max time kernel

19s

Max time network

131s

Command Line

com.app.ewe

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.app.ewe

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.221.18:443 graph.facebook.com tcp
US 1.1.1.1:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 1.1.1.1:53 rrx68giz-5deb1cd244a27434dd8a12a62c77921ea171e51c-mob.d.aa.online-metrix.net udp
US 1.1.1.1:53 mad.mobisky.pl udp
PL 46.248.173.96:80 mad.mobisky.pl tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.app.ewe/files/HoLOXqEmE

MD5 95f88b1d0651f103fa8a66cf0ba92ae7
SHA1 0e2b81802219d7df9d36903f3307524a601d0a5a
SHA256 d11db1788820d55dbbb1ac501148ee232843be75141a40d3347c1d31190cec08
SHA512 e140cc02a23f3602860578758a1a061316b0ed0ecf0dc629e4e846d644d7220df99d195168d9488d424fd34a46bc05a763efbd17eca07f04ea8e90dd078a70db

/data/data/com.app.ewe/files/HoLOXqEmE

MD5 a884734a2f4b021021f12fc309f3c32a
SHA1 f0fe5f4e9e704da13e0720a88a919714859d6994
SHA256 578bec3cf83591c6f112eb98e3404725e74ea6a8606322e4c8202e7bb9502cd9
SHA512 ae3427afcf8662400a0fb0c38bb002499e1460314e9be87566a8b5ae8890b28ec3bff411f97cbf0b114c16c426b73a181b859eafad8def7e111b9719419cfebc

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E00239-0001-1098-33CBE059EA2CBeginSession.cls_temp

MD5 ad5c5bb2b6fac95f42c13fcec2778e34
SHA1 f6d5bd826d83fbfb1cf05847c2ea557b78bee235
SHA256 1bb6507b893e83216bd95363e3dc25c4ed27726a52e05510c0454ec51ce7bdec
SHA512 ca8788c5afa1765b3d02b43d557894f4c876bdd78161d50fd0bf2427a2a702aaaf1bd1e43a80f975acab28ac7e0494c3913654666489c3e05937a5c9db4c9b8d

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E00239-0001-1098-33CBE059EA2CSessionApp.cls_temp

MD5 427dfa6bcff45d3681615cc964185827
SHA1 ecf8a8c02975fb9cd7dc609cd48fb9d1b187f8ec
SHA256 4f850f1878bf9b785c28d2e8faa2dca6017c2808f2315151aeb846557e442e5d
SHA512 2b119f4e6dbf3b832b02b1188e77d9627e75bf33a674467f132e62268db2959d3bb73bff1722a565b3556edd7b2ddf23cd6f90458bc901da3954ced6789ea03c

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E00239-0001-1098-33CBE059EA2CSessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.app.ewe/app_sslcache/h.online-metrix.net.443

MD5 ecc2b0db6d25d4c6c575bab1a684432c
SHA1 773bc666ae6e54edb457f322e1a50e904e92adae
SHA256 073a6e682b745abc112e399ffe1a1e16b50ff902611b761eb96cd611e5b150eb
SHA512 d8a6e13650b95d5e3c6433216ff4c26ae61e520dd3f95bedaf9792daa0fac990e7c693669946205d1857ee2ca1936a1678d293160c8e1bd6759608160ac65e72

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E00239-0001-1098-33CBE059EA2CSessionDevice.cls_temp

MD5 5a0b115a3edc1d5fca8530e6274da5fe
SHA1 0d08ea3b86d1f6ada094308ffef53c029b98c8c1
SHA256 855d0ebe4e96f4cac85ebab115b020fffd67a04cd60470a424e9a7923d39e58d
SHA512 08a20621a09112f989f591a8b1605e736ef98706cd990e0cd0441e9be41b609108da03a39cc9d618da60353a0d2f7f42dc3d3a492e08f191c435cd1b4da85ad1

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 015e587018e4285e0972a21b579f407d
SHA1 9b96fab7137bcc837e9df2ddc9b8bc881a9fc551
SHA256 94cb00841886f5f29e885aa22399b534dd7157b4bcd9fe8932a4ec2c60b456a2
SHA512 bce11d7cb3f46a79d159222dfc5c00304034c20d0f30fa54dfd1dde1f79360eaaca9bb569d29a1ae9af751a1714e51a3eeb064ed4c7e508fed93b7976aec749b

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_554bb687-d27f-43ea-afd2-f855386ea53a_1723856866961.tap

MD5 e365e208033e010eba345f06ea4413c6
SHA1 b69177fc6ca068fdaad99def0f8c738f6e0173de
SHA256 fc520387688b2f82dd41e5ae1c77b900a16e277c2db1d4a0835904935b8e5ee9
SHA512 09ca890555792fb64af1e1f451a6a2cf2525ed5e94d8fc278357fbaf74d12ff86d5c2a6d2d2771c99af0029e4d31101776b0783e813cd93cb5fb9525f1328642

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 5450dc1ef094c05ecaece2359c55fc31
SHA1 22adda6fc209b8da1c9920c529c03b5224d0919e
SHA256 4a547f8a2ecadbd40ee3647fd0472282e3e60792b7b51270651b85672262bdf7
SHA512 171a0fb4dd9b84a20ce2f61ba91d97cc2e0ae333eba3ce57180e928ec70b45b433dd23bc0184569731260ed5e64758ef734fe739a5c5f7e5b484fb1bf01c149d

/data/data/com.app.ewe/cache/volley/-733352575433997049

MD5 0f91094dd359f6b875611960c3b4f339
SHA1 bb2656df283efca797f3d85684aeba2a6ebcdeac
SHA256 53b0fab264f1c42a440001b676c25febf9bad7a09fc4952b421033aa63930243
SHA512 5c47454cf817acc25c7b083b1bdd030ee0f0b4dfd35bf4cf341096cc7a5a7fb2fc1b29b35d0975516611e9c25cd1a88fea4322019c6e62a52d238a4d568d9956

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-17 01:07

Reported

2024-08-17 01:10

Platform

android-x64-20240624-en

Max time kernel

89s

Max time network

157s

Command Line

com.app.ewe

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.app.ewe

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 1.1.1.1:53 rrx68giz-3180381ed92e9da3054575eb7a9d1afc5374170b-mob.d.aa.online-metrix.net udp
US 1.1.1.1:53 mad.mobisky.pl udp
PL 46.248.173.96:80 mad.mobisky.pl tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/com.app.ewe/files/HoLOXqEmE

MD5 95f88b1d0651f103fa8a66cf0ba92ae7
SHA1 0e2b81802219d7df9d36903f3307524a601d0a5a
SHA256 d11db1788820d55dbbb1ac501148ee232843be75141a40d3347c1d31190cec08
SHA512 e140cc02a23f3602860578758a1a061316b0ed0ecf0dc629e4e846d644d7220df99d195168d9488d424fd34a46bc05a763efbd17eca07f04ea8e90dd078a70db

/data/data/com.app.ewe/files/HoLOXqEmE

MD5 a884734a2f4b021021f12fc309f3c32a
SHA1 f0fe5f4e9e704da13e0720a88a919714859d6994
SHA256 578bec3cf83591c6f112eb98e3404725e74ea6a8606322e4c8202e7bb9502cd9
SHA512 ae3427afcf8662400a0fb0c38bb002499e1460314e9be87566a8b5ae8890b28ec3bff411f97cbf0b114c16c426b73a181b859eafad8def7e111b9719419cfebc

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E000CE-0001-1351-4A4F747559B5BeginSession.cls_temp

MD5 10a58e28348542e05623a78c67d7ec97
SHA1 e1dccc351836e2e40628829fb27253e122e4e24f
SHA256 764e4adbbce735845cd9a8140ad59d30f29e4d17d025f876607504b11b41b5fb
SHA512 eec88e48fb9d1955e50b0525d9962d62ef415a4940bff7ffde6e4b41cd4913aac720d2d72629296fc8005b5d146d9257250c2cd28df7a7bda728abb2d19f7e38

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E000CE-0001-1351-4A4F747559B5SessionApp.cls_temp

MD5 f46e8746819ff050d8c627323edb642f
SHA1 9ebf2ed1b0266996df103abae9a110bd0dcbd52a
SHA256 b6ad41d14ff15e39d4a93838d08a0c1f053409f7fdb624ec6be0deb31c1dd7dc
SHA512 be1b20ede9499620255b6b446c097862f9c547643b5b96c34dfe5d62470d37f4e9ec74cbd401193eb64e7f4f21820136bc8e1e0754bbde6e083944253ff95e24

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E000CE-0001-1351-4A4F747559B5SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E000CE-0001-1351-4A4F747559B5SessionDevice.cls_temp

MD5 2834db46aa70e312265afbd302a59247
SHA1 c91f05c398da17b10f02613822e655b19b601a38
SHA256 2259f289e7c48a3774522e6bb14392680b5ae330fb01e4bcb67178b9dc28bce1
SHA512 83f984e9c340beae3e381c6a74e9251e6d911b5f9f01ec2fcd0f4be10aa472b8b4bb306b047ffbd87f7747700392ffe5992ca28747754fa105fd50c0c53e8c08

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 9b49611dc7116d5b8d1032167319f82d
SHA1 d0f463733488d949285f1a2275456817a3ce34da
SHA256 71e45a6c9364f385c6d3c48f28195ff12c276b2294ee986eabc6c63b27c3db91
SHA512 ff37beced6f1b554b5d8a179400a951834f7ddaa5028a1ae32f51dbedf2cd5ca1b2fbb84226d6190d412f8c0d8cbd10c706b67fa63d21bd218cc2d73e2f07411

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6763500a-ed7d-482d-b650-2c240bd882c1_1723856866986.tap

MD5 99529d0e5ba4671689f4343f2a642d2d
SHA1 4e9a9db62f3ffb9ae4cd1270f77d36844be57fc9
SHA256 b830ee0bb483dba86de968f44b31bb9686bc962def37cfe0f3eec6354e07bada
SHA512 c346544fe3d09d68d5aedee53c6306e9c1220867be8aebe8770dc8c81f365a9596e166abced6c91e2f5dabba6aa1828c5a00f4c65eb003435fd73c509fe77fd9

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 895537e40abf2d8377463caa72612621
SHA1 645ff13cf2f8434d1ea58948785632a4e6defbd8
SHA256 64d9aff22dbe17c2afdd924923be2cf29151126ed57d3803c39ef6de9c01bacf
SHA512 4870835e950ace1c73f2ef4b3294f96be42d2eec3f903095a5758ea21517aa525ecfa2a779483e059bece90082aca59c8214c4d1722a02419a510e1b4974876e

/data/data/com.app.ewe/cache/volley/1206228868939542944

MD5 1e96c359499223e7fbb969326b161ad6
SHA1 e87afc8538aee28efdc86e3c31f700e31f8d9ea4
SHA256 103cdc9fd527ead43393bd69fc16ecbc80fc65ad20a53539f1bca59b5983838a
SHA512 2a5fa3faf80f9db04a6bb1b6bfc8d2c5523bcd247ea9edb867004df0cca710a9ccbfc816079029a395bb2a1c412f86eaa48774705419fad24fa9ccb1cb55f6c4

/data/data/com.app.ewe/files/AppEventsLogger.persistedevents

MD5 e3cdd275849c281b736e7cf2e77fb434
SHA1 85c3c6f4182218db727b0eee10691d1e2f370b7c
SHA256 03489d7d74359103c43bd775e9c249234a6e7f60cf61fdff5439c0facf04b32a
SHA512 7e7e95018b9d821aa477cd571de0c91262812763f788be6e52f5390a0a096b7ef715944c03f4260570af73a414ef1236e4b83eaf19cb2e962145bd9f3555e7f5

/data/data/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_545ef22f-56f4-4a46-a014-ed0e37105108_1723856880729.tap

MD5 bffec12a292b45a2459c3cd3ac2ec361
SHA1 3143ceacd03b73c3326fe1d5601c740587ac1264
SHA256 258101483eba6601576080910e63ae5b94bea88f13680ad07ca4d8be0301d60e
SHA512 d139de61661b5b9df68e4643bce4760fe11bcc8cc7bfd9ca11385116dda0e205d2d03d3ba6f893923217eaf39ec51c0a339141eca9b4cb351c0ef43d4f23bbcc

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-17 01:07

Reported

2024-08-17 01:10

Platform

android-x64-arm64-20240624-en

Max time kernel

178s

Max time network

132s

Command Line

com.app.ewe

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.app.ewe

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 1.1.1.1:53 rrx68giz-af6e45b3704589bd6e1c6c14e389f347f711a697-mob.d.aa.online-metrix.net udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 data.altbeacon.org udp
US 34.205.35.34:80 data.altbeacon.org tcp
US 1.1.1.1:53 api.mobeacon.mobisky.pl udp
PL 46.248.173.147:80 api.mobeacon.mobisky.pl tcp
US 1.1.1.1:53 mad.mobisky.pl udp
PL 46.248.173.96:80 mad.mobisky.pl tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/com.app.ewe/files/HoLOXqEmE

MD5 95f88b1d0651f103fa8a66cf0ba92ae7
SHA1 0e2b81802219d7df9d36903f3307524a601d0a5a
SHA256 d11db1788820d55dbbb1ac501148ee232843be75141a40d3347c1d31190cec08
SHA512 e140cc02a23f3602860578758a1a061316b0ed0ecf0dc629e4e846d644d7220df99d195168d9488d424fd34a46bc05a763efbd17eca07f04ea8e90dd078a70db

/data/user/0/com.app.ewe/files/HoLOXqEmE

MD5 a884734a2f4b021021f12fc309f3c32a
SHA1 f0fe5f4e9e704da13e0720a88a919714859d6994
SHA256 578bec3cf83591c6f112eb98e3404725e74ea6a8606322e4c8202e7bb9502cd9
SHA512 ae3427afcf8662400a0fb0c38bb002499e1460314e9be87566a8b5ae8890b28ec3bff411f97cbf0b114c16c426b73a181b859eafad8def7e111b9719419cfebc

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E200DC-0001-116B-8F143923E50ABeginSession.cls_temp

MD5 b135d3773bd4e2710641312ac251190b
SHA1 4130aabb61f8c311d50c3aa6702a8cfe4d554505
SHA256 ebdf5a8d83eef8f68d5c1dbad174744c1fa01ef15d561ee5e72bea347ac3b1da
SHA512 22746ddab7fc0e768a94e3b50733d601d06f87f9d05007b49b83641e1881f32e4122fef082935f59b304e936d8cae2d9a75d7354289107222ebbed38572483af

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E200DC-0001-116B-8F143923E50ASessionApp.cls_temp

MD5 5d215930f77f851c8f28cbdb5eec24a4
SHA1 1f79c8a75c700c05c2ad030a62cba8cf4b220648
SHA256 c9252bf179467ab36db23126173b777ca93dcade654559ed69ee4a3d45690e4b
SHA512 eb3c2e9cce661f803236c94aed84b9ee33b01773f2d7606eeca63241c9596295fbe1cf091d7168dbc4eeb108baa05198e6353dd406357eb99b0d002e412e579a

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E200DC-0001-116B-8F143923E50ASessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 9acc421db6ca4c51aec4a3b3b89db17f
SHA1 29e4ad30d211095278c395b0284b7102297e0d94
SHA256 0601a6e074e20e247b6c16250d6c3df627686d1af4bec8c6af4a0477f58233b8
SHA512 a0a7ceb9d9b2f3c7320164145605280a314996bd85e0673dcb0ae1fa634a937586928ae70e9f0381e60ba1235a176d8fd59bfe62b689d3db735df54bda9e56dc

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66BFF7E200DC-0001-116B-8F143923E50ASessionDevice.cls_temp

MD5 36d93590259b34af7c6f1a559e63fd61
SHA1 56d8b524975d96617f775314e2abee8d275580ce
SHA256 8ef897dae6684f5e6eda0acd02351a22b60f9af5902fdf69d65fca342b8491ba
SHA512 a18acbc3bc5b1f58bd00b89e954a6072f445f6f6afd94eaa40a8c66c6b09a59103d08d9751f4b1a0c1191664fd0ebc3c7e0e5eede7ec87563a7f3338f7e2075a

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 1b7f114ed9c53b2c64b8e3b7bd445caa
SHA1 575be8fd2863538aeb5a88163d76b9674c187967
SHA256 b0037d476e931dcdd6d4a08e9b7047e87ddd09a9991920e7e5727dcbe3d4a2b4
SHA512 97956f6cf084a053068c94bef36dc0b2f8e790dcc9ceac7947f38149661f83b5421513bd2c95bf904eb8e9a207251f48b8cf40b8b1b0448dff2e26d0ddb41669

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_5f883dac-6773-4800-9893-a6f92e53315e_1723856870166.tap

MD5 7eceb94b345e9ba422505d59c47936a8
SHA1 3ca0fe493572b0a15c7fc72d5509579b487fd1ef
SHA256 ccf3b6ebeb7708d0c9034debe6972c7a04952920694343fb8b61b1a283ed17fc
SHA512 4584c1fbbc657f30de5ecef66174b822f1f5e5c4370a897e4771f0ce267fbe23f768dc5e62902915749473d070228c42a59c3fee438f10ae1b87b8e42606ccbd

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 cacfe47a0c2725357412ab548f623a3c
SHA1 1fe6c7005230e4f5cb6a06486e76250c7bee172f
SHA256 0ec2e066523de88d53ec9f64be8e947a2d0da706b4eceda2ccd1a3271a002433
SHA512 676a5c21f193308ed9237f5d9f4a2bfe4e322622faf66077b4895d6afae2067558dc16b4640418d6a861087c1215b1f52f3a10a5540bf331fb9a29db03bbb603

/data/user/0/com.app.ewe/cache/volley/1580846780-880934530

MD5 06072bbb09b9ac65b696655758b52754
SHA1 b72e9787afa1f57cece8199f21dd02cd358d44b6
SHA256 0c619d65f343f3f16fc2adf76db86f71aeda0ed96fb61b1d6a01ebefe8f8d2e5
SHA512 a0db1e4227982301b82e6b2814b7e50b4f44ac7091415ad2f9b9964f09fa225bea1a9d85f3fb515aa402676428162dec6d4aa0cdd8eb3d5acfd043c1328f2186

/data/user/0/com.app.ewe/cache/volley/-173925523122420134

MD5 83ff567e132c922aa45dac3771ac5b41
SHA1 fb476e12212056a39d7e87142cce9f65be1da811
SHA256 12274e9612e684f3f04d3654fdfabb894b2b998fa6f3c7ba8aabed3cb96f7af0
SHA512 6b4509416b2b1bc8176ab558117c8b6ea20410869723775925761c0dcf12f47f7c9161ad1c76b4d7eb80e92995d9875a4b9f43142b9ac1f0f43ffdc53115a8ec

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 255840d631e98abe1e77dade5aa27f42
SHA1 be0dafba2cb8471250cf22a3c9cd892aa64ac3db
SHA256 502cea94a6c9148850c11d4e4bdf4a2d7e851a517af2152c002013e19edaac44
SHA512 14399bc0ab9f2f71e7f1ee556e9ec56b8feb373a7787d52a476521ea3cfe263683541b1308a36911c11e6923089020ee2247c64d46c87b6ae24d464cca50cdfa

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 45857ac677c025e74967e8455484bb38
SHA1 77dd7b301ace40c0ff5e574dc956977e2f4e2b47
SHA256 ea37ea6645a4456400ce47cc32e164a04f0288c5207fed04e70e8ee09fc6c0dd
SHA512 107cead200d0cba4d9158e7e83531cb82fdf9926fe7e2cdf419ea19b53063715288c0d613e3655493aed40eb4599a11286c2daa3f34669bcbe305e9a400d4ebb

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 bce8a1946c472bec509092d4a0bc58c6
SHA1 6991e386d567efb9d58f5eb72d7173d1930adfc2
SHA256 188353709382ff96581cb69673c405d81e24f14e863a31707be5bfb96b5f1b02
SHA512 cc48350bb736108d984db5a675cf930f04772a81703569da2aa7ac67d715800efabc786cdd50bda10a3aeb575cb378051a1d135617ed97608c1adfb3c503fb04

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 5e630bb9f27fc4eb4e563d025cae7089
SHA1 b88cf9c8fc8f9877d52d812f1aa3c6bf1075a1c0
SHA256 0c2f55725423672442fee9847ccc6468cb7b304b664aaaa3d9e4acf87e4e0bf1
SHA512 a76ffe4262084265f8021928e8d343b1aac1acbf1d214bd574eae16ba0138849189610788b49af055a60cb4147b58de2a2dea217c66b030b49509421226d10e3

/data/user/0/com.app.ewe/files/org.altbeacon.beacon.service.monitoring_status_state

MD5 cc4bbc8ba70f47846a200a2c724f520e
SHA1 fae9bcdea717a24fad5ec5f019a71610571de107
SHA256 070794b6c44bd816022c80774022e779ae1271cd452608339dfd0929b8b2db05
SHA512 c39e6708fc4b291b31b539db61caa954769d5392e2d7f7dceb362efaaed19f5041ffe84fe6f70b525e6ed75876dae96b7dcbf2e606f3f6e235fc5b983ef66624

/data/user/0/com.app.ewe/files/AppEventsLogger.persistedevents

MD5 1ef2d09c6f515a444ab99ae81a7c5f12
SHA1 e9ced9866d5c94d03a3e7a6374d33793cec9d9c3
SHA256 a3d6b595b96dab0f9a680a3df64158abe7d2f7df0d06298133112668f7fc1396
SHA512 bfe7f6f5646ecb7ab228b19362052dd0f47684ac2035fd699ac29c2d51633ac67db5bc5fff5983277daa4f86d8d0e25f89661e343cb98be9358040780f441df9

/data/user/0/com.app.ewe/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d233cf7a-a73d-4e85-93d9-720a08e4b963_1723856883622.tap

MD5 d219aa05ae5ef196e8c99ef3f6c3ba46
SHA1 35ee7cc40316f6ac88710d0f7fc217a86d9cfe0d
SHA256 9b29a6bd9b818e19687d249c4689a72eb88c84eca75c0b3114520229435ea796
SHA512 29c1d2c7a56954c4f60a7403fc5d0fbd6a4028082606d1c2ffd3b4a617ba9abe242d5732cb6d291c39d31e67c58a7156f4efa9796f4d97eec371a25d314f6cca