Malware Analysis Report

2025-08-10 13:47

Sample ID 241017-whsmgsxelc
Target 52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118
SHA256 e9fca967da7de00ae2020859ecd1a958fed3597a780443375c1405c5ef56bcce
Tags
banker discovery persistence evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e9fca967da7de00ae2020859ecd1a958fed3597a780443375c1405c5ef56bcce

Threat Level: Likely malicious

The file 52f2f89bbb0e21deba46196e5fa0dbe1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery persistence evasion stealth trojan

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Reads information about phone network operator.

Looks up external IP address via web service

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 17:55

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-17 17:55

Reported

2024-10-17 17:58

Platform

android-x86-arm-20240910-en

Max time kernel

141s

Max time network

130s

Command Line

com.mobile.indiapp

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.mobile.indiapp

sh

chmod 777 /data/user/0/com.mobile.indiapp/files/daemon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.9apps.com udp
GB 216.58.204.78:443 tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
GB 172.217.169.42:443 tcp
NL 142.250.153.188:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp

Files

/data/data/com.mobile.indiapp/crashsdk/tags/unique

MD5 3574e09805d5fda6f8231530ec108e59
SHA1 b8fc6844dc387176f4ac735299870c3bf84971f1
SHA256 272dcd75b9b81932ded88cbb03bd95c11c508329cf8a932ad383726e7703dfe8
SHA512 014f8bb562527adfeb99ca447f6f5f73aba6df9cf3b781c1fee0e7b0dc24476edcce2f0ea928cc6f6a4d78ab38594975b9ddfbbe4338cda66e785796e792e2b9

/data/data/com.mobile.indiapp/crashsdk/tags/PPAIDNI0ELIBOM0MOC.start

MD5 c833a61783ee6edde8ecb644f8660a1d
SHA1 f7ffdcedf8a2acb9824ae0a35256be814486fa0c
SHA256 05f6469c0d4e874bdb51eabf3022fb82a9537b42cced22f3615f893cce26b823
SHA512 0b0f0ece1dae8c6cc6a508bf21954cac24b49b72b52923d81c38787305d4fc1d3cf9484f9a66c6a876fffae1cfd6cfa47edbadac4c2a94f36cfdb9d442f9928e

/data/data/com.mobile.indiapp/crashsdk/tags/PPAIDNI0ELIBOM0MOC.time

MD5 be1d7cc3cfb9fd6ee6d7a085c86d9fa1
SHA1 5516ffc7b81729b71ea8a33ecbf7acd1890ca940
SHA256 51f02eb7bb5db78c10b7d0264e82b023e1e50497607585fdee5bc4fede3677aa
SHA512 516edba447e89522c0df5a991ee6faecb468faf022f00ac03eeca336eb0a6ac1b1e233ec78933e041899d6d8b33f88cbacb267c2d9c2f9626c4db557355f5935

/data/data/com.mobile.indiapp/crashsdk/tags/PPAIDNI0ELIBOM0MOC.pid

MD5 53c5b2affa12eed84dfec9bfd83550b1
SHA1 232aa8fdec7dba8e16449e85cfc5077b48349e19
SHA256 5243263d41cab9e1cbdcf5a638902b4ca036661f51cc76c33d466852cdec166b
SHA512 cda3c3e725c791b0ec7f32f4b9e4157b58b4c432d07e6482978732cafd7c322bca5da1c2b570eb7a634013f5be8fa8cf9299c98c0043e02f3ebf646dc3775cf6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/data/com.mobile.indiapp/crashsdk/tags/PPAIDNI0ELIBOM0MOC.meminfo

MD5 7a34f3ea66e9c469025c5adc1b3acfcf
SHA1 4cf90ebf871334134777f682d8525a8dad89ee6b
SHA256 e5836e10973f602401818f377217a2b98a2133959afd4697b3120351a21ca9e2
SHA512 457dccc0a4e3c37076e6919363810f709c61abf1d993d1c30db6150d3f91b327af25a78bba1bfa98b62bd5978b72769043b0a7e1e690d7aa7efa4a80801a48bd

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c58953851a7a4e6e7de180274ef6fa62
SHA1 ab7a3b02de5f82fbdd02a0860bedba6880a9f21e
SHA256 1cc9f3cc51bf28e1ddaba52154c51f9ad4259d0ff532c02eb1afb597557229dc
SHA512 64d5329390cb169ec8be92d979be0aa890ceb816e3b59a24bc5b5097b59186d744a54e5517eeada60e7b68ebe59c37954ddbef2ca1ed96a5d8fdc94bf3bd0150

/data/data/com.mobile.indiapp/databases/WaSession.db-journal

MD5 0fc9de4b8ea177258c42870362f96869
SHA1 5bb452955059a45f085288ba7916c206b0bd5a4b
SHA256 c8f4829f718ea1699696a27aa5b0217ad37142c97a0165986a0860abcd377e86
SHA512 2d3f53037bd81ea879e1c538247f5fcba0f47ecc18c3527e9ae4401f08915beba17a828d2ce164fd6448a90ae7b3eaf2717f746aeb82ff5a1254e7ad154c056d

/data/data/com.mobile.indiapp/databases/WaSession.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mobile.indiapp/databases/WaSession.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mobile.indiapp/databases/WaSession.db-wal

MD5 eb5264802a79fef097097aa5fbc05bdf
SHA1 e73a7e73e9bc074d6cc979356a799afd6351a1c5
SHA256 fbcaf3569336293728305aebf4f0952decfcf51bded4280cfa36961cbf1d0b88
SHA512 18a6a9582deac446ee56f5a2551bf20cb47c1b13bcd2b8d8e9b3e04a945879bc6fdee66e369e34f2eee0dd904bac5344f89ebc1e38360fac55a9097b7bf4e550

/data/data/com.mobile.indiapp/databases/downloader-journal

MD5 f049fbadacfbf2325e0ab06a7edce048
SHA1 19b07d98c852808c85d9a58d307b47560cb0f58c
SHA256 8d7ec2b1249b18d155582c4eca29422312101ca0aaba873772fd661f2cc0f67b
SHA512 6b2cc23cfc8593a47f13c641d9aab9c7d92f97729f11bc4c71659f1d2aef0984facdb104b4fb9cb9f5ea8476d003abf0fd0425e7fc047177cf98c02b373ed07c

/data/data/com.mobile.indiapp/databases/downloader-wal

MD5 b9aded9860b450850e437589e552cb23
SHA1 24dcf22fb0799b2c24ec5f11da3560fcc65e8538
SHA256 541a7c82caf737e600c90cc8b073c113c97bc6c95ba8740c201f414749569da7
SHA512 240c1ace58329f16b35381919aa8734dcf12d892e237c92687d9e2a93494e5d66da9e0adadc564fd5a0d6e92ea09d1bef69ec9d80926ba8f2bf61fe142214c80

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 bc761261a2e0ba74a01df643ef770ab6
SHA1 9a929df46bb8683969b5b536835b330261252b02
SHA256 0fe53d933f5cb92f11e3c42a3d949240211939620c7d188402e386997f3a458b
SHA512 5fda589a092a77460091992cf25254cc32d602565e38c1d9ab25cac7208b404876961bfc10c12a0779647b67526ec406acf40023104828ea584556fd81b213c2

/data/data/com.mobile.indiapp/databases/WaValue.db-journal

MD5 7281b8df7200b32dc456b9f1cec40b67
SHA1 d605dd8eed0bb613fbde5656ee656fb5d5d164a4
SHA256 291569e76fee7c2473f87095754385fdc079d1c4c943ce715fcb26c505c0f860
SHA512 2d33ce17648a3e5eec0505a76d3a5e36315e64b8633cf7a1bfe57536316d84149f39da370f366b560fd67c1838ae6668df11d50f58940499be0b76cd5c84aa35

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 07da459ae55680572bed7af7057981c4
SHA1 ce8bcd401c5a531ee91b8e25fdaea28f130a7537
SHA256 50ac9a8a54c5fe81ac70e3004db52ff4c2680a987d714b017f7bf0a664cdc0ec
SHA512 411a1a7ac037f98cea267a19296db5c1d1cd5d6e04c0da1a793b2e005e9ffb33435a1794be61de66e8f897b68c3ab7dbd9d6cbec1400e16517c8150250bf72a4

/data/data/com.mobile.indiapp/databases/WaValue.db-wal

MD5 1039fe9fd7255c89d58c08ffb3b20671
SHA1 8269e38a5dc10270e4a843b711fcc0460179dd86
SHA256 d1f7d8956d72fece0925e9b386e65a8eef0d8dce9e79405ac82b2c0a62ef9d3d
SHA512 5d0550eeaa9411f921f59d239e0780ae5c1d32ed69b1f27bb64d6aa77250d4e6691d3d71d74f7f0ba82e8c7bdb3bf4c433703541b21c1ad076514378a2610e01

/data/data/com.mobile.indiapp/cache/httpCache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.mobile.indiapp/databases/pushmessage-journal

MD5 bab921292b4d31b27b63513f4fc19df7
SHA1 593e69654b33d328b3791265eead564d6f064d66
SHA256 9d0f642323869d078e58d18a508273730eab7d8735d5c74504db2ab9898baebd
SHA512 f77f60063c8338ad968723d59135533ebd8bdc1b6a76cf2167b30684ef9d1ea80e3c05f2d105d1a3444b32f84645a0f91f9e6617d63bbcbaa0631392a9518cc3

/data/data/com.mobile.indiapp/databases/pushmessage-wal

MD5 13df862dd537f88cd6056ba8287dba92
SHA1 ea421d3345d7b0396132cd80281cf67790fd38e0
SHA256 075c85f5cc7d6729c9cd3dfb64edb2af52d3b9b9a8e0cfa471c8134b785ff5ce
SHA512 ca554e13dff894da24487992e1a770c2b9ffc9f6076b61f7b1d6db4c815614ea8bc14bf88f34f73213f01efa394978a72db428441e5b78403bf9739f608f1fa4

/data/data/com.mobile.indiapp/databases/gpoffer-journal

MD5 4a71d012accdab2e39649169a80d444d
SHA1 eba96d49b1883b99255b965f947a33060350e24e
SHA256 f59071b645cac1780b2e35a92cc2d495468402cc0b01cd0b2308e8103701561a
SHA512 9192f09b6feb396f76f5e4a920272e0b391cf113a21c5888527b1b580a7be5664be58f1790de62e0809a29fc9c079efa6d2ede91662127f4fbb5712855cf5392

/data/data/com.mobile.indiapp/databases/gpoffer-wal

MD5 066481066fd6dbda14909c2dd3b38db0
SHA1 a8dfa7823cfa51e05741ecdd6f1f2bcd5a4d2c19
SHA256 3cf6b5321c8f31d2a839f65918d434eae82383dce9ab326dc91f8d7777c90e41
SHA512 69d53c2c8a7677fb3642d1b3b2166c355caec84582dfc6c02629d3386aa05a6ee4faea2d4824f64ea90120d9ebdd497362995eee350363bb915eca1766237bd4

/data/data/com.mobile.indiapp/files/daemon

MD5 e415dc9f7ae531ca1da4d00d5a072607
SHA1 2d08971ae91cad6fafae2e91d2701b97a5fe9415
SHA256 8fa4c27529ddd36b19323cb156d8f186974e8b85e02ea6ee6167808508198d13
SHA512 ad1e166987dd3c4894e95ec13bde4bdb4dab62fae88327f82af235a80d5e22f201fdb66b2171257b4d4dd003794ba682f7aa064de57867d5afeb8cca672b18e4

/data/data/com.mobile.indiapp/app_stat_log/1729187758641

MD5 3503653bec0f6aa0d8acda08b129f437
SHA1 2026248e050de5b9319ec049a18ef34239de057f
SHA256 28fec5b080c7ab8b96e94a48460fe6e4f7a07ec1195974e72b48f215b8bebee6
SHA512 db3dcc2502d2ee2c3aa24b02ffb8ecdd84b21c90a5be1fc0c29b92ae3c7e90b5edfbd06bae2896f35a0effcb0c127fbe39a677d5bca69eda571addddf16950dc

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 17:55

Reported

2024-10-17 17:58

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

154s

Command Line

skydownloaderv7.facebooklite.stt31.ua83247992v6

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

skydownloaderv7.facebooklite.stt31.ua83247992v6

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 vilandsoft.com udp
US 1.1.1.1:53 ipinfo.io udp
US 34.117.59.81:80 ipinfo.io tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 128.14.74.107:80 vilandsoft.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 128.14.74.111:80 vilandsoft.com tcp
US 1.1.1.1:53 adsdk.vilandsoft.com udp
US 128.14.74.107:80 adsdk.vilandsoft.com tcp

Files

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/gaClientId

MD5 6bb1d703764d13b722ef645636865582
SHA1 471034c58e6421b5bef3df8afe6d56573098ebe2
SHA256 fb5298defbb87d8439db1f2688900ee4e31aa65bf002cd99fdb72f54ab4c10db
SHA512 33e36f839d9183eb54997232f2828d4f30a610030f18757e3204f954d3953fbf346861dd5c1c97cdad81c776400caea7c89e7600324981c9e289c19eab7b12d7

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0BeginSession.cls_temp

MD5 d7ee280b8321ba256f8f336c525fa359
SHA1 d2eb7b4eef105f8d3e71c7270b0537c93ff9ba7b
SHA256 9843634fd7b4c132c49792891191de78d820a7d3fbee41ade5f24bae0971f6f8
SHA512 f31bbbb989c943c3eca42b780929f7fbf665e8703952ec0e9feeb21726ec76e7c366a9c6d9459cefa1cc3d47e6b1d90edc1b9a38cd10fedb8f4ecfff0e1e1acf

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionApp.cls_temp

MD5 c668c4f42f26f66eeceab6629bd9ce45
SHA1 78a7b8ecc999053e0a680d0a3d57ec70e06d62c7
SHA256 03d403d25d972db8c11d28ea22d46669089ac2f404f0b5659b041890591e7d38
SHA512 31c9602f87c5e6ad79de41dd1fef47b572f9df3f0df2b0e4bf8251fe6ea4d060f3d699252f37d5c30c062c152a8347efab08d63457111328bc81c9d6a6b5a5ec

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0SessionDevice.cls_temp

MD5 099b737fa8fa693bbba99160f993ba58
SHA1 d415b2f3d43def4a9d9c2546a1892c9ee85b6ae6
SHA256 c66db99024ec543d9e87c2f1ecb4f014a58d455110cb4282e2d2c587c7c1434e
SHA512 4e8a91c51ebb8af774d4f93abe63dac481fef76ae8c9b386e9ebaf6f6f2e6302526b52f10d14d25c1f4f9770016562ee0af54e53e78e4d753ff4e869daa7b591

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 98c10db439cb346644fe6110b1ea2abe
SHA1 d66d1bfcffb9a5a1dfca8b1028007b663d0d3032
SHA256 4f8db53d949dcd74e8784da27fb0d0ff4fea53c451ae1c9349af6f2c723ae28b
SHA512 5a9f1f11d173babf02d7b1f4f326f36d763e8d9933e3fd488e0891fbb355e933efc13dd53c770e250a85c13609753628fe08bea902dfdc3ed1e25d4f892eb236

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta

MD5 b6d185f6efbe50a888d05ae408e74ef1
SHA1 ede36bece85511cd1cbf752d015b7c4463c9e669
SHA256 769ab80ed0b2e202f9e10da0018179ddb92ad4afab7c268bcbcd827124a68b00
SHA512 c0cceecd2738c1324bae5fb03e833b9cbdd009c8a800efe7a558fb804523f79da2690d34fe157eaf8d6619012b0f214a07852581625abcf35f54c90498e24b58

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta

MD5 edae353642d165f254e34d0ce986c428
SHA1 38116bed3c236a65e676886ac23cde72a19cd561
SHA256 e8041f569777ee119f9510bb9950bf517ea3316522a667d1eec5c02a7655e36f
SHA512 8a4f210ea2bb86227dcb50ba72d4f6ad4eb0139159d21558fe662894c69e5349dd48133e7fc6351a92e172342160f1a01c977d0dc06f1a29b5821de65242d93d

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ccca0317-8722-4d95-aca5-b007c9df18ad_1729187752293.tap

MD5 bf4cd0a9ca754ee6ce6adec045b57ee7
SHA1 9db24014312d502045e72f79b66c94250198a364
SHA256 c117c463254267009d808d96c15a5cdb6c71e3f66949f6e90891eb8fbb1808a9
SHA512 2ff63d19932d04a8b329c14a863ee8ed7db3318ffe038413c0545a98cfb27355686beb4c0d5dc5d7dc99e7dae28fc83dc5161708101a03c501839f49e397c024

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA703DF-0001-1092-633B272B21A0user.meta

MD5 53dda71c22a8f65e4ba24cda94a62efd
SHA1 46b6a688792ef54114e4c95387e9dbac96f01c59
SHA256 d73681cc7024c74acfbfedc2ffbab30c80a416121217c5d051c672d772025515
SHA512 f8fcb5208ae3bcada65b04b6af7e82f3407e394b397eeff3e2f71c29fbbe547a1e6da7cd458fbb00f417bec42bc104b02ecfca5cbab8066469dc54391d2ede5f

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 36d18f665d96a98a38c8b76272f34ac1
SHA1 e0edd7d2b6d9c767b93faa03ed2b9349e97337cb
SHA256 6da3d98e2a7d9c8f03bf9e23a77f8ae4a7be70cf44a0b182c5da16ce2b5fc83d
SHA512 3007a223acfeed9f4faab61faa123a11a7a8e86fd085fe7c2b97278053fd603784b68f3abc2fa637ed3641fd0517f00363b9f25349fe5eb86bcead468a090a88

/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/790093723.tmp

MD5 b9d4ca18c503b17808e8c212ccaa0459
SHA1 eb641e029b116e4a838bffc57a2db7e9d0ae2852
SHA256 e0b0665a2d5cf862db53ad32109dc6b3021b022ee89f9d67228ebb331f4fd6e7
SHA512 c68967a7e794829ec2e936c3159987b46c6678f20466db9ea1cccc97a006b9f68600b720e555e934a93e2669114ac672a5254d1730eda36d57d2e3ef3c5c43fc

/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/425486677.tmp

MD5 aa20ee1bbd2c88b98b22529fcfe531ca
SHA1 6563a53227d7fa5a0940f2ad30e52dfdf2f8e3c5
SHA256 cd242338345a19897d4546a9faec393bbc5beab6ab2a1f844ef74ac9c31ed795
SHA512 91bc411eb2dc5ea781d165346eaebbb21800ebbca66277fa7659d09906345def2b6cafccd924ab0a75b3d12d48f6cab0a5f206573887c0c65c968ddab5939441

/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/392045835.tmp

MD5 9b9e83b272e4f69339ed5fa03135d59f
SHA1 e6061b6ae412c2ec10e1e0a12ff1e5d741fc622d
SHA256 ebd736ae33d061327236743be3ba5a692c5dc202d21aeb726414b7558838cbf3
SHA512 44ef30566b05ec909ab463f1c8247f9861f3ad836555dc8b462e9a20d5542bc849c1abaa538a817a78f8316f43c731e85475a91260cc2975b5c1dcffbb596211

/storage/emulated/0/Android/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/1719428246.tmp

MD5 054e5897fccf583739be3e03b644be1a
SHA1 6c9b76155b2bedee7e75ba070acbe8698bfe60eb
SHA256 c93a7abdd8d7918239e47f1cf92d09b840f498f593ac2155faf8b354242ea8a6
SHA512 819f417e341cd33fa19d31d10c7534ff19a8103e5d9a5ff0bcce875a04edc558552fdf2604f8bb0caf0a50f6d76317c5a54a66bfdc465c897200dc7e75839d4f

/storage/emulated/0/temp/com.mobile.indiapp.tmp

MD5 35b57713d34ed96d3e0d916582cf0353
SHA1 e1830cba66de430bae779e839df280c857e2626f
SHA256 1b7106549255a7e1dbcf8421533aa62e7ee9800219f9afa958dc4e55814e5284
SHA512 97e97725940985d0ae811426ce52f5ed7310e85735375da3edf50e2af44bc0c5416ebcd4a235277c5a427a1bc10b1dd60ea8408ba8246b63ec78ac454b3b3e54

/data/data/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_fc4863ff-e4c0-4088-a2cc-75a8e75a8f69_1729187766771.tap

MD5 6d564878218f21c5c66fab05c708d192
SHA1 251072f0d6619f4d50ee9fad8980cb8c7ab20633
SHA256 11d9e14783376a52e8743b6db8f128a7769324ef52212ecb9dd9976e430299fc
SHA512 d238e993264083613c9cededb12498e63b0c599f75d65d8555d0251de1f46ee8da4eec73ee0b8167fb0520b494823e68593dfda89c2504949e080db69621190a

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 17:55

Reported

2024-10-17 17:58

Platform

android-33-x64-arm64-20240624-en

Max time kernel

17s

Max time network

140s

Command Line

skydownloaderv7.facebooklite.stt31.ua83247992v6

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

skydownloaderv7.facebooklite.stt31.ua83247992v6

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 vilandsoft.com udp
US 1.1.1.1:53 ipinfo.io udp
US 34.117.59.81:80 ipinfo.io tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
US 128.14.74.107:80 vilandsoft.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.200.3:443 tcp
GB 142.250.200.3:443 tcp
GB 142.250.187.238:443 udp
US 162.159.61.3:443 udp
GB 142.250.200.3:443 udp

Files

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/gaClientId

MD5 a2023f89d1b2de862d8ad7ea8ad1529a
SHA1 e0882c1cbb807fa5575b8e5302c37a34e17c74a2
SHA256 97d84d40057f394e0140b0b702a19bce56566b5df2b67d23bf9c41850c9c9211
SHA512 9aee4056c899fae4c0c7fa674374928cfac101f32d19db24acff5ba0076b00f042c5cb41aad9f8b12361e13225a9d80293ecaffa58b33b222ebe5dfcc233287f

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287BeginSession.cls_temp

MD5 87eec3e546e664e073040f972b2010c6
SHA1 6d402ad89c1bb59a30e22f403f1536fbccfaf726
SHA256 98d391081370a7c959825831b046a7eadf878e527ed3f4726397201bddc3ea8c
SHA512 652e8d4e23c8e9ebee75aadb68a7cfbc92ef1a9faab868258b72e58a2965c740a9067caef011bfd04c3760a418762302e4b56778a16f210558e077696045ba3f

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionApp.cls_temp

MD5 0126a20a5bc972fa657003acc6ee55e5
SHA1 7219bd3d0704a3119ff51ce1142c359ab05e3d8c
SHA256 9554734fea1973e3811b3286864dc9f51e898edce3db12a0d380550034c0ec64
SHA512 302e34c5cc0ba8126a94850bb1c16e0708d20848c18a054792d02c965a2a8d886d729436516b146ff73133e2d71eb0b1d4290713578372c6c21b70bc98f3d925

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionOS.cls_temp

MD5 f8b3ebea29c91d82f009e5a9c6d11060
SHA1 99d88c4b39d9143084e777b93d9692a59a3d087d
SHA256 b7869422f5dcf3f24ae91560cec05ebb39852ed45baf3a31176f9b90de87aafe
SHA512 6f89bfe6bc1c0a68bca73ef92c53e1a308fd63f2228a25a6e34d117fc5cd253209eed56fe08f51d5643343a152acfdbfbb1c5dcea224e2750aed46074af369de

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 0ee9f4ba9f85b99185fcd85052aed7d7
SHA1 2320f047d8ec9f6811e9d35e27147d45546cc445
SHA256 d73463b69631da6161029825ed2c0909244ed622eee7ed542b7d8e4da58ce1b4
SHA512 039b73b5ad1bf9e67dedcb07a8bd9deb38ca624925a5242c0693d63543a073a0de4ea9bf0f7f0bd468277cc6e0498cccb52e2c3fadb81318f09a98d14baf11ae

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ae85621f-e36c-4f1f-9656-ac33e4fb45a9_1729187754119.tap

MD5 16dac9930e2142a2eaf7f6e53be6c1cc
SHA1 6f5accd62b287e833feb7141718dd3a212b614b3
SHA256 c007cb2d73ecb7c23826d23953c28f2bef06f588572fc9d6335f60e5f762ec0d
SHA512 58c4f453be6b22d0c6dbbc93640e6ac5f28a321226d88b118b7539a15786c2c1f742f28b9d8f71d1c1f3d787f51179d5e89609bf787d6619a79555352bdc5797

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionDevice.cls_temp

MD5 9c9e956e9e5f29a1431f2ff0641576aa
SHA1 88c4277896bbc068fb45100bc4f48223a0c69549
SHA256 d315d37f2c4bdafc3b4b56f91d71b80311c0eac7839ccad4c275d9e4b970fc83
SHA512 29725c08302ea9c46ec12b9281756630d7ed4e5044a50114f08c8388f5e47057af3f19e72811b9efa3d70daa361b09cba812c19a5966818ad7190a0475752d54

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 ed99c14491e8df0044c0af053f1489b1
SHA1 8139e4e73d0e60bfef23c407c8b48f99d83ba3fd
SHA256 8fc6d9dbcd753714535120891bfddeda0da47434b389447689166162882fcc58
SHA512 b07a2f33563fdc20f303afd7d2bc13c954018656eb75d5cb8a1938dc816f9e83e6f88e6778f3994947160af65b72921dea5cb302a3fe8ea83747f4b31fad9ac2

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

MD5 b6d185f6efbe50a888d05ae408e74ef1
SHA1 ede36bece85511cd1cbf752d015b7c4463c9e669
SHA256 769ab80ed0b2e202f9e10da0018179ddb92ad4afab7c268bcbcd827124a68b00
SHA512 c0cceecd2738c1324bae5fb03e833b9cbdd009c8a800efe7a558fb804523f79da2690d34fe157eaf8d6619012b0f214a07852581625abcf35f54c90498e24b58

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

MD5 edae353642d165f254e34d0ce986c428
SHA1 38116bed3c236a65e676886ac23cde72a19cd561
SHA256 e8041f569777ee119f9510bb9950bf517ea3316522a667d1eec5c02a7655e36f
SHA512 8a4f210ea2bb86227dcb50ba72d4f6ad4eb0139159d21558fe662894c69e5349dd48133e7fc6351a92e172342160f1a01c977d0dc06f1a29b5821de65242d93d

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287user.meta

MD5 53dda71c22a8f65e4ba24cda94a62efd
SHA1 46b6a688792ef54114e4c95387e9dbac96f01c59
SHA256 d73681cc7024c74acfbfedc2ffbab30c80a416121217c5d051c672d772025515
SHA512 f8fcb5208ae3bcada65b04b6af7e82f3407e394b397eeff3e2f71c29fbbe547a1e6da7cd458fbb00f417bec42bc104b02ecfca5cbab8066469dc54391d2ede5f

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/790093723.tmp

MD5 b9d4ca18c503b17808e8c212ccaa0459
SHA1 eb641e029b116e4a838bffc57a2db7e9d0ae2852
SHA256 e0b0665a2d5cf862db53ad32109dc6b3021b022ee89f9d67228ebb331f4fd6e7
SHA512 c68967a7e794829ec2e936c3159987b46c6678f20466db9ea1cccc97a006b9f68600b720e555e934a93e2669114ac672a5254d1730eda36d57d2e3ef3c5c43fc

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/425486677.tmp

MD5 aa20ee1bbd2c88b98b22529fcfe531ca
SHA1 6563a53227d7fa5a0940f2ad30e52dfdf2f8e3c5
SHA256 cd242338345a19897d4546a9faec393bbc5beab6ab2a1f844ef74ac9c31ed795
SHA512 91bc411eb2dc5ea781d165346eaebbb21800ebbca66277fa7659d09906345def2b6cafccd924ab0a75b3d12d48f6cab0a5f206573887c0c65c968ddab5939441

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/cache/392045835.tmp

MD5 9b9e83b272e4f69339ed5fa03135d59f
SHA1 e6061b6ae412c2ec10e1e0a12ff1e5d741fc622d
SHA256 ebd736ae33d061327236743be3ba5a692c5dc202d21aeb726414b7558838cbf3
SHA512 44ef30566b05ec909ab463f1c8247f9861f3ad836555dc8b462e9a20d5542bc849c1abaa538a817a78f8316f43c731e85475a91260cc2975b5c1dcffbb596211

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7ec2ef14-78cf-464b-a799-b66c815b64ad_1729187764031.tap

MD5 6f17ff8c0435bf118923feda8c3af2e5
SHA1 19811a3d6deceabfb6ff56cb7ca32a0fc2eb49ad
SHA256 1cf4b48fc34ad439fa9fc11f1f15ecbff24f1d707a4ef544bd07750579a56a03
SHA512 ee43d08ee24f72915875e44f09fcbc79ede9ace64599ef22590a17d8e46363ca10e8263d6c644bf075dd1f3aabbc193b198cd5def0dc4283ae521f5c381a209b

/storage/emulated/0/temp/com.mobile.indiapp.tmp

MD5 018b2dd965ba5aadaf0312893ea72de1
SHA1 29ffa12848677505c96f000691ccaa11e8f9d06a
SHA256 81ea0a653163d773a9a9f3ef922449cbb28afc971a82a3be36a2c8f7356c3b9d
SHA512 c899070f36bf0a73608678cd3cb29221b11464b506470a4a01b80d3a296471ff80c7c21529e07d78ee965d5dff8a38185713140d0b30ba767a46efa8cc111b16

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionCrash.cls_temp

MD5 0562ad6e6c39dd4d3730c7cafcdeadf2
SHA1 9767886533c64621563954ab3f86f99f542fc554
SHA256 0f601d7554694f89b7a94a8cd3a62b9a359bdf546dbcf99dc6ae0253042996c7
SHA512 e0e19e5e0823e48209bcc319da84bd05012031e4668ac81786e9e215acc340e0c5826dd6e30b444ddcbe444b041b4a1d919de213308dc248e3e4fe059425109b

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FA9034A-0001-10EB-ECCBA329F287SessionUser.cls_temp

MD5 9c0c428bb140688d404b44a6029ddfa8
SHA1 09dda2e25390fd34bbc608caea3f9e40e0cc278e
SHA256 7beb785ead0b743eb61fd11308432b3f9b99693dc088fa906f1a7948ab8ebafb
SHA512 8958267ebc1c27aaa665b879da837d559254a151a0859eba2f7b69d140baea940d4a8fc268b486086e13933f66c58fe8f964158711df33b8c0ae3d11eaf58e71

/data/user/0/skydownloaderv7.facebooklite.stt31.ua83247992v6/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67114FB70278-0002-10EB-ECCBA329F287BeginSession.cls_temp

MD5 14855d9f3b21be54f2baaf26ba7cd2a0
SHA1 e96b6c51a8a5cc63d5657dcbca7f965269fd052c
SHA256 a6f2b9150b972e773154bc2a7c34ac9f7d810d95185e8b279d70d2e8be045ce3
SHA512 17ef9e52d466b8ac7789add71ab9c506569169f138684822f322c4fc7a05a573a4a7be9e1e229e6140e0fa6c98eb230faa22d74e32d49526b974b6479e27a4b3