ermac | 08113a4affb0356a63a356fc88a88c7eeaf3fe7d0b8df852ea8723f014aadee1

Analysis

max time kernel
51s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
09-09-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08113a4affb0356a63a356fc88a88c7eeaf3fe7d0b8df852ea8723f014aadee1.apk
Size

3.0MB
MD5

d2d453c7460e87470fea92c2cef75a13
SHA1

2b5caf78c0050a2dcc413792a5c7d270c77ca2c7
SHA256

08113a4affb0356a63a356fc88a88c7eeaf3fe7d0b8df852ea8723f014aadee1
SHA512

c55fc60588ecc354cd28e47710363882bcaaa89a06c3fdeea1c86229963142908ce3966a2c8d367595198a0aef95a07d2a494bb3b70ca78b922a60e97685024a
SSDEEP

49152:PL54VxsS/XTRr7sExiulh9XKDjhSmUoZgEk6PcTHPuhQfS6TXY9oiKCWR82p:pIlr7tn6jhZG6PcTG6KCXYaCI

Score

10^/10

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Malware Config

Extracted

Family

ermac

http://81.177.140.77:3434

AES_key

rsa_pubkey

AES_key

Extracted

Family

hook

http://81.177.140.77:3434

AES_key

rsa_pubkey

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

resource	yara_rule
behavioral1/memory/4239-0.dex	family_ermac2
behavioral1/memory/4213-0.dex	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.hifasters.mavageras:AppMetrica

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hifasters.mavageras/app_claw/PPN.json	4239	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hifasters.mavageras/app_claw/PPN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hifasters.mavageras/app_claw/oat/x86/PPN.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.hifasters.mavageras/app_claw/PPN.json	4213	com.hifasters.mavageras
/data/user/0/com.hifasters.mavageras/app_claw/PPN.json	4417	com.hifasters.mavageras:AppMetrica

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.hifasters.mavageras
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.hifasters.mavageras
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.hifasters.mavageras

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hifasters.mavageras

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.hifasters.mavageras

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hifasters.mavageras

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hifasters.mavageras

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hifasters.mavageras
Framework service call	android.app.IActivityManager.registerReceiver	com.hifasters.mavageras:AppMetrica

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hifasters.mavageras

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hifasters.mavageras
Framework API call	javax.crypto.Cipher.doFinal	com.hifasters.mavageras:AppMetrica

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hifasters.mavageras

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hifasters.mavageras

com.hifasters.mavageras
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4213
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hifasters.mavageras/app_claw/PPN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hifasters.mavageras/app_claw/oat/x86/PPN.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4239

com.hifasters.mavageras:AppMetrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4417

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hifasters.mavageras/app_claw/PPN.json

Filesize
1.1MB

MD5
ddd8600e3e60fd7b836ad3a1c93b5ca0

SHA1
6c5a525f85c727d88a06f9cbe6a8b9c74526e69d

SHA256
41d4db51ae63ca3580d9a7c13723156bbc86dc3646b78ec8b3e433f742210cf3

SHA512
6a986ea29842e7ce2c807314d331a80284cef8dd171909cd5a8b63f2b0a578d6564a0c8d73525b09c7475ee17023d65dc853604f86ea720bec5384012484c977

Download Submit
/data/data/com.hifasters.mavageras/app_claw/PPN.json

Filesize
1.1MB

MD5
c6cf10c45d1104fb5708dc566589d57a

SHA1
759c4317b59a95def6fff1ec6aa192342095a63c

SHA256
bb68cf3d979d013e530355fda785e6d3463a35f5040b4afde7118733bc875d87

SHA512
b3cbae31be3267f751f6e9bec84b9d686b056848d2d0adc752f0d114184824a2bd966e2dc971f67f1e1226a9e4ebeb4813224ca7e6c8ff4dfcf8702390c23d35

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
cc201859a49005e9b8406dcf6cc45368

SHA1
bdcb04bcc10f625aaa021633e01399e0c0b538c5

SHA256
98643878ec5a0ee67f29f0bad4fa6529d0fc1fba3aa0dc27b2cacdbda7e5d237

SHA512
9d6e96740e3628bec5afadbb5cb182640eebcc98d6b0347f7fb03723562a2d0146d71a8cc37da3f9f91521c4c1bc564f890c62c9aad7810bb5464b3c02739eae

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
5b1276aae505b249d7f8abe3fbf0e5cd

SHA1
2459b37861709231b819ae5eeeed90fc8485c3fe

SHA256
a9b126f0fa6d3df66baafe6b0c03db15b392604ecd5a96ff7160fa5d547de270

SHA512
7e2584619d9d7186efe2ea549e48565791c12640c97da90491594103f4477b52fb7233687dc3fd86b0a437d5b430c8f695975c7097fe5a414f93d21f34cd364e

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
a16b99c189145c826da2de947bab6437

SHA1
5029c9988215e99d7816af0afd1abfe6bab1b0fb

SHA256
517c2197e2800060dfadfbbf65f72ee0ffb787c2fffca66aec91737c9d040072

SHA512
3168342d9c2878d5cf2678ca2583b419b59ffeaadfeab79ef53c635d24d86b6bf7c49218d30a29ee9f9d0b8463ee497d18940feebdefd72e20a238362c5c2472

Download Submit
/data/data/com.hifasters.mavageras/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
0dbf92665c91829ae20c94fc2adaf80a

SHA1
efafeafe97f6a8acea761b051c5011f9f4247849

SHA256
d681af974916bc7b744cfa1046186a1051bfadfcf80cd414019c4b955f0f39b7

SHA512
31e1a59d849b9f9c6c04b742ef744d7b3486c391859106e9cad775b57fee824f64e8414918dcb460e1d4253744fb2328150a1f1969b848e041fcd2c947ada65c

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital.dat

Filesize
56B

MD5
9b87f6bd635015120cd29152dbc2d1bb

SHA1
d6be2873028cb102024f1a990af377127d34f423

SHA256
da470bc8b40e81e7a924ea977c0b8ff98e073a2a1763b4c74fe299ca9b44d718

SHA512
8967d1de1c298445d4519a25ecb43aa4e1c9bfbf3b5e8bf3fa6c5ae7339e3717d4b82c0e9bca1905c25db5f9717912522961f571c503c986b796000533bac797

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
231B

MD5
98b2d2efad651b6b9499597686e942b6

SHA1
52fcb6e1915b1d06e38bb8dbf3bb21e73d679a80

SHA256
82dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242

SHA512
f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
233B

MD5
ec4aebc8afbdbe29919cbf297466e5a3

SHA1
030860d66c0b1ea21d1fc224579f38d7dfbedb09

SHA256
2158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34

SHA512
ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
284B

MD5
2b6bc414959c0002122fa72465f5173b

SHA1
1dc8cd5b1714c28221776699736bca2ede576c08

SHA256
23af5b438c083baf3d50d3a4be3ff8105efd5a945a2eacce80deb42a9697338b

SHA512
c8c38f51fff2a080bd6d607f9aa230e5d549464ad0fdf32d77bd5d51729d7ac191d6f986ab17553933a1ac54fd58436198fe7b00aa7ae3f57ff5bf2a256eb107

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
5824da486c1145a967733467cb95106a

SHA1
2134afe277fd91f14f07a51d3d3300a2d7ae531e

SHA256
32382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b

SHA512
be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
fc2e05efc87ccc5458c8dcca2f2793a6

SHA1
7f4010708a789818e359b6928a0f51a65fec0e75

SHA256
898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed

SHA512
52c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
271B

MD5
e72e350c1ece2c1849c3c735bc98d527

SHA1
168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5

SHA256
796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2

SHA512
d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
287B

MD5
289793eca4e8b555cbd5715ef6ad391e

SHA1
f4f322844f6b0a5929d8e288188dc240c37470e3

SHA256
17826663a01c69d1402cf8afecbcfb0314d1e836778d8771e76839cb5010cb5d

SHA512
7613ffe2b38fc8620354e64c129ccdbd55b440a9618ca440f0742410f9a1ff467e2829398d794bd8eaebce2866d049ba987b6fa624af021249c1a9ac49e2fb5a

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
8KB

MD5
5ce448a047ca6742e7fc3a267436f1d6

SHA1
eeadf6a1ed987a4d28c0b6a51bdc992a43b3119d

SHA256
9061bd82d96252f6f92b1fe825abd9995ac517c5d3ccde6f37416558bc49dc0d

SHA512
3bcc31f53066c241c0b887e9930214d3494f8a2900af194fe4ca364e69bba56f8b422ce712be6fe4772d7a5b77b7b0556a321ca8469201ce5ab267a1b02eedf8

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/auto_inapp.db-wal

Filesize
32KB

MD5
a0e93ef00d13b1a90dc18530d2481d59

SHA1
37b2234c94d649d530c5dd05a9a6dff08706dc28

SHA256
96796a9dfa812376c284799158c8bc7cca3571465d6d7aafc8199bc431877c68

SHA512
fc6be38f87a3585110bc300b4f22de24d3486d40267b0c7ce240b5adf6811bd0ef78baf6625dacb1517a8068164011787a9129ec04ff15c07acc29337a1ee5d5

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
5dca09950419a96f727c80384db5a662

SHA1
541470157b3824aa4eea60f9799e22efe296c369

SHA256
5b375bcb27b2bfd6ece47345d1537a49a66d9edc918bf31fa0281cb053c274ba

SHA512
f30940559d2568d4630d39944867a38be8fb7ee93ecd79848356d40ea285165934f1df6ce08f9390e556cf6deaf0f154f1d27c04eb1f1c27fb3e904c15fb2ad7

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
5c129b9be3d0e1e5bd93a9aa98b7fa01

SHA1
3a82cdce609ca5a313a74fe1e241ce4fe10f3426

SHA256
d1e5955342bbe1269c7779a9db4910fe62a92a307edfc71165ade4a0e77ef16c

SHA512
cf6aeb23dfe635d50db93d5dff6331f03fa861daad2dc35db83126dd48a48248efbb946ff23db1bed4069012133e66c5511e24fb5a2e5b4447ec6be5ad6178d7

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db

Filesize
209KB

MD5
1e23088dde7649855bcc8beeb843b712

SHA1
daba308b50b2967c3961321c01eeaea5843d70f0

SHA256
13274c9d2c29e3ffc1cde246885bc8bd2d76ffb1f799756f3f6b3d06d5c5c419

SHA512
9c3e36b74bd753784a1d58d12c0d46da58fa09e7bc40f4e7c9316d09c3bb3e60bef3358503a793cdf14ac73e2c7214922c2f51c6941fca0db166bc96d770ac1a

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
e8f9eaa2b450e6d67a920fcf1e5a7077

SHA1
f6a3cdfe7d621590414fd08c6420aea3d9642a14

SHA256
1ca17ad5019471c5dfad7fa7734b58b85f923a32a37b75befde3c52c075297a1

SHA512
70b2b99e248310536af30183e2a47c6d1056060e87567aac4ba16b294f29f6afbc0b8970bc6e11a9762ffcb559695cafe8c5aee094cf52dae8d694fc18a8fc43

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
e4e4863017475bf61bad6fb93872d271

SHA1
5c42c5db625d8d49e8ee0dcc095a9c7f7b4b92f8

SHA256
539385157ff626702f3c37c59d641affac3fa6d0397448570d840dfbd05faecf

SHA512
ea05a0788b3482f1ef1cca97f00cc22b9b7e9a7f4080f5a0c5186612b3cdfaf01aa32d625432b61ddc03c9f400eefb540d2bd6724eadd72d365b6d3b2e6e7296

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
32KB

MD5
0e897efae31c1b25185af6260bbbe40c

SHA1
35cd481a7e68ef63820a3b782c4ca7cd900eaa14

SHA256
61251bd8ca5095f1fc5fddf42dd3f534658471569d130c880d003deff5e9b20d

SHA512
0537bd98ea90b56989c3184559e7c5d314d1238eb6050d858a1108d5028d1637bb8087513cc1620ff6d77bfebf2edfefaec8a7f83b014cb314baf63de5ade81e

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-shm

Filesize
32KB

MD5
e83cd5bcb4812c9e1f52f4438cd9e2f2

SHA1
8a4b9a2a2107392b9e1d3483cf3ec5032a6320ec

SHA256
7ccbe1d2e62f87854a29d3cecef7ba35e9e3c98773d98704d56dae039bf068de

SHA512
b7835bdcf0c22e2db0bb298074886926e94d1810f0fb9187f3840cecce9b8c9db5eebf6c13b7a83304cd682c6c748605a9eb4f7d236b9c0dd9eb7bb6734f0909

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
32KB

MD5
d5f2acc03e421a298b00ddad06a5a92f

SHA1
048f866ec910c4ed4d730848d237d5a84b5f0a4b

SHA256
4360660887268e0f6869028734fd82cb391abfe7947a981bd1c0e8f3d4997535

SHA512
510b1450d866be47062c2900446617bc2fb98377c487ae365ebe4e762f7e362596c5554b08fe9845dc9c4055f9217af300568f6a21fbb8b0d7ad3d62e5d41e1a

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
372e500e483828903f39c1b1449de9a3

SHA1
2a5dc98074826c88bd24c26a7d1ac746845df85b

SHA256
f200ebce07f5984dbfac71d8fb8d6cd35c1c65606df7c799a2d5296324840826

SHA512
63ab283e3808fbb6a31bba4443f73f058e897f0240c26ad12ed411b838c96bcd83ce96fd4daa0f6feda48959b5493e34a6460f58090de5996f2f0df89787e4a8

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
4fb1c6b7de88750f306b11b00f26baef

SHA1
eaa24a9d322c5d2f5cd4cc6d97ef15b2356590fb

SHA256
403f5b2ef8875038aac9c8d311ec744dae2926dad0ac057b3855556a52b32da8

SHA512
e28d1d46fa6dfe5e93b6b2e156284fad125ef6a33b8f77c4079df52a00156e6559ef019d2bd2b297b88de0f6cfea66527f93a5dc4e1b8c508f1d1668cae6605b

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
32KB

MD5
2ff57e603dc4ec781b63f50ce7340bf8

SHA1
5baa48edd7abf7c2b6bfe492ad6e4008affe6a70

SHA256
b89040a86075f912d9fa09b5657b7419dc96939f0528d1aaaf5705b6a35e158a

SHA512
5b6cd109d8254eba2d8ae6d02e9d88a10e4a21beec96b1e0fcf654556cc395c08f55b1c19b18eb213f5c939a3c422ef64e8956233a89e8960919181eb9e5fa18

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
08ba27d6e1fef4ad869313ac44cd0eda

SHA1
a005f30ac34d71757cf4d317a0521f206714e993

SHA256
805a46fc4e5064aeb9559739d743a6585dfc834162f760623c32b5850fd14c9c

SHA512
f79b3bd271301754e30d282318ec27207c8e882bc9af1282782a50b57cb5fb6de9c1efe9ea91ab736d3b63663cab3112e2eeaa72427f7d46368ef23b1455b211

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
512B

MD5
fe1cae4e37138ad5c4e4a1dc48ce2607

SHA1
329569d7150db666c677f9c43ecbd7c08179254f

SHA256
04efba5f13b4e6dc5ba55efc6f00e9c068a396c7296e6eb302649a2b1f392e77

SHA512
17c134c9fdeea744d36b113b613ecbc8ddb33138685599af06e6a13fb05382a053728f9a9e0b5f4b0571ca07b50130b43e5e18b37c7fd74709fd9e703a4b89ee

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal

Filesize
217KB

MD5
05669009f61daa4d4ec9917451c13323

SHA1
6665e1d473422c9b680572faded786b07167b1c7

SHA256
37359e7543b27a5b9912321b29cfdbfc3dd940bfb78ce559b0d53703e274c0ea

SHA512
8b1670df4f2777e88403dfc10f720f4b43cfc262942d0d0f274fa049de37de8c073451c6cde3df6e8633e6701880ec87af12e763bb4a3951d32daba2033b8fdf

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/service_main.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/service_main.db-journal

Filesize
512B

MD5
bd97753dd62a0d4bc8908fca45642dd3

SHA1
19da651462569cda18d6cbc724fa29e53236962e

SHA256
bd976b159c1f85b7544603bcb84d7ff511f35228233c40b378cb843ab884eda8

SHA512
b3dad862d99cb22d316536763e07fbfacf51ca29186705ad09a3e2ff6b84aeabf5b6b6dfe3c34a4f61ccdee21ff0d5647884cfa99b2c62731162d5da36797ed2

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/db/service_main.db-wal

Filesize
233KB

MD5
420e0ae1cd54cd007138173de68a0ea3

SHA1
4f37f07598e4dfadeab86e8b062c0b550865e1f9

SHA256
c22acb827cab7ac288cebb837b4bd4ea5037ac96248cc527fe5c32d1a38ef8c7

SHA512
6089e02a3cbc2ddb0c173573eb80572db4fc502b66da438d08af46b9e499edd763ea7cfeb053fcdc80829508698f59b86760002e8340acbe4b06a715b1f95b6c

Download Submit
/data/data/com.hifasters.mavageras/no_backup/appmetrica/analytics/uuid.dat

Filesize
20KB

MD5
7523d4eb41213811dfad3631e775fa1a

SHA1
b895a78ad238656947cc688c6d7e985c988aeea6

SHA256
db24472ac729088bf06812b5bd1809cfda7fc07e642651888dd05170624d479c

SHA512
a3715318a608983018542bd3256324d62ae2c55203956b08eb6a0a05e8947df433c307a1e8d378425b9d5795a331233852c3ac9a7b8c5c6a0adc1a9d0da93426

Download Submit
/data/user/0/com.hifasters.mavageras/app_claw/PPN.json

Filesize
2.6MB

MD5
4624c10fe8dada6330b1b16ca41643bf

SHA1
cdcd4121a95248a3387582f69cdb7cba5e61c198

SHA256
4042df3861764dc70bb1a7646a29ba9c5d15df78e949a40700eba2abe887e9b3

SHA512
12487086bf27a831590c3c7ea606c4d683b3a4f200897c4034eb8822080e656f663727d3bd4a536e7d948a8f1c6e827bd67d66fcfdf52df982a2c0416c091e34

Download Submit
/data/user/0/com.hifasters.mavageras/app_claw/PPN.json

Filesize
2.6MB

MD5
29b8af8f38080ecb091921e4388afcb7

SHA1
54b2d68b9d6bdc435e4439e5594f69b47169359f

SHA256
aac31d0e9abc24734a4a4ece28909ccc8e9cd583af024eb49b30b84c05d41273

SHA512
e97c639258c52012f3745e7dca7c5ef0fce8f7a0b3eac82a048e6ef6aa4b57f0e2989962178b1ab3ace2d36d86cb138b2b13cf39185ce48f6e388c45635416c6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads