Malware Analysis Report

2025-01-19 05:31

Sample ID 241125-3h9z4aypcn
Target 9e8aa2476bcdc551a33326f57f15b185_JaffaCakes118
SHA256 451a50c3f405e1c3f3a71c8c04f705a30c44737d22cc6fe374c9bdb8f7b4c5f7
Tags
andrmonitor banker collection credential_access discovery evasion impact persistence privilege_escalation stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

451a50c3f405e1c3f3a71c8c04f705a30c44737d22cc6fe374c9bdb8f7b4c5f7

Threat Level: Known bad

The file 9e8aa2476bcdc551a33326f57f15b185_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

andrmonitor banker collection credential_access discovery evasion impact persistence privilege_escalation stealth trojan

Andrmonitor family

Removes its main activity from the application launcher

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Requests accessing notifications (often used to intercept notifications before users become aware).

Queries information about the current Wi-Fi connection

Queries information about active data network

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Reads information about phone network operator.

Acquires the wake lock

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Tries to add a device administrator.

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 23:32

Signatures

Andrmonitor family

andrmonitor

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 23:32

Reported

2024-11-25 23:34

Platform

android-x86-arm-20240624-en

Max time kernel

139s

Max time network

145s

Command Line

com.dromon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A android-monitor.ru N/A N/A
N/A prog-money.com N/A N/A
N/A andmon.name N/A N/A
N/A anmon.name N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dromon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android-monitor.ru udp
FR 164.132.181.133:80 android-monitor.ru tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 prog-money.com udp
DE 157.90.2.159:80 prog-money.com tcp
US 1.1.1.1:53 andmon.name udp
US 1.1.1.1:53 anmon.name udp
DE 168.119.91.88:80 anmon.name tcp
DE 144.76.58.8:80 andmon.name tcp
DE 168.119.91.88:80 anmon.name tcp

Files

/storage/emulated/0/.androidmonitor/log.txt

MD5 ac5184902fddf9099cf65b939f89107b
SHA1 309da6d599bc59e749f701ba4d0afafe47a5a042
SHA256 02e182f51a08ad0491706f7acf0a0ec564ea9b055a156412cbb810049326b428
SHA512 03d1b1d30acfa962b3f5883c1ce2f8e3bca777af65943a69e5fee78e1d67cbe7a180457cea0196b94df0829f64786ece394991b2c6655d1d926c0bb7d4222355

/storage/emulated/0/.androidmonitor/log.txt

MD5 03f354e8f2101cd41082ed7e489e42d7
SHA1 ac667015aa859412cd1f68e2234d683ad03bccf7
SHA256 4c22b44fc8d7dd2d4aca7cb45d2ff2204afa4410cc0fd4a198b834e5d067393e
SHA512 dba6bceaff63253f38d6ab9570c57be65bf1793a1cbfc95d6648aa8e31885355a7174dce1527dd7b6d4d76d97e44b8a1de90d413e17607b71178ada22ffb5099

/storage/emulated/0/.androidmonitor/log.txt

MD5 0395590d04f1780f8428c126919f5b0b
SHA1 035858d58ea2c4668ca663b80e523175f7e00132
SHA256 280ddaf4053ddf02de709379729c0fa720d715fe5dcb09c0b22f1aeb5f2f3814
SHA512 f36ddb362a721c59ff9746cbba624a91c8292cb58593fcbb546e3770b3f3b95411da5fce40d4dae98adefa0454da06e4bdcd86daf8a23e64b4eafdb85eadfee5

/storage/emulated/0/.androidmonitor/log.txt

MD5 395d320a46082c752493cee812308c31
SHA1 eb6f230dea2a33cd0a1642e563cc97eec8f41a0f
SHA256 390d1dbc2dcf27ed1ffd307814a27c6d5d28b3e6eb53a95d6a1f7af9e54d6d3c
SHA512 19eb6ee547bf7b2e8c2e1d78aea45f4549c3d6b45087c568285787d7d78b91ebc59bf72e0f2e8f9a5e00890ab3e2103794bbb166280628fb574e7863e119493c

/storage/emulated/0/.androidmonitor/log.txt

MD5 71743610a5d911c6bacc8dbf2767460a
SHA1 6b08a47df805f3eeaf22053933b07abbb0665260
SHA256 1ee2c6a30866b13429bd6953ec5f8f0aaf486f270e0664ca14bacb5366ede732
SHA512 927fe8ca3be6497059f19444fb5032de3d092697fe88b36e81dd3871a1382ed84dc93a214c9a4b27bf252094f8a54277f33cfae61f814b55141a702fd5627a2c

/storage/emulated/0/.androidmonitor/log.txt

MD5 da1ce440ea94f1aa7d50d3262057652b
SHA1 f5d83015011d79676ca18fcb4bec5da7b66bccd3
SHA256 5c1fa5675ae75dae6ade43d55e1be5d5351c87281aebc5fbbbcd199840cc7050
SHA512 ece51b7c205f5c4cbbc4318038d08a11cc77bc310bf1fd4210ad74eb325343f4e5966646ca4492bd9a350172b3ef5b7dabcbbf41e93129c04941a98e8b2b18bc

/storage/emulated/0/.androidmonitor/log.txt

MD5 2ae4ca49c0c94b60f561eb0712f87ec7
SHA1 60f99bda65e5e4176a235e6ffb26a8205224c274
SHA256 6580711481d11baa730ee4b8a0ec45a059c426938f803d6651e7ee91464cac75
SHA512 dcf885c90c1e2a4f3a436a9f606cc87a3ef00f1b8ebd62a09364b6734f5f38225c94786db1eb860e8325cd576c6cc683d3fcd2c858654d32fa353d1416c2db78

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52BeginSession.cls_temp

MD5 e144f5e075cd800e4b3beca614d8fd59
SHA1 fe7ff3a498ffb037b4a94ff4502204e582564778
SHA256 8a379bf52afaa611018b92c8b8f4618c4e47b6334c32a7dee6f2c1ae067a1939
SHA512 cd065204261478fde24b88a7d450bee3a444a1c3d3ef0589a99a3eef66fedfdc894e0ac76ded6ef9068ba3f6f9717be585da8d22fe2b65703c3a497a791b6c9e

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52SessionApp.cls_temp

MD5 1d5915cbcf78b07c3f224b89634adb0b
SHA1 57a1967aac3ddd19de795f82efbf610b599a82aa
SHA256 7ae98ba3a447eca9020f9a0ff6c92d7eec3d53e353e12f33b99a0887f032bbc5
SHA512 66eadbc2f24cf88249da0bca571b46400ac2474774883b8b061a60decb92a6fa6eee02059b06b3dbe8667591d5898ed5a32a88c821905d23fdc9369ed751ecad

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.dromon/databases/SettingsDB-journal

MD5 93e9a844c5acc1d71a9f10548b1de068
SHA1 d7511f92992c184e10378dac0aa413c9d4549e86
SHA256 30f8fac48a70540892a9647a57ea494873a8f6ec682d34af1eceb02767d33a6f
SHA512 366f50b894cf74954b01960e6812fe3986c6f11273ed95f96b00140890e526069465ee7c8b2703e67fd098bb474f570c1b6af8a43a34e7be731b648fda3c88c9

/data/data/com.dromon/databases/SettingsDB

MD5 96ebcc837ef96c3020ecf7f3a14917ce
SHA1 858a06a5b01ab1c46561613553361ee4dc99bbfd
SHA256 8442d188aa164149251c743fd6f13824e1044e260aff5c8747244cdb00a492dc
SHA512 a49e717f3bea56fff65242ffc6f5cfa01eda593d35772bcb646a4830a238a11827d45da83f25c91c18fb850e55912ab1c543e7e2c12e7d06de31f4a03b10973c

/data/data/com.dromon/databases/SettingsDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dromon/databases/SettingsDB-wal

MD5 74e6a403fcaca277c126047b36718145
SHA1 9c70ed16f33e97d9c1107b2a6471e87676716d19
SHA256 bcf3126247dcdb67df25a65416af91a3f3306a10a6e3fa42e32734bf3a96e375
SHA512 64a41290620c304c932dfb306f0b4d3dd7bb00bd25087429ddeeaf16b60f8f1a57818fa7f6ce59fb18c1c7b03bfcbec210c02a5ab2d2acad8efd8040d62ad8d9

/storage/emulated/0/.androidmonitor/prog_class.name

MD5 fd5b98ea58e94fffa1df623df684d3b4
SHA1 eaf9952ebeeeee38df60c9648aa728f2d2f7a52a
SHA256 73a03ccf7af8d3e9a1270d54680f56749588fb49511b94a424970acf69908d59
SHA512 9009ead16766df475cbe0cbde7329aa905512f833b938194603242efc9f33d88ee441495066f66ed0dce55f4d5248fb3bd66233e3176c57ede357663ad705718

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52SessionDevice.cls_temp

MD5 77a89837cde766917de13cd064417fdd
SHA1 3d24b247f4a362b5f4cfa71eb56d19de4fb9335c
SHA256 b7e7a994220f2ff3a7c0e16810c79a9c54dc7ba76943e9198d8ff4adba8af12a
SHA512 2593438736f897f08b24f150562963c4818cac42eec637455d0b8be226d5cbcf237b16013e18fef9539b7b3edfd5e9b611dda71c02c74bcafb2e7284c636695a

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 91dc7d63ff1112bacdbbe86793433ca4
SHA1 2e20ea4e3fa6c402e17462e2fcc56cd39bfff886
SHA256 1abd53f31d9054af8b98b42af41914727fb4a9a67e13462ee4b7875d524dff92
SHA512 18268c8dc6315dc8d5af4329d2b5be96251459896da906601150f2532712480bd5c93d03e555e45522552def9e9c2a3f3e071f49e19208dc9ad0433cc00d8b99

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52user.meta

MD5 2e24f7e64aa1ff176b3d0bbf66b47972
SHA1 d70934a5531757da24fb6b2e4f1ec6c0e16f32cc
SHA256 2eb995e182f00f6717ac27cc51e63239bb08a191569141d053d9384397488289
SHA512 a2c0350774a38faa053e603c75706e37ecc3db464d1dd4bea1f9692bf663979038e358fd8f24b459198d2b9164854123d61320cd7ab2bde195ab5832f2a6c90b

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c81b79d8-c7fd-4b9c-be56-fdc809132b92_1732577542954.tap

MD5 0492eedf1012f301e7b2bdbc0dbbe189
SHA1 4e82d92ca45af6d8a4e65aae42372b4ab4b3e4df
SHA256 f4404eeb5adaf09a88e7db3252ec7e23070e2603b9ae1176fdd26f0e11c06960
SHA512 540c59a0e01811eb840c6a7ed27d6ce4096b8a8bee68f64d9a283a34b3fbdb8a14eff8931dbcc27095c2ff31307bf5feb1cacb43a38513a788cea7b3fe1efe18

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6745090500A9-0001-109B-9C1F66584F52user.meta

MD5 69de0fbc5ecc151462b35f5c0795f4a7
SHA1 871ff44a8c5a2c682c0943c0ad522ca1dac22044
SHA256 9c01223aa82dbcaeb26cc6500e86c08157e1070eaa0469f20fe2b40a0fae0df7
SHA512 e1f367d078f8cb9818c3197442c4479f101f233be9a6baebb0ee20bb69bfea8bb305204e8fa896d66a47b45c860d53693ccd4c683ba73a7d3177f02b925851e4

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-6745090500A9-0001-109B-9C1F66584F52.temp

MD5 6bc305714e3e846e3c0333a250f06585
SHA1 ab38f15eb04109efcfcb2cfe4005925994509b0e
SHA256 c52b21fef87d563553083b76c8866c319f7d7770478d2a9565f0c54108fcc8f4
SHA512 af7c7bb2794021a5feea33115a009c012259aa3232e129c8614e62853bd8975bbd47112d2ed7eac1dce94db1281a8e2dc846af8554408013233e38fcf3f0563a

/storage/emulated/0/.androidmonitor/monitorchecker.apk

MD5 73b4318db514a40d8561d7430457678d
SHA1 16a734c183cd6df449a58cdcc0997e01ee241052
SHA256 3c277292ec24b118dde2746ee7382470c4a0c6a37351757dde5076c45cd69882
SHA512 d7c03c1360ea54c2d2e5478bf37b9877061a018f802c6afbdc7142f9a3f6506db7923e2a381f021608a10f580bb412634b8cfece16d2e157e231ac09c5ddcfda

/data/data/com.dromon/databases/SettingsDB-wal

MD5 bed3c38d5af795c2fe7b57641b1dc889
SHA1 a077d1e68c92c81e72d267e33ebf9ca11faa01fd
SHA256 5726a0060068c654bd82226fed8b0063de8436b2cde621bc56feb655ac6f6c38
SHA512 c7fece897314f7846782f4f17c3a4bf6cda9fc9628239661b5e145cd31a687fa38342107f0390ccb6f6ec86aec20586dd8c6be8a774c68667828cf1b083eea0a

/data/data/com.dromon/databases/SettingsDB

MD5 079700dd24e42c6c986319268907fad4
SHA1 1e11b0dc3e3c283f05aa38219a5b5417b73ec1be
SHA256 8c1ce76976707828509fc7073b465ed81f6c1722cfac88504928765003f781a8
SHA512 f8ee3d2d66cd620d4d1cef5e1084c0225f28fabe266a19efaf690c20cf0d4c1a362c32f3bbdc4acdb41fb189abe5b134542638cbf73d5a71a80b76c2942d1836

/data/data/com.dromon/databases/SettingsDB-wal

MD5 61a0f17bba78e11125ef6cb9288393ef
SHA1 70a5454fa030fe6143ffa6c94b14835c37e0dbb4
SHA256 9237663b7c5d1a56308bf6390f53178264ca8dcdb458a25244d4380a3a998c9c
SHA512 04d3aef6a5ba01fea759d7acef643320e05ce3f0d715ac400c49b53f79c466c06aa61e425e4e4665a2b1dae36a9ea45c9d680895b7a6433c20a0f94c8feb5cde

/data/data/com.dromon/databases/SettingsDB

MD5 11c52a543aa9244205b0f04c7aa5493f
SHA1 7cbff7b2c29f2ccaca9a9ccd64356c002a265cba
SHA256 e32576e7888467be2837a14c125950a1d363d9da1cc284ef72e64722ad8d5100
SHA512 00d22dbc560acc569cf58f27268a1a19aee031b6f8786940b954e537eafb18d15489bbaa95bead382b5c9938d826bfc754a312926833170576672e6bf35ff7e2

/data/data/com.dromon/databases/SettingsDB-wal

MD5 335b44b40ffbce9dd0be44dfc04d210e
SHA1 0ebba270df457ce87b1e09ecd78d4ce67be79645
SHA256 bfe14ecc723b44d30906272dbbd04efe21682b22731b51da0797e5eb66cc79e8
SHA512 9d425168bab53f8f3ef6c0dffab10429bfec1a2e7629373d0a6c8146e14e9a00e154b23499b7e5b7e94c4eb9569130fcc1ecd742baac10b03cd91c5f78ab231c

/data/data/com.dromon/databases/SettingsDB

MD5 c7ffd846c29ddab36f1d08047025a8e8
SHA1 646cda2068fcb644371d12d7c48c5290921794e0
SHA256 eb3b679ccdfc0a27792ba5dd7b8b4db37ada6962ae5604d899d75535ce56776c
SHA512 44d2165cbf111dac1f70370d069de6385109287f3feea64ce79119a651d259ad82a9cd3f7dbb7076379ba7d9db40d81be02ab529ccd31464021f064dd426b204

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 e9d7524222c62fcb0a0f766bee895929
SHA1 8b61ace9914241b5376e44f0fbb12a707c1cefa5
SHA256 26f8edc10c0ac1597df76593b31231d5e33cd3baa0def329c3c8a441dc6afa12
SHA512 4f4e7e5e614c1fdefb1e6e123338961fb9b428e42a943e643873ce6e1cdb081a9cb51916ef91f20b26a8d4c1ac91a6233062bb1d4da80385d1ee33f9791df045

/data/data/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_bff26e49-6032-4fc1-b320-d7c6e546e3c5_1732577553276.tap

MD5 3718955ffe1d4c4685d52718f19af947
SHA1 1ad580aef0b4e5d2f5c3b02c1d21351d1a6528d5
SHA256 1a1d9738947384a6af2e008a66a759565ecf40bf6fb75f90754366fc1a8ec928
SHA512 62aa66ad3d8e9772e2de23805f9ad78cffdb60b1b7f4a12116b755a7a40d3603a1b8f30c8c9c69cdfa41fca49a0a7efefba9c347ba959df8d2a95cfc99a77dbe

/storage/emulated/0/.androidmonitor/log_.txt

MD5 d69f7670ec2026e5a0fdefe0f4098030
SHA1 99449b4afdbdbc0e2c5353838c90d92b3e85e54b
SHA256 825d72095c8aa220091bc4f0e3155ea808abe7a535b1027c809b4cb35e8781a5
SHA512 b72b383e84af1643d1970ba8b647a7047a4be9a18a4ff7fde9fd6fd49f1a02883e4a32a836548204dd49f3009667902473216f229b4392161fea81eb00d9b5df

/storage/emulated/0/.androidmonitor/log_1732577541040.txt.zip

MD5 0e6987d0a51ee5c4523ed23587014aee
SHA1 7f13fd05c4db008c1a0bcf54bb0708f810559d3d
SHA256 9e90a83df6f2683b11933ca5153f954a14c020e598a6f1cd9bcc5f31d27b6abd
SHA512 18ec80c397553295ffce8504d1cd2be125e1e3830184ad97bdeccc765feb74f078a5c6987767e8e0e0e70c97abaaf94a9165d58e2be7286ea622f98686462606

/storage/emulated/0/.androidmonitor/log_.txt.zip

MD5 db2e9ed0e12d3d1485e3ea35c6e8e18c
SHA1 abcbcca4eb28ce018378b5b7829320caf474d5c4
SHA256 58269ce5abaac078a931b3f638188af865dcfb80b86189d80691ce2bbc32e5ca
SHA512 5f82cf6ba4cd3db1943a8cebf104f6eba71792cd651eb14bca62ae3946764af0e275ab1ed40f05d9b68dfd7c49dbdff02b443bc38164664decc4a755e70cfc1f

/data/data/com.dromon/databases/SettingsDB-wal

MD5 5733898ec5df6cb596f71be347ee2563
SHA1 981a8907c3971a87525f38cbf6619cea16409cbf
SHA256 8a397e62bdbccdee7075ae1138edb6dd41f1482d0c5f13f27b72cf088a530fbc
SHA512 0e066eea352719c01015d39846e2cad7cd054bfb8ed946d1a344b7385f448054f8e811fbd1945a01abc59bb840dbc5d1e4c4ab744ab8097a70d735c3af6cc98b

/data/data/com.dromon/databases/SettingsDB

MD5 4273e13ea9eb10079bffc5f3de39bfff
SHA1 c1eb229c545a2083058bf9cc80364764271f527f
SHA256 2d8e31b862db00adb58aa184de9373301e55fe01356d899a6493ffd3d08f9347
SHA512 28dcfb2aa6852e1f14db3249ebd5789b44f7755bb7b4728a64fb65baa263d17384d4cb0bafec648f0318ca252192d5dc6a2eeee71e849eb71fd7943fae2ed0e9

/data/data/com.dromon/databases/SettingsDB-wal

MD5 9269fdbc130c046497f3461b6d747b14
SHA1 90b41e1555d4d9a6056a116273b2535ebdcb2e76
SHA256 daf0015c22ffec558fd601df07c19338bccea0e47a1d6ec71f08baf15297b3fd
SHA512 9c69199993f51127931a51d52ad8e8ecaf35abf7f3103c210bdfdf92b20a2f1d62773e94904e502169172e3e83ee10f2fac3fba61752bd76526022b824a6d33b

/data/data/com.dromon/databases/SettingsDB

MD5 5f668471f8b0ffabfdb63263801f54bb
SHA1 66623c1912911289165f627f61d179378dc58771
SHA256 2cfc3827c486e0445993518f5cb237728d0980cf0853f3b0c3bd060e94a4377b
SHA512 01da1c2387149d2872285bee143a14b34668f40a3d7c81ceaa2f65a665a12a54d141b41e67004c129ab9df45d63c62ee408cf244bfe500f34dce5a3b89d7cb8b

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-25 23:32

Reported

2024-11-25 23:34

Platform

android-x64-arm64-20240624-en

Max time kernel

129s

Max time network

138s

Command Line

com.dromon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A prog-money.com N/A N/A
N/A andmon.name N/A N/A
N/A anmon.name N/A N/A
N/A android-monitor.ru N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks the presence of a debugger

evasion

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dromon

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 android-monitor.ru udp
FR 164.132.181.133:80 android-monitor.ru tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 prog-money.com udp
DE 168.119.91.88:80 prog-money.com tcp
US 1.1.1.1:53 andmon.name udp
US 1.1.1.1:53 anmon.name udp
DE 144.76.58.8:80 andmon.name tcp
DE 168.119.91.88:80 anmon.name tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/storage/emulated/0/.androidmonitor/log.txt

MD5 e9d79fb4c4cad632e05874765011366a
SHA1 a07cd59d609615dabb85a0075bfe51255e48c897
SHA256 fee63a4a71adb94f469f203b506e16787cef72e8e6c6b878b73f3ff449dca67a
SHA512 70cb50621c98d9ea79122d8ca6401cb53418c8df1162f5812f9b2666b8a4545ea11a6546f76a56795eeda10c4f766eef479051268758467766b2728a767d4ee2

/storage/emulated/0/.androidmonitor/log.txt

MD5 a092942a80894646abd2acfd93671e4d
SHA1 d98a21b09d9aadb12a9491226836b28b57780af4
SHA256 5e955a4d65c79d2db45ade0b18a8ebc5184e2e128badba1e6175384bdd30332a
SHA512 5b4e57dda174a533f0859dfec48a043563961aeeb7df55d53c0e7d3c95bf00dfa54078594eb8aeffc8defb48b0c1e10ac768bfa4c3ad17f2bf2c6086aa4e39b5

/storage/emulated/0/.androidmonitor/log.txt

MD5 db79d858b8d594a3ab0b38657f0ce846
SHA1 b74f1dc0ff766729cf9e7238acd2731d873119c3
SHA256 5c3129c15542481d9fe8137ebd6cbcbefe52133eb4447797a31f383c05710a00
SHA512 402df37d37f1ff1d7952f6f43c7a387f2aeb6069c234e6a11aad6dda0ade686a0782fbcf0d2b542bafe2913afea604b7dc86b01c9997288a9c102cca7803e62c

/storage/emulated/0/.androidmonitor/log.txt

MD5 4f0a1ce0e05471530444e8a73dc554cb
SHA1 38407ad8ca28978599b5d0731c0e49b22e48f7fd
SHA256 cfcdbe6c0b1c516fba53142aa01815868ff8ba3c3e4042beae61c267453524e1
SHA512 e062e9e3470ef5dbfe988ff0ab62be2036c51ea43a41769a80bd60143488588ec3093f08a45ef024708b2388a771911547a9f8351d260b466b3632d47d5d7f0e

/storage/emulated/0/.androidmonitor/log.txt

MD5 52d21b7daf4a192561bdd7792bb0d852
SHA1 8d903e8f699d8b83b0c180770ccd9f792eb652f8
SHA256 97532829b88a7d57235db74896b2d9a90d579b1f7a9698965a1f12f71c143040
SHA512 5118c90ecf1cc21caa693d80a50e75b1e89f8ec45f650f23975872a5b19da294be41fe2dfe6198089130aae5c36dec9477395987365218617ecdc67ea8fbcb9f

/storage/emulated/0/.androidmonitor/log.txt

MD5 098bf7a610a7400835401c8fc0f24f41
SHA1 774a60e4057b7352d48a6ca1dc07bfb886dd3496
SHA256 a3934466cab6aabee703c53379b91f7aaa10e1ced17bfa018781d9a53c961def
SHA512 4715f4a758e7d3d8f331fc84a0aacc23c75b4cd186dc44ea69b87ab7b8ca7b080ddf1ebb6e70fb3fcb4c6d2f06ec44026439203fca0061bbaffec7fdd8a9a12f

/storage/emulated/0/.androidmonitor/log.txt

MD5 b7d38ba2726d5ad28a849bce96048805
SHA1 26bcc08a56e77ee993451744a1cae1b83d16b94a
SHA256 905c422b326e7c5910e9e7449233daec1c85e2a51f9a0761d91044fd88c34538
SHA512 16dd1ab47c38ba3163db97ef58bccacfdccb3ab1a6096e01d7f3cfdf5cd9d340f0a9009930b59c91e835db79b0058675fde6d1a140223be50407e1e4529ade6f

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 43a9f277d906b64e7c0298f1c61fd98d
SHA1 fc2ca1faecf1595a7714e3502f2adaa0417592d6
SHA256 c892b8b81e681effce5b4fa9b2ce17a017328c1aea94048e6aa18379aa91ed36
SHA512 cbf8ac60ab98878d4695a6b288bc7c3cb92b556f2eb392f37e060aacc507623b1a91424b3401f6e8c6d1c05b43aea551ed5f65a69b4b8f15287e13162bcf9768

/data/user/0/com.dromon/databases/SettingsDB

MD5 453abd62cd582a3c172404955989aad2
SHA1 b00e88f8e4e579d2b34e46456ea6868dfe05d885
SHA256 c83729d3898620c31cc0bc5b9b57d7ceb23d4311e39bca6efb6b9492107bf9ca
SHA512 11a0a4335c9fd5615f7ddf1c1373745f696e01458019665260a7fccf51014454cc9691f0a289ec16ba0b7e47f36e1d0d8bc396419457ea0b6945b0887c4851c6

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 8be3b7d0da513d34cc3e3b3d570127bb
SHA1 a01cb1cf93bb4718105afc9cde2602043d6307be
SHA256 607605c4db6bb65916ee8fd41b09e5dc43a5d1808f7bd4c608959c6174b3aa44
SHA512 63d20d7612c4d7bebf7b6c12d7fae85371d6195be5908dab58685b1eec50e2b9407aad5085738e2be11e82a02f001d8d913e5fdc803b286d62f445baf4de91f5

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 c434a8cb818b7baced3adde3fc193300
SHA1 6b5f631e6b1d38f4a4229694426aaddfc8d8f0a1
SHA256 cc45bacdb7393affc3a3ae361820d102f60b40dc3cc8cdb464439bb768f93a57
SHA512 352213fcf92d882696ed7b4f1dc59be68c9600e7d12aecfa04a6f44715e0c1b5410e65e7b57e57094b4dcd4d36cf57626761cd3c5bf36640ccde51ce729fd614

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 b4b964ebe25e4ec0243bfe08ff8779f2
SHA1 e01ef4fe05cff374bcc3ccef39803b85e403ccb3
SHA256 f10d8cba42604537de4e1a73bb198f5bcdb6b4bf3aabd56ff6c15a6844d0d71f
SHA512 3845565ae1904605f2210cad0c008ac0ead19b1caa64582d27d6ae8d968aeb7b2df45fdfd190918af7e4ec903b4b861a1ad56147778cc9470c7ba2d27d696d6f

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 d871506d70d2a88359d2c301133def0d
SHA1 dac6223fde5546d1ffbce2fda52768d25baffcdc
SHA256 b9a60131d30dade99f7cef2f0d63d8122c0d4b1ee0ec22914ce5f041861fec36
SHA512 2a1fab3b3149e2f757b498115c19c911ae94a0b6b1fb43be6e3d8fefdf22c77e9eb37b1d1238f25f8e04dc9ecf9c9bd99f752cb7b5ec9ccf236c2287b9f9575c

/data/user/0/com.dromon/databases/SettingsDB-journal

MD5 659c32d889775e89d5ed5d429c8cac45
SHA1 c55d87f3b8acbb2cf237ea9ecce5e164206cf8c8
SHA256 2329e15ca7b2c6a88650054067676cc3e0ecfaf62de2c66ea92a4d843602a43a
SHA512 c22893c3cbf46d57c3679b890f4370887b706b595c39739b02ab4599eadd83de57b974492a12abf4929ec50e94b00120dc69bf01af1cc410be7435b5850a9d04

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3CBeginSession.cls_temp

MD5 67b579e9bcf7e2ebc051c2cabb8d0df3
SHA1 39570d4b9705cc7015c4ee8817291b72fe5467da
SHA256 2169a41caa095501978b87319518ff4dc131548136658a0a8705c12a61150963
SHA512 f0eb5d604870d1b58d3cae8c21550970d8125431494b6fd7cc2e1d5c017e44578ce369126cea7b4c645739eac25757fedca329335fa13ebf242dfd7843490367

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3CSessionApp.cls_temp

MD5 9b74cda06743fea3d75b6cd404557b6f
SHA1 279c0836908920509daceddc299458b81d832a83
SHA256 884fce23635df88e4dce0d36dcb2798755ed1aff83af72dc6a7b1d1ff66e68eb
SHA512 b7281e5020d598a2f42113b9014aed6653da4edb879ac965adbdc90b3acd316e3b7f167741ec500917f2fc439782cd924deb211d9558d4cbc9794c9f3e126f1e

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3CSessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/storage/emulated/0/.androidmonitor/prog_class.name

MD5 fd5b98ea58e94fffa1df623df684d3b4
SHA1 eaf9952ebeeeee38df60c9648aa728f2d2f7a52a
SHA256 73a03ccf7af8d3e9a1270d54680f56749588fb49511b94a424970acf69908d59
SHA512 9009ead16766df475cbe0cbde7329aa905512f833b938194603242efc9f33d88ee441495066f66ed0dce55f4d5248fb3bd66233e3176c57ede357663ad705718

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3CSessionDevice.cls_temp

MD5 e7b401ef2d5fb18e1dec8a64a9f096b1
SHA1 dedee24edfab2677d62e8f468edfd5f63565b4e5
SHA256 00c99d56ba55451e69e673a5cc68bf656164b17e42e500897231358e3f9bfc30
SHA512 eeee378f55407e3961ae9abccc917f0fcac3b8fbdef083273d98b089738efd957d2aada2f39f0180f3cb08846fff8d0391e52e498c78ca9b3ac063b0d1813bf9

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3Cuser.meta

MD5 6f3bf9dd98b2e511bff7eb204ec6d254
SHA1 b1eaafe8cddf7b98783a095a725d6fc768133d00
SHA256 b2eb715b3b4b639f36fedce1ae2d09233544a0c234821be07f96f16adc0659d6
SHA512 0bb7d5e43f6441afd011935a0edb8a8482e169f10e3860ca4b70418aebb7866138fb2f257c72bbe66b9f736a9898fe226b1673c8e11bc6c9845b4821877ea372

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 1f5cf48a84db522deca645aff93361f2
SHA1 3c87dad115bc94f72cabafee27dc5432b115a787
SHA256 1b952be9e89bed02c6ebc66d803c66f0b2127e6a97a4d574452329ad2a1a1896
SHA512 6fe239fcb150408a2dc82e15df73c5a53358a65c2048fae7e53b5dc78db32ed609f0800f65f2c03b350f19568a5ed410de8bdb63ffb529bec892074a84c1a511

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/67450907010A-0001-1223-3634128E0C3Cuser.meta

MD5 fc144e611da462ed2c0aa3aa355698f6
SHA1 ab574d0a0c2a2d2facdd725509f0df60fda6e011
SHA256 32482b6a4b7a6f806e6ef7e4b407e910fcb188507fb0c3d3dd1af5e95c75d86e
SHA512 fb6e0cb39e8a3e0b847796ef8e1da209e9c33dbed5dd1b193cf1a14c24be364548358341e583bda6e27612a56c4865f15d91897a0a7591ecac243e6cc3a895e5

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3ece8049-c459-4a37-8d75-94cf18b156aa_1732577544919.tap

MD5 7460cf904d6ff695263f23124086ce30
SHA1 59bd5a637593344a28dbb442c6ac4c056e31b4f8
SHA256 1d1796b9bdcd4e031cc8593718188d34255d9264436e5523dd2b9d94e499a4e8
SHA512 56269317efb207de3d7354d1d211d56679ab926797886980153afe94d6400d5f0b3e630a39df3a59a346bd9d8dad94c1188a43b16f37678efabf500f0d6c2831

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-67450907010A-0001-1223-3634128E0C3C.temp

MD5 4f17a6f173cf19db5168267bff8f89c4
SHA1 0353e336960b84a7d7242cc13e57838ac95bdea9
SHA256 e6bc7ecc05935d258fa072c44d63f6faa558038fc2a82042b94eca76a0e3355e
SHA512 40a4e95d4d95ec6e541c5f81b1b2696d62d8a064b384c3321bb455516400bcb0011b4160d72eb95544126c47f3b386936f986a193851289457a5ac230b4408e6

/storage/emulated/0/.androidmonitor/monitorchecker.apk

MD5 73b4318db514a40d8561d7430457678d
SHA1 16a734c183cd6df449a58cdcc0997e01ee241052
SHA256 3c277292ec24b118dde2746ee7382470c4a0c6a37351757dde5076c45cd69882
SHA512 d7c03c1360ea54c2d2e5478bf37b9877061a018f802c6afbdc7142f9a3f6506db7923e2a381f021608a10f580bb412634b8cfece16d2e157e231ac09c5ddcfda

/data/user/0/com.dromon/databases/SettingsDB

MD5 fc95dae313ac0760c1e54534d676e5c4
SHA1 6908651ddb656a8017a52f56deba98de4e851db8
SHA256 fea008a23939ee1dc3a461a9a4aa13d6b71df11d1129389c21c36931b86b5852
SHA512 041b165af3cb3a9e54a05b93f9c9a7b6a551873d43187ab51b746b030863bfaa5985acdfa26764f115855334753b9bc4d3867f5da640db0c1f2d2303343e8b5e

/data/user/0/com.dromon/databases/SettingsDB

MD5 35779096718e5332358f4c6559241932
SHA1 47e21005e8c38b464053292c794e1074acb9f54c
SHA256 9265bfd181291801656acb313c57c6677d07b809ed04d12612da43516c502dc7
SHA512 d967067bbcdcfcd3c2eb273191b68429fdcd37ca47174bf550df3176d309298202fdfae80a366d3a2fd82f8b42c68075e3317bd5ce2044cc1bdc21d0c4d38588

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 afde4d99c1acf5199a251d162b97271f
SHA1 3330f170eee45740479b057d553d004ca24fc16f
SHA256 997ff399e420a58bdfd62f0f8a25133bb2816664e2d5ff1b5b0b5f122cf0ec47
SHA512 338f59f34c1e1715f3039d5982fdf59d6d82d812535432daa839254e364edf084a2d735f77eaf93ecac4a9032d38be01484f983db62716e1458932859538acf9

/data/user/0/com.dromon/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9a259351-ad9b-4f9f-b452-18d7fab89a52_1732577555162.tap

MD5 d86308c2620ea3ddbb4311f0c9127c25
SHA1 e3de71cbcbc52c0b8b052c7e4375a3d2a86970a6
SHA256 fdac031d0f9f449eb148406147831c0eebc00b276dbb9772132f0edc5d4a6e71
SHA512 0add77888e75cc6d88fb347d5289c8ef2af7ca163d9910912266d67f4ba80bda86d5a6de2e7f2fe62e1b0b2ad188d1228009ad07b9a91d2044fc5d41bca924ef

/storage/emulated/0/.androidmonitor/log_.txt

MD5 7fc9433a62f79e67839ccf8c07c211ba
SHA1 ee6801d6674cb1fae2365cb6cee3df9067c658cc
SHA256 a49e07edc884523128cbf3c24a8b9769cb396c0da0c5c9ce862d33d7ac904349
SHA512 e5297860d7ad594e35b1732732c8d310b933d9b0bbb44c07c15fc6bd99c5ba8ce7be5703048b4152ee4054823e415552e77f5ab84c764e72ab0b1ef340a3be25

/storage/emulated/0/.androidmonitor/log_1732577543078.txt.zip

MD5 5a1682b8311b05888e39217e4b5f6b13
SHA1 6dd95639cb5c67077fc82b6f918202eec05cc849
SHA256 5dc229db97ff83df40cfcc97b677b84b6f9a5e35dc54ca92e426417fd5b2bd99
SHA512 9319dce1de6eadb6800e4c61503e41c88f1d6a1f1761cdabdfd9d1781f342e7d26faf5542fa3921ada17395998f8e302dd26285fe6405fa70a32fcb3b5193fbb

/storage/emulated/0/.androidmonitor/log_.txt.zip

MD5 1fa5b36ebb6a3add4e151b4ef027de7d
SHA1 1fc63029ee6f91b04a88633ffe6e398f5ef364d4
SHA256 3aa9ca365928bd3ae6a4204c2269a641360fcf68c3ea1651722c3d3a2d878d12
SHA512 886f65a94f485135be4368d49131973a686cfae113482c32a559b5c6e126ef0d5180f1d86bffcca6c50fdd92812b60d552a86de5b9d6e9fcf20d45c4a4a90291

/data/user/0/com.dromon/databases/SettingsDB

MD5 3ecf91128cfcf0f9caba8db88fdab7bc
SHA1 5b33d574297551c0c5305f6a344166a7cf07ae06
SHA256 71236d94f3f1aadb23e652d05cfe9d0c656e78765515502cea3753b4d7c5a483
SHA512 4a7e4df0dfc9ad8d0c1ad5abfac125131526acd86532acd7961fa306e59d35b02e2c2bd48ac4fe9a14c0b8f409331bd8ec132d1e78e3bf19464fdaec56cfb2dc

/data/user/0/com.dromon/databases/SettingsDB

MD5 002d37a9545f742d4d69ca1ab25c59e5
SHA1 b4433e52c2be1fbe45c4ef0d94c333c991bcab50
SHA256 2e6aa55e0b0a42c347395dd86befab11b32a324f66127ea0080a94581dd18a7d
SHA512 eeafc24c9f921405638ab35ab9508e1476f199eeb10dd5fe0a9426cea1317d9aebb29f605af2eaed79ea3f5440909487999b1aa0a67808574dd94530ca18dcd1

/data/user/0/com.dromon/databases/SettingsDB

MD5 4f89bee8311851d72f8a3e0fcc501693
SHA1 43a874890620ff9a6ba2de76b2e9cae8f2dafa46
SHA256 a260d12347a9d506fd74ba4b42a74e08e8edbc18eb83c440b58367f29cc6da17
SHA512 e5e4c41215d818c51f651a93404a63b5b48ea6c51bd1ae08c158c0caac117ec53508c2a426979310d4106d5e948b082b90374e46a00cc83abd665ab0d255363a