Malware Analysis Report

2024-10-19 13:01

Sample ID 241007-1y1p9avhjr
Target 3fb8abfe4878d0644588effa1a2fe6fa55caaf3df800fc2dd34a60c82aecc70a.bin
SHA256 3fb8abfe4878d0644588effa1a2fe6fa55caaf3df800fc2dd34a60c82aecc70a
Tags
hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3fb8abfe4878d0644588effa1a2fe6fa55caaf3df800fc2dd34a60c82aecc70a

Threat Level: Known bad

The file 3fb8abfe4878d0644588effa1a2fe6fa55caaf3df800fc2dd34a60c82aecc70a.bin was found to be: Known bad.

Malicious Activity Summary

hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Attempts to obfuscate APK file format

Reads information about phone network operator.

Requests accessing notifications (often used to intercept notifications before users become aware).

Performs UI accessibility actions on behalf of the user

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Makes use of the framework's foreground persistence service

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 22:04

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 22:04

Reported

2024-10-07 22:06

Platform

android-x86-arm-20240624-en

Max time kernel

147s

Max time network

155s

Command Line

com.ehmygokzi.cjbpfdbdj

Signatures

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ehmygokzi.cjbpfdbdj

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp

Files

/data/data/com.ehmygokzi.cjbpfdbdj/cache/classes.zip

MD5 6ba0782b490600a3648790c4b4ff16fb
SHA1 73f337518576de9c4c46e5f8dfe6681e470ab595
SHA256 23e114be70367b63e463223dcf96eab32672bc3c275424cf185b061c6cf2b176
SHA512 9fba89d8850f26c2f164f8cd107c38d3db1a63a5b69c610b07ce3b1af543f296109580d8fe3f509f9a0f9fd94e8168a3ba17664e6eb90afa6143dd553bcc790b

/data/data/com.ehmygokzi.cjbpfdbdj/cache/classes.dex

MD5 a06a80d3cd1e299ee92a541d8634c67c
SHA1 caf3809ee0de695c06b69c7cebc87655b42bb06a
SHA256 837111a5f17f0ca1b122c33a16be54130d43d73ac1ce9faa2e65c1f9f133787d
SHA512 c330d0b042e00aa00014a06fe42ea121879ea600a803bfd58e3943c06df55bc4444b3f4f59f503b7814137b2ba732a594f22db15c71f3a65e05fd4116621e64e

/data/data/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex

MD5 7df07a8e0ba5aa9ada1285c7226efbee
SHA1 d00d6c228a1e33db46e348283897bcc081218c9f
SHA256 e172cb64a5bc8d8da5102b02cb4f242e4e42daa735657363a8aed7e26b1436ed
SHA512 8828274c08305d4e96f37474ffade446ee271ecc829f092cf0c184fd68ef65c2d2d1a71d730332d6637344a993a8cbbe2a2e3df259071c5b00ebc15084e8a684

/data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex

MD5 2b4be443eaf9ba1a12d2f679907c3cc3
SHA1 b9022e94e9444ea8436d60366de9c18428773c7d
SHA256 094903c8fca0b6457b741ca7fa0525550ce80536448280e070531443c3280445
SHA512 749eedcc868a95aec89f8a5dd1a1da935ac500a1d945daee17eae23ab1ec7f7fce89c34266fb3911fcff4470437a4151503362dd235427ef77fd9afc7f1a8d2d

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-journal

MD5 a19b997ea7bd22f5065b2b841ad9bff2
SHA1 e4e9c3618c1c58666901dbe10b47f4a1e3e3b047
SHA256 b5a54f2445f0972344c033cc45dfbab290a1adf0132d46ba20dc4ddfe225e87e
SHA512 0c02eb6fe3d17418cd57fee5fb16559f58d3fff199dc3bbcb15f35348c0666ce60bffadf69fd8de303f03e28427fd06a9c88d30097409e9ccac2c20928b746d2

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 45f588f8dc22d944953248155471f28c
SHA1 36097c606b4f8c44b1c82d6dd1548b5f07a08a53
SHA256 b83a6a2da9fb0d6910e0c8f06d2cc6562974349ef37c6c782cfda74dc4720e76
SHA512 bf26cd240b0ef86526f9d6b0af122d0f01f380bf8cb94dc0e5c08121e12d60c8b60bf342c08dd790ad8f5311321be611f54dbd43da53396a138cdedd3aa58431

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 a42fc0c2aef2a803e5478b82bb9f53ff
SHA1 25244a86a07efae3de6d3b9078e23c6b2ebbfe4a
SHA256 08f998c85c5b257980e6fc47051c1f2b27b2cfaf3a3a033ad5d0d526507cd708
SHA512 388588e2804f078606e6b06286badaea74ccbefaf0c0d8a0acb7090fb89327d5b0a7bcb4663362bbfe1d0ab33dd37907d883498403c33114a765e1a68d788673

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 5a1d9b95433974d209e6ab904606bd81
SHA1 c29a5571356775c4350e51ef980f60cb4ca7edc1
SHA256 6a7f20dc403923408680f9d226f6309f083b7277860e3ff745b390b1b22f2946
SHA512 ffdbf9ab3133d35328ce05cdf1af334786ff0d57f6ddd1b05957e1c3d54aac988e0313a535bd2590aa46a418e2f28c8f3c1dfcdffa100f95a6de3be55f29e81d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 22:04

Reported

2024-10-07 22:06

Platform

android-x64-20240624-en

Max time kernel

12s

Max time network

158s

Command Line

com.ehmygokzi.cjbpfdbdj

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ehmygokzi.cjbpfdbdj

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 tcp
US 216.239.38.223:443 tcp
BE 142.251.173.188:5228 tcp
US 216.239.38.223:443 tcp
GB 142.250.180.14:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 g.tenor.com udp
GB 172.217.169.10:443 g.tenor.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
RU 85.209.11.193:80 85.209.11.193 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.178.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp

Files

/data/data/com.ehmygokzi.cjbpfdbdj/cache/classes.zip

MD5 6ba0782b490600a3648790c4b4ff16fb
SHA1 73f337518576de9c4c46e5f8dfe6681e470ab595
SHA256 23e114be70367b63e463223dcf96eab32672bc3c275424cf185b061c6cf2b176
SHA512 9fba89d8850f26c2f164f8cd107c38d3db1a63a5b69c610b07ce3b1af543f296109580d8fe3f509f9a0f9fd94e8168a3ba17664e6eb90afa6143dd553bcc790b

/data/data/com.ehmygokzi.cjbpfdbdj/cache/classes.dex

MD5 a06a80d3cd1e299ee92a541d8634c67c
SHA1 caf3809ee0de695c06b69c7cebc87655b42bb06a
SHA256 837111a5f17f0ca1b122c33a16be54130d43d73ac1ce9faa2e65c1f9f133787d
SHA512 c330d0b042e00aa00014a06fe42ea121879ea600a803bfd58e3943c06df55bc4444b3f4f59f503b7814137b2ba732a594f22db15c71f3a65e05fd4116621e64e

/data/data/com.ehmygokzi.cjbpfdbdj/app_dex/classes.dex

MD5 7df07a8e0ba5aa9ada1285c7226efbee
SHA1 d00d6c228a1e33db46e348283897bcc081218c9f
SHA256 e172cb64a5bc8d8da5102b02cb4f242e4e42daa735657363a8aed7e26b1436ed
SHA512 8828274c08305d4e96f37474ffade446ee271ecc829f092cf0c184fd68ef65c2d2d1a71d730332d6637344a993a8cbbe2a2e3df259071c5b00ebc15084e8a684

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-journal

MD5 f27cd9a57cf0a0bef004f7bdba3e8194
SHA1 ba77e830467a8874f413fe55b73333b45f17f9b6
SHA256 0685371108f740eff3eda3563af6ceb50d632f3cf2565e019be7cba93f4bfb1c
SHA512 805653f8da9ada800a4f3faaf9b1eadb2a4aabe5807ff28213a44b4799c83741a4599edeb3e6d7c14c815b7358c3d88e9c807ef4baccb26e8314230371512049

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 74be5fa7403afd7809d68a7e3f3e092f
SHA1 762a7a5b95bbd9738d6976d1f5fecc8ab931d3d6
SHA256 581ca47b55f0fe2ab1cc5a69f68eee5dd78353085e0ebab282f4d4648af39360
SHA512 bc8145eace5356799b372a7662a1611d804aec6f33024f9dd458fada9f252b753114af9b7414bc3e5b81f2870bb07e24f3f5396ed6eed8c48fd1f8b0d3d0cf61

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 684def0a3a4cf6af7e6a355eb0a57aa7
SHA1 a61123160a648c04890a0b2019cabac68e363db7
SHA256 1fa786c181361881b35c11b1a5440483e8a09d4165e8c6cc3bfe93a792a5ec8c
SHA512 eb4f3caf7e99fa0e6e54da1a71242b1bd8bd7a005786896a9cc3edf180f3c1a8eea29b4c381d2888107bf95e14601ab97a4017e4da571750996254d9f2810b50

/data/data/com.ehmygokzi.cjbpfdbdj/no_backup/androidx.work.workdb-wal

MD5 e312329aab35bd01d3372d79ebe4e680
SHA1 15e5546741fa0af83e0113d798773436e3873234
SHA256 9621079c066c57087b34ba6b81925b9e72cff6926eafa62de0daf92d87ef5052
SHA512 e743bc27ed8996fd6d27bf1bdb468524e3b32cd0672388cca514fe2f47e2c05dd3e217e99d67f1a05f5b9bf9a4934fc00ef5fe0a8c3ff6e503026b1966b08044

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-07 22:04

Reported

2024-10-07 22:07

Platform

android-x64-arm64-20240910-en

Max time network

147s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
BE 108.177.15.188:5228 tcp
GB 142.250.200.38:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.212.193:443 tcp
GB 142.250.200.1:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.180.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp

Files

N/A