Malware Analysis Report

2025-06-15 22:31

Sample ID 241102-n2p2pstfkm
Target 85515a664c2779f1cb088b36ec145d55_JaffaCakes118
SHA256 208de1c185270d6b3ac1291d968baf5faa4387ed0a0d9b71bc42814ab6220fbf
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

208de1c185270d6b3ac1291d968baf5faa4387ed0a0d9b71bc42814ab6220fbf

Threat Level: Likely malicious

The file 85515a664c2779f1cb088b36ec145d55_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries account information for other applications stored on the device

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Reads information about phone network operator.

Declares services with permission to bind to the system

Queries information about active data network

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-02 11:53

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-02 11:53

Reported

2024-11-02 11:56

Platform

android-x86-arm-20240624-en

Max time kernel

134s

Max time network

137s

Command Line

apps.ignisamerica.cleaner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

apps.ignisamerica.cleaner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 apphit.us udp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:80 ads.mopub.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
JP 133.242.26.93:80 apphit.us tcp
US 107.22.27.166:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.125:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 push1.apphit.us udp
US 1.1.1.1:53 config.inmobi.com udp
US 20.33.59.69:80 config.inmobi.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401BeginSession.cls_temp

MD5 46e9d0e5b0801e4203cd44f15c50362f
SHA1 bbd78041addcd0f425cb077285791e9d277b1f58
SHA256 05f47fed845a4c8645703385825e429c1378d3beab08e12054281cf4c5c23c48
SHA512 3c48db10f3c09661e0eb452ed992d9bc7f70c89711d50541be7f2eb1a6125fd11f8f73527d70e39b4c95fe3010a7fbeffdb97dbb28ffe6754366dad6dc5070a7

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionApp.cls_temp

MD5 a521d1547371c04cc9c0fb6d1cc20d9a
SHA1 2b8f08dbbbca1a0cf31a6ca639d28ca9fd62e6f5
SHA256 cfb2d3cda3c54f6c3f984e4a8dd65c24dd2bb9d38d8e9904cba643339c48f2ef
SHA512 0bc28a2704555aa95bb1defe35fefbacfd52a193c67ba2c30d652ad0fcd35f3123cffc6969c8f993fad9ccac79ca472442c63454f313eaf508870a233a339c38

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 844c84b7074bec7409d0544388608bfd
SHA1 fac1555fcb5c132a07320a9c8b9d5943dd700e10
SHA256 cd3bd99ff4af72835f75a5791bce8042074e3e93d8004077e72d4a8484b130d3
SHA512 81b0bee2ccbae8282d783933cd85dccc949fc74bb8eec876fa46f8df456107d710caa7e4e3cc0a06b629c1a2197fdbed4bd9a8a6869616a850f931803374eb4c

/data/data/apps.ignisamerica.cleaner/databases/com.im.db

MD5 5f75cffa300bcfb208b39afe3806a6cb
SHA1 a1c4b6cffaba7880bd068bd899618acb201b861e
SHA256 0df8d3d9089f8632e71fa253ddf4c9a0ba9210193fe42855d01b27fdec3ce887
SHA512 d9ff8b79e0e36c28b680566838fd222d0678deca9a8a7169836a80075ebef7430c69f4e85cfe17865fad0a086591f36d2f4c79e44ae7a990edbaa1750ba14ab7

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-wal

MD5 1ab270a8018b1904f572711c14a40a4c
SHA1 29fc6ded1f270fdfce12478ab35e552780c251a2
SHA256 f6491c46db75f5039f84222a7fbde90436730b2d36703eac333633efb94bde4b
SHA512 3fc43404612406a96b491efdb26ae23c2bf4189ab196123e1286e4cf2c7bf4efb21eeb4dcf2896fad6605148d18e2d56b17a3b9c24342fd22be6ab1eeaa4d981

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-wal

MD5 02dd569ab5784446b2246b7eadfb0b6d
SHA1 58d2bbca0aa54fdac426a8a3ed7570d45ac13d1a
SHA256 95dd6f9241575cf0eaf0e024ab07937387e2d7c97b7937b2f964a6fbdd54666c
SHA512 81d409536e9ba73c713f969efc7ecff656b3d9cede0b962f79c338ec6f4aa0d9814cbccdc1c2188deb32aa0d2370711f13aef9780c3e2076b5123786dfdc0c35

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 d7ccc0e9ba9f0860c5fcae80f7235a06
SHA1 5ff1b0deabd17ae5a55ff9bde250cab99f9fa709
SHA256 051b2fb845e17251d5d14c0521bbe9dfc2f993ac26dd3282b476b9891bcbef29
SHA512 32fb284b9437df870e2f5e614908897f4bd1ec4abed82219f6a913c03f6ba26c5a2191cf87c3f593af6e62b218835445dfa879702e50e880f007d24345ae2ebf

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db

MD5 5a05fad907ea02df9d96f83c34e4fc10
SHA1 aebe64b9062009dc5ad49e9c94c23a50258213e1
SHA256 1ec9d130560b85af7406ba2283cd43dd723c6656a6643dd89f6aea104fe465d0
SHA512 0df951a7a68742dafacbe3f5ad1da083dc08f620afa08cbd6482dc3d592facc269746fc68f6b6772285e03bc25fc17ae93dfe7ba2528153c4bf8a9471d3cd85d

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 ee0e06d220bfaa643ee24a3dd9ed1859
SHA1 b3e9b9dbb432789fd406970c6c6f18e6b2bb7775
SHA256 5d01664da188643acb6e54f3dc504353b3bd73561db1a60014dd40397d34cd95
SHA512 82ae48c5cc7a8900a57025985b00240aed53a54a3360d6acd7d9af22cf77f71e20fa42e8229ef4762b5417b38067955be356fa90a16c94b77db6158ac92aee9f

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-wal

MD5 16e327ede23c2a6946d3a1a78599ed8a
SHA1 14dda990a41c2dae3857e7c71ec7e50ce950fbd1
SHA256 d8f04f27efca4cf95a41d6b46306897c578e0433f68319f0128dab281fe2b7b7
SHA512 22b21c1250b4c37b4089f4c9b716c7e55619010fc3ff19fce9129ad7439dce9b0b85603850a0ac7349857cf7668885358d1ac0a3aadb3515f9a5120803bb3fda

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 33bcee05eaf236528faeefdfa74a8677
SHA1 e0563ae96a8d7bfdc3d51c8a4219c9d3abcc27ae
SHA256 e03e573feb06ce6591688533e23acda877ce9ed3e2d30b926ac5997868ef85aa
SHA512 79d0013bb5d9fefdff9cb1f5b6d746018be49ade031c16765e3558c9c8ee475f25121e7da067e34309caeffbacedcc61c8c1712ecdd1ed79e73b71fea49f4300

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 609db791f0269bc5937e5d123345d2b8
SHA1 3f7a9da98d98e6f2e23d2218739f990ce6999c57
SHA256 a56a32049afba89843aa8e413ef203331c78f60657f739f7db116b378206b9c7
SHA512 51c4701ca8b5562753a66b3b183882c187ab53f1471714b3fa838726236be1341a8a189772792a638f5889309192080d68609fc7aa84949a3c71537831f916de

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 5f0caa5fa746a41e28ab53d008cdb142
SHA1 b7c2215f07faebc18d2d3e1a83622c9b1ea728b9
SHA256 a527a6a5d70f39e5d5e5fa00646b3ac0255e0fc6692b8b561fc6d24263e0ec16
SHA512 b568d6f6ad42d503f57395c83c49476fa92e2ddf0129f8df2990593b3123dc3e16b32b25e3dedb88e8f64f8c239340a18c47793b947b13f8994dbc69cc76f8cb

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionDevice.cls_temp

MD5 feaac65237f60388b6cfbe70b83605ed
SHA1 f45b09228d85c2477a1a0e71fd606a3df117afcb
SHA256 9b7e68e62cc9c773bf3d4c862b8d47a6068d3770a5e123e8bea6164e2e049ffc
SHA512 ed2dc28259828d9c8d621525a5c7b7def419a68a06eccfea822809c0f9a902d086f39026617ea7217640e2641c0caaad9c6e3e1c0d19f15f17f62402bfb69687

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 9d3d9bd65e5bc61abda1874b6dd7db2b
SHA1 00f0209465c682491887d14f98ae1a778e813ff5
SHA256 03ec63115289a515fbc785eadf0f2b9bd526ccf4962cf460bf39f40949939c72
SHA512 7429d95aada00bd377d69be5d1b6d3544747e1926557e084be9716e158ad67a3b94e6abc4920bfa61759f55a5078ab9565a8010fcbcdde6c844df1b4f5b2accd

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_eda789db-c916-4cc2-8178-31823f8bfc7c_1730548447452.tap

MD5 9401bfb009d945549465b29bdd79273b
SHA1 73a96fb2371cba1a01566e5852868c4b85cb674b
SHA256 a34bc5961fb723b408d3e391db57d07e1050ffc5977f6e2d718dd59852565ae1
SHA512 f782e6d6a6fd5800c633c1ccf1f11ac1206df98b6b04a7b40a300295b7d44373ed3a46a1849460e8927f1dc5fa5135205a6cfc958597a31b2e1a6574f352ea49

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401keys.meta

MD5 47b5a1b8619f18bb88ebc8076db93edf
SHA1 6c94f4efb6993ba800e1c29501b831fcaef1cfe1
SHA256 3e3f5bcde47bbf24fb540558136532461f433ee5a61d34c269294c53cbf0208a
SHA512 686403d15d0e222c6edeeebf38f62a509dff875d38fb410e435929fb6e704fd9aa7904b141a7910670d0bae30472c53ed27ef94bc80114a1da339ac34b76e6fb

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 c9d49da345051d92b31b0df37aa54676
SHA1 be9d6f493b266dfd607cad306a4d648e5c79b8a4
SHA256 d4f714cba93f089604bb58ce6e797013d9df4a41c4f9ed609abc119ccbb7a0c9
SHA512 0d9bbec0f59db0a7d8eb6974b8c3092f9d621fa0754a371967b22c95646efad08a6ca5c9ff6d0d842eea2f4ae12a049245a5deb6cf57ff6ba03cb260d4ffb438

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401keys.meta

MD5 c9775a3ece800592a75b17745c3a0f4c
SHA1 772e2f8b840dd4111efd568f32de5ddff591a58e
SHA256 4247ff5b4d4fed5be8e2c27d139e06170bf22692ab637dbc3e698872cb78310a
SHA512 e06e9ef28b9b14b1097026e29d2ae7cd08f2abb806a4792a198c159e69d1c7c9e1025a6110be4b1377385cb1e8265017af3970afe7bc08be067b6dea0f9613f8

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 69d22d1c79583f11962cb289b6feca35
SHA1 776b7d14e17af9b880ff841ce518d431f1de58ce
SHA256 70ae02bad700fa6062e801f934f6f02d14ecdd54cfbbb175ba5db335206d774f
SHA512 bced1aee5d3ecc6f661c616560cd8911ab302a469fef3582ab9ad368ff7429f076e3b5d8faad547b839bfb580f356ebade49c9568f03e597ed7113bfcd5e31b3

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 38ed789eb5be43e122ad79c32896c28d
SHA1 827c61d319c988616e0a179324f7eb9af221e525
SHA256 62bdf3d6105d67e0c5d9ee4103280a2c5c4b4a5fa1dfffe1f136a73665c0252c
SHA512 e5e8239656b67087bd8d8bdf071aa1e0de8de2b18bc5a56d39c005571c3146ccdf5bbac2c488e6c6b0d1ae8ca9b940653d746ecc29230017865945a0d2365375

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 3ef38c288bd817b760a9f534344917ed
SHA1 e81331fb154ee35cbf74d70c8433a31bf70524aa
SHA256 1e7d77ffef341c9427e574908c07d9efda348e8dbd95e61c6d57bac0c0a3886c
SHA512 689be8864fccf5e98c17947dcabf7ae29e18d5f3f322617c72104ff6793607aed50db01f4c9bf9e6301867544352da72bd5b02e97c9a025954ef722f455c2c4a

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db-wal

MD5 4732ec9fd633ce35b5c35ecaea846b7e
SHA1 297e5483ad3d5944f5744692594caacfab7781ae
SHA256 e5a41c6806f481c67ee72b1f7869128f616d06fc8352db2a152faa8b5cfcc8f2
SHA512 46c6ff83613e8e54a104d8f20dbfcf8c21bf434829ae2e531cf9eea372efdab21aa58136685934044f22b131d5d3c11d562b1bef79c262bbc473ea28af53e1e7

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 bf390bd27a30e7ee77118da779fefcfb
SHA1 a0aca5133fbb692718642a0d29762c1202c620db
SHA256 9b02cd1d58c9356f6633f4c1943b1de833372656cd53afdbd1ad95f373afb8ff
SHA512 b249bfd38401f3a0ba4d2e923c259f8a537a745ffb98471653a22db859325cccb1e44f23523f6ed980732b0b6217f7b7340da76ba923af3eacd50135e2652d0f

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_32e5a332-03c2-488b-a36d-fceb9c961aa2_1730548449264.tap

MD5 0f23eda6595eb6072fa1c34a61c3c477
SHA1 58ae099cb6362584af8cf6b8c7444be5479109ac
SHA256 57316d4277a7f3e9fdf13b217af686dec9f1dd43aba57a900e8adbb7bbcb0b5e
SHA512 5186cf9e8afd34f30c5268b00de450459450d62cfd8c312e92eb0a0b882317ac1f45e06354d3375ae443daa09e5932f9aff4b5f11ba37aa7eba69224d7f2e2c5

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 cd3c82f9a7463b625c23bce3c03bef05
SHA1 e386240672f8659b47a6cd87a2d724fdb7c82cb6
SHA256 147c4a6703a35d332ca32f70408aaea3b67694b6666fd32f3e9f5d2bc1d97e2a
SHA512 7ae781c39b7c925dc829e42a4e19f657956d8182bee1dbeb43053d52c237bb7e37c86b254494a2e11d88ce76611bc354e9b0bda1eb595504ac00e50afe0f88a7

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 a4b8adffdcc6bb506087f002311811be
SHA1 48cda8c50f6ea7d1fccf8ec1efc4a3ab71f43c33
SHA256 eafad7c978bbe01ae0b3249bb745121de772f1abd29b47a311091926a1e7467e
SHA512 2d836d865378d5caa3aedee69bc2e4f572c0fef2dac3051c1810bcd2809ee2e2797281bdf68da69d35e7ef66249e45f3e7e159a86560a34acae66112cae7618d

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-wal

MD5 f80b998e9cbb1657a2c97529bad000f9
SHA1 95cd8223cc788e1a95982b291b229355e402810c
SHA256 6551cc079ac21c5fe5051db91f83e14397a1d92b9d1e8e4b5fe1216fde6ab7f2
SHA512 90e17f087aa1869268cce44ffddeec18e88337cdd963b6b2865aee707434f706cf21e7883be10ea8dfcbcda9f45cc0e5b5714cdb0294eaf855f5ae0d9dd2734e

/data/data/apps.ignisamerica.cleaner/files/gaClientId

MD5 e1e123bb9928db6521e9bb2cbab79cc7
SHA1 d250aca5757afa25cbe86fe12eedba747ed5023b
SHA256 9db4e8b2336b7e05dbb66ebefe166968b04d4aeb16c5e45132c400018fca4149
SHA512 3fa79ba38313758533051620b185bd5a5104edfa0274efc6658f1a9be187d9da00a5f1464087b25e361cacae8a958e2245a8a1dabb953515c335c4bfcac6c712

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-02 11:53

Reported

2024-11-02 11:56

Platform

android-x64-20240624-en

Max time kernel

134s

Max time network

150s

Command Line

apps.ignisamerica.cleaner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

apps.ignisamerica.cleaner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 apphit.us udp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:80 ads.mopub.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
JP 133.242.26.93:80 apphit.us tcp
US 52.70.39.163:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.17:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 push1.apphit.us udp
US 1.1.1.1:53 config.inmobi.com udp
US 20.33.59.69:80 config.inmobi.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4BeginSession.cls_temp

MD5 774b034f3b2ea68e9d1abab2c392c5b4
SHA1 1425e8948f78e14201ffec8a304f5b2f515cf27b
SHA256 8e3ffa6615499d38d8e05fab42c5d8d8f05ab23bf8901e01e366b1710f7b713b
SHA512 f49b94af5ccf6da3e4d8bc1d10674d96e3640a2628459e463ec3cea822fde73f20dfa0cd3ad3223313ea811c8763f0e0dcd2516de077de9019932c7e99d02043

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4SessionApp.cls_temp

MD5 11f4f23de18c83f1ccfc6fbe470296b0
SHA1 f34c74c0d02d1f7dfe40a95e1501185b100ace77
SHA256 13c66ff9b1463541a6aa30f38db71316daec2d4d86287a1162b58b6e6d17b8b9
SHA512 558080b0292460bee38dda213bac4d72a9e6e6bf19e9b088ac04df4e38c611a45361b33920d327a9515b65900e4fe720b90b6d58b7fcd342513cc6712df734ec

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 25047eb839b0e86b23d0717a2839be20
SHA1 673d86f5a6ddaa71223c7267f219f7d44ce0efcf
SHA256 d84009830f39abc10c38a7d37554e4ab28e4966f5dd1806cc75eed53b2b70ea1
SHA512 6dce4f2a3481efee6429fe88c0cf75761bc859828fc927f7c9c5f73e2e0eab9ec6b9b737cfb872163cd1bb2e47b6700a2205339960c23d0c12e92398063660ed

/data/data/apps.ignisamerica.cleaner/databases/com.im.db

MD5 0cc713525982b4dec4dc6a75edab7af3
SHA1 459c3411668739392862e6ad6596c3c659787fac
SHA256 d53a92d6cd1ae647e9f5a0244ad343f540ab00481f91ffa11d2fe3609ba11f98
SHA512 1e0679b04fb1bcd12336300afa90c6fe90b6a5453819d993349dcab1bd3b01e3d215e5aa7d200489df12441f5d920ca73814ebbe3f89c4b0522701de930d3acf

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 f532b67a2614be3be0cdd2073a683388
SHA1 b41f01f475aa2134fa1b1df3f9d155e4ab30ae2b
SHA256 a7e9658463e808f887f2d1cb928d05f70c991e86771e5e0ba89ca9560e378c18
SHA512 1a882bb2c4e3706d71a57f6df0ff6b1f537df66d9bd3db37a44354ef3c909057e07a0aa7cc843f03ef1c890a1591a4d803e8b0718787bd691f070cad6b22be62

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 14cedd9902af70461f7b6b13ddede10d
SHA1 908b8f00cd6602eaec2baa8106bbe5bba6e3ec9c
SHA256 5ba152b5d77f7ea71976be1036bf0685bbdf6442ddb87f1a3616bc46acf3cf64
SHA512 1be1f2c4485e32dede2b697f1e019d62895145b5bafa8a2db1271b13e8926bf9f740fdc84d8138d73c7ad092a58c72578e207ac4537ca1b5caca9ee6a656c74a

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 e7ed1395de7dba74c96534208f3aec9e
SHA1 66eabdc316f195b46bb0ca256a6351d87b599b08
SHA256 553d15753af066bce3dd585b786009956ffd5c0388a33d3eb186ae8e3ae4ac43
SHA512 02625a7c71940e605caa8dc3d0ccf09d74c7e340f4fa0b77af575c32c83da5925010ed8e97d7b2ee318cc2939de9b6276df937b98d068c6ed60459a5886cc3c4

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 d5043c5b0b207b2b5036a9df08ee11b5
SHA1 e9d28ddd9c3cb56d9c77c8af0091492091cbc8c0
SHA256 583430c1dae383158d2e01285bbb6b599b6993a027eecbc279a15c3f9efb43a9
SHA512 0206d3764c9671b297ce267f9b924a7ef8d46909d63bb61a06d0fa67ff7b55e646165e03bd4e1072fbd07bb900174f9c342f3968cd2e26f735ca80169242bda5

/data/data/apps.ignisamerica.cleaner/databases/com.im.db

MD5 a9ed6da4b2bbeccfad6afd39d7c5596c
SHA1 ae5f00d94aa8bc1743e7bd7bab3bd46fd5184a1c
SHA256 a00329b3ff8961dcb5e96928069324613007fae65ca7e8bad2383f1d0490e9d6
SHA512 afd2ef79182d8b450b49fe4016c30134f52a58e53527249ab4daaf90fc8ae27f767ea27a9d4b19b6d6c076daaab24039841807b894ac5b6aec1ad0b8b8636958

/data/data/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 027a7f52d675b9e17a1d0c2e780f633a
SHA1 d2a143510d5ed8ef589fc9694f0b63d0ccd9c7c7
SHA256 c6621c7543b2d13cf98fb4da40217245b8ae5c53d033ad9cf2a9961646f698c4
SHA512 36be626449be8eb5846833ec9215c5b97640abf806cb658992e268a6da2c2cf5579f37354fac5911f2a20e10db90d0cf3174183d428e7ecfbf1c04f863508b35

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 2ee689a66f4f724dd07895bf44ddd1e0
SHA1 9a787c582d9d5707881ef8d5c5ba54c07ac700fe
SHA256 fa19f063ae1a0e0b41fd85c0d5cfa2edd42f7c58ff7c5773dfec56074334d2bb
SHA512 8504be512cf71ff04bd9aed5cb1fed30411f890fe04bead4051aec8c5544f209fd1a07817a97625572894b0fab6cca914292400348db6852fc0979b4e5d4ac32

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 3eaa840146829609a33b865a0fc4c76e
SHA1 b234f7bda298fe092257fc05f3bdd5da2b0e9409
SHA256 e5139eab0953436cc7de524b2338bec07d36552165a22f5c8a21af2b38261768
SHA512 2a70ed4c4954d6ea7073e12bbbdee49d98f6ab5245892fac12d7d9575bb1c3dccde3315b7c52be2381b7049c17089b059e150ce41d4e5210af2844cabc6254e8

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db

MD5 38ed095ad3228b8f6148b2918139d8ce
SHA1 b12232ba552aff2f8fb3c3acdd586298c58bdc6b
SHA256 95d6b93b9290915e15fbd913b36134d42c36c687e8a469a1d8dc16b2bf96e079
SHA512 d5bdc1f681d5976281c41e6f52a422ec9b9cd4b2285d313714464bfd3d8be5ccdde8db1b8f17747b546025c9759f10d7a54573144f0b9155905c636691a1ff6e

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 3909166ead605266f7e419cf44be8ee5
SHA1 bb23cde62afcf75e0ea4564078d0eb7fc2cec690
SHA256 3b5d8024ae6db3cd3012f9de12e0d7eea58a2a87a3b0d6adde68aec8cb32bdb5
SHA512 fcbfb450b0b0054b575de10adcd284f147ed85b2a7d4a97fb964a153076550109b5ec819686325bc6b4e0dec3e371721d9f63526470a4553b25e2c8ac6e1b3cf

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 ba97a1680a19c6d8338908a5d779a48e
SHA1 d9558b84e96893db2832291d051cb6a6e6773977
SHA256 8c480a45b81136161873834992a6764c9d742254c49db37fe6838a414131ee08
SHA512 ad025d6fb898e15f9de3c68962673eba20edaa11bf95e6f556488801d39477e0a595fb48d392a4d78dbe51229df44eaf0223eb8cef405131b98cae179d77b226

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 ed4f52ac84fe300770174458a7493e3f
SHA1 d3d662f8ff924b29c9eed8cde746c4dc2b523f4c
SHA256 88821381daa3b7bef5c68458fa0aca762f3b2fcf45f738bafc6072052e451122
SHA512 efdb0afaeea29cf9d843957a9e95dd9e646d729dc6e98d98665aee6295296e698d95e6df30ec2343fc26f847a94dd94977514fbc099d797c362422d50d0cf8d9

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 7e13d9eb49351b96f17ec4221a991469
SHA1 7285a7671715c125cb617df6a8d1f074076dd238
SHA256 de08d2aed7c436a660e2cea82d99df87a947d41447ae733e5341d8f60811d79e
SHA512 bc31771a01c7067b7ed032d69ff2069a96415d27829f207fa8f694480fc39562464c26980e7f68b12d3babb47a8eda842e824266fc2f2104668f19dfdd52fcb7

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 f33c4709c9064b3d63144167120489b1
SHA1 e95cf527214776ab2955352c422f57242093dcaa
SHA256 5d988880ea4650d15ffb515938dcf28e7e3acee7e0569400e5d50b61efd524b4
SHA512 d4a753c3298931e6e6a07ed69bfb6ad23e6a998532882ca9e12060f49e08efa514260312f03fde34fab8b517bcc6eb9643b842f7da21b97357c2d3ccb9bdb4a2

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4SessionDevice.cls_temp

MD5 e8898030940d1f08eb36bc50282377bb
SHA1 f954412b3c0573cf8944d7b9f8d9a7286f064701
SHA256 399e774290e685f7d5e7e7a666a0e1901a48a9e1a4908aba05bdb72d673b2654
SHA512 e19364ac00ed938f31b00d1a1501f9802bb46b93da2f99730f7b80af64eeb290435c6889092a373449886593427742b6c4ad9cccc58214c56deffb38e4ea14a5

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4keys.meta

MD5 399a0bee6276564ffdc02a215c01858d
SHA1 e2131d50db4835956c13429a5f3dd0b68c745735
SHA256 d1826e1c7835c3057b0c7af4c03b1fcb8dc9dc4f80e75033a377bc07ab2581fd
SHA512 ce50f9422bb5c42a5e1ef0234631952ec162bd99949ad74b8e8acdde3001bbca91f32f2a6b8cbb87a173fbe8f2f2f3f63f976ed906ed95ac05d618f1ee7e1d73

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DB0291-0001-136D-EFC002EF0DF4keys.meta

MD5 6fc9cf53c7d85e50bc40848dc0f3c04e
SHA1 db398310218a8646b6520f22cf216181045b32e9
SHA256 3e9d43d5d3a03874937908c937228923faf7e6a4bb8c263a55a897a158cc3b44
SHA512 de045ba2e787eb8b1ac884db05a481a02b10b0b5774c988f22b5facaf1ddaeae42aaf67efa7122765989285cfffe7ad1652e6e1dc3f9bd9ce4258cb721d5946b

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 0483b50d18de0385aa83bcfafcbf704e
SHA1 faf6fcd0f1f1c4fc2d42d3ff36a07a4948edee42
SHA256 63a28ddb24ecbd01ceeb96fcf0710ac81e2d848a9e0e65042f38662c67dce9e7
SHA512 85a5870c0918058f239680f1839c1fa8370525afcb59a1e5c241d225e6f604b5ccdc601d97dd4ae39614b6bc0df66f45f08cc74aab004c966b805507edfee7cc

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_b0e1efe6-d4ac-4081-b110-cd55921f4f33_1730548446710.tap

MD5 6a15f86838058dc6133a60a2ce65398e
SHA1 c6a23b5c94f052a5ed878cde169a376f217c46c8
SHA256 a10cfad87479e5ac1e292461e15b8d2d84ed5ab0b7e88b9265c5deccbce50784
SHA512 1ef9c0b980df176f6b6a02e015345700f899dbdd9249a77f46b41cc33af3c5323d63a100ddb2276330ed47479c78860e7a58a6e7fbde11bc20b5143923c27b40

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 df1a248630399f4a45faa60f394d0074
SHA1 d2d1d5dfa5451e7c9f478baef8963a96ae393e21
SHA256 3bb251f4fc9dde921be5e6b87897c38cbbfc8c7638a59eeb07aee25f4bad7a9f
SHA512 d1fbeb93cba2bdcfcbd9207d15411ae6d35fc5091c62506a6d16c63a94949182226f88000c46ad6f3b54bb4e74f0f1ed880de60596ba988c3ff57aa95b933d0f

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 16de0328fc39929066b0d8dc597416b4
SHA1 62fc323ac121d9b690a727f7e71155ff7b744615
SHA256 44df1677cffd666916a607604baf1cd2f18db3dd4b43f27f06999f35c845e093
SHA512 e33e0edb3380b34e833e7fabdf9548f2f6585783d32af2a6c60ef7f8aad1fb90f5b3ec951b1d5ced3f807f5f00fb711d85f71161f04af8c78c29f1f587aa5c89

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db

MD5 95796d301f0229022f1fd93d3c5affc1
SHA1 be75967af71eb9788d0130419933930afb78e473
SHA256 3d484f761e0c2fbdca01a4276149c8ef1ebe291b6c6303cd7a239784c47d2812
SHA512 95c44fba527f7833ec779046d68f408b229c3aa8420cb6ecd71ccd32a690cad4a4a8e680cabf3e6f059a037a61cd7fe56a2d08144ba34ca17dce1765a5c37027

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 213f8497134adaba595b0fdf1b018131
SHA1 559dfad0a122424e1aaee85ee29a18c20425364a
SHA256 0df734f59a7298f7e7d74721110e6f0da81d8d68d8f3098f565b1fdddab1b710
SHA512 9ba52e408d14f70c5a616daeae003fdf9405274e92abc6b289e8d0cf4f2f7b7fc29b49479042d8b503b85320eff4acef628f30115002565362ede995666b11a2

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 efcf73f03c04f6066ebdec42801d1d1c
SHA1 0e1296bc2b61faf11c9fcf70f76ac11c820408df
SHA256 0a6c22d6b328a73bdc2a7ebb6119b7b4f9334d324811c35fd80b8a725f501a14
SHA512 8755c92172d61209077f729f896f9bea235d31d8a4428096473d536ee4a06464fd8a7d0a083a623177a4a787647cb1ceece284d36cd42b1703548d3598e0bf22

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 f76d1a4ff1811b898493b87624dbe873
SHA1 e8fb76c1250efeb5b6628e24d14382365184a2f1
SHA256 706b760508316b07548ad69905961dfb898c2cbf676b58f2d8aa8cfbe33b3458
SHA512 66cc42c70830d47820d229ea991c9fceb8a7dbf038a988578aae48489bb5c0f789b9a84f90e619229eb77abaf92cb96cf80300c21a4bdbb347df26a1c42c7c59

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 087f61283489caf9542bcc271bef6a0a
SHA1 59941d972bca909aa675e1fbc4d84cd79cbbe026
SHA256 7bb5fd218945e1169d5507b34b3c927f7c9e86b6e135948d18bbf159cebe749b
SHA512 b97d097e7467aedbb75d3b8307aadcbc5e98f24258928ac32fb6dc92e0ef60ce8c923d2654ef91b0ebce9b9ff17334dc53340f5d6319c2e645565fd90704c95b

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 e9f0d29e666c7fbd1cf8917ee68a810b
SHA1 2ee48b38abbae3043276e62ae807c43b9b91b0cf
SHA256 8b873ad949e50841e97809c4400d3755a6f00db9ead910728e20fd3ccec1c712
SHA512 d7365d090541f7e41b501c09156a348198e33d80165f3a8b0e2bc947899324c1bafec552ecd12bce7413067498d782eeecb31c66e576cefa63d2741f44590cae

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 0a57576f43f7847ceed180575c1e3720
SHA1 29bd909c4dfb7b46638a00ce59919c54c86955b4
SHA256 c8ee3e9d845fe599a0fb7abc599a307a451942d8505eae3fa897a56b755e80a2
SHA512 3b1b9a03c5d775607974388b3d6de37745eb1040c7f536bd13a05fec6bc31d099feb195b244d14fe7d163f13c04276f98c280a01b7d325e102db759404915a0c

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db

MD5 62a3561989ede658cd16cc1f14199c1d
SHA1 6320791cdfd16b26450bf711bd6776d80a396912
SHA256 9ae0206411304ee027e0cfe3b4e6732ced5b423f99c33340dafb68d2b5b215f6
SHA512 c4ef43e702e053ee39153149d1fb11311c57c6ad5393ea905df942df8bcd3625e2224563eb4c35bfc45e140aa09135c5123f48d220fe622d9dcf2a4cdaf5dfe4

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 6aab15d37821fa086a5a795db2e920bc
SHA1 6e35d8ecb2f767ab722bba0062e98605cdada7f9
SHA256 ffe81200513ff3e5c3cea5cb97a2294896205838021b09ba5ccfba0c4024b975
SHA512 ae6b79b3b30f3efdcc350e6a1a71cdffc48c8c52442cf3f310415027411695f41500ca2502b5d43dc7e470a9a00f97fe475a2b452de55c9b76e04417330a200b

/data/data/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 92787940793ed7d63214c3e819a4c6cd
SHA1 48b6e3ebda1e44f8be906d7d361513ba524890be
SHA256 07089e56fdb4fb923674b9d6fd7934cdafc434d666e8f07b377e8beb871f559b
SHA512 4f75c2af4dac44da117ff37b5e52f6b892184cb4bf02221839527f50b27d6f539921c03d6bcfd39957232c066745e43a0dabfe033f4fcdec861371d68d0d4fb5

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 53e41eb350a82309bb00cb5369779b97
SHA1 075f88ae890433fce938d17047d3759d023fb5fd
SHA256 41a48fff4e80b9b83a666f69cc61e31b65b1282c2b7ac4807a84593338ff3d13
SHA512 e497296a274dbf017d413e996f21bbbcaca8b8afb55a91beccfd49cb005b2bd7fdf85f1dc2c68d447d3f1cd6d0e292a606373c7f95994567c30b2a8cb371941e

/data/data/apps.ignisamerica.cleaner/files/gaClientId

MD5 10b141c4b205fee8d84fed5557bfe083
SHA1 a830dce047c258da57b48eb16df829ef6d239549
SHA256 d163238be625f27cb027f374b8240343271fac3c492154b6ac3d248354c298a4
SHA512 e80c061cd3934f5da3c43bdd33319244e2d87ffb7972437663837fa751c4a2a7127ad83f3f28135d9553f8cd268f10358a2147be18941f76e7b43c48ff9c6dc3

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_119ef6d4-04b8-466d-89b4-25b06d575fa6_1730548448620.tap

MD5 de6263a2db8eaac03bb40f877ed0c66f
SHA1 764c20267573a02083b74a9af3cec0a0a4d87627
SHA256 f2de24309fe79fd9fceb3422a401946ff4d4657e4d6f0ee67508d9ee6d6752d3
SHA512 7b858cf512037f8f07387a8a0b0bd63a97879e2faaf4b46320e7cc9db91f6557b9e464f365ad077afc0b83e470909c7b193d389bc917658868e6519e5e2ed0db

/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 87da6cb00e7245eec9eb92d6851063fe
SHA1 513b60f255f7587c06af0defa635097767c92e74
SHA256 65e158ab5bb388fcbf2a15d5dcee0c280b3b83c0a4e265c68bb4ca1ac47b422b
SHA512 77a3b602b00b8ef939324537c6d72f7b957ceef01c8b4d24bdae2e64deefae37cc6601903a87bd596a5e873a6fb7cfed4aa6652950e39febc8559de8ecd5a453

/data/data/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 8a3f56551bfefde4e14f52da66428284
SHA1 da74270e88dd68b3fb75e94607a84e5b0fa38916
SHA256 b3adf93f5b1e8ad3a35a30376c71553f88eb741804d8ad7c1c56673a8476469f
SHA512 0167074e264193a39281ddd74fff12464cf33c8834a92fa3108158ff962e66a26d60b124d103f5592d4da8d83dcc06ba0a5099de6406f36aa26f9ddd2fbdfcb4

/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 a1594ffd74007ce5b836e118e10d8b6f
SHA1 c0cd7fab84c5539f75b722d6cae2180c5f673209
SHA256 c35edaebbf828e41a9126b8cbcfc0c9dba24a6d4d9d58eda1b609cf10d80a018
SHA512 ba93d4214e539793cf4e4b5bafff7ed6382eaf2c5002e9c826e90600ae2183786327f547630586e979f12688eb6fed3c325b26d6ad69ff6738509f47844fe5c9

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 f1b62e755aa573361fca9d7fe166c8c7
SHA1 d75444b849bd7d1a0bc97184f520f33f6e2184b2
SHA256 5c57042aa133dc4129e296940fc7dd18817e3b4f9ca87b308eb7cc7868368219
SHA512 294916eb4c48596a4ca58a3793d522008899abb80056fbaefb2ba857d1eda89591337f39328fe86b7d1f55049e6d47aa50f9c3486ebd25b96ea6d404c8691bac

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 ccd81e6fd7c6b94d87cf6baf26d098d4
SHA1 f17127b865e47e1d548af00cb2f5a4301282f4d3
SHA256 b865b0149cdff2c009b798d8060f656b4977afc548cea23766f35530adb4cca3
SHA512 168495622382beaba9b7138cf67076d1a43e9673858dcbe50b993239cd24e35ebe63ef7427d611acdc3202353f599b1a01782324d14b585d6f1534439aff0a22

/data/data/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 201e444cde5bda5f1a9b6ec61226a278
SHA1 5b32f7751a237b9f77a40aaca43b0ab7608d63dd
SHA256 6408987de3d0197e3af8b7db9c1695a1ffef6e48659d72850a77e21f50d6ee9e
SHA512 8757f0a28e04440ff151cc930961d72a4deda33b7dc3b46b9ea6c5758a9cb604308e1a9da598a6a567009ce92b3c7b44b31cba79bc1e0968ab5877dd5f15c565

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-02 11:53

Reported

2024-11-02 11:56

Platform

android-x64-arm64-20240624-en

Max time kernel

135s

Max time network

139s

Command Line

apps.ignisamerica.cleaner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

apps.ignisamerica.cleaner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 apphit.us udp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
JP 133.242.26.93:80 apphit.us tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:80 ads.mopub.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
JP 133.242.26.93:80 apphit.us tcp
US 107.22.27.166:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.109:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 config.inmobi.com udp
US 20.33.59.69:80 config.inmobi.com tcp
US 1.1.1.1:53 push1.apphit.us udp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 config.inmobi.com udp
US 20.33.59.62:80 config.inmobi.com tcp

Files

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275BeginSession.cls_temp

MD5 2c1d22394d11acdcd9c5e4d8038b1bff
SHA1 96d9769b5691b8b090d8374a5f3fe5bf96614081
SHA256 d9585fb3f6bb75e2dac1088296dcb9a1ef88be15be56e0ce81297f91a9712b0e
SHA512 8d57cb450c8caa86d52e772d6da99ca0116f45f35c851133da528fe00f1f312757fc2042d03bde140992e753dcf3a21846f8575b15babb4e07c8c13efd8c5d8b

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275SessionApp.cls_temp

MD5 d2daa3c2c09be7007ca02dfcd2fbafc2
SHA1 271715e4109ce41227b4540b3428627a5c8a789a
SHA256 a13df174ed3ec9689fdeb85e541f0b1363abcf6a4fbabe12da9ca25c170501ca
SHA512 f9503489437defe83ee68ce17cc613e72ac19691204fa7a129ca71eba1d0d6ff0372253a2f0bae96717af7e98a50ba7ee8001d6081ca210d33a1da2f2f15ca34

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 aecc01beb3bec1cd16d4cbc2d2b843b2
SHA1 a168bf0a8a0bfe05ce16fc06db71ddd01fd2c1dc
SHA256 1836cf4efcd95ecfeee19bda960ac4658d11c1081f4a8469803696c5c15c9ed6
SHA512 9bb2f07a6445316a8feb8d0ca464fc363a8d62db069ce33f27f29ca74f6476676e2cdb82ab2d8e8edf6a78c89ed04ab3616b5ee311f5a85d70ca360e7fefb8c3

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db

MD5 2ee92dd29908172d267224c806db7023
SHA1 18e81aa3c343016018fd8520523ec8c9f3a641dd
SHA256 7551bf8f8224d0cb1bbf32fb647c8a118e0029512b273aff8a30bc3184632931
SHA512 3b5c20265115ac96fb9858af83ada0f12015fa68d0315195b630fb0fc9c461f868ff12618a77d714627c9d03d56cd91e7100083dcf03659319353057da15a6ad

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 5f83334a7c1ce5e6acd00cb42a2ac0b3
SHA1 de8f48ae5b2ffa914564f6b26dd01507399b90ce
SHA256 d78fa0bf80cc73145706290506ec8d9d93201140e0f7475c9c1e95058b62497f
SHA512 861636e275454fd7eec696f95179892c5940f58659df5d5ffda35bcc5e6373fb045fb907ccef54203db76e19ccd2cbd8b677e2b13d9dc2db00d5aecc991ea4e4

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 58376116f23762ba4ab769fd67009507
SHA1 9137d96989002018c3b6da49df2431376eac2b3b
SHA256 a928433b564e1e4c05cf4ab1a03bbedd35506b5a5aa30a1e1b5de9cb5356d4c5
SHA512 6d4e76ebd99549a0bbf1e53fe7c2433eceb0dd6b8bd39d27077177d31a5a48d1107608ea6e851ab4257988c621b9b33d18593224b4a4ff82cfdc05e258114685

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 96caae1cff3ef0a6a1ed0b1ea44120d4
SHA1 8bbe7dbb05596615b0c3d1d0aa8ced2d1ae9401a
SHA256 20e5e57b174d4168e8534ceb2175c36139a3665d047c19078751af417fd959b2
SHA512 8e0e6649174f4fefd36dd2fda806190b9e68a915b1324ddb3f3dde1f978b8972b3feadab68cdd86b78585b9042d620f3f8bfb6ee902960829fa154bc6408d414

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 e4faa58a18a98933bbfa5f4fa6fb9a84
SHA1 460596ba9381b83b2ff5c2a507c93adb0863f82a
SHA256 d33aa15f0ff915dd0a49ba38f8f29f525af07d1a2989fe3d097dd9f40a226cbb
SHA512 2d0d07aa7b449c92949013fab60249590e595dfa6fb6fa19100c6e4168cef4b79664c660668c24cbb7a975d5891d21910bdd601aa3759c0a7561d6f780df5d11

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db

MD5 876f86564ca48477d3bd0ca28de63986
SHA1 1e841c92cd948c397cb29ee0746d694eac3cc7a3
SHA256 f55a71938a6d87d8318bf94207cbb04fdd3ac9fc9d9de70851cfbff946eacc76
SHA512 3eee47221a49c609e2a9566625faf309e3ba5ca434d554808498f146e166ac0fa3972464492037a684ec6d51c90aadbd0820f93119cc1a7c1793ba9a2a95ebaf

/data/user/0/apps.ignisamerica.cleaner/databases/com.im.db-journal

MD5 0f802d958343b1d1e6d90a71bbb5c687
SHA1 656cbd0b1f304dadcacfba000004a9e066fab400
SHA256 5ed7d3397d9c6c6480a1c3bc6c52e8055103b518237667dec311754a65d9f2a6
SHA512 d78ded33297dee2fa6677a97e002ab11805f49ab5b78c81a6ee37594e02b72e3fca1a39a6062aaf7596a2e51fb882bab87df5cacef70178ab5b9954e28de5525

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 7a7b8dc1361b2b54e62d2152105a4a93
SHA1 346d3200e412fa79e624487b819e762318482cb6
SHA256 56568444e71774e59702d4af5700fc56c2781914424a055a097b006d1274127d
SHA512 6b27e591b67ff4911a355b998a98eb3d2a4a9c64f6402e8e3e1e49b74054dc57b4642303b97b85b07b46584ae92979f4d01ee9f99f1905d88ada97707c973c79

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 8e0ee47ddfde3e6736657a432a644273
SHA1 45424b0466d631d3a22f6adea9ea2d56e8ff4a2e
SHA256 c491c417c40a69d426dbb6b1de54ccdac265690d1d0814e188288011edd75e81
SHA512 2871cb7280d66591488aaae02d505f91ac3d9ac85fdb06356932995b1ff6f7461746c5b75561fa05cdcef7c639adfc1bfbe9a27adf14b0842649766005d37bb6

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db

MD5 8872b1d2c95ead108eb50772561900be
SHA1 24eccd5b22fc8e95f28fd1df8d625158e043855c
SHA256 c35dd18e6caa460c7ec00362a1c26accd5b8e4b5a13bf9a2a897696f1d3e3616
SHA512 448ee5784db56914f79019d7b5e369637d913792995937ce7bbe64d4462fabb55817e390e687205db026cb3e1e17b75649a87caca2c50b1e6429ce32c341f276

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 0a5756e8e588bdaa8bcdcd3c2b621d3c
SHA1 022d82bf10883cb7375f42804662eb8bca4174b9
SHA256 75268b43262466dda23caa492ffaac27563e54fab543183d4ca6b598fe0ffe49
SHA512 dfc87e366caa1f9810a99be9e2b020ef858a3f60cb666de23e5b840635ff4278ab27692ab86afeffa9470f730f1bd827cbf17a641dfbe05a18b47f6f0d4699a9

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 3a86056c6b36c71ac98074289c2228d7
SHA1 95bf72ea5d4d6fce6b0e8dcd75b542baf0be8744
SHA256 988a7fd6f9e6e16e2769355107efa8f89f288ee942604b1067169ce72a7a4a1f
SHA512 582b89d63786143584db2cc7b7a17f8329f7a3d4f74316059c213371a31455fa822d499e1fa35627e6313528819baeec080491371dc8ad8feeb0c9987a5ae0b3

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 cc70b632c9b54ce7c49c680c4a95001d
SHA1 d1a96a4254547aefc72787c5731b9497e6ac6ff1
SHA256 97a3855b1dd83e70db1f806add5e376008afce68702348134d5c3c6c82b6b793
SHA512 3e0c12c3b80ca49607f922ab4deb31720927fba39ab935234c7013de53061d1291346bb94933c8e98299b5b0fcee958c876f6f2f4568af3515c3c7594dbf7efc

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 252a5fd83fd0f7bdf9bd476e90751a51
SHA1 24a968aba2484fc1cd05f9a4da459e6183101232
SHA256 83583d6dffe5dd891cfe6413846b8414c68e43623ff47686c1782d888ea41bff
SHA512 3bf3402ad4d6207e35a7a839dd582521bdcedc2806fa79850393ef52e166a120be80202f45b591440f949fcf89c6eaf39ce574b9321a041003895e9f0519b1a7

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 c20e05bb5c499db2f06826c2bce98d6d
SHA1 1fbaccb0af62e2fef549698ae57799f9add211f7
SHA256 8ea5cd16d3f4dbbfc5af769bcbf6a3da18f1198876e42ddd679be3c3175dd240
SHA512 d5d8db955f9d850d0110af8e4ec99f1c3849cf408244786fd351413a5449ca25273e7b488144a473fc928cefced53cd95e6980acea1ba2910df4d36aeaacd58d

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275SessionDevice.cls_temp

MD5 47c9022dd6b84ae65f0227e38fc0b371
SHA1 bbd4726bf817443733a7a11876e0971008959d8a
SHA256 5861a4eb86043f0fe8da276a27768b6366ff5c8eb09f9c6b22336ca52efe10a2
SHA512 1d081d3da25cbcdbbdda9268ce8c2703729317472ef6566a464cd569e20b05cf281de217253c6c650ad85997f6197072a19ad0e21489cfd592b869e300c63280

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275keys.meta

MD5 73b9486ab059e454addb6130c2bcd928
SHA1 8ad3c306ce0439aa7bcdbb47e4a841c7672b0337
SHA256 6d2dbd03919beb430378b0ce0c0679ffbd486e11538e8c689de28fd2eac7e5d4
SHA512 703759ba5d38d86309bfdf6c1772079be4fc6f1d921e951c901afa862ed72b3d30f7ef47a3e102b60e310d97feb1225097b56001c1d57eb82a0a0bf99a2cefc9

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 5e95b01009e01751882764a706be6f83
SHA1 55335e2d009f8be14759891a18c75c76719af5ab
SHA256 ec19ba8be000ee167efb30176e006aa59e7b7b539873ad5f90f6396b7b4ebf81
SHA512 8b4ed6213fde25a909b36e4ae935229bc19708a61e23806487623eb85f99dbb4efd6e25021c7efb4e95aee017daced87b897149e766617ddc76ca2cdb7b90bb1

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC017C-0001-1160-6BBB5B021275keys.meta

MD5 bcf8ed0f390320b629a859a735ca4499
SHA1 e25b12fb7c85d607a4fef4c5c17a7925e252001b
SHA256 c96b1d4082dbf5dcc39e9ed964bba6a36612ef42a200509a3b174a8de94abe32
SHA512 81acc5be403f522dd819756f219f9c75660f404ad61e75b9932c6d88f5cea4f1321aebb1e1333b42452a2d6be9e7da2a563c65df93919c4ed10368d51b621f22

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_610f81fe-66be-4ef5-a05d-379127775d81_1730548448080.tap

MD5 01bf76c3c58a0fdc6e401bdff82c3977
SHA1 64fe9c00bcd6bb152aefc98acb3d39703e274fc8
SHA256 f6228b853de1a92ddb222e2d64fd9c1036ffe2516c693f2ed720f68ef284e181
SHA512 c82f796373a0cb9c6dc1eee551eb0577b3382eda61b5a041daba14901ef6a42e1c80b82ef4ab14c024200358fcd96960466554b7e350b67d1b70da4bc710ade5

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 fa48e22752990ac86cf3a31ece1e737d
SHA1 bf3f798b42ff0df6c59debcb330aba23019f5671
SHA256 e073b46fdf42dbb88978cd438fe1983d1e3eafb02507e4330efd1ed2fb428152
SHA512 56a3067f30974120c5eadfca936425288bb13669b6c9385cc7e29694766c1bd7ea3ebcb7e234380ae51664668ffdda1d631ec60d13c1f7197c73975c1e6bbbd7

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile

MD5 d10d5629dd153f75bbe486bac7d9aee2
SHA1 c0f8ea1dd3dcc907dd3920d95c29ecd8370b56b2
SHA256 4e17a22cee3cb76ab89400287e00e262a662f27f97de32cc838a83b920e2ae12
SHA512 889321de881ae45e467541bfb712e90b24a66f74e9d73df989c3dc78d8264a7762cb665ecac7f766372836482834cdcbafbe7602623c80dcc96a914cb50cd22b

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 a5a5d3143d4fa11c162e9a59799ba460
SHA1 bd08a00e56ab19a0490754203d2ae7f4f0bb0047
SHA256 67360a68546686089fc23578910790f8208ad8c724e271d460731a7ba69c57b7
SHA512 8dc5009980c45401a5384c7f649043e866fce0477d22cd1cac27ca6934a6b567a5629ed1527c46bb580594af1591b94336ebfdfc2ab9443559883cd5ecc44421

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 90fcd2c58f3cb2b83263a044b083e138
SHA1 bdf0f0572ee18d6267a5c36f8664a7dd790a18f9
SHA256 4c25295fceee2da8047d039ba9c2ea048bf75991538f101d0f6c2108fd516d1c
SHA512 0646c77e2d8dc7deb724e0fe8a05e50f4af5db0c442538f323e5a356cd0d11e14c119daba877c1fca9942a72083ee0638abc07e47ec0d97a5cf367a08fa5395a

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db

MD5 f8c9b702342b86ab3f105fe9b0e66120
SHA1 d1fab668feabe5caf763d58e2a991c2865515996
SHA256 20b1eeb8181f83b2423ebd1585619e40f6e25616405709e01c00c630685e6248
SHA512 6b0eeeab56d4248d1cc95efcb6f29b5473c2cb2415613eb71e5a15136b61da81569bcbe318140368668ae54de235a2efc5a17053fe487614e6c41211586d43a0

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 61b6477f5fef068d3d723f2fae8c695c
SHA1 1c7b16288a58ebaf3704fb9b75be7760c7ebabb3
SHA256 72b60d8ed569b964a7a21635934cf5b2f4134e834ca226c69941f872b294c3d7
SHA512 77a079481c9189a36eec4534d1325aeeddf5ddaa492764c04c48c0b51fefd828d13b2185b71c9adf4fe2859e5a87282ff39b6cc5145a938583e32a20cefd4541

/data/user/0/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 f6f9935fd5fecf3415310f003d0d2b78
SHA1 898b7dc29e02a71b6c15d789bc8a9d722b590aee
SHA256 1ea095773a7dde5ea80521e3d664fb0db48e6c0d6b6abfd1a957887d1451e48c
SHA512 af84c635106887e1405c2f8f9695dbfd9bbe18d39c23b02e0259d50c68190dec8e1f05cc2c3a2cc39c54d1e80059f4994ed742eeca73aad9ebeb8c3e2f58b59c

/data/user/0/apps.ignisamerica.cleaner/databases/http_auth.db

MD5 ed710a8968441282a5939621c2771927
SHA1 b6ac28b3e32ea66790c52d6934608b5e71f3d5b8
SHA256 6e7b95a553c2528d6c564296a9e481a6d913074c35011a19f2da8e4807c53bb2
SHA512 547d7c530ad345edf6b880b7685d2ddf3770e595fe3a40041677cb0c296b15ec6d9e8ebf3f2db51624be41766a0af6764512f1c352d5fde22bdea81d7c08e364

/data/user/0/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 e1c038fe5ebd25cef4230a51c75d4d08
SHA1 ecebc88fe718ed86da6ff1e331fd2f0dd0d9f540
SHA256 89b40a538f5f7056ff233e2e69ce48c4436a843adb2441aed93715966f2f273a
SHA512 195995dc71fd42ef9b27bc398fabfd0ad6431a6867605fcc39192d5959a8e6376fab938cd5581591807366ae2ea0fca3738dd1a9184f76c1560775ac4cc25287

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 3955954775875fadd93665001a0e2271
SHA1 271509d31e25851f01676b6cacca2b9860c0e8b1
SHA256 be776a956c6dbbefd3aef2ec4a3d3dd67d9690a998da3dd2a28ae93998c58890
SHA512 ba5c92fe507e226f99d642300f8d4bc20dea99fdc7c7b750af3a15d64d58b364fe72ec4c11ebe611e41fd037b8553d57554eee2608e48f1f770406b5c4c0407d

/data/user/0/apps.ignisamerica.cleaner/databases/http_auth.db-journal

MD5 1bcc63765874c18ba9943b70a9267080
SHA1 a0c51682185da76683265ba81aab2941f3081881
SHA256 16597ffb3c79993f9e490b2eec24730cfcd2d6a4638f76315c2e9ac873bf38f3
SHA512 82f1de1a75aca4e456642d57df1726c8a8b7c0ecdb3e1d06e80bf52b0403ec08cd9eb91c59781702568a1dfb46677a7fd54cd9a4eb508e196d93e54b8050e4d1

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 27cd4ae583f98d84420b19ca7602a14d
SHA1 94ee21c6586e0e3e23071f0fc239971853a46553
SHA256 976e552c0d52def564af77bf9f559b7294bb0c3bc18341d5b94ee6db76c2f5a5
SHA512 843280e12fa8052529b85d8f565aad7848c57b944f01934b960b726c0fccb33e1c0635880cce4a942a172a652eaa484037574b6411224f28931ceb4921a89375

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 c651447e8551db7cd94b003d7f475d7c
SHA1 28671f894375dedd6bd60646aebf16c746b27f0b
SHA256 b5abcfde45f5982bedb66e3b50feb7f1da23232be52dae566858cbe190beb5b6
SHA512 1afa2f696c48639d3d69e7246ac5373eb6c72c67fff3bc438b3eece6e87d9190013d983159e5f651ac7ee85cc6cfdfcad4e361753daf391403bd3e4a6ac045f5

/data/user/0/apps.ignisamerica.cleaner/files/gaClientId

MD5 d375de8cad45291b25cab7a56439d468
SHA1 5828f01c6299b5bf1d8eda11e8a0714f12600d7c
SHA256 7ac43618915ff124769a66a90744d22d9efb44d943f4edf09adaae059e92e483
SHA512 54a93489ed4f60d56ed80b9f7d001a00f271c36196d494d9fb7c5fac1f18305e6fdfa55295a42f66487bc4ed354e8f60c125081f16287cd1866325650a35ec92

/data/user/0/apps.ignisamerica.cleaner/databases/google_analytics_v4.db-journal

MD5 a67202da02063647eba7d2e9ccbe0d70
SHA1 09710db84e9b4f49182a06455d1c8a99a7fe740c
SHA256 0c5e45e0b777bd130191f268acb5b69f3ffaf9c3abb8f3379218aee54bf05ef4
SHA512 99186e8bf59d5ae74639c4887372518239cb5b221af83bc2ff3a2e874410d427963dfc05128eedf065d49ac234fec4a51a5dbc87f3073af0543f2422d12cc85e

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f98f9581-a75d-4233-9430-4ad3bd130bc7_1730548450098.tap

MD5 ae37b28d1c8629e130a05bef44d98ee6
SHA1 669a036484f6951aed34f1115d1947b45dd883aa
SHA256 6c3986494475cec78e6af1408cf659eb5cdf11f5283cbaf184d6dfe3927bdcf0
SHA512 8222ebcbbfc12a02cdb70381a387eed719d3f3c5df1e8d79db57887779ab79586aab98010cbc647ecb52ef3b6ecb373d5769418db84dd701512354dbc7bdb033

/data/user/0/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 574ed00d99a6b46ed6723614c1e3682b
SHA1 21d3f07ad2beccda1f44e9b6f7ce7921c515ef9c
SHA256 f72bdac46621f6335f916d9b7efc6c5c69ebf2829ec86435aea138a24da2014a
SHA512 cfb8b3452e31e2029e7d8f17bdcf995e1680602f98b58c45bcb4cb64671d75db368a6706291f234866a7246e741e85c573b0417814642921522b254d770fdb07

/data/user/0/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 076f3f2901fa11e4ad6c94ef892b7b5c
SHA1 44f19a4f5466d196fe7e15ba15a822112fc40e96
SHA256 414f3618fa3907150391630c27102c5d066d32fc92bb799771db155a3cc20f16
SHA512 dceb6595b71eabc33ff99f39e167237ff497959255a271688a58ac8d3b23f835b23b9b10151f6bc80cdc0b84651d5d421cc98349b9b5c9223f77b2f5d65fbb6c

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 ca8224b2419124899180a1cb6d4a19c2
SHA1 2bb9899ed1114059fcbe731dcbbab40f20f22d28
SHA256 8cbf446f3cc9f8d7b7651dc7f5f352bbdeeea66c74906b2a831ca7d4bf2c61c9
SHA512 8f18a7c8a9a75a083139d7c8f45779ea0e53c41e74dd3cef702e2088990b97630626b9e99468094a1660b9335ea068ed2cd94388e59d08c460b5f82aa053c14b

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 e439d28fbab93a648bbe6a6e1bd618b0
SHA1 e4fc7a135c38795674003b45060acf18cdcda82b
SHA256 ee6359f2c3586528ef4351570b026d4a3dda90a6fe7c387bf727f30a7d4ee9fb
SHA512 6a77508408f74a41c1b269d51122b52793516299411d29e373c8d1a1f5e51f74a1882824e34f70189682b08937f3d432463e63f2de939093b7b8aec6019980cb

/data/user/0/apps.ignisamerica.cleaner/databases/cleanup_apps.db-journal

MD5 31ec1b986480e34269b075b63229e655
SHA1 218e38159cae78a2af07aaebc877fbfc4a2e4a9b
SHA256 192bd714c47d5486a28d02a70a212a82ba8163e1c46772b9051d1afcfec3b774
SHA512 0b4a01a6d777999a428bd0f46f8d8caf0fdf2fc93ed2504c6bae46eacfe4ae0172907948f2aa29dd89dc40e953af114ef0aa8c113bf5d1ee349e146f5ad25dac