Malware Analysis Report

2024-12-07 16:16

Sample ID 241113-p57xcsvren
Target BCApp_release_13Aug_v5.5.0.apk
SHA256 78961a477f1ab9591f45406be9223678bcec69e350720cf61a3938f6239bd86a
Tags
discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

78961a477f1ab9591f45406be9223678bcec69e350720cf61a3938f6239bd86a

Threat Level: Likely malicious

The file BCApp_release_13Aug_v5.5.0.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Queries the mobile country code (MCC)

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 12:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 12:55

Reported

2024-11-13 13:01

Platform

android-x86-arm-20240624-en

Max time kernel

160s

Max time network

307s

Command Line

net.ppbl.bcapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.ppbl.bcapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 172.217.16.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.10:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.169.10:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.178.10:443 firebaselogging-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.paytmbank.com udp
GB 23.44.65.213:443 accounts.paytmbank.com tcp
US 1.1.1.1:53 www.paytmbank.com udp
GB 23.64.32.147:443 www.paytmbank.com tcp
US 1.1.1.1:53 s.go-mpulse.net udp
GB 2.19.168.132:443 s.go-mpulse.net tcp
US 1.1.1.1:53 c.go-mpulse.net udp
GB 92.123.28.132:443 c.go-mpulse.net tcp
US 1.1.1.1:53 02179913.akstat.io udp
GB 104.115.32.190:443 02179913.akstat.io tcp
US 1.1.1.1:53 oauth.paytmbank.com udp
GB 23.64.32.147:443 oauth.paytmbank.com tcp
GB 172.217.16.227:80 firebase-settings.crashlytics.com tcp
GB 172.217.16.228:443 tcp
GB 142.250.200.2:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp

Files

/data/data/net.ppbl.bcapp/files/PersistedInstallation879624453765996650tmp

MD5 bf4ab88386979d54c26952499cd3509e
SHA1 ccceb47ee4b196d55be7b85e44114fe2e310482c
SHA256 939acecf0a04f0748638118c4fd9696105305d747ddd3cd47646c0d5007fb59e
SHA512 be5efd5f06a597efb5dd4b433eea2d8f10c416498893f238f0aa945bd73459a98989647c060902b5d7ff002bc6b1818d24eae5c2175279892223fc60264b432f

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 31c50622b6200b0490c9c5a276c50fd1
SHA1 c89b38a152313b42538931547936afc2e0b43fcb
SHA256 629eb7aa4defdbae35966a3b6c85ea9cb7d5f929fab599145bd93eb7fd84dd15
SHA512 edb37ff872e2cc3be85ce98371ecf3567cbcc54d14b6ab2b40a4292094f20ae1757a5e4626c5e7430072ca52b20b650d83a8763b5440999aa96e01e30cdf3c86

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-wal

MD5 7f48ab9d88f9da3ba31b784fead53a52
SHA1 d6d4748b93fb6e882da9d07e09a4ca10a8b009cb
SHA256 eb000cbc8d1b7858848dca1782fb6602803fad393bb52f1f3efdcdbbb5b314a2
SHA512 496f146984b6964512c90d66f0d5bdeb58247c7b0576e1bfd68c001dbeb610e8bcb3e2e827283c317049ccb8338a58ae8a645af05082723a039d55d70d3a3f2c

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E9010A00011098AA3C7E956F7B/report

MD5 477969ae199792c95360a4efbcce6ea9
SHA1 bc3a975458b4505918b45e458e2fe4aa123e30a5
SHA256 5bc1a7f2fad634d129f77391f4dc9be96cd68f6b9b0ba2882686d70128c0b072
SHA512 9d3f71d7bebd9a0e55084f74929e4fe2d0270684320d909c158e447196e01c872950058ccc602458498f050572f0cc6fd382d3e954f8dbfebbd08c3b390ed593

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-journal

MD5 03b77f0ed6a84735bda85e74d35f6526
SHA1 9d579798a7458031b72885e96f69defa1b16b6f0
SHA256 55f3eaf4a13b3b583483ea6e945c70854859b9c66303a4777b219427ca9d6b31
SHA512 2a62cb0fb36bf629375ab162ed158b35e0019459972cf459e93f605508d6aa2a74b46ec01142881508e4443e3911ffca25fef685aa5a72bf5332dcb123bbeb36

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 b85a6050661aeb3b041877037e458502
SHA1 bb028c1b4f66eb7188dded5b06494314ff31feab
SHA256 7226722104d0b21ac808b0db9e15824c35ad99d9310b2936ddb0a3fc581c05c8
SHA512 15505e139e7952033bdc3e9e1d56234124603b05d4d8516198624932901a19231f39976c1b1b30d8a34f995a9ca83d7e6c86638f23115e20267752a898f8ccc2

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/com.crashlytics.settings.json

MD5 36fa9adc566d430192e056151974416a
SHA1 d1793c66463020d67051369a51f289bc78259b68
SHA256 dac2b4a87f0a2881b707f1f8ad8e259e2d721e76b440c03c68ffa9f63b5c3407
SHA512 94a34a9727e1c468d811daf4892d7b706851a8255650e6bdf1c785a53e67125770eb41b6c47d91012608df7f1d5ef121a256af3765dd959491d06498bad4eb7c

/data/data/net.ppbl.bcapp/files/PersistedInstallation6234438448382950107tmp

MD5 34a557700d41afa3e823cd11fc915db2
SHA1 fa6269bc88ca3e08e3ba4fe46759603689bf480d
SHA256 e9596d22aa7273d9f5111113df0ccaafa858c5a9c1553fdd73ad59311766a6df
SHA512 5a4229b8479a79eb8bf6654c0a8c44e8ebe38a59050f2702f96efb8816169938ccd61f4eaa44c96e1ce2ecad143733a78cda4d4ff465b9c5ced1e0505334c01e

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 c94c860b409a7cfcc4f13d2fb5a57cfb
SHA1 d90f65e017f09b6f5ff0572e7687fd49f0cf1318
SHA256 ed64e6b1783d565ebed262486a986c624d82a66b5c4937cde5e8384258fe0d04
SHA512 42873b4160f1206de9629d55a0e487850b4e5748f3306706a8ec7e8c460a6f92f470c11637460b24e02eb4c680e6edb16b7b7c7f79a12a86373a5cd8c8fcbfa7

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_defaults.json

MD5 ed5f5186a4af58982cbccc6891e1a497
SHA1 095da07fbd1d4b6b0417ed3a765439a70d78f3d3
SHA256 cebc515740d0a81c982b9946c84969f418c00607c007846956ba3ab0f9d22ae2
SHA512 e4accf5f5c3ef093a5b4086884aa2e422ce6fbf89a7f97e3eccec8e7e41c8818ab849c787cb642753d7c63337156ac728e76a9e5f32cd2cf0aae408207d932f6

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 2d78a317f04d4857ce59d041539e4cca
SHA1 8940b6944d61fa45e94e5273d76e5e614c4ca079
SHA256 13075e996d83849d4338315f11724272eaad7ed93612c31d87ca8ded6deb118c
SHA512 929405b9947bc8d3e56658fc9f8cf59e31cd20d2f4cc85d66bd966c0f0274a858c4f70387a4f65a9428e06fde1ebabca8bc2559809906ebb52c1cf1d06e5a675

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 4d0b21bd413730efd61f56b45acf54cb
SHA1 04787950ed073bfc5399b84f119a5d9f5df9fecb
SHA256 ec93aeed4ffffbf0b424be223173bf965c5d9c5fa776ae26c5864541dbe96d42
SHA512 53d6899e37ed477fa7ded2debd3bef9a6523e41f6fd500812b478346b43d5c0b239a47756584b69acb267375efa78453724b806c15625843ad64b692a408eca8

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 d22ca88570effee55fcb96f987bebe03
SHA1 5442d4a4fae9e22efbd8f8b69ba51f929d62f758
SHA256 3778bc678a2bb3f2ff163008755f05021ecc155cd3279c67d8ed529c1a3b2982
SHA512 183eebe672990926365ea985713492f59ead9adc1d997f9dcaa01616f0fcf08c5a3c6e7c5e1024e739eb7becd0efc3f683c8cebb96e278ab3ba779e0ae4e281b

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 a0696153eb879e976ffd42422029ff7c
SHA1 5cc05a40ce8ddab661f30417243df3968c55c595
SHA256 ff4f4850c06ee51c656136d4976148e1570b479b997b4c6fdd7c9bf91b424760
SHA512 98c762bc044e7d2097ff6950c7752675dd83e5c1652a449d95438accb8a7eac1f9586abbe4096dec341224a9c55b8d53b4dceb66c6e65e7c8f86110277c4d5a8

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 46dd92fb7cde90d8e940fcca64fc8ad0
SHA1 305f399257874c15ad048203ee08a8303b3a6b29
SHA256 8f3206d3523b6e769fcc5f08d8b61ec5b3bf449a4c2ab1f07d02cc228f0f2956
SHA512 6807ab21a76b8fa7a8151d90b6d5a82382db74dcfbc413fb7f2b00b6c119c1a67d37030f217b8180aab86426f3938fb209f9264d8562519e334e3f7f51402187

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 446d77709283472b9dce94549e111a3b
SHA1 15faf469ac3f31327984c2d700eabacac96127bc
SHA256 5d5618aa977a6bdfcce501b160ccce77ed40228cef07f14911c2bedce5d84cfe
SHA512 b1097d51737b2785759d8a64afd0a90676de8c18990992cca4cca1e4c90beea9b847cadb3be9abe3bd366766f1119b492cc88a58c4c422919fa00290cf8e49d5

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 2ce077289185739fa18004df249728f7
SHA1 a8d9d553e20503cf08ee6f095ee14df16fc70366
SHA256 4544a34f59b58d98fdf0ab0294c51ff39ad44f351588a6232c0508ad242e32a6
SHA512 89679b5ed5f13b77be22d2d159aecde0849aa8fae4c25e95025450c751a8e75aa069ab3312af0ab71f83003ab7e3846de272290e368f8c4906d51d4db1613c90

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E9010A00011098AA3C7E956F7B/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E9010A00011098AA3C7E956F7B/userlog

MD5 94a0a82dc8b03eae5b3e99674fc3e6c1
SHA1 e91949143311dd17cc4accc62ee8da131190b5b5
SHA256 a793764ee42cc715a4645add62dfc21434500a4152372dea8eff66f1ed62eb0f
SHA512 b8431851f82981728e803bbe94611a7014205b5139bf584da6324b258f05a9914d80700b03453a1d367a0b7877cbcf82031540704a42c409243bb16e17578aed

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 58ea9aac12162b1cf59ecdbcfea402f4
SHA1 caf2df84701a0493aa118e870234b2aa67de742e
SHA256 4b8e36f8e213a30a38a3b9b3f9e7deb5467bd21d97ecba327bbcdd2dd0d9eb0b
SHA512 375478a503ace294af9a22bd758e7ae29d375c14041f6fae4856f2febf8b89679031c0d19e1501b9bb3040892ff64570edf8d1e6d454e8feec6d75dfb388bcdf

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 2b1ea9eb3f66c58b9caf6fe9213e2f5f
SHA1 c1f009c50c9ba7ea60391cca1a52049e3e35613b
SHA256 07c12fc3f3563b860f5e4e1f3d222c3d8ad4672ca78236fe6ba451f8d69c3b8f
SHA512 d4f9f94bfb0875fab23068793ca64cc8b1e8cd2b2ff5e38bb68b6b50ad9cc61287b706b4971a4f70e2865523178c0cd9de5854f17c7e4b8ef22caf796b36097f

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 87d47fef433e6e5dab1418c7e76eb8bb
SHA1 6dcf0f0ddf4da730d420f20f63ec749e7ce6bc49
SHA256 44f17e3aa0b1740046feafc70c17fe30aec4f9bcabaaceb95f727498233df476
SHA512 034a380c84f536e79d5f0acc16d52e8460143652e8f25b7ea266563a868907bdee1840c217cdaff6aa4ca255a230ae6e19571ad175509a3d69204ffc3e02a88f

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 a85b3f3d9a9023d95ad4910c29dcdd1e
SHA1 65a4ee719e21c6d8045c818890902c4135477f66
SHA256 2289f2f5fa516627d2819b175eabc9f818056370773bc7e86360247bd1a75041
SHA512 ea05287e6cabf030c3d7a1f67f2c13a0d32ca7f1405353751efa2d52db0da1795a4e8130fbb64672f7d1aecb9af5bd8a2cdaa39a7db60b06a0ebc82298309d69

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-wal

MD5 ab399888e393d6ded6c7c96cdf4916ea
SHA1 66d3a5b77c11f2cafad5f48ac3c18a7774093355
SHA256 6e938f795e9097fa7c72e25a275c0924070822f73a6a72a6250eab797e169114
SHA512 85292ec3189c1f84f7c1b94f830c712cc846e24d0b6eddbd321ffe8ff87a6516e2164198a20f61667013162814f3fa4425596c0d8b77d1483bdc2ad9ff1b0736

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 bd13486d55b785d5f87e819236520ba3
SHA1 21b82fbb8d736da737e6a66040419f81609dfdf1
SHA256 fae665ff0b99f954f64d23866ff040b5a2fa67657170ae9282d29c38e6b4a301
SHA512 450d0702efd6ede82f5d6019d95b350269989534a1cb42a3eb4b10768fae12d679fd13345fd489cb9ac39c72b610413bdec3a1d0a5991b1f26e6f9285e239303

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 847427978468a1178911a1acf67d1040
SHA1 e59f854cf8403726989e66fd502f4c48fe4a8a67
SHA256 9c7f012b6a0df9d26ce3bd534c78f1402b60ccb6fc8bfb4e6983eaca5bc63a1f
SHA512 3fdaa3cc186ef7d97f1f8990875b8e4d6083509e683bf9303a16c118307e95c6c918809d3cd0ce344964e4634a3d3958ffc214603ef47e3f32a1c4c8b176cdb2

/data/data/net.ppbl.bcapp/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 6524e72467cf25d09a4b6c0e2f141d20
SHA1 7b7028080b923d0c7c4987704a0eb9b97589e8aa
SHA256 dae47d0e572ff72656c4545b7fbb07e46244ffaa9346e30887eea9c037bbfe19
SHA512 7ee2d0db72b63b766b0a75cdef8bae26e579cb80586d20ae7bb539732bc3ef49f149da6cd72e81ffa976686d8657afacd07517f44c1e0cfdc176a1b5390335a3

/data/data/net.ppbl.bcapp/files/profileInstalled

MD5 a7b4a46d9afa1fad6c94c12a4a5a0e84
SHA1 9c28a9737fff8e1a545dedfdcf03794454756137
SHA256 ac7fe5d773630f7f6491037b0d3880c9820a7dcca158fbedada27e4c36eac8f7
SHA512 2531102bce796a4833c9a86f7250ad20f27600fd29dd246c95164fc3ffe698a004f5d93a47b00bae18be23dff4373d091f490281de4b7fd7502e94d865422762

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_fireperf_fetch.json

MD5 d69ea75b21ab55c3be71eaf6ab4f61f2
SHA1 f85240348bba6d11f0fae073c13b3b522213a4bc
SHA256 a1e87e9aa2f176b76aca5c905ef494027ba77b63b73189753569ca51084333c4
SHA512 e58fc46d86abba3c026f0c8881528dfb9aedf559ef7118860d19765f90e97fea208d2cbd6a6859f0ac8a8cb8ac19b1b70af12d1ca50bd4280cafa4dbdbdfe074

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_fetch.json

MD5 4514720fb9c02ca527f08a18d4b100de
SHA1 cb47be58eb5ba4c03ca6a43e61ef0c5b43668387
SHA256 e76df56581d31305ca822b10ef5401ef37dd0b11c6800536b7a4b003827095fe
SHA512 0b00c5a79a1bcd7a6033cd63415d25444cfb46b5902967afdd39d1e558fbad890c91fbdc464187c88ea43aa9164bb29304b01135e239e0cae7c7cf15922cc120

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 4a986f2926c453321b05dd0312f84848
SHA1 f84a264d2f0bdf7e1b816b201791b3fcf0f1f287
SHA256 6aa6c4cd24f116530e3695527e83cfb56de7abdc12b84ad61605cb893777ff4e
SHA512 83ecb9aac7923c961ce43dd2b446f97b489dc306ec66dcaf4a2cd3d5547da1b4341dfd9820d864ffce2d46f805d70a06f12b3037e5fd837f225b4b0def8aca02

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 33afcf7cdfe39af5f9e54ce78fd8d0f5
SHA1 aed50b59dae103728aecbce1a89e1067f27dae01
SHA256 d69e778672a0732c3a9d1db88ea6ee4824437c0f86eccd67efbc86db82c0f3f8
SHA512 c73a4d62124284a3b13ce3c2303775d6bc1775071d0f05053b7ef0b63bf3c19522e42f6ab4a44390cc40eae044f333a6020f82c542ad5b055128e8a2d9fee749

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 12:55

Reported

2024-11-13 13:01

Platform

android-x64-20240624-en

Max time kernel

47s

Max time network

301s

Command Line

net.ppbl.bcapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.ppbl.bcapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 216.58.213.3:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.187.234:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.200.34:443 tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 tcp

Files

/data/data/net.ppbl.bcapp/files/PersistedInstallation1684701896398152665tmp

MD5 4e7ddee42e4fd618363e3800f78e6174
SHA1 b234bd3c5d8939f5cde0e9382f9fcfb420c72cff
SHA256 0281354a67cc8fb49289008d31b451b4f8a4fefc9de50865dd005c3cbc3e3106
SHA512 f07f57ecd63b4bf03318cbcaf45469391766166f9c17721a8457b47d48589d721e53259ad3f805bb2c30e9e7d1d69e46cf42c1c03d9e03aa7a89f2b16bfc49e9

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E90193000113461D6BDDE476F7/report

MD5 b3926cd567a081c9ded6e58207e21ab2
SHA1 c86ba6cdc70d5f3f68484e921cfed9b3765b30bd
SHA256 71fd2cbbd0e491009e9fd87cc86a9bfd832846145df3bb79460b780a48ac3092
SHA512 ffa1b38d413dc711adad2f20bc73bee7f6f83b4c543646caa7cc2eec93868f9159e3a8c5c9c6a6c35e5b5dec4ab93ef3c12da9317822bb1e66f50809f07967bc

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 3c91721e29aea9c022124e26647b8ef0
SHA1 7db9812857d4eb8dd08142d812586b302b124d0c
SHA256 c6e61245f5c8a435912069bfa2ef9491e508e31bd72b5e62f65aa794df6d8244
SHA512 bf2a21fd031251b95e2f0bd105cb0af7457dcd6389a9780f783e9622872860f50b1b2854127af986becbba0bb9b39746a122723319551fc942e60da47a7672f0

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events

MD5 04d1850ec09ee7640b44bfb1133b2a22
SHA1 79a1f16540afa07f32731856a3c51dd7675aa8d2
SHA256 0b37bebd185bc4b10b397952c2388e80107380cc0be1a7cf418f51a548a3d706
SHA512 77e7cd8c0ec547763b60704987f85d23a01f2877695649b63d68422e402612f13515da2c2330f3f31e4337d2c2d27b748d2deedb3a2c337222bbf522dd0910ff

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 2a63ac9ed350922bf5d1e4b565bc5b47
SHA1 35d941e046994002a8125f789124f3c13fed2f9d
SHA256 6e7d2a919044713cbc309bebef06a040e6dfedcdee397a180d576282773fe2bc
SHA512 3953664e6d70060a821dd9c4c07a2ba11b9a09f60ae5050f7161b2950e092dda6205f4d29c948f9d84f7dfac270acf62044d2ef6575640b8cfa8f94af505b3a6

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 bf95c71f96de802e2d8e856a529101ee
SHA1 57a5c299d5c65a478022797d43a3f1b058f67599
SHA256 cffcd258952ff5ad3339933a0fa2be5e86191281f52ed53d3e9adfff661cb2ac
SHA512 174026da7917d1264450a51d9dcfe35d222da6bab2b0f14080663e93c34647c71705963295054427c3f6bd37aaa85d413658bfe253dd301198fc21d39eac2eb5

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-journal

MD5 4b733ff952a54a6bc453944914ef7a5a
SHA1 2bf4b4dc034990e010d0ec1afc09c3afd96cfffc
SHA256 27073526ac1c2c02a105a06403f5e2ba00afc7fd5d19af9b5b9f742937319418
SHA512 9d0dd5fbe88c080b02ee858d5e3bbc1204d5d93468cd81392e125d8de844bcba060fb54c1c84cd735906daafb4ef3f8c093530c06dc8b762c268bdc30e3411ba

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 76a686a16d4f05d21ecea6aaac7f9355
SHA1 da3c5472e1fb4ca5a1a333864eff250e592806f8
SHA256 65706b09883a6472991e05cae487ff5fdb45671a7f35b910197cb4d9cf2e1673
SHA512 96716d045be925f6b12b985c1b7fbf3c007be75e1d621989170e2042af74006be91504ae7dfb061c572f9530a3180d95d0eb5ce2614469ce30bb6f0293697a3c

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/com.crashlytics.settings.json

MD5 31fe024b97130ba78e706a328ab89168
SHA1 0ce5e4553cce5af5a785d0983168413a07ff22f4
SHA256 8e27225bef2de1c082dabdc2c69f07327fe6f61b5a7f9b444e83a9a537189d5c
SHA512 5446f1f964af9aa4944b252966afe3f3dceed7e44aca0f8010121d97896f85aea3b5a6e8dc6075c36ea20c978a6fbd38f3b0e60851cf779597ec32d5f0dd482b

/data/data/net.ppbl.bcapp/no_backup/androidx.work.workdb-wal

MD5 51143d6a068d91b72fdda89fcf766258
SHA1 9f69b6b9294f43a02265e87efb08b3c0e0cf0086
SHA256 5b293163d73bd60012b903584c41d7c49ee5180702d9ccc57b3e4203284e9b14
SHA512 595424b8e2e2d2b4c9dd1ef436a36610a6f3a5d3de91dfbe9010fb1cfefd720de2c641738c7560c720c23b4200d69fbe523acf34538f1b718dfa9160e132bb75

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_defaults.json

MD5 ed5f5186a4af58982cbccc6891e1a497
SHA1 095da07fbd1d4b6b0417ed3a765439a70d78f3d3
SHA256 cebc515740d0a81c982b9946c84969f418c00607c007846956ba3ab0f9d22ae2
SHA512 e4accf5f5c3ef093a5b4086884aa2e422ce6fbf89a7f97e3eccec8e7e41c8818ab849c787cb642753d7c63337156ac728e76a9e5f32cd2cf0aae408207d932f6

/data/data/net.ppbl.bcapp/files/PersistedInstallation4157613646288804744tmp

MD5 00e11ba9a17851cd6ae5da655e80e94b
SHA1 fd1019a984d2e9043e5f2ff1657f2c9821fe35e5
SHA256 74789c1fce31f03a841c1e93f64cc0d328e6e7ee616738ed3db982578d66eef7
SHA512 c93388f717d14f2d686176d8de1b9a937d86bf889d5c173f2d3639fefd05609ef0d95c413f7595276e87ce9f0f5f072a6a1ad3019d593085a5d6dada4a05ed99

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 2d0d58fd137b9b5c5d87bbb8a6010eec
SHA1 aca9594c869e4ffc4e0856d1a63d3d239efa8a95
SHA256 03975e8d8417d8bb950173da424c5b1b8f72e29933abd45f7468b9d8220d120d
SHA512 6174371854a6ef89abfd87c30bca26260722828fee58f7846a233c388a8101c4b020d7b8de93098eeb6e0457b7be5120768cc85e4e64475f930b8addb5cab14b

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 b4edbab2db05cfdac13f6b3d39c11d08
SHA1 be9d800c5c9b06624b3f8990827b2bbb625701f1
SHA256 9858b31aaf161eff7c93f6369d660777911e7305a14c03558a2a8409e1d2b633
SHA512 762d3ea6f03ae5afcc21c9ff6220e50cf11a2c1a4508116280021298cc7ef55d00737f1e8993e37d1d831655710fa94827bbfb48e8368f272ebc082937a35a26

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 80f6aea09806e5d556a7bb0f7e698aaa
SHA1 2fa38cf2e1f7d70589f9bea1143f9d9821935998
SHA256 33ac1999f91022150f29114cd198c4aaf3fef9de0692c15b0e7233f7f3f90dca
SHA512 15ca5ce37cc7df452774a2aa8b9246fa75c5ec46e0c12597f649fef832cc768955e9b62911f9c4d3393db6603da2f325652f7cc9d25e87f0153b21d13b8648dc

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 45acd90b187a65d9448082418b0fd84e
SHA1 13816f4f5172951406d7c6384071b222a81da79b
SHA256 14cfd6d789101a27e407bf206b88d8b3724ecb96ac58da84929b8d3d1c5066fb
SHA512 4a806d9b06ee55b41801207fc5dec347dcd972bba63225992445e001567e1680aa4b299fff7983ae034c27e1b39717ae168dd45cb194fb1c4789ba70337109ee

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 c1ea6a19f82e45236ed015a672a53a8f
SHA1 61853c5c3bb57f1147569a63e7bc34ebf2773be6
SHA256 86cae84d3532b2891d2feafff7f338cd366ce7bbda2d3aa7c5ef4a699ac80aff
SHA512 b0aaf911626462d621f902ed4205b06342e5dcff45e5ecd17242f4292f2a6811bd2957de854450ecaa52d701d49d69d415a0b3a101b3bf20b400637fc68bef4c

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 a34ad604116ab60ec8f76ec8b8ad05e5
SHA1 3c54ca489886898826ef55250ca593f86ba79953
SHA256 12840f36f9158d1d38f78aa876214c2b3d544309af18960e1207dffb86220e3f
SHA512 df8e999514bc4cf60b41280528fddbae238355402cc35a30444f4d78b8030351e5d81e7164f8eb45ef955a3ac91a9e485a922916fd83b5d4d84e235921ad0647

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 6eb3ad588ac22bd2887617a00c5b4f13
SHA1 fbbeaf7d22d19bd488f4cb05cc00bfe87919cf7d
SHA256 a4d8e4adb2ab83855ba05216e50d05717d26edc0b94f6bc07d7ee598604e5d4e
SHA512 592cf340bef27f2a5157d2b452f162d74b005c33184a1a26893040d31ee7bdd63e9aa38bc40d0f81cc47dd0ee4d3ecfbc1295df5980b233cf601877946cafbb6

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db-journal

MD5 e147e8a4ba4d805bd03657c5e761d470
SHA1 f5d2d0e1ef259b11a18ac09c05303b92f73ea547
SHA256 a57d50ef5300e6653392ab20ebd4a8df46064021f588966452f07c50bbca5262
SHA512 631f93dfebcf38d3d4a78008cd48a2adba1a77aff5cb096b16be344118c360156eeb90e62715d6ea55a64fe90921c1fea04836c4823d8e10ba899e3d034f78ac

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 068291daba01dc682265c5c78ffb4158
SHA1 07cf699d5d5eaea05cd61f3d902c2de9ad8b363a
SHA256 e685268435563537a5243c67ae50f847c4c9c8ba0461f71d9f62f73158fbda52
SHA512 65af434426ba4b2fa2cac0b1a09d3a04adbbd7c0e5a89bc0bd99cdb521fc828fbf52602c6c2886303fd2ff85b47ef92ba77865b467ad06325c90c5bd56e90b22

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 67b77d1aa9869d2999d4433117d5ec71
SHA1 4aefcec5c9699c112fd1a525a663fe365bdcb6f2
SHA256 0445f408254925e42c3a7ded8739d8485e6522a81e9bbd9917213e3c0565e092
SHA512 cd42b0a4b19d9ced797ee05da387c81573c44f7c651f41179aa58020605b92ab6cdcb1263bbdf4f4bdf9aef7f635c6fc33d589dd3c0a2a1ff543cff977507d83

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E90193000113461D6BDDE476F7/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/net.ppbl.bcapp/files/.com.google.firebase.crashlytics.files.v2:net.ppbl.bcapp/open-sessions/6734A1E90193000113461D6BDDE476F7/userlog

MD5 5ed540c8e6f4ac5ccba776b368cfaf0d
SHA1 a272620224872b4c8e1414270334850d22b2eef7
SHA256 15a343b0b383c7caaa01dd90cf374db0c6e266ffa366fa307f1a58a8a424a88e
SHA512 204a072714f58abe170192ad633a12e0e009b0075df4116a907c289c95e84c827f5bc851c3c07b157bb08cdb4fc78db544b9f7b041c4aa8d02604a212aef815e

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 f9a05cfaa512af77e06a7006d4927400
SHA1 08e93eadc1f516b7d9dcbfe80cbb5186680b1606
SHA256 c856e645e5786970712a800012b7b2e83a28c0682ab49c7a4a024aa83ead21ee
SHA512 825a16e70a334b305092a939666f8885f23ec7ff2ed3a0684fe02021166581e110ecfe12b9334d743586fbf4a7819a66ffd3a648ee92092281c84d9120c5e554

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 de8aafe4db01a14ed17f9d5dbd2da2f9
SHA1 6ceecd9053b4dcb890362d857f7f957f79ea0c7c
SHA256 eec3fca0826f205cfb1cc887cdb2cce71f0dfac0be7975e8c588042bd4bcd268
SHA512 db3e360849470f1e7c86d19ac89f7b82e81ef45caaf7783ed55384dd44f03b25387096d115073c3974e15daf117d1bb20085f56c72482b184fc5e2048c553bc0

/data/data/net.ppbl.bcapp/databases/google_app_measurement_local.db

MD5 a034f8d34c68738f3761d1c64cd44029
SHA1 8c9aea3d5153e33704487c0a3b56c2db3da73e98
SHA256 de7ee942f5857d186d84949d326f948836f4e52d50386a637c64bb6d4ae74b1e
SHA512 b28a406409fb6cdde20de1887803c1391be42bd875838b2749ce70bbbb3e9a9274666e1dc36e667eec0d035eb1b0011c73813ffd5b711fedd5edf6c33c684484

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 68a68f217d619589d9c4bef023e4b119
SHA1 b071c5320f8f1cbb21088f0a4aa53c79448eff28
SHA256 12e76cd097ed96e8486507ef2d7a3cce5982a390c0bc347b82a616c68051f549
SHA512 6eed55d2fcb29f5f7aa059349f829c1d37165ae5f86a947647142689602d05fd8f20dad16e806278b5a0be473f2250a219ea7b074dff35445d8ec7811996b7a1

/data/data/net.ppbl.bcapp/files/frc_1:16055665666:android:75ad86789caa287843131b_firebase_fetch.json

MD5 0547c08285e61b6a14765be4383e28ee
SHA1 cc99ced53cce65c884f8b7f0bb0fa2116dc2ff88
SHA256 5b29fbd570293f136eb61a585976e022b05247cb111dc5a55a2f5c067a5b1c48
SHA512 d5ea48c3cfda334d8846aa368bbb9fccd1b979cdba9578d155396e98f1b9760964ca06824049a24b11762a0f92fe768eb93cf283017034e56c4bc78a6254dbbe

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 847427978468a1178911a1acf67d1040
SHA1 e59f854cf8403726989e66fd502f4c48fe4a8a67
SHA256 9c7f012b6a0df9d26ce3bd534c78f1402b60ccb6fc8bfb4e6983eaca5bc63a1f
SHA512 3fdaa3cc186ef7d97f1f8990875b8e4d6083509e683bf9303a16c118307e95c6c918809d3cd0ce344964e4634a3d3958ffc214603ef47e3f32a1c4c8b176cdb2

/data/data/net.ppbl.bcapp/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 11c8ee8b5e3190c50c10f4e31f58217b
SHA1 9d56e3c0a92af453de4c4a3a6a2481aa55977d15
SHA256 786f10c94a86f5fbf9b3db39fe269f584199e6c3f10baae9017b115ce122a9ea
SHA512 285102c87714a85e125ca74a69ebd9b259e0898b153f8d6bb1a0733cee27f083c0559659b7565622356685cc24414bddf390088d3b09ac658676f5202e42b29d

/data/data/net.ppbl.bcapp/files/profileInstalled

MD5 82152dd6ef1c5d80a4e1a4a61e71e2cc
SHA1 560b144654caf2b1a67ab5fa9cedfd51e5bc1c49
SHA256 b9038c7f051b31e769b4cd0347cf3357529a9a95b2d977a4f3e10f2471ae34b2
SHA512 a01abea7448da173796d4f6bda9230db620a7ef81bb00cf846892387da324c1409133430ca94c4ac6041fd83092afb9e607b17bb48d9a8091888a9f2bf7da81d

/data/data/net.ppbl.bcapp/databases/com.google.android.datatransport.events-journal

MD5 721c6c6dbc1261dad52ff418a6b268c4
SHA1 0fdbaee73ad4012572c5e07de078b2198e35b031
SHA256 1e7872ad8800a39508e02e2236ea99aceaebcf119ab89273908f826ae9102aa0
SHA512 530f678349d7ba4ad36c0c0c568397668422b0e3849def4ff4593ec6300b42da2b914a162a4784152b2e2d8a706a288d505d0d119ee31ce257ccc757601ea59e

/data/misc/profiles/cur/0/net.ppbl.bcapp/primary.prof

MD5 248378da89fb9e92eaec0efaadbcf0f2
SHA1 621a8f3b4dfae6b345fdd4c93c23433ab6c7895c
SHA256 a0dc27037d19a3800ca92e83a56ac13512a692c2e09609bb2d576c6359fa0c56
SHA512 ea2b86fdb25b413cf89a12c6d2ef4858a6df2e5104b9140568625d12bc1fb2925401d513c2e10ca7c5f25478d6fffe6ebad747d5b34bbcf9a70756c2e9943203