Malware Analysis Report

2024-12-07 17:09

Sample ID 241112-1ztckavrfq
Target 7b6f0650b61266f4cceeb300b57980b997e8d81e522e4d00c6b5e35641250df9.bin
SHA256 7b6f0650b61266f4cceeb300b57980b997e8d81e522e4d00c6b5e35641250df9
Tags
banker collection credential_access discovery evasion execution impact persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7b6f0650b61266f4cceeb300b57980b997e8d81e522e4d00c6b5e35641250df9

Threat Level: Likely malicious

The file 7b6f0650b61266f4cceeb300b57980b997e8d81e522e4d00c6b5e35641250df9.bin was found to be: Likely malicious.

Malicious Activity Summary

banker collection credential_access discovery evasion execution impact persistence stealth trojan

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Performs UI accessibility actions on behalf of the user

Queries information about active data network

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 22:05

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 22:05

Reported

2024-11-12 22:08

Platform

android-x64-20240624-en

Max time kernel

147s

Max time network

154s

Command Line

abrasion.staleness.spectator.borax

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex N/A N/A
N/A /data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

abrasion.staleness.spectator.borax

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 upload.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 1.1.1.1:53 mastercardkeys.world udp
US 104.21.74.7:80 mastercardkeys.world tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-journal

MD5 34117ebaadd48e9b7e312413f261a803
SHA1 3fb65869569081aa88947052e8ecf1b47ceb7355
SHA256 d244acec5f21acc5cf45759063ae4c5c98eea37ce676e2e3b8c5b056f75d44e7
SHA512 66522f5bfc5ef22f7aaf2ba3a0a4c01b2b88b211947117c8ae9fec6f2020a46ee5c0e6552100763b769c0460eb8339615e1fd8d7f93027f47626cc347e8358d3

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb

MD5 94b7e5aa5211fea6d0b9438375e7dacf
SHA1 280570ba76646ea6bc3fe1207e5cbcf02a624c55
SHA256 ab1f2e35ab51fbb4a4c513644d428352e7b87aaca5ce19c75e981865f7987224
SHA512 503e3a6f471850f0fb5c0689ac751e99457d51902640e84664c4829461edbbc03053b6ef52e7b2d511e9658ecb8e8d6e95743bb68cb1fc327ca90779aa68640a

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 9f5ceaefb6f8c85bc49d09bf46804c13
SHA1 494d4b3f2ca49e1e68de7e83e79a9fdbebbb163d
SHA256 9525b44e9c5185c2fbac05183cbfb7c73b9ccc49d62de48893ab9a734ad1869c
SHA512 68b1a0e0929e8445818fbe59573a6c56a5222717697b067aef32583a27983c3f0a40cae19a177ee8533728db07f21e3ffd7cdb2bcae920a6a0cf181ddccf4685

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 52abb47de0a910348eb3c1d8da5a80ee
SHA1 804b71d3561a02fcab5eb93551a7b01d9d186648
SHA256 f321b9ac1eef5e3543283fa938cdabd2595e753d1867141585a5ef7a77cc9903
SHA512 23c9e9f4ce47f3c2db5ff8668554e92603f24e02bd31e650e002138563cb22939aa4e8555a00aa693958115a18953ed5a052fecb09ee8d36f87af0d45cbe0bb5

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 aa8cb01ff7004e2a6c0e1e783a2349a2
SHA1 4e09387a4b60177592caa36f9b03d0a88a8d1ece
SHA256 015b2400da0deb3185edb40c389b22d14987a2fabba4b9b7d63bb829401fe27b
SHA512 a48e678ca10e8bdfd7773f003d1f53cceed900f95fec59880140769bf4662ca9d844f2af7d8f46b2b783c280e8628e53060d18f88e040e5e3f3bf732b5199f98

/data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex

MD5 4d60ca1c5b67bd29dcca5a847a3202b2
SHA1 f4b47f50c78f24657e33cd01a5ad5b585db5ba4b
SHA256 822bf389df28fd28cb739dff1f39ca146b47a8e13b890b0a28ff9e63f8703fd3
SHA512 d8dbfe3526d29dea1cacac150797ffe8e34e6f4d8b6c758ab749b210fc02a81fba0258c94f6801ec087a4b3563a9bce66d7e70a47c348468e946819da3693035

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 22:05

Reported

2024-11-12 22:08

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

155s

Command Line

abrasion.staleness.spectator.borax

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex N/A N/A
N/A /data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex N/A N/A
N/A /data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

abrasion.staleness.spectator.borax

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/data/abrasion.staleness.spectator.borax/code_cache/oat/x86/decrypted.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 mastercardkeys.world udp
US 172.67.152.119:80 mastercardkeys.world tcp
US 1.1.1.1:53 upload.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-journal

MD5 ecd6bcadd74ed5302d782e5e2e25e275
SHA1 f5b8f05a9abe086d50eb4cdab2db37296cf99ee5
SHA256 bdfde231c6cb623160a556d6129cfb02375374642b1b259e18fd1e6bad927569
SHA512 a0aa0368a23a04a4e7fc24eae30c5d4c7b9530509fdef932fcf1c5ea2652cf23dd0d75d282adbc0d3e8baa6a1dced77e63ce34f1193af5718caba310f1c5bced

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb

MD5 d189fc9f6bba5292e055ca32dc6b9b8d
SHA1 7fd710b11e9911b3f731224b22a7dd58f6e4af8d
SHA256 5a0a2020a2830a84cfbe6949732649980e67b082f56f77de50d2159e4b676cf9
SHA512 422f98b3613df8e9e3a08ca782b59dcd63fe4d8b670d324830ae745ca525705bee7edf37082ccf0507ed254cadbe74524a38bf82566b76fe0128f9a269ceef4f

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 73d5c9904af8124ac0e59848be1527c5
SHA1 676664a1257a7f122b4b5b951c47ee5a5d1678fc
SHA256 d6da953331a608406f817914ff9565d54eeaf538cd6cf5a6a781fe352aeda3a8
SHA512 1c141a31b4d2669ff19c26f86798b4b6fac2875633e1a60eb3d1dfa84288fb5e175e6b53790de546b218a48c18d71456f3005da4780f1f26df56c28925015be3

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 7d727619cfce6d7621763e927b3d64c8
SHA1 71427687ada3a83af22129af3cc938cc74fb30cd
SHA256 2ab2a6035c2baf0c8eff560cb133fecb89d5492fa76c0b976d5e0c248fa0a485
SHA512 2897aa13ebb6360f222a0929a72848c0c863da47e99daa3cfc04332c63a28b93df5f8c4f4ba0c3459674c21782da5cf0c764babf4b6fdd5082224869dd9d4b37

/data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex

MD5 4d60ca1c5b67bd29dcca5a847a3202b2
SHA1 f4b47f50c78f24657e33cd01a5ad5b585db5ba4b
SHA256 822bf389df28fd28cb739dff1f39ca146b47a8e13b890b0a28ff9e63f8703fd3
SHA512 d8dbfe3526d29dea1cacac150797ffe8e34e6f4d8b6c758ab749b210fc02a81fba0258c94f6801ec087a4b3563a9bce66d7e70a47c348468e946819da3693035

/data/data/abrasion.staleness.spectator.borax/no_backup/androidx.work.workdb-wal

MD5 6b6f035508964f4bce99b59faa3e6544
SHA1 1a4dca4e5c0f9290f6aaad11d288c89830754024
SHA256 75b814e093d399c4e4e1b39af3724a73d734ef33981e26c4a01d3323736466fc
SHA512 c2fb4dca12e49e79b0d6cea24ffc888acdd0685e0126ed54e2ceb44e3eaeee320c8147bed9eeaaef7e3279d19beec95c6ca8a59fb098800bdf639973b5e6ae9a

/data/data/abrasion.staleness.spectator.borax/code_cache/decrypted.dex

MD5 98d5e52e5231ad3743a42d49374e79e3
SHA1 7835b95b3c2ae9819d577f585daf911635fab7bd
SHA256 a38c0756c3dea7ef9e2b0ff46a9eef0b912053ca3c634672fe47a1587e22d4b7
SHA512 45c5c490f7c617c122e0cab75e5f2b68807ffc0ab6017a912a5b3399cacf2243094358433b618fc8ff21dc526449636afd3bb12100434e1d893b7a418ad0b81a